Merge pull request #210 from johnduprey/dev

ExecAccessCheck - Key vault check
KelvinTegelaar · Sep 2, 2022 · 323e1f4 · 323e1f4
2 parents 992c719 + 72195dd
commit 323e1f4
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 6 deletions.
diff --git a/ExecAccessChecks/run.ps1 b/ExecAccessChecks/run.ps1
@@ -32,11 +32,34 @@ if ($Request.query.Permissions -eq 'true') {
         )
         $GraphToken = Get-GraphToken -returnRefresh $true
         $GraphPermissions = $GraphToken.scope.split(' ') -replace 'https://graph.microsoft.com//', '' | Where-Object { $_ -notin @('email', 'openid', 'profile', '.default') }
-        #Write-Host ($GraphPermissions | ConvertTo-Json)
+
+        if ($env:MSI_SECRET) {
+            try {
+                Disable-AzContextAutosave -Scope Process | Out-Null
+                $AzSession = Connect-AzAccount -Identity
+
+                $KV = $ENV:WEBSITE_DEPLOYMENT_ID
+                $KeyVaultRefresh = Get-AzKeyVaultSecret -VaultName $kv -Name 'RefreshToken' -AsPlainText
+                if ($GraphToken.refresh_token -ne $KeyVaultRefresh) {
+                    $Success = $false
+                    $Messages.Add('Your refresh token does not match key vault, follow the Clear Token Cache procedure.') | Out-Null
+                    $Links.Add([PSCustomObject]@{
+                            Text = 'Clear Token Cache'
+                            Href = 'https://cipp.app/docs/general/troubleshooting/#clear-token-cache'
+                        }
+                    ) | Out-Null
+                }
+                else {
+                    $Messages.Add('Your refresh token matches key vault.') | Out-Null
+                }
+            }
+            catch {
+                Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message "Key vault exception: $($_) " -Sev 'Error'
+            }
+        }
 
         try {
             $AccessTokenDetails = Read-JwtAccessDetails -Token $GraphToken.access_token
-            #Write-Host ($AccessTokenDetails | ConvertTo-Json)
         }
         catch {
             $AccessTokenDetails = [PSCustomObject]@{
@@ -118,7 +141,7 @@ if ($Request.query.Tenants -eq 'true') {
         }
 
         try {
-            $GraphRequest = New-ExoRequest -tenantid $Tenant -cmdlet "Get-OrganizationConfig" -ErrorAction Stop
+            $GraphRequest = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig' -ErrorAction Stop
             @{ 
                 TenantName = "$($Tenant)"
                 Status     = 'Succesfully connected to Exchange'

diff --git a/GetDashboard/run.ps1 b/GetDashboard/run.ps1
@@ -190,6 +190,13 @@ $Table = Get-CippTable -tablename CippLogs
 $PartitionKey = Get-Date -UFormat '%Y%m%d'
 $Filter = "PartitionKey eq '{0}'" -f $PartitionKey
 $Rows = Get-AzDataTableEntity @Table -Filter $Filter | Sort-Object TableTimestamp -Descending | Select-Object -First 10
+
+$Standards = Get-CippTable -tablename standards
+$QueuedStandards = (Get-AzDataTableEntity @Standards -Property RowKey | Measure-Object).Count
+
+$Apps = Get-CippTable -tablename apps
+$QueuedApps = (Get-AzDataTableEntity @Apps -Property RowKey | Measure-Object).Count
+
 $SlimRows = New-Object System.Collections.ArrayList
 foreach ($Row in $Rows) {
     $SlimRows.Add(@{
@@ -203,16 +210,18 @@ if ($ENV:FUNCTIONS_EXTENSION_VERSION -ne '~4') { $Alerts.add('Your Function App
 if ($psversiontable.psversion.toString() -lt 7.2) { $Alerts.add('Your Function App is running on Powershell 7. This impacts performance. Go to Settings -> Backend -> Function App Configuration -> General Settings and set PowerShell Core Version to 7.2 for maximum performance') }
 if ($ENV:WEBSITE_RUN_FROM_PACKAGE -ne '1') { $Alerts.add('Your Function App is running in write mode. Please check the release notes to enable Run from Package mode.') }
 
-$TenantCount = (Get-Tenants | Measure-Object).Count
+$TenantCount = (Get-Tenants -IncludeErrors | Measure-Object).Count
+$TenantErrorCount = $TenantCount - (Get-Tenants | Measure-Object).Count
 
 $APIName = $TriggerMetadata.FunctionName
 Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
 $dash = [PSCustomObject]@{
     NextStandardsRun  = (Get-CronNextExecutionTime -Expression '0 */3 * * *').tostring('s')
     NextBPARun        = (Get-CronNextExecutionTime -Expression '0 3 * * *').tostring('s')
-    queuedApps        = [int64](Get-ChildItem '.\ChocoApps.Cache' -ErrorAction SilentlyContinue).count
-    queuedStandards   = [int64](Get-ChildItem '.\Cache_Standards' -ErrorAction SilentlyContinue).count
+    queuedApps        = [int64]$QueuedApps
+    queuedStandards   = [int64]$QueuedStandards
     tenantCount       = [int64]$TenantCount
+    tenantErrorCount  = [int64]$TenantErrorCount
     RefreshTokenDate  = (Get-CronNextExecutionTime -Expression '0 0 * * 0').AddDays('-7').tostring('s') -split 'T' | Select-Object -First 1
     ExchangeTokenDate = (Get-CronNextExecutionTime -Expression '0 0 * * 0').AddDays('-7').tostring('s') -split 'T' | Select-Object -First 1
     LastLog           = @($SlimRows)