added webhook subscription management

DChorn-ANS · Jul 30, 2023 · e494767 · e494767
1 parent 38ac3c8
commit e494767
Show file tree

Hide file tree

Showing 3 changed files with 102 additions and 0 deletions.
diff --git a/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1 b/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1
@@ -0,0 +1,46 @@
+function New-CIPPGraphSubscription {
+    [CmdletBinding()]
+    param (
+        $TenantFilter,
+        $TypeofSubscription,
+        $Resource,
+        $EventType,
+        $APIName = "Create Webhook",
+        $ExecutingUser
+    )
+    $CIPPID = (New-Guid).GUID
+    $expiredate = (Get-Date).AddDays(1).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
+    $params = @{
+        changeType         = $TypeofSubscription
+        notificationUrl    = "https://webhook.site/9650bc4a-0120-41de-8ffd-6616e71244e1?EventType=$EventType&CIPPID=$CIPPID"
+        resource           = $Resource
+        expirationDateTime = $expiredate
+    } | ConvertTo-Json
+
+    try {
+        $GraphRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/subscriptions" -tenantid $TenantFilter -type POST -body $params -verbose
+        #If creation is succesfull, we store the GUID in the storage table webhookTable to make sure we can check against this later on. 
+        #We store the GUID as rowkey, the event type, the resource, and the expiration date as properties, we also add the Tenant name so we can easily find this later on.
+        #We don't store the return, because Ms decided that a renewal or re-authenticate does not change the url, but does change the id...
+        $WebhookTable = Get-CIPPTable -TableName webhookTable
+        $WebhookRow = @{
+            PartitionKey           = [string]$TenantFilter
+            RowKey                 = [string]$CIPPID
+            EventType              = [string]$EventType
+            Resource               = [string]$Resource
+            Expiration             = [string]$expiredate
+            WebhookNotificationUrl = [string]$GraphRequest.notificationUrl
+        }
+        $null = Add-AzDataTableEntity @WebhookTable -Entity $WebhookRow
+        #todo: add remove webhook function, add check webhook function, add list webhooks function
+        #add refresh webhook function based on table. 
+        Write-LogMessage -user $ExecutingUser -API $APIName -message "Created Webhook subscription for $($TenantFilter)" -Sev "Info" -tenant $TenantFilter
+        return "Created Webhook subscription for $($TenantFilter)"
+    }
+    catch {
+        Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to create Webhook Subscription: $($_.Exception.Message)" -Sev "Error" -tenant $TenantFilter
+        Return "Failed to create Webhook Subscription: $($_.Exception.Message)" 
+    }
+
+}
+
diff --git a/Modules/CIPPCore/Public/Remove-CIPPGraphSubcription.ps1 b/Modules/CIPPCore/Public/Remove-CIPPGraphSubcription.ps1
@@ -0,0 +1,22 @@
+function Remove-CIPPGraphSubscription {
+    [CmdletBinding()]
+    param (
+        $TenantFilter,
+        $CIPPID,
+        $APIName = "Remove Graph Webhook",
+        $ExecutingUser
+    )
+    try {
+        $WebhookTable = Get-CIPPTable -TableName webhookTable
+        $WebhookRow = Get-AzDataTableEntity @WebhookTable | Where-Object { $_.RowKey -eq $CIPPID }
+        $OldID = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/subscriptions" -tenantid $TenantFilter) | Where-Object { $_.notificationUrl -eq $WebhookRow.WebhookNotificationUrl }
+        $GraphRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/subscriptions/$($oldId.ID)" -tenantid $TenantFilter -type DELETE -body {} -Verbose
+        $null = Remove-AzDataTableEntity @WebhookTable -Entity $WebhookRow
+        return "Remove webhook subscription to $($GraphRequest.value.notificationUrl)" 
+
+    }
+    catch {
+        Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to renew Webhook Subscription: $($_.Exception.Message)" -Sev "Error" -tenant $TenantFilter
+        return "Failed to remove Webhook Subscription $($GraphRequest.value.notificationUrl): $($_.Exception.Message)" 
+    }
+}
diff --git a/Modules/CIPPCore/Public/Set-CIPPGraphSubscription.ps1 b/Modules/CIPPCore/Public/Set-CIPPGraphSubscription.ps1
@@ -0,0 +1,34 @@
+function Set-CIPPGraphSubscription {
+    [CmdletBinding()]
+    param (
+        $TenantFilter,
+        $RenewSubscriptions,
+        $Resource,
+        $EventType,
+        $APIName = "Set Graph Webhook",
+        $ExecutingUser
+    )
+
+    if ($RenewSubscriptions) {
+        $RenewalDate = (Get-Date).AddDays(1).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
+        $body = @{
+            "expirationDateTime" = "$RenewalDate"
+        } | ConvertTo-Json
+        $ExistingSub = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/subscriptions" -tenantid $TenantFilter) | ForEach-Object {
+            try {
+                $GraphRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/subscriptions/$($_.id)" -tenantid $TenantFilter -type PATCH -body $body -Verbose
+                $WebhookTable = Get-CIPPTable -TableName webhookTable
+                #get the row from the table, grab it by the webhook notification url, and update the expiration date.
+                $WebhookRow = Get-AzDataTableEntity @WebhookTable | Where-Object { $_.WebhookNotificationUrl -eq $GraphRequest.notificationUrl }
+                $WebhookRow.Expiration = $RenewalDate
+                $null = Add-AzDataTableEntity @WebhookTable -Entity $WebhookRow -Force
+                return "Renewed $($GraphRequest.notificationUrl)" 
+
+            }
+            catch {
+                Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to renew Webhook Subscription: $($_.Exception.Message)" -Sev "Error" -tenant $TenantFilter
+                return   "Failed to renew Webhook Subscription $($WebhookRow.RowKey): $($_.Exception.Message)" 
+            }
+        }
+    }
+}