AzureResourceStuff.psm1

function Copy-AzureAutomationRuntime {
    <#
    .SYNOPSIS
    Make a copy of existing Azure Automation Runtime Environment.
 
    .DESCRIPTION
    Make a copy of existing Azure Automation Runtime Environment.
 
    Copy will have:
    - same default and custom modules
    - same language, version and description
 
    Copy is by default created in the same Automation Account, but can be placed in different one too.
 
    .PARAMETER resourceGroupName
    Resource group name.
 
    .PARAMETER automationAccountName
    Automation account name.
 
    .PARAMETER runtimeName
    Name of the runtime to copy.
 
    .PARAMETER newResourceGroupName
    Destination Resource group name.
    If not specified, source one will be used.
 
    .PARAMETER newAutomationAccountName
    Destination Automation account name.
 
    If not specified, source one will be used.
 
    .PARAMETER newRuntimeName
    Name of the new runtime.
 
    If not specified, it will be "copy_<sourceRuntimeName>".
 
    .PARAMETER header
    Authentication header that can be created via New-AzureAutomationGraphToken.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Copy-AzureAutomationRuntime
 
    Creates a copy of the selected Runtime in the same Automation Account. It will be named like "copy_<sourceRuntimeName>".
 
    Missing function arguments like $runtimeName, $resourceGroupName or $automationAccountName will be interactively gathered through Out-GridView GUI.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Copy-AzureAutomationRuntime -runtimeName "Runtime51" -newRuntimeName "Runtime51_v2" -resourceGroupName "AdvancedLoggingRG" -automationAccountName "EnableO365AdvancedLogging"
 
    Creates a copy of the selected Runtime in the same Automation Account.
    #>


    [CmdletBinding()]
    param (
        [string] $resourceGroupName,

        [string] $automationAccountName,

        [string] $runtimeName,

        [string] $newResourceGroupName,

        [string] $newAutomationAccountName,

        [string] $newRuntimeName,

        [hashtable] $header
    )

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "$($MyInvocation.MyCommand): Authentication needed. Please call Connect-AzAccount."
    }

    if (($newResourceGroupName -and !$newAutomationAccountName) -or (!$newResourceGroupName -and $newAutomationAccountName)) {
        throw "Either both 'newResourceGroupName' and 'newAutomationAccountName' parameters have to be set or neither of them"
    }

    #region get missing arguments
    if (!$header) {
        $header = New-AzureAutomationGraphToken
    }

    $subscriptionId = (Get-AzContext).Subscription.Id

    while (!$resourceGroupName) {
        $resourceGroupName = Get-AzResourceGroup | select -ExpandProperty ResourceGroupName | Out-GridView -OutputMode Single -Title "Select resource group you want to process"
    }

    while (!$automationAccountName) {
        $automationAccountName = Get-AzAutomationAccount -ResourceGroupName $resourceGroupName | select -ExpandProperty AutomationAccountName | Out-GridView -OutputMode Single -Title "Select automation account you want to process"
    }

    while (!$runtimeName) {
        $runtimeName = Get-AzureAutomationRuntime -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -programmingLanguage PowerShell -runtimeSource Custom -header $header | select -ExpandProperty Name | Out-GridView -OutputMode Single -Title "Select environment you want to process"
    }
    #endregion get missing arguments

    # get all custom modules
    Write-Verbose "Get Runtime '$runtimeName' custom modules"
    $customModule = Get-AzureAutomationRuntimeCustomModule -runtimeName $runtimeName -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -header $header -ErrorAction Stop

    # get all default modules
    Write-Verbose "Get Runtime '$runtimeName' default modules"
    $defaultPackageObj = Get-AzureAutomationRuntimeSelectedDefaultModule -runtimeName $runtimeName -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -header $header -ErrorAction Stop

    # get runtime language, version, description
    Write-Verbose "Get Runtime '$runtimeName' information"
    $runtime = Get-AzureAutomationRuntime -runtimeName $runtimeName -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -header $header -ErrorAction Stop

    $runtimeLanguage = $runtime.properties.runtime.language
    $runtimeVersion = $runtime.properties.runtime.version
    $runtimeDescription = $runtime.properties.description

    #region create new runtime with language, version and default modules
    if (!$newResourceGroupName) {
        $newResourceGroupName = $resourceGroupName
    }
    if (!$newAutomationAccountName) {
        $newAutomationAccountName = $automationAccountName
    }
    if (!$newRuntimeName) {
        $newRuntimeName = "copy_$runtimeName"
    }

    if ($defaultPackageObj) {
        # transform $defaultPackageObj to hashtable
        $defaultPackage = @{}

        $moduleNameList = $defaultPackageObj | Get-Member -MemberType NoteProperty | select -ExpandProperty Name
        $moduleNameList | % {
            $defaultPackage.$_ = $defaultPackageObj.$_
        }
    } else {
        # no default modules needed
        $defaultPackage = @{}
    }

    "Creating new runtime '$newRuntimeName'"
    $null = New-AzureAutomationRuntime -runtimeName $newRuntimeName -resourceGroupName $newResourceGroupName -automationAccountName $newAutomationAccountName -runtimeLanguage $runtimeLanguage -runtimeVersion $runtimeVersion -defaultPackage $defaultPackage -description $runtimeDescription -header $header
    #region create new runtime with language, version and default modules

    # add custom modules
    foreach ($custModule in $customModule) {
        $name = $custModule.name
        $version = $custModule.properties.version
        $provisioningState = $custModule.properties.provisioningState

        if ($provisioningState -ne 'Succeeded') {
            Write-Verbose "Skipping adding custom module '$name', because it is in '$provisioningState' provisioning state"
            continue
        }

        "Adding custom module '$name' $version"
        New-AzureAutomationRuntimeModule -runtimeName $newRuntimeName -resourceGroupName $newResourceGroupName -automationAccountName $newAutomationAccountName -moduleName $name -moduleVersion $version -header $header
    }
}

function Export-VariableToStorage {
    <#
    .SYNOPSIS
    Function for saving PowerShell variable as XML file in Azure Blob storage.
    That way you can easily later download & convert it back to original state using Import-VariableFromStorage.
 
    .DESCRIPTION
    Function for saving PowerShell variable as XML file in Azure Blob storage.
    That way you can easily later download & convert it back to original state using Import-VariableFromStorage.
 
    Uses native Export-CliXml to convert variable to a XML.
 
    .PARAMETER value
    Variable you want to save to blob storage.
 
    .PARAMETER fileName
    Name that will be used for uploaded file.
    To place file to the folder structure, give name like "folder\file".
    '.xml' will be appended automatically.
 
