public/provisioning.ps1
|
function Update-NimbusDependencies { Param( [Parameter(Mandatory = $false)] [ValidateSet('portal_nimbload_com' , 'portal_luware_cloud', 'portal_stage_nimbdev_com', 'portal_uat_nimbdev_com')] [string]$env = 'placeholder', [Parameter(Mandatory = $false)] [object]$webhookData ) Check-Module # Initialize the variables if ( $inRunbook ) { $cred = Get-AutomationPSCredential -Name nimbusCredentials $env = Get-AutomationVariable -Name nimbusEnvironment $callbackUrl = Get-AutomationVariable -Name callBackUrl $callbackUrl = [Text.Encoding]::Utf8.GetString( [Convert]::FromBase64String( $callbackUrl ) ) } else { $cred = New-CredentialsPrompt "AzureAd" } $pstnNumbers = [System.Collections.ArrayList]@() $callingBotPermissions = "Calls.Initiate.All", "Calls.InitiateGroupCall.All", "Calls.JoinGroupCall.All", "Calls.JoinGroupCallAsGuest.All", "OnlineMeetings.ReadWrite.All","Calls.AccessMedia.All" $generalBotPermissions = "Directory.Read.All", "Group.Read.All", "User.Read.All" $mediaBotPermissions = "Calls.AccessMedia.All","Calls.Initiate.All","Calls.InitiateGroupCall.All","Calls.JoinGroupCall.All","Calls.JoinGroupCallAsGuest.All" $nimbusDomain = $mapper.$env.domain $nimbusAppId = $mapper.$env.nimbusAppId $mediaBotId = $mapper.$env.mediaBotId New-AzureAdLogin $cred New-MsolLogin $cred New-SkypeOnlineLogin $cred $webSession, $tenant = New-NimbusLogin -domain $nimbusDomain # Retrieve pending changes if ( $inRunbook ) { try { $uri = "https://{0}/api/provisioning/v1/tenants/{1}/service-details/{2}" -f $nimbusDomain, $tenant, $webhookData.teamId $teams = Invoke-WebRequest -WebSession $webSession -Uri $uri -UseBasicParsing | ConvertFrom-Json } catch { Write-Error "Web Request Failed. StatusCode: $($_.Exception.Response.StatusCode.Value__)" Write-Error "Could not get changes for your tenant. Exiting." Write-Error $_.Exception.Message Cleanup-Environment -exitCode 1 } $teamJson = $teams | ConvertTo-Json -Compress -ErrorAction SilentlyContinue $webhookDataJson = $webhookData | ConvertTo-Json -Compress -ErrorAction SilentlyContinue if ( -not $teams -or ( Compare-Object $teamJson $webhookDataJson ) ) { Write-Error "Configuration mismatch, sending failure email." Write-Error $webhookDataJson $webhookData | Add-Member -MemberType NoteProperty -Name failed -Value $true -Force Invoke-RestMethod ` -Method:Post ` -UseBasicParsing ` -Uri $callbackUrl ` -Body ( $webhookData | ConvertTo-Json -Compress -Depth 5 ) ` -ContentType 'application/json' Cleanup-Environment -exitCode 1 } } else { try { $teams = Invoke-WebRequest ` -WebSession $webSession ` -Uri "https://$nimbusDomain/api/facade/v1/provisioning/tenants/$tenant/service-details" | ConvertFrom-Json } catch { Write-Output "Web Request Failed. StatusCode: $($_.Exception.Response.StatusCode.Value__)" Write-Output "Could not get changes for your tenant. Exiting" Cleanup-Environment -exitCode 1 } } try { Write-Output "Granting permissions for main Nimbus App" Update-ServicePrincipal -appId $nimbusAppId -permissions $generalBotPermissions Update-ServicePrincipal -appId $mediaBotId -permissions $mediaBotPermissions Write-Output " [Done]" } catch { Write-Output "[Failed]" } if ( Read-HostProxy "Would you like to re-grant all permissions to all the bots configured in your tenant? (Default is No)" ) { try { $botIds = Invoke-WebRequest ` -WebSession $webSession ` -Uri "https://$nimbusDomain/api/facade/v1/provisioning/tenants/$tenant/bot-ids" | ConvertFrom-Json Write-Output "Granting permissions for all $($botIds.Length) configured bots in your tenant" foreach ( $botId in $botIds ) { Update-ServicePrincipal -appId $botId -permissions $callingBotPermissions Set-CsApplicationMeetingConfiguration -AllowRemoveParticipantAppIds @{Add="$($botId)"} Write-Output "Bot $botId - All permissions were granted" } Write-Output " [Done]" } catch { Write-Error ( $_.Exception | Format-List -Force | Out-String ) -ErrorAction Continue Write-Error ( $_.InvocationInfo | Format-List -Force | Out-String ) -ErrorAction Continue Write-Output "Web Request Failed. StatusCode: $($_.Exception.Response.StatusCode.Value__)" Write-Output "Could not get existing