larryh/corso
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
corso/src/cmd/purge/scripts/exchangePurge.ps1
Georgi Matev 6c989dbd78
Adding new OneDrive and Sharepoint CI cleanup (#2870) 
New script for OneDrive and Sharepoint cleanup 

Commit by commit review is encouraged for readability since this involves renames of older scripts.


---

#### Does this PR need a docs update or release note?

- [ ]  Yes, it's included
- [ ] 🕐 Yes, but in a later PR
- [x]  No

#### Type of change

<!--- Please check the type of change your PR introduces: --->
- [ ] 🌻 Feature
- [ ] 🐛 Bugfix
- [ ] 🗺️ Documentation
- [ ] 🤖 Test
- [x] 💻 CI/Deployment
- [ ] 🧹 Tech Debt/Cleanup

#### Issue(s)


#### Test Plan

<!-- How will this be tested prior to merging.-->
- [x] 💪 Manual
- [ ]  Unit test
- [ ] 💚 E2E

Tested this with `nektos/act `so action logic should be mostly sound. There is one issue with the script installed for exchange that I believe is just a difference the container image used by GHA and the local I could use for `act`
2023-03-20 20:36:27 +00:00

532 lines
19 KiB
PowerShell
Raw Blame History

[CmdletBinding(SupportsShouldProcess)]
Param (
[Parameter(Mandatory = $True, HelpMessage = "User for which to delete folders")]
[String]$User,
[Parameter(Mandatory = $True, HelpMessage = "Purge folders or contacts before this date time (UTC)")]
[datetime]$PurgeBeforeTimestamp,
[Parameter(Mandatory = $True, HelpMessage = "Name of specific folder to purge under root")]
[String[]]$FolderNamePurgeList,
[Parameter(Mandatory = $True, HelpMessage = "Purge folders with this prefix")]
[String[]]$FolderPrefixPurgeList,
[Parameter(Mandatory = $False, HelpMessage = "Azure TenantId")]
[String]$TenantId = $ENV:AZURE_TENANT_ID,
[Parameter(Mandatory = $False, HelpMessage = "Azure ClientId")]
[String]$ClientId = $ENV:AZURE_CLIENT_ID,
[Parameter(Mandatory = $False, HelpMessage = "Azure ClientSecret")]
[String]$ClientSecret = $ENV:AZURE_CLIENT_SECRET
)
Set-StrictMode -Version 2.0
# Attempt to set network timeout to 10min
[System.Net.ServicePointManager]::MaxServicePointIdleTime = 600000
function Get-AccessToken {
[CmdletBinding()]
Param()
if ([String]::IsNullOrEmpty($TenantId) -or [String]::IsNullOrEmpty($ClientId) -or [String]::IsNullOrEmpty($ClientSecret)) {
Write-Host "`nNeed to specify TenantId, ClientId, and ClientSecret as parameters or ENVs"
}
$body = @{
client_id = $ClientId
client_secret = $ClientSecret
scope = "https://outlook.office365.com/.default"
grant_type = "client_credentials"
}
$res = Invoke-WebRequest -Uri "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" -ContentType "application/x-www-form-urlencoded" -Body $body -Method Post
return $res.content | ConvertFrom-Json | Select-Object -ExpandProperty access_token
}
function Initialize-SOAPMessage {
[CmdletBinding()]
Param(
[Parameter(Mandatory = $True, HelpMessage = "User for which to delete folders")]
[String]$User,
[Parameter(Mandatory = $True, HelpMessage = "The message body")]
[String]$Body
)
$Message = @"
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages"
xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<t:ExchangeImpersonation>
<t:ConnectingSID>
<t:PrimarySmtpAddress>$User</t:PrimarySmtpAddress>
</t:ConnectingSID>
</t:ExchangeImpersonation>
</soap:Header>
<soap:Body>
$Body
</soap:Body>
</soap:Envelope>
"@
return $Message
}
function Invoke-SOAPRequest {
[CmdletBinding()]
Param(
[Parameter(Mandatory = $True, HelpMessage = "OAuth token to connect to Exchange Online.")]
[securestring]$Token,
[Parameter(Mandatory = $True, HelpMessage = "The message ")]