    .PARAMETER resourceGroupName
    Name of the Resource Group Name.
 
    By default 'PersistentRunbookVariables'
 
    .PARAMETER storageAccount
    Name of the Storage Account.
 
    It is case sensitive!
 
    By default 'persistentvariablesstore'.
 
    .PARAMETER containerName
    Name of the Storage Account Container.
 
    By default 'variables'.
 
    .PARAMETER standardBlobTier
    Tier type.
 
    By default 'Hot'.
 
    .PARAMETER showProgress
    Switch for showing upload progress.
    Can slow down the upload!
 
    .EXAMPLE
    Connect-AzAccount
 
    $processes = Get-Process
 
    Export-VariableToStorage -value $processes -fileName "processes"
 
    Converts $processes to XML (using Export-CliXml) and saves it to the default Storage Account and default container as a file "processes.xml".
 
    .EXAMPLE
    Connect-AzAccount
 
    $processes = Get-Process
 
    Export-VariableToStorage -value $processes -fileName "variables\processes"
 
    Converts $processes to XML (using Export-CliXml) and saves it to the default Storage Account and default container to folder "variables" as a file "processes.xml".
 
    .NOTES
    Required permissions: Role 'Storage Account Contributor' has to be granted to the used Storage account
    #>


    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        $value,

        [Parameter(Mandatory = $true)]
        [ValidateScript( {
                if ($_ -match "\.|/") {
                    throw "$_ is not a valid variable name. Don't use ., / chars."
                } else {
                    $true
                }
            })]
        $fileName,

        $resourceGroupName = "PersistentRunbookVariables",

        [ValidateScript( {
                if ($_ -cmatch '^[a-z0-9]+$') {
                    $true
                } else {
                    throw "$_ is not a valid storage account name (does not match expected pattern '^[a-z0-9]+$')."
                }
            })]
        $storageAccount = "persistentvariablesstore",

        $containerName = "variables",

        [ValidateSet('Hot', 'Cold')]
        [string] $standardBlobTier = "Hot",

        [switch] $showProgress
    )

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "$($MyInvocation.MyCommand): Authentication needed. Please call Connect-AzAccount."
    }

    try {
        Write-Verbose "Set Storage Account"
        $null = Set-AzCurrentStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccount -ErrorAction Stop
    } catch {
        if ($_ -like "*does not have authorization to perform action 'Microsoft.Storage/storageAccounts/read' over scope*" -or $_ -like "*'this.Client.SubscriptionId' cannot be null*") {
            throw "Access denied. Role 'Storage Account Contributor' has to be granted to the '$storageAccount' Storage account"
        } else {
            throw $_
        }
    }

    # create temp file
    $cliXmlFile = New-TemporaryFile
    $value | Export-Clixml $CliXmlFile.FullName

    if (!$showProgress) {
        $ProgressPreference = "silentlycontinue"
    }

    # upload the file
    $param = @{
        File             = $cliXmlFile
        Container        = $containerName
        Blob             = "$fileName.xml"
        StandardBlobTier = $standardBlobTier
        Force            = $true
        ErrorAction      = "Stop"
    }
    Write-Verbose "Upload variable xml representation to the '$($fileName.xml)' file"
    $null = Set-AzStorageBlobContent @param

    # remove temp file
    Remove-Item $cliXmlFile -Force
}

function Get-AutomationVariable2 {
    <#
    .SYNOPSIS
    Function for getting Azure RunBook variable exported using Set-AutomationVariable2 function (a.k.a. using Export-CliXml).
 
    .DESCRIPTION
    Function for getting Azure RunBook variable exported using Set-AutomationVariable2 function (a.k.a. using Export-CliXml).
    Compared to original Get-AutomationVariable this one is able to get original PSObjects as they were and not as Newtonsoft.Json.Linq.
 
    As original Get-AutomationVariable can be used only inside RunBook!
 
    .PARAMETER name
    Name of the RunBook variable you want to retrieve.
 
    (such variable had to be set using Set-AutomationVariable2!)
 
    .EXAMPLE
    # save given hashtable to variable myVar
    #Set-AutomationVariable2 -name myVar -value @{name = 'John'; surname = 'Doe'}
 
    Get-AutomationVariable2 myVar
 
    Get variable myVar.
 
    .NOTES
    Same as original Get-AutomationVariable command, can be used only inside a Runbook!
    #>


    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [string] $name
    )

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "Authentication needed. Please call 'Connect-AzAccount -Identity'."
    }

    try {
        [string] $xml = Get-AutomationVariable -Name $name -ErrorAction Stop
    } catch {
        Write-Error $_
        return
    }

    if ($xml) {
        # in-memory import of CliXml string (similar to Import-Clixml)
        [System.Management.Automation.PSSerializer]::Deserialize($xml)
    } else {
        return
    }
}

function Get-AzureAutomationRunbookRuntime {
    <#
    .SYNOPSIS
    Get Runtime Environment name of the selected Azure Automation Account Runbook.
 
    .DESCRIPTION
    Get Runtime Environment name of the selected Azure Automation Account Runbook.
 
    .PARAMETER resourceGroupName
    Resource group name.
 
    .PARAMETER automationAccountName
    Automation account name.
 
    .PARAMETER runbookName
    Runbook name.
 
    .PARAMETER header
    Authentication header that can be created via New-AzureAutomationGraphToken.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Get-AzureAutomationRunbookRuntime
 
    Get name of the Runtime Environment used in selected Runbook.
    Missing function arguments like $resourceGroupName, $automationAccountName or $runbookName will be interactively gathered through Out-GridView GUI.
    #>


    [CmdletBinding()]
    param (
        [string] $resourceGroupName,

        [string] $automationAccountName,

        [string] $runbookName,

        [hashtable] $header
    )

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "$($MyInvocation.MyCommand): Authentication needed. Please call Connect-AzAccount."
    }

    #region get missing arguments
    if (!$header) {
        $header = New-AzureAutomationGraphToken
    }

    $subscriptionId = (Get-AzContext).Subscription.Id

    while (!$resourceGroupName) {
        $resourceGroupName = Get-AzResourceGroup | select -ExpandProperty ResourceGroupName | Out-GridView -OutputMode Single -Title "Select resource group you want to process"
    }

    while (!$automationAccountName) {
        $automationAccountName = Get-AzAutomationAccount -ResourceGroupName $resourceGroupName | select -ExpandProperty AutomationAccountName | Out-GridView -OutputMode Single -Title "Select automation account you want to process"
    }

    while (!$runbookName) {
        $runbookName = Get-AzAutomationRunbook -AutomationAccountName $automationAccountName -ResourceGroupName $resourceGroupName | select -ExpandProperty Name | Out-GridView -OutputMode Single -Title "Select runbook you want to process"
    }
    #endregion get missing arguments

    Invoke-RestMethod2 "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Automation/automationAccounts/$automationAccountName/runbooks/$runbookName`?api-version=2023-05-15-preview" -headers $header | select -ExpandProperty properties | select -ExpandProperty runtimeEnvironment
}

function Get-AzureAutomationRuntime {
    <#
    .SYNOPSIS
    Function returns selected/all Azure Automation runtime environment/s.
 
