Add files via upload
This commit is contained in:
Mikael Karlsson
GitHub
169
Extensions/AzureNative.psm1
Normal file
169
Extensions/AzureNative.psm1
Normal file
@@ -0,0 +1,169 @@
|
||||
#
|
||||
# Azure functions are based on: ???
|
||||
#
|
||||
function Invoke-AzureNativeRequest {
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Runs a command against the Azure Portal API
|
||||
#>
|
||||
|
||||
[CmdletBinding(SupportsShouldProcess)]
|
||||
param (
|
||||
#The target of your request. This is appended to the Portal API URI. Example: Permissions
|
||||
[Parameter(Mandatory)]$Target,
|
||||
|
||||
#The command you wish to execute. Example: GetUserSystemRoleTemplateIds
|
||||
[Parameter()]$Action,
|
||||
|
||||
#The body of your request. This is usually in JSON format
|
||||
$Body,
|
||||
|
||||
#Specify the HTTP Method you wish to use. Defaults to GET
|
||||
[ValidateSet("GET","POST","OPTIONS","DELETE", "PATCH", "PUT")]
|
||||
$Method = "GET",
|
||||
|
||||
#The base URI for the Portal API. Typically you don't need to change this
|
||||
[Uri]$baseURI = 'https://main.iam.ad.ext.azure.com/api/',
|
||||
|
||||
[URI]$requestOrigin = 'https://iam.hosting.portal.azure.net',
|
||||
|
||||
#The request ID for the session. You can generate one with [guid]::NewGuid().guid.
|
||||
#Typically you only specify this if you're trying to retry an operation and don't want to duplicate the request, such as for a POST operation
|
||||
$requestID = [guid]::NewGuid().guid
|
||||
)
|
||||
|
||||
#Combine the BaseURI and Target
|
||||
[String]$ApiAction = $Target.TrimStart('/')
|
||||
|
||||
if ($Action)
|
||||
{
|
||||
$ApiAction = $ApiAction + '/' + $Action
|
||||
}
|
||||
|
||||
if($global:tokresponse -and [DateTimeOffset]::Now.ToUnixTimeSeconds() -gt $global:tokresponse.expires_on)
|
||||
{
|
||||
$global:tokresponse = $null
|
||||
}
|
||||
|
||||
$Context = Get-AzureRmContext
|
||||
|
||||
if(-not $context -or -not $global:tokresponse)
|
||||
{
|
||||
if($Context)
|
||||
{
|
||||
if($global:Me -and $global:Organization)
|
||||
{
|
||||
$refreshToken = ($Context.TokenCache.ReadItems() | Where { $_.DisplayableId -eq $global:Me.userPrincipalName -and $_.TenantId -eq $global:Organization.Id }).RefreshToken
|
||||
if($refreshToken -and $refreshToken.ExpiresOn -lt (Get-Date))
|
||||
{
|
||||
# Expired...force login
|
||||
# $refreshToken = $null
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(-not $refreshToken)
|
||||
{
|
||||
$user = Connect-AzureRmAccount
|
||||
if(-not $user) { return }
|
||||
$Context = Get-AzureRmContext
|
||||
if(-not $Context) { return }
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
if(-not $global:tokresponse)
|
||||
{
|
||||
$refreshToken = $null # Fore read again in case of login
|
||||
if($global:Me -and $global:Organization)
|
||||
{
|
||||
$refreshToken = ($Context.TokenCache.ReadItems() | Where { $_.DisplayableId -eq $global:Me.userPrincipalName -and $_.TenantId -eq $global:Organization.Id }).RefreshToken
|
||||
}
|
||||
# Make sure we are using the same user as Intune login
|
||||
if(-not $refreshToken)
|
||||
{
|
||||
[System.Windows.MessageBox]::Show("Failed to find login token for AzureRM", "Invalid AzureRM login!", "OK", "Error")
|
||||
return $global:tokresponse
|
||||
}
|
||||
|
||||
$curToken = $Context.TokenCache.ReadItems() | Where { $_.DisplayableId -eq $global:Me.userPrincipalName -and $_.TenantId -eq $global:Organization.Id }
|
||||
$tenantid = $curToken.TenantId
|
||||
$refreshToken = $curToken.RefreshToken
|
||||
$loginUrl = "https://login.windows.net/$tenantid/oauth2/token"
|
||||
$bodyTmp = "grant_type=refresh_token&refresh_token=$($refreshToken)" #&resource=74658136-14ec-4630-ad9b-26e160ff0fc6"
|
||||
$response = Invoke-RestMethod $loginUrl -Method POST -Body $bodyTmp -ContentType 'application/x-www-form-urlencoded'
|
||||
|
||||
$global:tokresponse = Invoke-RestMethod $loginUrl -Method POST -Body ($bodyTmp + "&resource=74658136-14ec-4630-ad9b-26e160ff0fc6")
|
||||
|
||||
if(-not $global:tokresponse) { return }
|
||||
}
|
||||
|
||||
$InvokeRestMethodParams = @{
|
||||
Uri = [Uri]::New($baseURI,$ApiAction)
|
||||
Method = $Method
|
||||
Header = [ordered]@{
|
||||
Authorization = 'Bearer ' + $global:tokresponse.access_token
|
||||
'Content-Type' = 'application/json'
|
||||
'x-ms-client-request-id' = $requestID
|
||||
'Host' = $baseURI.Host
|
||||
'Origin' = $requestOrigin
|
||||
}
|
||||
Body = $Body
|
||||
}
|
||||
|
||||
try
|
||||
{
|
||||
Invoke-RestMethod @InvokeRestMethodParams
|
||||
if($? -eq $false)
|
||||
{
|
||||
throw $global:error[0]
|
||||
}
|
||||
|
||||
}
|
||||
catch
|
||||
{
|
||||
Write-LogError "Failed to invoke Invoke-RestMethod for Azure" $_.Exception
|
||||
}
|
||||
}
|
||||
|
||||
function Get-AzureNativeObjects
|
||||
{
|
||||
param(
|
||||
[Array]
|
||||
$Target,
|
||||
[Array]
|
||||
$property,
|
||||
[Array]
|
||||
$exclude,
|
||||
$SortProperty = "")
|
||||
|
||||
$objects = @()
|
||||
$nativeObjects =Invoke-AzureNativeRequest $Target
|
||||
|
||||
if(($nativeObjects | GM -Name "items"))
|
||||
{
|
||||
$objectList = $nativeObjects.Items
|
||||
}
|
||||
else
|
||||
{
|
||||
$objectList = $nativeObjects
|
||||
}
|
||||
|
||||
foreach($nativeObject in $objectList)
|
||||
{
|
||||
$params = @{}
|
||||
if($property) { $params.Add("Property", $property) }
|
||||
if($exclude) { $params.Add("ExcludeProperty", $exclude) }
|
||||
foreach($objTmp in ($nativeObject | select @params))
|
||||
{
|
||||
$objTmp | Add-Member -NotePropertyName "Object" -NotePropertyValue $nativeObject
|
||||
$objects += $objTmp
|
||||
}
|
||||
}
|
||||
|
||||
if($objects.Count -gt 0 -and $SortProperty -and ($objects[0] | GM -MemberType NoteProperty -Name $SortProperty))
|
||||
{
|
||||
$objects = $objects | sort -Property $SortProperty
|
||||
}
|
||||
$objects
|
||||
}
|
||||
Reference in New Issue
Block a user