[String]$Message,
[Parameter(Mandatory = $False, HelpMessage = "The http method")]
[String]$Method = "Post"
)
# EWS service url for Exchange Online
$webServiceUrl = "https://outlook.office365.com/EWS/Exchange.asmx"
$Response = Invoke-WebRequest -Uri $webServiceUrl -Authentication Bearer -Token $Token -Body $Message -Method $Method
[xml]$xmlResponse = $Response.Content
return $xmlResponse
}
function IsNameMatch {
Param(
[Parameter(Mandatory = $True, HelpMessage = "Folder name to evaluate for match against a list of targets")]
[string]$FolderName,
[Parameter(Mandatory = $True, HelpMessage = "Folder names to evaluate for match")]
[string[]]$FolderNamePurgeList = @()
)
return ($FolderName -in $FolderNamePurgeList)
}
function IsPrefixAndAgeMatch {
Param(
[Parameter(Mandatory = $True, HelpMessage = "Folder name to evaluate for match against a list of targets")]
[string]$FolderName,
[Parameter(Mandatory = $True, HelpMessage = "Folder creation times")]
[string]$FolderCreateTime,
[Parameter(Mandatory = $True, HelpMessage = "Folder name prefixes to evaluate for match")]
[string[]]$FolderPrefixPurgeList,
[Parameter(Mandatory = $TRUE, HelpMessage = "Purge folders before this date time (UTC)")]
[datetime]$PurgeBeforeTimestamp
)
if ($PurgeBeforeTimestamp -gt $folderCreateTime ) {
foreach ($prefix in $FolderPrefixPurgeList) {
if ($FolderName -like "$prefix*") {
return $true
}
}
}
return $false
}
function Get-FoldersToPurge {
Param(
[Parameter(Mandatory = $True, HelpMessage = "Folder under which to look for items matching removal criteria")]
[String]$WellKnownRoot,
[Parameter(Mandatory = $False, HelpMessage = "Purge folders before this date time (UTC)")]
[datetime]$PurgeBeforeTimestamp,
[Parameter(Mandatory = $False, HelpMessage = "Purge folders with these names")]
[string[]]$FolderNamePurgeList = @(),
[Parameter(Mandatory = $False, HelpMessage = "Purge folders with these prefixes")]
[string[]]$FolderPrefixPurgeList = @()
)
$foldersToDelete = @()
# SOAP message for getting the folders
$body = @"
<FindFolder Traversal="Deep" xmlns="http://schemas.microsoft.com/exchange/services/2006/messages">
<FolderShape>
<t:BaseShape>Default</t:BaseShape>
<t:AdditionalProperties>
<t:ExtendedFieldURI PropertyTag="0x3007" PropertyType="SystemTime"/>
</t:AdditionalProperties>
</FolderShape>
<ParentFolderIds>
<t:DistinguishedFolderId Id="$WellKnownRoot"/>
</ParentFolderIds>
</FindFolder>
"@
Write-Host "`nLooking for folders under well-known folder: $WellKnownRoot matching folders: $FolderNamePurgeList or prefixes: $FolderPrefixPurgeList for user: $User"
$getFolderIdMsg = Initialize-SOAPMessage -User $User -Body $body
$response = Invoke-SOAPRequest -Token $Token -Message $getFolderIdMsg
# Get the folders from the response
$folders = $response | Select-Xml -XPath "//t:Folders/*" -Namespace @{t = "http://schemas.microsoft.com/exchange/services/2006/types" } |
Select-Object -ExpandProperty Node
# Are there more folders to list
$rootFolder = $response | Select-Xml -XPath "//m:RootFolder" -Namespace @{m = "http://schemas.microsoft.com/exchange/services/2006/messages" } |
Select-Object -ExpandProperty Node
$moreToList = ![System.Convert]::ToBoolean($rootFolder.IncludesLastItemInRange)
# Loop through folders
foreach ($folder in $folders) {
$folderName = $folder.DisplayName
$folderCreateTime = $folder.ExtendedProperty
| Where-Object { $_.ExtendedFieldURI.PropertyTag -eq "0x3007" }
| Select-Object -ExpandProperty Value
| Get-Date
$IsNameMatchParams = @{
'FolderName' = $folderName;
'FolderNamePurgeList' = $FolderNamePurgeList
}