    .DESCRIPTION
    Function returns selected/all Azure Automation runtime environment/s.
 
    .PARAMETER runtimeName
    Name of the runtime environment you want to retrieve.
 
    If not provided, all runtimes will be returned.
 
    .PARAMETER resourceGroupName
    Resource group name.
 
    .PARAMETER automationAccountName
    Automation account name.
 
    .PARAMETER programmingLanguage
    Filter runtimes to just ones using selected language.
 
    Possible values: All, PowerShell, Python.
 
    By default: All
 
    .PARAMETER runtimeSource
    Filter runtimes by source of creation.
 
    Possible values: All, Default, Custom.
 
    By default: All
 
    .PARAMETER header
    Authentication header that can be created via New-AzureAutomationGraphToken.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Get-AzureAutomationRuntime -resourceGroupName "AdvancedLoggingRG" -automationAccountName "EnableO365AdvancedLogging"
 
    Get all Automation Runtimes in given Automation Account.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Get-AzureAutomationRuntime -programmingLanguage PowerShell -runtimeSource Custom
 
    Get just PowerShell based manually created Automation Runtimes in given Automation Account.
 
    Missing function arguments like $resourceGroupName or $automationAccountName will be interactively gathered through Out-GridView GUI.
 
    .NOTES
    https://learn.microsoft.com/en-us/rest/api/automation/runtime-environments/get?view=rest-automation-2023-05-15-preview&tabs=HTTP
    #>


    [CmdletBinding()]
    param (
        [string] $runtimeName,

        [string] $resourceGroupName,

        [string] $automationAccountName,

        [ValidateSet('PowerShell', 'Python', 'All')]
        [string] $programmingLanguage = 'All',

        [ValidateSet('Default', 'Custom', 'All')]
        [string] $runtimeSource = 'All',

        [hashtable] $header
    )

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "$($MyInvocation.MyCommand): Authentication needed. Please call Connect-AzAccount."
    }

    #region get missing arguments
    if (!$header) {
        $header = New-AzureAutomationGraphToken
    }

    $subscriptionId = (Get-AzContext).Subscription.Id

    while (!$resourceGroupName) {
        $resourceGroupName = Get-AzResourceGroup | select -ExpandProperty ResourceGroupName | Out-GridView -OutputMode Single -Title "Select resource group you want to process"
    }

    while (!$automationAccountName) {
        $automationAccountName = Get-AzAutomationAccount -ResourceGroupName $resourceGroupName | select -ExpandProperty AutomationAccountName | Out-GridView -OutputMode Single -Title "Select automation account you want to process"
    }
    #endregion get missing arguments

    $result = Invoke-RestMethod2 -method Get -uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Automation/automationAccounts/$automationAccountName/runtimeEnvironments/$runtimeName/?api-version=2023-05-15-preview" -headers $header -ErrorAction $ErrorActionPreference

    #region filter results
    if ($result -and $programmingLanguage -ne 'All') {
        $result = $result | ? { $_.Properties.Runtime.language -eq $programmingLanguage }
    }

    if ($result -and $runtimeSource -ne 'All') {
        switch ($runtimeSource) {
            'Default' {
                $result = $result | ? { $_.Properties.Description -like "System-generated Runtime Environment for your Automation account with Runtime language:*" }
            }

            'Custom' {
                $result = $result | ? { $_.Properties.Description -notlike "System-generated Runtime Environment for your Automation account with Runtime language:*" }
            }

            default {
                throw "Undefined runtimeSource ($runtimeSource)"
            }
        }
    }
    #endregion filter results

    $result
}

function Get-AzureAutomationRuntimeAvailableDefaultModule {
    <#
    .SYNOPSIS
    Function returns default modules (Az) available to select in selected/all PSH runtime(s).
 
    .DESCRIPTION
    Function returns default modules (Az) available to select in selected/all PSH runtime(s).
 
    .PARAMETER resourceGroupName
    Resource group name.
 
    .PARAMETER automationAccountName
    Automation account name.
 
    .PARAMETER runtimeName
    (optional) runtime name you want to get default modules for.
 
    If not provided, all default modules for all PSH runtimes in given automation account will be outputted.
 
    .PARAMETER header
    Authentication header that can be created via New-AzureAutomationGraphToken.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Get-AzureAutomationRuntimeAvailableDefaultModule
 
    You will get list of all resource groups and automation accounts (in current subscription) to pick the one you are interested in.
    And the output will be all default modules (Az) that are available to select there.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Get-AzureAutomationRuntimeAvailableDefaultModule -resourceGroupName "AdvancedLoggingRG" -automationAccountName "EnableO365AdvancedLogging" -runtimeName "PSH51_Custom"
 
    And the output will be default modules (Az) that are available to select in given Runtime Environment.
    #>


    [CmdletBinding()]
    param (
        [string] $resourceGroupName,

        [string] $automationAccountName,

        [string] $runtimeName,

        [hashtable] $header
    )

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "$($MyInvocation.MyCommand): Authentication needed. Please call Connect-AzAccount."
    }

    #region get missing arguments
    if (!$header) {
        $header = New-AzureAutomationGraphToken
    }

    $subscriptionId = (Get-AzContext).Subscription.Id

    while (!$resourceGroupName) {
        $resourceGroupName = Get-AzResourceGroup | select -ExpandProperty ResourceGroupName | Out-GridView -OutputMode Single -Title "Select resource group you want to process"
    }

    while (!$automationAccountName) {
        $automationAccountName = Get-AzAutomationAccount -ResourceGroupName $resourceGroupName | select -ExpandProperty AutomationAccountName | Out-GridView -OutputMode Single -Title "Select automation account you want to process"
    }
    #endregion get missing arguments

    if ($runtimeName) {
        # get available default modules for this specific runtime
        # for this we need to get used PowerShell version
        $runtime = Get-AzureAutomationRuntime -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -header $header -runtimeName $runtimeName -programmingLanguage PowerShell -ErrorAction Stop

        if (!$runtime) {
            throw "Runtime Environment wasn't found. Name is misspelled or it is not a PSH runtime"
        }