botIds. Will continue with pending changes." } } else { Write-Output "Skip re-granting all permissions" } # Apply updates (prompt user if using interactive mode) Write-Output "Fetched Changes for $($teams | Measure-Object | Select-Object -ExpandProperty count) Teams..." foreach ($team in $teams) { Write-Output "=============================================================" Write-Output "=============================================================" Write-Output "Team: $($team.teamName)" Write-Output "-------------------------------------------------------------" if ( -not [string]::IsNullOrEmpty($team.applicationId) -and $team.isSuspended ) { if ( Read-HostProxy "Would you like to delete the ApplicationInstance of '$($team.teamName)'? The team is suspended. (Default is No)" ) { Write-Output "Removing ApplicationInstance for '$($team.teamName)'..." try { Remove-AzureADUser -ObjectId $team.applicationId -ErrorAction SilentlyContinue Sync-CsOnlineApplicationInstance -ObjectId $team.applicationId -ErrorAction SilentlyContinue } catch { Write-Output "[Failed]" Write-Output "Application Instance doesn't exist anymore" } finally { $team.applicationId = $null Invoke-WebRequest ` -WebSession $webSession ` -Method:Post ` -Uri "https://$nimbusDomain/api/provisioning/v1/tenants/$tenant/service-details/apply" ` -ContentType "application/json" ` -Body ($team | ConvertTo-Json) | Out-Null Write-Output " [Done]" } } else { Write-Output "Skip removing ApplicationInstance for '$($team.teamName)'" } } elseif ( [string]::IsNullOrEmpty($team.applicationId) ) { Write-Output "Values to be set:" Write-Output ($team.teamServiceDetails | Format-Table | Out-String) if ([string]::IsNullOrEmpty($team.teamServiceDetails.upn)) { Write-Output "No Upn is set. Please configure this team correctly." Write-Output "=============================================================" continue } if ( Read-HostProxy "Would you like to create an ApplicationInstance for '$($team.teamName)'? (Default is No)" ) { try { Write-Output "Granting permissions for Calling Bot Application" Update-ServicePrincipal -appId $team.botId -permissions Set-CsApplicationMeetingConfiguration -AllowRemoveParticipantAppIds @{Add="$($team.botId)"} Write-Output " [Done]" } catch { Write-Output "[Failed]" } Write-Output "Creating ApplicationInstance for '$($team.teamName)'..." try { try { $app = New-CsOnlineApplicationInstance -UserPrincipalName $team.teamServiceDetails.upn -DisplayName $team.teamServiceDetails.name -ApplicationId $team.botId } catch [System.Management.Automation.RemoteException] { if ($Error[0].Exception -match "provided UserPrincipalName is already used") { try { Write-Output " Upn already used. Generating new one..." $team.teamServiceDetails = Invoke-WebRequest ` -WebSession $webSession ` -Uri "https://$nimbusDomain/api/teammanager/v1/tenants/$tenant/teams/$($team.teamId)/service-details/regenerate-upn" | ConvertFrom-Json Write-Output " [Done]" } catch { Write-Output "[Failed]" Write-Output " Web Request Failed. StatusCode: $($_.Exception.Response.StatusCode.Value__)" Write-Output "[Failed]" continue } $app = New-CsOnlineApplicationInstance -UserPrincipalName $team.teamServiceDetails.upn -DisplayName $team.teamServiceDetails.name -ApplicationId $team.botId } else { Cleanup-Environment -exitCode 1 } } Sync-CsOnlineApplicationInstance -ObjectId $app.ObjectId $team.applicationId = $app.ObjectId $isDone = Update-Pstn -teamToCheck $team if ( -not $isDone ) { $pstnNumbers.Add($team) | Out-Null Write-Output "[Pending]" Write-Output " Could not yet complete PSTN number assignment will try again at the end." } else { Invoke-WebRequest ` -WebSession $webSession ` -Method:Post ` -Uri "https://$nimbusDomain/api/provisioning/v1/tenants/$tenant/service-details/apply" ` -ContentType "application/json" ` -Body ($team | ConvertTo-Json) | Out-Null Write-Output " [Done]" } } catch [System.Management.Automation.RemoteException] { Write-Output "[Failed]" Write-Output " Could not create ApplicationInstance $($_.Exception)" Write-Output " Please check your configuration." continue } catch { Write-Output "[Failed]" Write-Output " Web