fix application copy

Author: JohnDuprey

Modules/CIPPCore/Public/GraphHelper/Get-CippException.ps1

@@ -8,6 +8,7 @@ function Get-CippException {
         Message         = $Exception.Exception.Message
         NormalizedError = Get-NormalizedError -message $Exception.Exception.Message
         Position        = $Exception.InvocationInfo.PositionMessage
+        StackTrace      = ($Exception.ScriptStackTrace | Out-String)
         ScriptName      = $Exception.InvocationInfo.ScriptName
         LineNumber      = $Exception.InvocationInfo.ScriptLineNumber
         Category        = $Exception.CategoryInfo.ToString()

Modules/CIPPCore/Public/New-CIPPApplicationCopy.ps1

@@ -4,43 +4,74 @@ function New-CIPPApplicationCopy {
         $App,
         $Tenant
     )
-    $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/servicePrincipals?$top=999' -tenantid $env:TenantID -NoAuthCheck $true
-    try {
-        $ExistingApp = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/Applications(appId='$($app)')" -tenantid $ENV:TenantID -NoAuthCheck $true
-        $Type = 'Application'
-    } catch {
-        $ExistingApp = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/servicePrincipals(appId='$($app)')/oauth2PermissionGrants" -tenantid $ENV:TenantID -NoAuthCheck $true
-        $ExistingAppRoleAssignments = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/servicePrincipals(appId='$($app)')/appRoleAssignments" -tenantid $ENV:TenantID -NoAuthCheck $true
-        $Type = 'ServicePrincipal'
-    }
-    if (!$ExistingApp) {
-        Write-LogMessage -message "Failed to add $App to tenant. This app does not exist." -tenant $tenant -API 'Application Copy' -sev error
-        continue
+
+    Write-Information "Copying application $($App) to tenant $Tenant"
+    $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/v1.0/servicePrincipals?$top=999' -tenantid $env:TenantID -NoAuthCheck $true -AsApp $true
+
+    if ($CurrentInfo.appId -notcontains $App) {
+        Write-Information "Application $($App) not found in partner tenant. Cannot copy permissions."
+        throw 'We cannot copy permissions for this application because is not registered in the partner tenant.'
     }
-    if ($Type -eq 'Application') {
-        $DelegateResourceAccess = $Existingapp.requiredResourceAccess
-        $ApplicationResourceAccess = $Existingapp.requiredResourceAccess
-        $NoTranslateRequired = $false
-    } else {
-        $DelegateResourceAccess = $ExistingApp | Group-Object -Property resourceId | ForEach-Object {
-            [pscustomobject]@{ resourceAppId = ($CurrentInfo | Where-Object -Property id -EQ $_.Name).appId; resourceAccess = @($_.Group | ForEach-Object { [pscustomobject]@{ id = $_.scope; type = 'Scope' } } )
+
+    try {
+        try {
+            $ExistingApp = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/applications(appId='$($app)')" -tenantid $ENV:TenantID -NoAuthCheck $true -AsApp $true
+            $Type = 'Application'
+        } catch {
+            $ExistingApp = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/servicePrincipals(appId='$($app)')/oauth2PermissionGrants" -tenantid $ENV:TenantID -NoAuthCheck $true -AsApp $true
+            $ExistingAppRoleAssignments = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/servicePrincipals(appId='$($app)')/appRoleAssignments" -tenantid $ENV:TenantID -NoAuthCheck $true -AsApp $true
+            $Type = 'ServicePrincipal'
+        }
+        if (!$ExistingApp) {
+            Write-LogMessage -message "Failed to add $App to tenant. This app does not exist." -tenant $tenant -API 'Application Copy' -sev error
+            continue
+        }
+        if ($Type -eq 'Application') {
+            Write-Information 'App type: Application'
+            $DelegateResourceAccess = $Existingapp.requiredResourceAccess
+            $ApplicationResourceAccess = $Existingapp.requiredResourceAccess
+            $NoTranslateRequired = $false
+        } else {
+            Write-Information 'App type: ServicePrincipal'
+            $DelegateResourceAccess = $ExistingApp | Group-Object -Property resourceId | ForEach-Object {
+                [pscustomobject]@{ resourceAppId = ($CurrentInfo | Where-Object -Property id -EQ $_.Name).appId; resourceAccess = @($_.Group | ForEach-Object { [pscustomobject]@{ id = $_.scope; type = 'Scope' } } )
+                }
             }
+            $ApplicationResourceAccess = $ExistingappRoleAssignments | Group-Object -Property ResourceId | ForEach-Object {
+                [pscustomobject]@{ resourceAppId = ($CurrentInfo | Where-Object -Property id -EQ $_.Name).appId; resourceAccess = @($_.Group | ForEach-Object { [pscustomobject]@{ id = $_.appRoleId; type = 'Role' } } )
+                }
+            }
+            $NoTranslateRequired = $true
         }
-        $ApplicationResourceAccess = $ExistingappRoleAssignments | Group-Object -Property ResourceId | ForEach-Object {
-            [pscustomobject]@{ resourceAppId = ($CurrentInfo | Where-Object -Property id -EQ $_.Name).appId; resourceAccess = @($_.Group | ForEach-Object { [pscustomobject]@{ id = $_.appRoleId; type = 'Role' } } )
+        $TenantInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/servicePrincipals?$top=999' -tenantid $Tenant -NoAuthCheck $true -AsApp $true
+
+        if ($App -Notin $TenantInfo.appId) {
+            Write-Information "Creating service principal with ID: $($App)"
+            $Body = @{
+                appId = $App
             }
+            $Body = $Body | ConvertTo-Json -Compress
+            Write-Information ($Body | ConvertTo-Json -Depth 10)
+            $null = New-GraphPostRequest 'https://graph.microsoft.com/v1.0/servicePrincipals' -type POST -tenantid $Tenant -body $Body -AsApp $true
+            Write-LogMessage -message "Added $App as a service principal" -tenant $tenant -API 'Application Copy' -sev Info
+
+        } else {
+            Write-Information "Service principal with ID: $($App) already exists in tenant $Tenant"
         }
-        $NoTranslateRequired = $true
-    }
-    $TenantInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/servicePrincipals?$top=999' -tenantid $Tenant -NoAuthCheck $true
 