        $runtimeVersion = $runtime.properties.runtime.version

        if ($runtimeVersion -eq '5.1') {
            $runtimeLanguageVersion = 'powershell'
        } elseif ($runtimeVersion -eq '7.1') {
            $runtimeLanguageVersion = 'powershell7'
        } else {
            # hopefully MS will stick with this format
            $runtimeLanguageVersion = ('powershell' + ($runtimeVersion -replace '\.'))
        }

        Write-Verbose "Available default modules will be limited to $runtimeLanguageVersion runtime language"
    } else {
        $runtimeLanguageVersion = '*'
    }

    $result = Invoke-RestMethod2 -method Post -uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Automation/automationAccounts/$automationAccountName/listbuiltinmodules?api-version=2023-05-15-preview" -headers $header

    if ($result) {
        # instead of one object containing all runtimes return one object per runtime
        $result | Get-Member -MemberType NoteProperty | select -ExpandProperty Name | ? { $_ -like $runtimeLanguageVersion } | % {
            $runtimeLanguage = $_
            $result.$runtimeLanguage | select @{n = 'RuntimeLanguage'; e = { $runtimeLanguage } }, *
        }
    }
}

function Get-AzureAutomationRuntimeCustomModule {
    <#
    .SYNOPSIS
    Function gets all (or just selected) custom modules (packages) that are imported in the specified PowerShell Azure Automation runtime.
 
    .DESCRIPTION
    Function gets all (or just selected) custom modules (packages) that are imported in the specified PowerShell Azure Automation runtime.
 
    Custom modules are added by user, default ones are built-in (Az) and user just select version to use.
 
    .PARAMETER runtimeName
    Name of the runtime environment you want to retrieve.
 
    .PARAMETER resourceGroupName
    Resource group name.
 
    .PARAMETER automationAccountName
    Automation account name.
 
    .PARAMETER moduleName
    Name of the custom module you want to get.
 
    If not provided, all custom modules will be returned.
 
    .PARAMETER header
    Authentication header that can be created via New-AzureAutomationGraphToken.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Get-AzureAutomationRuntimeCustomModule
 
    You will get list of all (in current subscription) resource groups, automation accounts and runtimes to pick the one you are interested in.
    And the output will be all custom modules imported in the specified Automation runtime.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Get-AzureAutomationRuntimeCustomModule -resourceGroupName "AdvancedLoggingRG" -automationAccountName "EnableO365AdvancedLogging" -runtimeName Custom_PSH_51 -moduleName CommonStuff
 
    Get custom module CommonStuff imported in the specified Automation runtime.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Get-AzureAutomationRuntimeCustomModule -resourceGroupName "AdvancedLoggingRG" -automationAccountName "EnableO365AdvancedLogging" -runtimeName Custom_PSH_51
 
    Get all custom modules imported in the specified Automation runtime.
    #>


    [CmdletBinding()]
    param (
        [string] $runtimeName,

        [string] $resourceGroupName,

        [string] $automationAccountName,

        [string] $moduleName,

        [hashtable] $header
    )

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "$($MyInvocation.MyCommand): Authentication needed. Please call Connect-AzAccount."
    }

    #region get missing arguments
    if (!$header) {
        $header = New-AzureAutomationGraphToken
    }

    $subscriptionId = (Get-AzContext).Subscription.Id

    while (!$resourceGroupName) {
        $resourceGroupName = Get-AzResourceGroup | select -ExpandProperty ResourceGroupName | Out-GridView -OutputMode Single -Title "Select resource group you want to process"
    }

    while (!$automationAccountName) {
        $automationAccountName = Get-AzAutomationAccount -ResourceGroupName $resourceGroupName | select -ExpandProperty AutomationAccountName | Out-GridView -OutputMode Single -Title "Select automation account you want to process"
    }

    while (!$runtimeName) {
        $runtimeName = Get-AzureAutomationRuntime -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -header $header -programmingLanguage PowerShell | select -ExpandProperty Name | Out-GridView -OutputMode Single -Title "Select runtime you want to process"
    }
    #endregion get missing arguments

    Invoke-RestMethod2 -method Get -uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Automation/automationAccounts/$automationAccountName/runtimeEnvironments/$runtimeName/packages/$moduleName`?api-version=2023-05-15-preview" -headers $header
}

function Get-AzureAutomationRuntimeSelectedDefaultModule {
    <#
    .SYNOPSIS
    Function get default module (Az) that is selected in the specified Azure Automation runtime.
 
    .DESCRIPTION
    Function get default module (Az) that is selected in the specified Azure Automation runtime.
 
    Custom modules are added by user, default ones are built-in (Az) and user just select version to use.
 
    .PARAMETER runtimeName
    Name of the runtime environment you want to retrieve.
 
    .PARAMETER resourceGroupName
    Resource group name.
 
    .PARAMETER automationAccountName
    Automation account name.
 
    .PARAMETER header
    Authentication header that can be created via New-AzureAutomationGraphToken.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Get-AzureAutomationRuntimeSelectedDefaultModule
 
    You will get list of all (in current subscription) resource groups, automation accounts and runtimes to pick the one you are interested in.
    And you will get default module name (AZ) and its version that is selected in the specified Automation runtime.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Get-AzureAutomationRuntimeSelectedDefaultModule -resourceGroupName "AdvancedLoggingRG" -automationAccountName "EnableO365AdvancedLogging" -runtimeName Custom_PSH_51
 
    Get default module (Az) version in the specified Automation runtime.
    #>


    [CmdletBinding()]
    [Alias("Get-AzureAutomationRuntimeAzModule")]
    param (
        [string] $runtimeName,

        [string] $resourceGroupName,

        [string] $automationAccountName,

        [hashtable] $header
    )

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "$($MyInvocation.MyCommand): Authentication needed. Please call Connect-AzAccount."
    }

    #region get missing arguments
    if (!$header) {
        $header = New-AzureAutomationGraphToken
    }

    $subscriptionId = (Get-AzContext).Subscription.Id

    while (!$resourceGroupName) {
        $resourceGroupName = Get-AzResourceGroup | select -ExpandProperty ResourceGroupName | Out-GridView -OutputMode Single -Title "Select resource group you want to process"
    }

    while (!$automationAccountName) {
        $automationAccountName = Get-AzAutomationAccount -ResourceGroupName $resourceGroupName | select -ExpandProperty AutomationAccountName | Out-GridView -OutputMode Single -Title "Select automation account you want to process"
    }

    while (!$runtimeName) {
        $runtimeName = Get-AzureAutomationRuntime -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -header $header -programmingLanguage PowerShell | select -ExpandProperty Name | Out-GridView -OutputMode Single -Title "Select environment you want to process"
    }
    #endregion get missing arguments

    Get-AzureAutomationRuntime -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -runtimeName $runtimeName -header $header | select -ExpandProperty properties | select -ExpandProperty defaultPackages
}

function Get-AzureResource {
    <#
    .SYNOPSIS
    Returns resources for all or just selected Azure subscription(s).
 