$IsPrefixAndAgeMatchParams = @{
'FolderName' = $folderName;
'FolderCreateTime' = $folderCreateTime;
'FolderPrefixPurgeList' = $FolderPrefixPurgeList;
'PurgeBeforeTimestamp' = $PurgeBeforeTimestamp;
}
if ((IsNameMatch @IsNameMatchParams) -or (IsPrefixAndAgeMatch @IsPrefixAndAgeMatchParams)) {
Write-Host "`nFound desired folder to purge: $folderName ($folderCreateTime)"
$foldersToDelete += $folder
}
}
# powershel does not do well when returning empty arrays
return $foldersToDelete, $moreToList
}
function Empty-Folder {
[CmdletBinding(SupportsShouldProcess)]
Param(
[Parameter(Mandatory = $False, HelpMessage = "List of well-known folders to empty ")]
[String[]]$WellKnownRootList = @(),
[Parameter(Mandatory = $False, HelpMessage = "List of folderIds to empty ")]
[string[]]$FolderIdList = @(),
[Parameter(Mandatory = $False, HelpMessage = "List of folder names to empty ")]
[string[]]$FolderNameList = @()
)
$folderIdsBody = ""
$foldersToEmptyCount = $FolderIdList.count + $WellKnownRootList.count
foreach ($wnr in $WellKnownRootList) {
$folderIdsBody += "<t:DistinguishedFolderId Id='$wnr'/>"
}
foreach ($fid in $FolderIdList) {
$folderIdsBody += "<t:FolderId Id='$fid'/>"
}
if ($PSCmdlet.ShouldProcess("Emptying $foldersToEmptyCount folders ($WellKnownRootList $FolderNameList)", "$foldersToEmptyCount folders ($WellKnownRootList $FolderNameList)", "Empty folders")) {
Write-Host "`nEmptying $foldersToEmptyCount folders ($WellKnownRootList $FolderNameList)"
# DeleteType = HardDelete, MoveToDeletedItems, or SoftDelete
$body = @"
<m:EmptyFolder DeleteType="HardDelete" DeleteSubFolders="true">
<m:FolderIds>
$folderIdsBody
</m:FolderIds>
</m:EmptyFolder>
"@
$emptyFolderMsg = Initialize-SOAPMessage -User $User -Body $body
$response = Invoke-SOAPRequest -Token $Token -Message $emptyFolderMsg
}
}
function Delete-Folder {
[CmdletBinding(SupportsShouldProcess)]
Param(
[Parameter(Mandatory = $True, HelpMessage = "List of folderIds to remove ")]
[String[]]$FolderIdList,
[Parameter(Mandatory = $False, HelpMessage = "List of folder names to remove ")]
[String[]]$FolderNameList = @()
)
$folderIdsBody = ""
$foldersToRemoveCount = $FolderIdList.count
foreach ($fid in $FolderIdList) {
$folderIdsBody += "<t:FolderId Id='$fid'/>"
}
if ($PSCmdlet.ShouldProcess("Removing $foldersToRemoveCount folders ($FolderNameList)", "$foldersToRemoveCount folders ($FolderNameList)", "Delete folders")) {
Write-Host "`nRemoving $foldersToRemoveCount folders ($FolderNameList)"
# DeleteType = HardDelete, MoveToDeletedItems, or SoftDelete
$body = @"
<m:DeleteFolder DeleteType="HardDelete" DeleteSubFolders="true">
<m:FolderIds>
$folderIdsBody
</m:FolderIds>
</m:DeleteFolder>
"@
$emptyFolderMsg = Initialize-SOAPMessage -User $User -Body $body
$response = Invoke-SOAPRequest -Token $Token -Message $emptyFolderMsg
}
}
function Purge-Folders {
[CmdletBinding(SupportsShouldProcess)]
Param(
[Parameter(Mandatory = $True, HelpMessage = "Folder under which to look for items matching removal criteria")]
[String]$WellKnownRoot,
[Parameter(Mandatory = $False, HelpMessage = "Purge folders with these names")]
[string[]]$FolderNamePurgeList = @(),
[Parameter(Mandatory = $False, HelpMessage = "Purge folders with these prefixes")]
[string[]]$FolderPrefixPurgeList = @(),
[Parameter(Mandatory = $False, HelpMessage = "Purge folders before this date time (UTC)")]
[datetime]$PurgeBeforeTimestamp
)
if (($FolderNamePurgeList.count -eq 0) -and
($FolderPrefixPurgeList.count -eq 0 -or $PurgeBeforeTimestamp -eq $null )) {
Write-Host "Either a list of specific folders or a list of prefixes and purge timestamp is required"