-    if ($App -Notin $TenantInfo.appId) {
-        $null = New-GraphPostRequest 'https://graph.microsoft.com/beta/servicePrincipals' -type POST -tenantid $Tenant -body "{ `"appId`": `"$($App)`" }"
-        Write-LogMessage -message "Added $App as a service principal" -tenant $tenant -API 'Application Copy' -sev Info
-    }
-    Add-CIPPApplicationPermission -RequiredResourceAccess $ApplicationResourceAccess -ApplicationId $App -Tenantfilter $Tenant
-    Add-CIPPDelegatedPermission -RequiredResourceAccess $DelegateResourceAccess -ApplicationId $App -Tenantfilter $Tenant -NoTranslateRequired $NoTranslateRequired
-    Write-LogMessage -message "Added permissions to $app" -tenant $tenant -API 'Application Copy' -sev Info
+        if ($DelegateResourceAccess) {
+            Add-CIPPDelegatedPermission -RequiredResourceAccess $ApplicationResourceAccess -ApplicationId $App -Tenantfilter $Tenant
+        }
+        if ($ApplicationResourceAccess) {
+            Add-CIPPApplicationPermission -RequiredResourceAccess $ApplicationResourceAccess -ApplicationId $App -Tenantfilter $Tenant
+        }
+        Write-LogMessage -message "Added permissions to $app" -tenant $tenant -API 'Application Copy' -sev Info
 
-    return $Results
+        return $Results
+    } catch {
+        Write-Warning "Failed to copy application $($App) to tenant $Tenant. Error: $($_.Exception.Message)"
+        Write-Information $_.InvocationInfo.PositionMessage
+        Write-Information ($_.ScriptStackTrace | Out-String)
+        throw $_.Exception.Message
+    }
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1

@@ -30,33 +30,30 @@ function Invoke-CIPPStandardAppDeploy {
 
     param($Tenant, $Settings)
     $AppsToAdd = $Settings.appids -split ','
+    $AppExists = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/servicePrincipals?$top=999' -tenantid $Tenant
 
-    If ($Settings.remediate -eq $true) {
-        ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'AppDeploy'
-        if ($Rerun -eq $true) {
-            exit 0
-        }
+    if ($Settings.remediate -eq $true) {
         foreach ($App In $AppsToAdd) {
+            $App = $App.Trim()
+            if (!$App) {
+                continue
+            }
+            $Application = $AppExists | Where-Object -Property appId -EQ $App
             try {
                 New-CIPPApplicationCopy -App $App -Tenant $Tenant
-                Write-LogMessage -API 'Standards' -tenant $tenant -message "Added $App to $Tenant and update it's permissions" -sev Info
+                Write-LogMessage -API 'Standards' -tenant $tenant -message "Added application $($Application.displayName) ($App) to $Tenant and updated it's permissions" -sev Info
             } catch {
                 $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
-                Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to add app $App. Error: $ErrorMessage" -sev Error
+                Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to add app $($Application.displayName) ($App). Error: $ErrorMessage" -sev Error
             }
         }
     }
 
     if ($Settings.alert) {
-        $AppExists = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/servicePrincipals?$top=999' -tenantid $Tenant
+
         $MissingApps = foreach ($App in $AppsToAdd) {
-            try {
-                if ($App -notin $AppExists.appId) {
-                    $App
-                }
-            } catch {
-                $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
-                Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to check app $App. Error: $ErrorMessage" -sev Error
+            if ($App -notin $AppExists.appId) {
+                $App
             }
         }