    .DESCRIPTION
    Returns resources for all or just selected Azure subscription(s).
 
    .PARAMETER subscriptionId
    ID of subscription you want to get resources for.
 
    .PARAMETER selectCurrentSubscription
    Switch for getting data just for currently set subscription.
 
    .EXAMPLE
    Get-AzureResource
 
    Returns resources for all subscriptions.
 
    .EXAMPLE
    Get-AzureResource -subscriptionId 1234-1234-1234-1234
 
    Returns resources for subscription with ID 1234-1234-1234-1234.
 
    .EXAMPLE
    Get-AzureResource -selectCurrentSubscription
 
    Returns resources just for current subscription.
    #>


    [CmdletBinding(DefaultParameterSetName = 'Default')]
    param (
        [Parameter(ParameterSetName = "subscriptionId")]
        [string] $subscriptionId,

        [Parameter(ParameterSetName = "currentSubscription")]
        [switch] $selectCurrentSubscription
    )

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "$($MyInvocation.MyCommand): Authentication needed. Please call Connect-AzAccount."
    }

    # get Current Context
    $currentContext = Get-AzContext

    # get Azure Subscriptions
    if ($selectCurrentSubscription) {
        Write-Verbose "Only running for current subscription $($currentContext.Subscription.Name)"
        $subscriptions = Get-AzSubscription -SubscriptionId $currentContext.Subscription.Id -TenantId $currentContext.Tenant.Id
    } elseif ($subscriptionId) {
        Write-Verbose "Only running for selected subscription $subscriptionId"
        $subscriptions = Get-AzSubscription -SubscriptionId $subscriptionId -TenantId $currentContext.Tenant.Id
    } else {
        Write-Verbose "Running for all subscriptions in tenant"
        $subscriptions = Get-AzSubscription -TenantId $currentContext.Tenant.Id
    }

    Write-Verbose "Getting information about Role Definitions..."
    $allRoleDefinition = Get-AzRoleDefinition

    foreach ($subscription in $subscriptions) {
        Write-Verbose "Changing to Subscription $($subscription.Name)"

        $Context = Set-AzContext -TenantId $subscription.TenantId -SubscriptionId $subscription.Id -Force

        # getting information about Role Assignments for chosen subscription
        Write-Verbose "Getting information about Role Assignments..."
        $allRoleAssignment = Get-AzRoleAssignment

        Write-Verbose "Getting information about Resources..."

        Get-AzResource | % {
            $resourceId = $_.ResourceId
            Write-Verbose "Processing $resourceId"

            $roleAssignment = $allRoleAssignment | ? { $resourceId -match [regex]::escape($_.scope) -or $_.scope -like "/providers/Microsoft.Authorization/roleAssignments/*" -or $_.scope -like "/providers/Microsoft.Management/managementGroups/*" } | select RoleDefinitionName, DisplayName, Scope, SignInName, ObjectType, ObjectId, @{n = 'CustomRole'; e = { ($allRoleDefinition | ? Name -EQ $_.RoleDefinitionName).IsCustom } }, @{n = 'Inherited'; e = { if ($_.scope -eq $resourceId) { $false } else { $true } } }

            $_ | select *, @{n = "SubscriptionName"; e = { $subscription.Name } }, @{n = "SubscriptionId"; e = { $subscription.SubscriptionId } }, @{n = 'IAM'; e = { $roleAssignment } } -ExcludeProperty SubscriptionId, ResourceId, ResourceType
        }
    }
}

function Import-VariableFromStorage {
    <#
    .SYNOPSIS
    Function for downloading Azure Blob storage XML file and converting it back to original PowerShell object.
 
    .DESCRIPTION
    Function for downloading Azure Blob storage XML file and converting it back to original PowerShell object.
 
    Uses native Import-CliXml command for converting XML back to an object hence expects that such PowerShell object was previously saved using Export-VariableToStorage.
 
    .PARAMETER fileName
    Name of the file you want to download and convert back to the original variable.
    '.xml' will be appended automatically.
 
    .PARAMETER resourceGroupName
    Name of the Resource Group Name.
 
    By default 'PersistentRunbookVariables'
 
    .PARAMETER storageAccount
    Name of the Storage Account.
 
    It is case sensitive!
 
    By default 'persistentvariablesstore'.
 
    .PARAMETER containerName
    Name of the Storage Account Container.
 
    By default 'variables'.
 
    .PARAMETER showProgress
    Switch for showing upload progress.
    Can slow down the upload!
 
    .EXAMPLE
    Connect-AzAccount
 
    $processes = Import-VariableFromStorage -fileName "processes"
 
    .NOTES
    Required permissions: Role 'Storage Account Contributor' has to be granted to the used Storage account
    #>


    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [ValidateScript( {
                if ($_ -match "\.|\\|/") {
                    throw "$_ is not a valid variable name. Don't use ., \, / chars."
                } else {
                    $true
                }
            })]
        $fileName,

        $resourceGroupName = "PersistentRunbookVariables",


        [ValidateScript( {
                if ($_ -cmatch '^[a-z0-9]+$') {
                    $true
                } else {
                    throw "$_ is not a valid storage account name (does not match expected pattern '^[a-z0-9]+$')."
                }
            })]
        $storageAccount = "persistentvariablesstore",

        $containerName = "variables",

        [switch] $showProgress
    )

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "$($MyInvocation.MyCommand): Authentication needed. Please call Connect-AzAccount."
    }

    if (!$showProgress) {
        $ProgressPreference = "silentlycontinue"
    }

    try {
        Write-Verbose "Set Storage Account"
        $null = Set-AzCurrentStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccount -ErrorAction Stop
    } catch {
        if ($_ -like "*does not have authorization to perform action 'Microsoft.Storage/storageAccounts/read' over scope*" -or $_ -like "*'this.Client.SubscriptionId' cannot be null*") {
            throw "Access denied. Role 'Storage Account Contributor' has to be granted to the '$storageAccount' Storage account"
        } else {
            throw $_
        }
    }

    # create temp file
    $cliXmlFile = New-TemporaryFile

    # download blob
    $param = @{
        Blob        = "$fileName.xml"
        Container   = $containerName
        Destination = $cliXmlFile
        Force       = $true
        ErrorAction = "Stop"
    }
    try {
        $null = Get-AzStorageBlobContent @param
    } catch {
        if ($_ -like "*Can not find blob*" ) {
            # probably file is just not yet created (Export-VariableToStorage wasn't run yet)
            Write-Warning $_

            # remove temp file
            $null = Remove-Item $cliXmlFile -Force

            return
        } else {
            throw $_
        }
    }

    # convert xml back to original object
    $cliXmlFile | Import-Clixml

    # remove temp file
    $null = Remove-Item $cliXmlFile -Force
}

function New-AzureAutomationGraphToken {
    <#
    .SYNOPSIS
    Generating auth header for Azure Automation.
 