Exit
}
Write-Host "`nPurging CI-produced folders..."
Write-Host "--------------------------------"
if ($FolderNamePurgeList.count -gt 0) {
Write-Host "Folders with names: $FolderNamePurgeList"
}
if ($FolderPrefixPurgeList.count -gt 0 -and $PurgeBeforeTimestamp -ne $null) {
Write-Host "Folders older than $PurgeBeforeTimestamp with prefix: $FolderPrefixPurgeList"
}
$foldersToDeleteParams = @{
'WellKnownRoot' = $WellKnownRoot;
'FolderNamePurgeList' = $FolderNamePurgeList;
'FolderPrefixPurgeList' = $FolderPrefixPurgeList;
'PurgeBeforeTimestamp' = $PurgeBeforeTimestamp
}
$moreToList = $True
# only get max of 1000 results so we may need to iterate over eligible folders
while ($moreToList) {
$foldersToDelete, $moreToList = Get-FoldersToPurge @foldersToDeleteParams
$foldersToDeleteCount = $foldersToDelete.count
$foldersToDeleteIds = @()
$folderNames = @()
if ($foldersToDeleteCount -eq 0) {
Write-Host "`nNo folders to purge matching the criteria"
break
}
foreach ($folder in $foldersToDelete) {
$foldersToDeleteIds += $folder.FolderId.Id
$folderNames += $folder.DisplayName
}
Empty-Folder -FolderIdList $foldersToDeleteIds -FolderNameList $folderNames
Delete-Folder -FolderIdList $foldersToDeleteIds -FolderNameList $folderNames
}
}
function Create-Contact {
$now = (Get-Date (Get-Date).ToUniversalTime() -Format "o")
#used to create a recent seed contact that will be shielded from cleanup. CI tests rely on this
$body = @"
<CreateItem xmlns="http://schemas.microsoft.com/exchange/services/2006/messages" >
<SavedItemFolderId>
<t:DistinguishedFolderId Id="contacts"/>
</SavedItemFolderId>
<Items>
<t:Contact>
<t:GivenName>Sanitago</t:GivenName>
<t:Surname>TestContact - $now</t:Surname>
<t:CompanyName>Corso test enterprises</t:CompanyName>
<t:EmailAddresses>
<t:Entry Key="EmailAddress1">sanitago@example.com</t:Entry>
</t:EmailAddresses>
<t:PhoneNumbers>
<t:Entry Key="BusinessPhone">4255550199</t:Entry>
</t:PhoneNumbers>
<t:Birthday>2000-01-01T11:59:00Z</t:Birthday>
<t:JobTitle>Tester</t:JobTitle>
<t:Surname>Plate</t:Surname>
</t:Contact>
</Items>
</CreateItem>
"@
$createContactMsg = Initialize-SOAPMessage -User $User -Body $body
$response = Invoke-SOAPRequest -Token $Token -Message $createContactMsg
}
function Get-ItemsToPurge {
Param(
[Parameter(Mandatory = $True, HelpMessage = "Folder under which to look for items matching removal criteria")]
[String]$WellKnownRoot,
[Parameter(Mandatory = $True, HelpMessage = "Purge items before this date time (UTC)")]
[datetime]$PurgeBeforeTimestamp
)
$itemsToDelete = @()
# SOAP message for getting the folder id
$body = @"
<FindItem Traversal="Shallow" xmlns="http://schemas.microsoft.com/exchange/services/2006/messages">
<ItemShape>
<t:BaseShape>Default</t:BaseShape>
<t:AdditionalProperties>
<t:ExtendedFieldURI PropertyTag="0x3007" PropertyType="SystemTime"/>
</t:AdditionalProperties>
</ItemShape>
<ParentFolderIds>
<t:DistinguishedFolderId Id="$WellKnownRoot"/>
</ParentFolderIds>
</FindItem>
"@
Write-Host "`nLooking for items under well-known folder: $WellKnownRoot older than $PurgeBeforeTimestamp for user: $User"
$getItemsMsg = Initialize-SOAPMessage -User $User -Body $body
$response = Invoke-SOAPRequest -Token $Token -Message $getItemsMsg
# Get the contacts from the response
$items = $response | Select-Xml -XPath "//t:Items/*" -Namespace @{t = "http://schemas.microsoft.com/exchange/services/2006/types" } |
Select-Object -ExpandProperty Node
# Are there more folders to list
$rootFolder = $response | Select-Xml -XPath "//m:RootFolder" -Namespace @{m = "http://schemas.microsoft.com/exchange/services/2006/messages" } |
