[pull] master from KelvinTegelaar:master #102
Merged
+7,188
−238,198
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updated Get-ApplicationInsightsQuery.ps1 to check for $global:TelemetryClient instead of the connection string environment variable. Moved Enable-CippConsoleLogging calls into the TelemetryClient initialization blocks in profile.ps1 and removed redundant console logging enablement code.
Introduces logging settings to host.json, disabling console logging and setting the default log level to 'None' for improved control over log output.
Replaced script-scoped variables with System.Threading.AsyncLocal for storing per-invocation context (e.g., StandardInfo, AllowedTenants, AllowedGroups, ScheduledTaskId, InvocationId) across multiple modules and entrypoints. This change improves thread safety and reliability in concurrent executions, especially for logging and access control. Also updated affected functions to use the new storage pattern and adjusted module import order in profile.ps1.
Ensures TemplateId is explicitly cast to string when adding or updating entities in Set-CIPPStandardsCompareField, improving type consistency for Azure Table storage operations.
The backend was checking for `PWPushPro` field which doesn't exist in the frontend configuration. The frontend sets `UseBearerAuth` to indicate a PWPush Pro hosted account with Bearer authentication. Changed the condition from: $Configuration.PWPushPro -eq $true to: $Configuration.UseBearerAuth -eq $true This aligns with the frontend's Extensions.json which uses `PWPush.UseBearerAuth` to indicate Pro/hosted accounts. Fixes KelvinTegelaar/CIPP#5057 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Added logic to filter included and excluded application IDs in CA policy to ensure only app IDs with a corresponding service principal in the tenant are retained. Also replaced usage of $User with $Headers in log messages for consistency.
Introduces an AsyncLocal-based per-request cache for user roles in Test-CIPPAccessUserRole and initializes it in New-CippCoreRequest to reduce redundant lookups. Also refines stopwatch timing logic in profile.ps1 to ensure accurate measurement and avoid errors when Application Insights is not configured.
Introduces per-request timing using Stopwatch for key steps in New-CippCoreRequest, including access checks, tenant/group resolution, and endpoint invocation. Timings are logged in a structured format for improved observability and performance diagnostics.
Introduced per-call profiling using Stopwatch in Test-CIPPAccess and Test-CIPPAccessUserRole functions. Timings for key operations are collected and logged for performance analysis, aiding in identifying bottlenecks during authentication and authorization flows.
Replaced all Write-Information calls for timing output with Write-Debug in authentication, HTTP request, and profile scripts. Updated Enable-CippConsoleLogging to set DebugPreference when CIPP_CONSOLE_LOG_LEVEL is 'Debug'. This change improves control over timing log verbosity and aligns with standard debugging practices.
Updated various scripts to use Write-Debug instead of Write-Information for internal logging and status messages. This change helps reduce noise in standard output and aligns logging with debug-level verbosity.
Log messages now include tags if provided, formatted as a comma-separated list in square brackets before the message. This enhances log clarity by associating tags directly with their messages.
Introduces Tools/Build-FunctionPermissions.ps1 to generate a JSON cache of function permissions for the CIPPCore module. Updates Test-CIPPAccess.ps1 to load permission data from this cache for improved performance, falling back to Get-Help if needed. Modifies the dev_api GitHub Actions workflow to run the new script during the build process.
Add function permissions cache and build script
When sending webhook alerts, the script now checks for CFZTNA extension configuration and, if enabled, adds CF-Access-Client-Id and CF-Access-Client-Secret headers to the API request. Also improves error handling by returning error messages when webhook sending fails.
Introduces Invoke-AddDomain.ps1 for adding domains and Invoke-ExecDomainAction.ps1 for verifying, deleting, or setting a domain as default for a tenant. These entrypoints interact with Microsoft Graph API and include input validation, error handling, and logging.
Introduced a $Step variable to track progress during API app creation and included the step in error logs for better troubleshooting. Added -maxRetries 3 to key New-GraphPOSTRequest calls to improve reliability of application password, identifier URI, and service principal creation.
Enhanced both publish_release and upload_dev GitHub Actions workflows to build PowerShell modules (CIPPCore and CippExtensions) using ModuleBuilder, with caching for dependencies to speed up builds. Also updated actions/checkout to v4 in upload_dev.yml and improved module build steps for consistency.
Upgraded GitHub Actions checkout to v4 and set persist-credentials to false in the publish_release workflow. Added FUNCTIONALITY and ROLE metadata comments to Invoke-ListExoRequest and Invoke-ListGroupSenderAuthentication PowerShell functions for improved documentation and consistency.
Dev to release
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )