169 lines
5.5 KiB
PowerShell
169 lines
5.5 KiB
PowerShell
#
|
|
# Azure functions are based on: ???
|
|
#
|
|
function Invoke-AzureNativeRequest {
|
|
<#
|
|
.SYNOPSIS
|
|
Runs a command against the Azure Portal API
|
|
#>
|
|
|
|
[CmdletBinding(SupportsShouldProcess)]
|
|
param (
|
|
#The target of your request. This is appended to the Portal API URI. Example: Permissions
|
|
[Parameter(Mandatory)]$Target,
|
|
|
|
#The command you wish to execute. Example: GetUserSystemRoleTemplateIds
|
|
[Parameter()]$Action,
|
|
|
|
#The body of your request. This is usually in JSON format
|
|
$Body,
|
|
|
|
#Specify the HTTP Method you wish to use. Defaults to GET
|
|
[ValidateSet("GET","POST","OPTIONS","DELETE", "PATCH", "PUT")]
|
|
$Method = "GET",
|
|
|
|
#The base URI for the Portal API. Typically you don't need to change this
|
|
[Uri]$baseURI = 'https://main.iam.ad.ext.azure.com/api/',
|
|
|
|
[URI]$requestOrigin = 'https://iam.hosting.portal.azure.net',
|
|
|
|
#The request ID for the session. You can generate one with [guid]::NewGuid().guid.
|
|
#Typically you only specify this if you're trying to retry an operation and don't want to duplicate the request, such as for a POST operation
|
|
$requestID = [guid]::NewGuid().guid
|
|
)
|
|
|
|
#Combine the BaseURI and Target
|
|
[String]$ApiAction = $Target.TrimStart('/')
|
|
|
|
if ($Action)
|
|
{
|
|
$ApiAction = $ApiAction + '/' + $Action
|
|
}
|
|
|
|
if($global:tokresponse -and [DateTimeOffset]::Now.ToUnixTimeSeconds() -gt $global:tokresponse.expires_on)
|
|
{
|
|
$global:tokresponse = $null
|
|
}
|
|
|
|
$Context = Get-AzureRmContext
|
|
|
|
if(-not $context -or -not $global:tokresponse)
|
|
{
|
|
if($Context)
|
|
{
|
|
if($global:Me -and $global:Organization)
|
|
{
|
|
$refreshToken = ($Context.TokenCache.ReadItems() | Where { $_.DisplayableId -eq $global:Me.userPrincipalName -and $_.TenantId -eq $global:Organization.Id }).RefreshToken
|
|
if($refreshToken -and $refreshToken.ExpiresOn -lt (Get-Date))
|
|
{
|
|
# Expired...force login
|
|
# $refreshToken = $null
|
|
}
|
|
}
|
|
}
|
|
|
|
if(-not $refreshToken)
|
|
{
|
|
$user = Connect-AzureRmAccount
|
|
if(-not $user) { return }
|
|
$Context = Get-AzureRmContext
|
|
if(-not $Context) { return }
|
|
}
|
|
}
|
|
|
|
#
|
|
if(-not $global:tokresponse)
|
|
{
|
|
$refreshToken = $null # Fore read again in case of login
|
|
if($global:Me -and $global:Organization)
|
|
{
|
|
$refreshToken = ($Context.TokenCache.ReadItems() | Where { $_.DisplayableId -eq $global:Me.userPrincipalName -and $_.TenantId -eq $global:Organization.Id }).RefreshToken
|
|
}
|
|
# Make sure we are using the same user as Intune login
|
|
if(-not $refreshToken)
|
|
{
|
|
[System.Windows.MessageBox]::Show("Failed to find login token for AzureRM", "Invalid AzureRM login!", "OK", "Error")
|
|
return $global:tokresponse
|
|
}
|
|
|
|
$curToken = $Context.TokenCache.ReadItems() | Where { $_.DisplayableId -eq $global:Me.userPrincipalName -and $_.TenantId -eq $global:Organization.Id }
|
|
$tenantid = $curToken.TenantId
|
|
$refreshToken = $curToken.RefreshToken
|
|
$loginUrl = "https://login.windows.net/$tenantid/oauth2/token"
|
|
$bodyTmp = "grant_type=refresh_token&refresh_token=$($refreshToken)" #&resource=74658136-14ec-4630-ad9b-26e160ff0fc6"
|
|
$response = Invoke-RestMethod $loginUrl -Method POST -Body $bodyTmp -ContentType 'application/x-www-form-urlencoded'
|
|
|
|
$global:tokresponse = Invoke-RestMethod $loginUrl -Method POST -Body ($bodyTmp + "&resource=74658136-14ec-4630-ad9b-26e160ff0fc6")
|
|
|
|
if(-not $global:tokresponse) { return }
|
|
}
|
|
|
|
$InvokeRestMethodParams = @{
|
|
Uri = [Uri]::New($baseURI,$ApiAction)
|
|
Method = $Method
|
|
Header = [ordered]@{
|
|
Authorization = 'Bearer ' + $global:tokresponse.access_token
|
|
'Content-Type' = 'application/json'
|
|
'x-ms-client-request-id' = $requestID
|
|
'Host' = $baseURI.Host
|
|
'Origin' = $requestOrigin
|
|
}
|
|
Body = $Body
|
|
}
|
|
|
|
try
|
|
{
|
|
Invoke-RestMethod @InvokeRestMethodParams
|
|
if($? -eq $false)
|
|
{
|
|
throw $global:error[0]
|
|
}
|
|
|
|
}
|
|
catch
|
|
{
|
|
Write-LogError "Failed to invoke Invoke-RestMethod for Azure" $_.Exception
|
|
}
|
|
}
|
|
|
|
function Get-AzureNativeObjects
|
|
{
|
|
param(
|
|
[Array]
|
|
$Target,
|
|
[Array]
|
|
$property,
|
|
[Array]
|
|
$exclude,
|
|
$SortProperty = "")
|
|
|
|
$objects = @()
|
|
$nativeObjects =Invoke-AzureNativeRequest $Target
|
|
|
|
if(($nativeObjects | GM -Name "items"))
|
|
{
|
|
$objectList = $nativeObjects.Items
|
|
}
|
|
else
|
|
{
|
|
$objectList = $nativeObjects
|
|
}
|
|
|
|
foreach($nativeObject in $objectList)
|
|
{
|
|
$params = @{}
|
|
if($property) { $params.Add("Property", $property) }
|
|
if($exclude) { $params.Add("ExcludeProperty", $exclude) }
|
|
foreach($objTmp in ($nativeObject | select @params))
|
|
{
|
|
$objTmp | Add-Member -NotePropertyName "Object" -NotePropertyValue $nativeObject
|
|
$objects += $objTmp
|
|
}
|
|
}
|
|
|
|
if($objects.Count -gt 0 -and $SortProperty -and ($objects[0] | GM -MemberType NoteProperty -Name $SortProperty))
|
|
{
|
|
$objects = $objects | sort -Property $SortProperty
|
|
}
|
|
$objects
|
|
} |