Select-Object -ExpandProperty Node
$moreToList = ![System.Convert]::ToBoolean($rootFolder.IncludesLastItemInRange)
foreach ($item in $items) {
$itemId = $item.ItemId.Id
$changeKey = $item.ItemId.Changekey
$itemName = $item.DisplayName
$itemCreateTime = $item.ExtendedProperty
| Where-Object { $_.ExtendedFieldURI.PropertyTag -eq "0x3007" }
| Select-Object -ExpandProperty Value
| Get-Date
if ([String]::IsNullOrEmpty($itemId) -or [String]::IsNullOrEmpty($changeKey)) {
continue
}
if (![String]::IsNullOrEmpty($PurgeBeforeTimestamp) -and $itemCreateTime -gt $PurgeBeforeTimestamp) {
continue
}
Write-Verbose "Item Id and ChangeKey for ""$itemName"": $itemId, $changeKey"
$itemsToDelete += $item
}
return $itemsToDelete, $moreToList
}
function Purge-Contacts {
[CmdletBinding(SupportsShouldProcess)]
Param(
[Parameter(Mandatory = $True, HelpMessage = "Purge items before this date time (UTC)")]
[datetime]$PurgeBeforeTimestamp
)
Write-Host "`nCleaning up contacts older than $PurgeBeforeTimestamp"
Write-Host "-------------------------------------------------------"
# Create one seed contact which will have recent create date and will not be sweapt
# This is needed since tests rely on some contact data being present
Write-Host "`nCreating seed contact"
Create-Contact
$moreToList = $True
# only get max of 1000 results so we may need to iterate over eligible contacts
while ($moreToList) {
$itemsToDelete, $moreToList = Get-ItemsToPurge -WellKnownRoot "contacts" -PurgeBeforeTimestamp $PurgeBeforeTimestamp
$itemsToDeleteCount = $itemsToDelete.count
$itemsToDeleteBody = ""
if ($itemsToDeleteCount -eq 0) {
Write-Host "`nNo more contacts to delete matching criteria"
break
}
Write-Host "`nQueueing $itemsToDeleteCount items to delete"
foreach ($item in $itemsToDelete) {
$itemId = $item.ItemId.Id
$changeKey = $item.ItemId.Changekey
$itemsToDeleteBody += "<t:ItemId Id='$itemId' ChangeKey='$changeKey' />`n"
}
# Do the actual deletion in a batch request
# DeleteType = HardDelete, MoveToDeletedItems, or SoftDelete
$body = @"
<m:DeleteItem DeleteType="HardDelete">
<m:ItemIds>
$itemsToDeleteBody
</m:ItemIds>
</m:DeleteItem>
"@
if ($PSCmdlet.ShouldProcess("Deleting $itemsToDeleteCount items...", "$itemsToDeleteCount items", "Delete items")) {
Write-Host "`nDeleting $itemsToDeleteCount items..."
$emptyFolderMsg = Initialize-SOAPMessage -User $User -Body $body
$response = Invoke-SOAPRequest -Token $Token -Message $emptyFolderMsg
Write-Host "`nDeleted $itemsToDeleteCount items..."
}
}
}
Write-Host 'Authenticating with Exchange Web Services ...'
$global:Token = Get-AccessToken | ConvertTo-SecureString -AsPlainText -Force
$purgeFolderParams = @{
'WellKnownRoot' = "root";
'FolderNamePurgeList' = $FolderNamePurgeList;
'FolderPrefixPurgeList' = $FolderPrefixPurgeList;
'PurgeBeforeTimestamp' = $PurgeBeforeTimestamp
}
#purge older prefix folders
Purge-Folders @purgeFolderParams
#purge older contacts
Purge-Contacts -PurgeBeforeTimestamp $PurgeBeforeTimestamp
# Empty Deleted Items and then purge all recoverable items. Deletes the following
# -/Recoverable Items/Audits
# -/Recoverable Items/Deletion
# -/Recoverable Items/Purges
# -/Recoverable Items/Versions
# -/Recoverable Items/Calendar Logging
# -/Recoverable Items/SubstrateHolds
Write-Host "`nProcess well-known folders that are always purged"
Write-Host "---------------------------------------------------"
Empty-Folder -WellKnownRoot "deleteditems", "recoverableitemsroot"
Reference in New Issue View Git Blame Copy Permalink