    .DESCRIPTION
    Generating auth header for Azure Automation.
 
    Expects that you are already connected to Azure using Connect-AzAccount command.
 
    .EXAMPLE
    Connect-AzAccount
 
    $header = New-AzureAutomationGraphToken
 
    $body = @{
        "properties" = @{
            "contentLink" = @{
                "uri" = $modulePkgUri
            }
            "version" = $moduleVersion
        }
    }
 
    $body = $body | ConvertTo-Json
 
    Invoke-RestMethod2 -method Put -uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Automation/automationAccounts/$automationAccountName/runtimeEnvironments/$runtimeEnvironmentName/packages/$moduleName`?api-version=2023-05-15-preview" -body $body -headers $header
 
    #>


    $accessToken = Get-AzAccessToken -ResourceUrl "https://management.azure.com" -ErrorAction Stop
    if ($accessToken.Token) {
        $header = @{
            'Content-Type'  = 'application/json'
            'Authorization' = "Bearer {0}" -f $accessToken.Token
        }

        return $header
    } else {
        throw "Unable to obtain token. Are you connected using Connect-AzAccount?"
    }
}

function New-AzureAutomationModule {
    <#
    .SYNOPSIS
    Function for importing new (or updating existing) Azure Automation PSH module.
 
    Any module dependencies will be automatically installed too.
 
    .DESCRIPTION
    Function for importing new (or updating existing) Azure Automation PSH module.
 
    Any module dependencies will be automatically installed too.
 
    By default newest supported version is imported (if 'moduleVersion' is not set). If module exists, but with different version, it will be replaced (including its dependencies).
 
    According the dependencies. If version that can be used exist, it is not updated to the newest possible one, but is used at it is. Reason for this is to avoid unnecessary updates that can lead to unstable/untested environment.
 
    Supported version means, version that support given runtime ('runtimeVersion' parameter).
 
    .PARAMETER moduleName
    Name of the PSH module.
 
    .PARAMETER moduleVersion
    (optional) version of the PSH module.
    If not specified, newest supported version for given runtime will be gathered from PSGallery.
 
    .PARAMETER moduleVersionType
    Type of the specified module version.
 
    Possible values are: 'RequiredVersion', 'MinimumVersion', 'MaximumVersion'.
 
    By default 'RequiredVersion'.
 
    .PARAMETER resourceGroupName
    Name of the Azure Resource Group.
 
    .PARAMETER automationAccountName
    Name of the Azure Automation Account.
 
    .PARAMETER runtimeVersion
    PSH runtime version.
 
    Possible values: 5.1, 7.2.
 
    By default 5.1.
 
    .PARAMETER overridePSGalleryModuleVersion
    Hashtable of hashtables where you can specify what module version should be used for given runtime if no specific version is required.
 
    This is needed in cases, where module newest available PSGallery version isn't compatible with your runtime because of incorrect manifest.
 
    By default:
 
    $overridePSGalleryModuleVersion = @{
        # 2.x.x PnP.PowerShell versions (2.1.1, 2.2.0) requires PSH 7.2 even though manifest doesn't say it
        # so the wrong module version would be picked up which would cause an error when trying to import
        "PnP.PowerShell" = @{
            "5.1" = "1.12.0"
        }
    }
 
    .EXAMPLE
    Connect-AzAccount -Tenant "contoso.onmicrosoft.com" -SubscriptionName "AutomationSubscription"
 
    New-AzureAutomationModule -resourceGroupName test -automationAccountName test -moduleName "Microsoft.Graph.Groups"
 
    Imports newest supported version (for given runtime) of the "Microsoft.Graph.Groups" module including all its dependencies.
    In case module "Microsoft.Graph.Groups" with such version is already imported, nothing will happens.
    Otherwise module will be imported/replaced (including all dependencies that are required for this specific version).
 
    .EXAMPLE
    Connect-AzAccount -Tenant "contoso.onmicrosoft.com" -SubscriptionName "AutomationSubscription"
 
    New-AzureAutomationModule -resourceGroupName test -automationAccountName test -moduleName "Microsoft.Graph.Groups" -moduleVersion "2.11.1"
 
    Imports "2.11.1" version of the "Microsoft.Graph.Groups" module including all its dependencies.
    In case module "Microsoft.Graph.Groups" with version "2.11.1" is already imported, nothing will happens.
    Otherwise module will be imported/replaced (including all dependencies that are required for this specific version).
 
    .NOTES
    1. Because this function depends on Find-Module command heavily, it needs to have communication with the PSGallery enabled. To automate this, you can use following code:
 
    "Install a package manager"
    $null = Install-PackageProvider -Name nuget -Force -ForceBootstrap -Scope allusers
 
    "Set PSGallery as a trusted repository"
    Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
 
    'PackageManagement', 'PowerShellGet', 'PSReadline', 'PSScriptAnalyzer' | % {
        "Install module $_"
        Install-Module $_ -Repository PSGallery -Force -AllowClobber
    }
 
    "Uninstall old version of PowerShellGet"
    Get-Module PowerShellGet -ListAvailable | ? version -lt 2.0.0 | select -exp ModuleBase | % { Remove-Item -Path $_ -Recurse -Force }
 
    2. Modules saved in Azure Automation Account have only "main" version saved and suffixes like "beta", "rc" etc are always cut off!
    A.k.a. if you import module with version "1.0.0-rc4". Version that will be shown in the GUI will be just "1.0.0" hence if you try to import such module again, it won't be correctly detected hence will be imported once again.
    #>


    [CmdletBinding()]
    [Alias("New-AzAutomationModule2", "Set-AzureAutomationModule")]
    param (
        [Parameter(Mandatory = $true)]
        [string] $moduleName,

