Add Get/Read operations, better credential refreshing

2025-06-12 10:19:07 -07:00 · 2025-06-12 10:19:07 -07:00 · 00f8c5a775
commit 00f8c5a775
parent 5710176578
2 changed files with 182 additions and 90 deletions
--- a/ABMPS.psd1
+++ b/ABMPS.psd1
@ -8,50 +8,50 @@
@{
-# Script module or binary module file associated with this manifest.
+    # Script module or binary module file associated with this manifest.
-RootModule        = 'AppleBusinessManager.psm1'
+    RootModule        = 'AppleBusinessManager.psm1'
-# Version number of this module.
+    # Version number of this module.
-ModuleVersion     = '1.1'
+    ModuleVersion     = '1.2'
-# Supported PSEditions
+    # Supported PSEditions
-# CompatiblePSEditions = @()
+    # CompatiblePSEditions = @()
-# ID used to uniquely identify this module
+    # ID used to uniquely identify this module
-GUID              = 'ba7191aa-8343-45d4-941b-52ddc74d7cc7'
+    GUID              = 'ba7191aa-8343-45d4-941b-52ddc74d7cc7'
-# Author of this module
+    # Author of this module
-Author            = 'Liam Steckler'
+    Author            = 'Liam Steckler'
-# Company or vendor of this module
+    # Company or vendor of this module
-CompanyName       = 'Unknown'
+    CompanyName       = 'Unknown'
-# Copyright statement for this module
+    # Copyright statement for this module
-Copyright         = '(c) Liam Steckler. All rights reserved.'
+    Copyright         = '(c) Liam Steckler. All rights reserved.'
-# Description of the functionality provided by this module
+    # Description of the functionality provided by this module
-Description       = 'Authenticates and gets data from the Apple Business Manager APIs'
+    Description       = 'Authenticates and gets data from the Apple Business Manager APIs'
-# Minimum version of the PowerShell engine required by this module
+    # Minimum version of the PowerShell engine required by this module
-PowerShellVersion = '7.0.0'
+    PowerShellVersion = '7.0.0'
-# Name of the PowerShell host required by this module
+    # Name of the PowerShell host required by this module
-# PowerShellHostName = ''
+    # PowerShellHostName = ''
-# Minimum version of the PowerShell host required by this module
+    # Minimum version of the PowerShell host required by this module
-# PowerShellHostVersion = ''
+    # PowerShellHostVersion = ''
-# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+    # Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
-# DotNetFrameworkVersion = ''
+    # DotNetFrameworkVersion = ''
-# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+    # Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
-# ClrVersion = ''
+    # ClrVersion = ''
-# Processor architecture (None, X86, Amd64) required by this module
+    # Processor architecture (None, X86, Amd64) required by this module
-# ProcessorArchitecture = ''
+    # ProcessorArchitecture = ''
-# Modules that must be imported into the global environment prior to importing this module
+    # Modules that must be imported into the global environment prior to importing this module
-RequiredModules   = @(
+    RequiredModules   = @(
        @{
            ModuleName    = "jwtPS"
            ModuleVersion = "1.1.3"
@ -59,80 +59,80 @@ RequiredModules   = @(
        }
    )
-# Assemblies that must be loaded prior to importing this module
+    # Assemblies that must be loaded prior to importing this module
-# RequiredAssemblies = @()
+    # RequiredAssemblies = @()
-# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+    # Script files (.ps1) that are run in the caller's environment prior to importing this module.
-# ScriptsToProcess = @()
+    # ScriptsToProcess = @()
-# Type files (.ps1xml) to be loaded when importing this module
+    # Type files (.ps1xml) to be loaded when importing this module
-# TypesToProcess = @()
+    # TypesToProcess = @()
-# Format files (.ps1xml) to be loaded when importing this module
+    # Format files (.ps1xml) to be loaded when importing this module
-# FormatsToProcess = @()
+    # FormatsToProcess = @()
-# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+    # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
-# NestedModules = @()
+    # NestedModules = @()
-# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+    # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
-FunctionsToExport = '*'
+    FunctionsToExport = '*'
-# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+    # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
-CmdletsToExport   = '*'
+    CmdletsToExport   = '*'
-# Variables to export from this module
+    # Variables to export from this module
-VariablesToExport = '*'
+    VariablesToExport = '*'
-# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+    # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
-AliasesToExport   = '*'
+    AliasesToExport   = '*'
-# DSC resources to export from this module
+    # DSC resources to export from this module
-# DscResourcesToExport = @()
+    # DscResourcesToExport = @()
-# List of all modules packaged with this module
+    # List of all modules packaged with this module
-# ModuleList = @()
+    # ModuleList = @()
-# List of all files packaged with this module
+    # List of all files packaged with this module
-# FileList = @()
+    # FileList = @()
-# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+    # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
-PrivateData       = @{
+    PrivateData       = @{
-    PSData = @{
+        PSData = @{
-        # Tags applied to this module. These help with module discovery in online galleries.