Request Failed. StatusCode: $($_.Exception.Response.StatusCode.Value__)" Write-Output " An Error occurred sending the update to Nimbus." continue } } else { Write-Output "Skip creating ApplicationInstance for '$($team.teamName)'" } } else { Write-Output "Values to be updated:" Write-Output ( $team.teamServiceDetails | Format-Table | Out-String ) if ( Read-HostProxy "Would you like to update the ApplicationInstance for '$($team.teamName)'? (Default is No)" ) { try { Write-Output "Updating ApplicationInstance for '$($team.teamName)'..." if ( -not [string]::IsNullOrEmpty($team.teamServiceDetails.upn) ) { try { Write-Output " Setting new UPN..." Set-MsolUserPrincipalName -ObjectId $team.applicationId -NewUserPrincipalName $team.teamServiceDetails.upn Write-Output " [Done]" } catch [Microsoft.Online.Administration.Automation.MicrosoftOnlineException] { if ($_.Exception -match "user principal name already exists") { Write-Output "[Failed]" Write-Output " $($_.Exception)" try { Write-Output " Regenerating UPN..." $team.teamServiceDetails = Invoke-WebRequest ` -WebSession $webSession ` -Uri "https://$nimbusDomain/api/teammanager/v1/tenants/$tenant/teams/$($team.teamId)/service-details/regenerate-upn" | ConvertFrom-Json Set-MsolUserPrincipalName -ObjectId $team.applicationId -NewUserPrincipalName $team.teamServiceDetails.upn Write-Output " [Done]" } catch { Write-Output "[Failed]" Write-Output " $($_.Exception)" $team.teamServiceDetails.PsObject.Properties.Remove('upn') } } else { Write-Output "[Failed]" Write-Output " $($_.Exception)" $team.teamServiceDetails.PsObject.Properties.Remove('upn') } } } if ( -not [string]::IsNullOrEmpty($team.teamServiceDetails.name) ) { Set-CsOnlineApplicationInstance -Identity $team.applicationId -DisplayName $team.teamServiceDetails.name | Out-Null } $isDone = Update-Pstn -teamToCheck $team Sync-CsOnlineApplicationInstance -ObjectId $team.applicationId if ( -not $isDone ) { $pstnNumbers.Add($team) | Out-Null Write-Output "[Pending]" Write-Output " Could not yet complete PSTN number assignment will try again at the end." } else { Invoke-WebRequest ` -WebSession $webSession ` -Method:Post ` -Uri "https://$nimbusDomain/api/provisioning/v1/tenants/$tenant/service-details/apply" ` -ContentType "application/json" ` -Body ( $team | ConvertTo-Json -Compress -Depth 5 ) | Out-Null Write-Output " [Done]" } } catch [System.Management.Automation.RemoteException] { Write-Output "[Failed]" Write-Output " Could not update ApplicationInstance $($_.Exception)" Write-Output " Please check your configuration." continue } catch [System.Net.WebException] { Write-Output "[Failed]" Write-Output " Web Request Failed. StatusCode: $($_.Exception.Response.StatusCode.Value__)" Write-Output " An Error occurred sending the update to Nimbus." continue } catch { Write-Output "[Failed]" Write-Output " An unexpected error occurred: $($_.Exception.Response.StatusCode.Value__)" } } else { Write-Output "Skip updating ApplicationInstance for '$($team.teamName)'" } Write-Output "=============================================================" } Write-Output "" Write-Output "" } $tries = 0 while ( $pstnNumbers.Count -gt 0 -and $tries -lt 10 ) { Write-Output "Retry to set pending PSTN number changes in 1 minute." 0..12 | Foreach-Object { Write-Output "." Start-Sleep -Seconds 5 } for ( $i = 0; $i -lt $pstnNumbers.Count; $i++ ) { $team = $pstnNumbers[$i] Write-Output "=============================================================" Write-Output "Team '$($team.teamName)'" $isDone = Add-PhoneNumber -ObjectId $team.applicationId -PstnNumber $team.teamServiceDetails.pstnNumber if ( $isDone ) { $pstnNumbers.RemoveAt($i) Update-NimbusServicePrincipal -team $team Write-Output " [Done]" if ( $pstnNumber.Count -eq 0 ) { break } $i-- } else { if ( $tries -eq 9 ) { Write-Output "[Failed]" } else { Write-Output "[Pending]" } } } $tries++ } if ( $pstnNumbers.Count -gt 0 ) { Write-Output "Unfortunately, not all numbers could be set." foreach ( $team in $pstnNumbers ) { $team.teamServiceDetails.PsObject.Properties.Remove('pstnNumber') Update-NimbusServicePrincipal -team $team } } Cleanup-Environment } |