        [string] $moduleVersion,

        [ValidateSet('RequiredVersion', 'MinimumVersion', 'MaximumVersion')]
        [string] $moduleVersionType = 'RequiredVersion',

        [Parameter(Mandatory = $true)]
        [string] $resourceGroupName,

        [Parameter(Mandatory = $true)]
        [string] $automationAccountName,

        [ValidateSet('5.1', '7.2')]
        [string] $runtimeVersion = '5.1',

        [int] $indent = 0,

        [hashtable[]] $overridePSGalleryModuleVersion = @{
            # 2.x.x PnP.PowerShell versions (2.1.1, 2.2.0) requires PSH 7.2 even though manifest doesn't say it
            # so the wrong module version would be picked up which would cause an error when trying to import
            "PnP.PowerShell" = @{
                "5.1" = "1.12.0"
            }
        }
    )

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "$($MyInvocation.MyCommand): Authentication needed. Please call Connect-AzAccount."
    }

    $indentString = " " * $indent

    #region helper functions
    function _write {
        param ($string, $color, [switch] $noNewLine, [switch] $noIndent)

        $param = @{}
        if ($noIndent) {
            $param.Object = $string
        } else {
            $param.Object = ($indentString + $string)
        }
        if ($color) {
            $param.ForegroundColor = $color
        }
        if ($noNewLine) {
            $param.noNewLine = $true
        }

        Write-Host @param
    }

    function Compare-VersionString {
        # module version can be like "1.0.0", but also like "2.0.0-preview8", "2.0.0-rc3"
        # hence this comparison function
        param (
            [Parameter(Mandatory = $true)]
            $version1,

            [Parameter(Mandatory = $true)]
            $version2,

            [Parameter(Mandatory = $true)]
            [ValidateSet('equal', 'notEqual', 'greaterThan', 'lessThan')]
            $operator
        )

        function _convertResultToBoolean {
            # function that converts 0,1,-1 to true/false based on comparison operator
            param (
                [ValidateSet('equal', 'notEqual', 'greaterThan', 'lessThan')]
                $operator,

                $result
            )

            switch ($operator) {
                "equal" {
                    if ($result -eq 0) {
                        return $true
                    }
                }

                "notEqual" {
                    if ($result -ne 0) {
                        return $true
                    }
                }

                "greaterThan" {
                    if ($result -eq 1) {
                        return $true
                    }
                }

                "lessThan" {
                    if ($result -eq -1) {
                        return $true
                    }
                }

                default { throw "Undefined operator" }
            }

            return $false
        }

        # Split version and suffix
        $v1, $suffix1 = $version1 -split '-', 2
        $v2, $suffix2 = $version2 -split '-', 2

        # Compare versions
        $versionComparison = ([version]$v1).CompareTo([version]$v2)
        if ($versionComparison -ne 0) {
            return (_convertResultToBoolean -operator $operator -result $versionComparison)
        }

        # If versions are equal, compare suffixes
        if ($suffix1 -and !$suffix2) {
            return (_convertResultToBoolean -operator $operator -result -1)
        } elseif (!$suffix1 -and $suffix2) {
            return (_convertResultToBoolean -operator $operator -result 1)
        } elseif (!$suffix1 -and !$suffix2) {
            return (_convertResultToBoolean -operator $operator -result 0)
        } else {
            return (_convertResultToBoolean -operator $operator -result ([string]::Compare($suffix1, $suffix2)))
        }
    }
    #endregion helper functions

    if ($moduleVersion) {
        $moduleVersionString = "($moduleVersion)"
    } else {
        $moduleVersionString = ""
    }

    _write "Processing module $moduleName $moduleVersionString" "Magenta"

    #region get PSGallery module data
    $param = @{
        # IncludeDependencies = $true # cannot be used, because always returns newest usable module version, I want to use existing modules if possible (to minimize the runtime & risk that something will stop working)
        Name        = $moduleName
        ErrorAction = "Stop"
    }
    if ($moduleVersion) {
        $param.$moduleVersionType = $moduleVersion
        if (!($moduleVersion -as [version])) {
            # version is something like "2.2.0.rc4" a.k.a. pre-release version
            $param.AllowPrerelease = $true
        }
    } elseif ($runtimeVersion -eq '5.1') {
        $param.AllVersions = $true
    }

    $moduleGalleryInfo = Find-Module @param
    #endregion get PSGallery module data

    # get newest usable module version for given runtime
    if (!$moduleVersion -and $runtimeVersion -eq '5.1') {
        # no specific version was selected and older PSH version is used, make sure module that supports it, will be found
        # for example (currently newest) pnp.powershell 2.3.0 supports only PSH 7.2
        $moduleGalleryInfo = $moduleGalleryInfo | ? { $_.AdditionalMetadata.PowerShellVersion -le $runtimeVersion } | select -First 1
    }

    if (!$moduleGalleryInfo) {
        Write-Error "No supported $moduleName module was found in PSGallery"
        return
    }

    #region override module version
    # range instead of specific module version was specified
    if ($moduleVersion -and $moduleVersionType -ne 'RequiredVersion' -and $moduleVersion -ne $moduleGalleryInfo.Version) {
        _write " (version $($moduleGalleryInfo.Version) will be used instead of $moduleVersionType $moduleVersion)"
        $moduleVersion = $moduleGalleryInfo.Version
    }

    # no version was specified and module is in override list
    if (!$moduleVersion -and $moduleName -in $overridePSGalleryModuleVersion.Keys -and $overridePSGalleryModuleVersion.$moduleName.$runtimeVersion) {
        $overriddenModule = $overridePSGalleryModuleVersion.$moduleName
        $overriddenModuleVersion = $overriddenModule.$runtimeVersion
        if ($overriddenModuleVersion) {
            _write " (no version specified and override for version exists, hence will be used ($overriddenModuleVersion))"
            $moduleVersion = $overriddenModuleVersion
        }
    }

    # no version was specified, use the newest one
    if (!$moduleVersion) {
        $moduleVersion = $moduleGalleryInfo.Version
        _write " (no version specified, newest supported version from PSGallery will be used ($moduleVersion))"
    }
    #endregion override module version

    Write-Verbose "Getting current Automation modules"
    $currentAutomationModules = Get-AzAutomationModule -AutomationAccountName $automationAccountName -ResourceGroup $resourceGroupName -RuntimeVersion $runtimeVersion -ErrorAction Stop