+            # Tags applied to this module. These help with module discovery in online galleries.
-        Tags       = @('api', 'apple', 'applebusinessmanager')
+            Tags       = @('api', 'apple', 'applebusinessmanager')
-        # A URL to the license for this module.
+            # A URL to the license for this module.
-        LicenseUri = 'https://scm.gruezi.net/buckbanzai/abmps/src/branch/main/LICENSE'
+            LicenseUri = 'https://scm.gruezi.net/buckbanzai/abmps/src/branch/main/LICENSE'
-        # A URL to the main website for this project.
+            # A URL to the main website for this project.
-        ProjectUri = 'https://scm.gruezi.net/buckbanzai/abmps'
+            ProjectUri = 'https://scm.gruezi.net/buckbanzai/abmps'
-        # A URL to an icon representing this module.
+            # A URL to an icon representing this module.
-        # IconUri = ''
+            # IconUri = ''
-        # ReleaseNotes of this module
+            # ReleaseNotes of this module
-        # ReleaseNotes = ''
+            # ReleaseNotes = ''
-        # Prerelease string of this module
+            # Prerelease string of this module
-        # Prerelease = ''
+            # Prerelease = ''
-        # Flag to indicate whether the module requires explicit user acceptance for install/update/save
+            # Flag to indicate whether the module requires explicit user acceptance for install/update/save
-        # RequireLicenseAcceptance = $false
+            # RequireLicenseAcceptance = $false
-        # External dependent modules of this module
+            # External dependent modules of this module
-        # ExternalModuleDependencies = @()
+            # ExternalModuleDependencies = @()
-    } # End of PSData hashtable
+        } # End of PSData hashtable
-} # End of PrivateData hashtable
+    } # End of PrivateData hashtable
-# HelpInfo URI of this module
+    # HelpInfo URI of this module
-# HelpInfoURI = ''
+    # HelpInfoURI = ''
-# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+    # Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
-# DefaultCommandPrefix = ''
+    # DefaultCommandPrefix = ''
 }
--- a/AppleBusinessManager.psm1
+++ b/AppleBusinessManager.psm1
@ -7,14 +7,30 @@ function Connect-AppleBusinessManager {
        [string][Parameter(ParameterSetName = 'PrivateKeyAsString', Mandatory)]$PrivateKey,
        [string][Parameter(ParameterSetName = 'PrivateKeyAsString', Mandatory)]$PrivateKeyId
    )
-    if ($PSCmdlet.ParameterSetName -eq 'EnvironmentVariable') {
+
-        if (-not $Env:AppleBusinessManagerClientId -or -not $Env:AppleBusinessManagerPrivateKeyId -or -not $Env:AppleBusinessManagerPrivateKey) {
+    if ($PSBoundParameters.Count -eq 0) {
-            throw "Client ID, Private Key ID and Private Key environment variables were not set for Apple Business Manager"
+        # Parameters were not bound, check to see if they're already set before attempting to authenticate
        Write-Verbose "Checking to see if existing credentials were set at a script scope that can be re-used"
        if (-not $Script:ClientId -or -not $Script:PrivateKey -or -not $Script:PrivateKeyId) {
            Write-Verbose "Existing credentials not loaded, checking for environment variables"
            if ($PSCmdlet.ParameterSetName -eq 'EnvironmentVariable') {
                if (-not $Env:AppleBusinessManagerClientId -or -not $Env:AppleBusinessManagerPrivateKeyId -or -not $Env:AppleBusinessManagerPrivateKey) {
                    throw "Client ID, Private Key ID and Private Key environment variables were not set for Apple Business Manager"
                }
                $Script:ClientId = $Env:AppleBusinessManagerClientId
                $Script:PrivateKey = $Env:AppleBusinessManagerPrivateKey
                $Script:PrivateKeyId = $Env:AppleBusinessManagerPrivateKeyId
            }
        }
        $Script:ClientId = $Env:AppleBusinessManagerClientId
        $Script:PrivateKey = $Env:AppleBusinessManagerPrivateKey
        $Script:PrivateKeyId = $Env:AppleBusinessManagerPrivateKeyId
    }
    if ($PSCmdlet.ParameterSetName -eq 'PrivateKeyAsString') {
        # Assign the parameters to script scope so we can reuse them later
        $Script:ClientId = $ClientId
        $Script:PrivateKey = $PrivateKey
        $Script:PrivateKeyId = $PrivateKeyId
    }
    $Header = @{
        'kid' = $Script:PrivateKeyId
    }
@ -72,17 +88,93 @@ function Invoke-AppleBusinessManagerPagedApiRequest {
    )
    $Results = New-Object System.Collections.ArrayList
    while ($Uri) {
        Write-Verbose "Making request to $Uri"
        $Result = Invoke-RestMethod $Uri -Authentication Bearer -Token (Get-AppleBusinessManagerBearerToken) -ErrorAction Stop
        $Uri = $Result.links.next
-        $Results.AddRange($Result.data) | Out-Null
+        $Results.AddRange(@($Result.data)) | Out-Null
    }
    return $Results
 }
-function Get-AppleBusinessManagerOrgDevices {
+function Get-AppleBusinessManagerOrgDevice {
-    return Invoke-AppleBusinessManagerPagedApiRequest -Uri "https://api-business.apple.com/v1/orgDevices"
+    [Alias('Get-AppleBusinessManagerOrgDevices')]
    param (
        [Parameter(Mandatory, ParameterSetName = 'Read')][string] $OrgDeviceId,
        [Parameter(ParameterSetName = 'Read')]
        [Parameter(ParameterSetName = 'List')]
        [string[]] $Fields,
        [Parameter( ParameterSetName = 'Read')]
        [Parameter(ParameterSetName = 'List')]
        [int] $Limit
    )
    $Uri = switch ($PSCmdlet.ParameterSetName) {
        'Read' { "https://api-business.apple.com/v1/orgDevices/$([System.Web.HttpUtility]::UrlEncode($OrgDeviceId))" }
        Default { "https://api-business.apple.com/v1/orgDevices" }
    }
    $UriBuilder = [System.UriBuilder]::new($Uri)
    $QueryString = [System.Web.HttpUtility]::ParseQueryString($UriBuilder.Query)
    if ($PSBoundParameters.ContainsKey('Fields')) {
        $QueryString.Set('fields[orgDevices]', $Fields -join ',')
    }
    if ($PSBoundParameters.ContainsKey('Limit')) {
        $QueryString.Set('limit', $Limit)
    }
    $UriBuilder.Query = $QueryString.ToString()
    return Invoke-AppleBusinessManagerPagedApiRequest -Uri $UriBuilder.Uri
 }
-function Get-AppleBusinessManagerMdmServers {
+function Get-AppleBusinessManagerOrgDeviceMdmServerId {
-    return Invoke-AppleBusinessManagerPagedApiRequest -Uri "https://api-business.apple.com/v1/mdmServers"
+    param (
        [Parameter(Mandatory)]
        [string] $OrgDeviceId
    )
    return Invoke-AppleBusinessManagerPagedApiRequest -Uri "https://api-business.apple.com/v1/orgDevices/$([System.Web.HttpUtility]::UrlEncode($OrgDeviceId))/relationships/assignedServer"
 }
 function Get-AppleBusinessManagerOrgDeviceMdmServer {
    param (
        [Parameter(Mandatory)]
        [string] $OrgDeviceId,
        [string[]] $Fields
    )
    $UriBuilder = [System.UriBuilder]::new("https://api-business.apple.com/v1/orgDevices/$([System.Web.HttpUtility]::UrlEncode($OrgDeviceId))/assignedServer")
    $QueryString = [System.Web.HttpUtility]::ParseQueryString($UriBuilder.Query)
    if ($PSBoundParameters.ContainsKey('Fields')) {
        $QueryString.Set('fields[mdmServers]', $Fields -join ',')
    }
    $UriBuilder.Query = $QueryString.ToString()
    return Invoke-AppleBusinessManagerPagedApiRequest -Uri $UriBuilder.Uri
 }
 function Get-AppleBusinessManagerMdmServer {
    [Alias('Get-AppleBusinessManagerMdmServers')]
    param (
        [string[]] $Fields,
        [int] $Limit
    )
    $UriBuilder = [System.UriBuilder]::new("https://api-business.apple.com/v1/mdmServers")
    $QueryString = [System.Web.HttpUtility]::ParseQueryString($UriBuilder.Query)
    if ($PSBoundParameters.ContainsKey('Fields')) {
        $QueryString.Set('fields[mdmServers]', $Fields -join ',')
    }
    if ($PSBoundParameters.ContainsKey('Limit')) {
        $QueryString.Set('limit', $Limit)
    }
    $UriBuilder.Query = $QueryString.ToString()
    return Invoke-AppleBusinessManagerPagedApiRequest -Uri $UriBuilder.Uri
 }
 function Get-AppleBusinessManagerMdmServerDevice {
    param (
        [Parameter(Mandatory)]
        [string] $MdmServerId,
        [int] $Limit
    )
    $UriBuilder = [System.UriBuilder]::new("https://api-business.apple.com/v1/mdmServers/$([System.Web.HttpUtility]::UrlEncode($MdmServerId))/relationships/devices")
    $QueryString = [System.Web.HttpUtility]::ParseQueryString($UriBuilder.Query)
    if ($PSBoundParameters.ContainsKey('Limit')) {
        $QueryString.Set('limit', $Limit)
    }
    $UriBuilder.Query = $QueryString.ToString()
    return Invoke-AppleBusinessManagerPagedApiRequest -Uri $UriBuilder.Uri
 }