    # check whether required module is present
    # there can be module in Failed state, just because update of such module failed, but if it has SizeInBytes set, it means its in working state
    $moduleExists = $currentAutomationModules | ? { $_.Name -eq $moduleName -and ($_.ProvisioningState -eq "Succeeded" -or $_.SizeInBytes) }
    if ($moduleExists) {
        $moduleExistsVersion = $moduleExists.Version
        if ($moduleVersion -and $moduleVersion -ne $moduleExistsVersion) {
            $moduleExists = $null
        }

        if ($moduleExists) {
            return ($indentString + "Module $moduleName ($moduleExistsVersion) is already present")
        } elseif (!$moduleExists -and $indent -eq 0) {
            # some module with that name exists, but not in the correct version and this is not a recursive call (because of dependency processing) hence user was not yet warned about replacing the module
            _write " - Existing module $moduleName ($moduleExistsVersion) will be replaced" "Yellow"
        }
    }

    _write " - Getting module $moduleName dependencies"
    $moduleDependency = $moduleGalleryInfo.Dependencies | Sort-Object { $_.name }

    # dependency must be installed first
    if ($moduleDependency) {
        #TODO znacit si jake moduly jsou required (at uz tam jsou nebo musim doinstalovat) a kontrolovat, ze jeden neni required s ruznymi verzemi == konflikt protoze nainstalovana muze byt jen jedna
        _write " - Depends on: $($moduleDependency.Name -join ', ')"
        foreach ($module in $moduleDependency) {
            $requiredModuleName = $module.Name
            $requiredModuleMinVersion = $module.MinimumVersion -replace "\[|]" # for some reason version can be like '[2.0.0-preview6]'
            $requiredModuleMaxVersion = $module.MaximumVersion -replace "\[|]"
            $requiredModuleReqVersion = $module.RequiredVersion -replace "\[|]"
            $notInCorrectVersion = $false

            _write " - Checking module $requiredModuleName (minVer: $requiredModuleMinVersion maxVer: $requiredModuleMaxVersion reqVer: $requiredModuleReqVersion)"

            # there can be module in Failed state, just because update of such module failed, but if it has SizeInBytes set, it means its in working state
            $existingRequiredModule = $currentAutomationModules | ? { $_.Name -eq $requiredModuleName -and ($_.ProvisioningState -eq "Succeeded" -or $_.SizeInBytes) }
            $existingRequiredModuleVersion = $existingRequiredModule.Version # version always looks like n.n.n. suffixes like rc, beta etc are always cut off!

            # check that existing module version fits
            if ($existingRequiredModule -and ($requiredModuleMinVersion -or $requiredModuleMaxVersion -or $requiredModuleReqVersion)) {
                #TODO pokud nahrazuji existujici modul, tak bych se mel podivat, jestli jsou vsechny ostatni ok s jeho novou verzi
                if ($requiredModuleReqVersion -and (Compare-VersionString $requiredModuleReqVersion $existingRequiredModuleVersion "notEqual")) {
                    $notInCorrectVersion = $true
                    _write " - module exists, but not in the correct version (has: $existingRequiredModuleVersion, should be: $requiredModuleReqVersion). Will be replaced" "Yellow"
                } elseif ($requiredModuleMinVersion -and $requiredModuleMaxVersion -and ((Compare-VersionString $existingRequiredModuleVersion $requiredModuleMinVersion "lessThan") -or (Compare-VersionString $existingRequiredModuleVersion $requiredModuleMaxVersion "greaterThan"))) {
                    $notInCorrectVersion = $true
                    _write " - module exists, but not in the correct version (has: $existingRequiredModuleVersion, should be: $requiredModuleMinVersion .. $requiredModuleMaxVersion). Will be replaced" "Yellow"
                } elseif ($requiredModuleMinVersion -and (Compare-VersionString $existingRequiredModuleVersion $requiredModuleMinVersion "lessThan")) {
                    $notInCorrectVersion = $true
                    _write " - module exists, but not in the correct version (has: $existingRequiredModuleVersion, should be > $requiredModuleMinVersion). Will be replaced" "Yellow"
                } elseif ($requiredModuleMaxVersion -and (Compare-VersionString $existingRequiredModuleVersion $requiredModuleMaxVersion "greaterThan")) {
                    $notInCorrectVersion = $true
                    _write " - module exists, but not in the correct version (has: $existingRequiredModuleVersion, should be < $requiredModuleMaxVersion). Will be replaced" "Yellow"
                }
            }

            if (!$existingRequiredModule -or $notInCorrectVersion) {
                if (!$existingRequiredModule) {
                    _write " - module is missing" "Yellow"
                }

                if ($notInCorrectVersion) {
                    #TODO kontrola, ze jina verze modulu nerozbije zavislost nejakeho jineho existujiciho modulu
                }

                #region install required module first
                $param = @{
                    moduleName            = $requiredModuleName
                    resourceGroupName     = $resourceGroupName
                    automationAccountName = $automationAccountName
                    runtimeVersion        = $runtimeVersion
                    indent                = $indent + 1
                }
                if ($requiredModuleMinVersion) {
                    $param.moduleVersion = $requiredModuleMinVersion
                    $param.moduleVersionType = 'MinimumVersion'
                }
                if ($requiredModuleMaxVersion) {
                    $param.moduleVersion = $requiredModuleMaxVersion
                    $param.moduleVersionType = 'MaximumVersion'
                }
                if ($requiredModuleReqVersion) {
                    $param.moduleVersion = $requiredModuleReqVersion
                    $param.moduleVersionType = 'RequiredVersion'
                }

                New-AzureAutomationModule @param
                #endregion install required module first
            } else {
                if ($existingRequiredModuleVersion) {
                    _write " - module (ver. $existingRequiredModuleVersion) is already present"
                } else {
                    _write " - module is already present"
                }
            }
        }
    } else {
        _write " - No dependency found"
    }

    $uri = "https://www.powershellgallery.com/api/v2/package/$moduleName/$moduleVersion"
    _write " - Uploading module $moduleName ($moduleVersion)" "Yellow"
    $status = New-AzAutomationModule -AutomationAccountName $automationAccountName -ResourceGroup $resourceGroupName -Name $moduleName -ContentLinkUri $uri -RuntimeVersion $runtimeVersion

    #region output dots while waiting on import to finish
    $i = 0
    _write " ." -noNewLine
    do {
        Start-Sleep 5

        if ($i % 3 -eq 0) {
            _write "." -noNewLine -noIndent
        }

        ++$i
    } while (!($requiredModule = Get-AzAutomationModule -AutomationAccountName $automationAccountName -ResourceGroup $resourceGroupName -RuntimeVersion $runtimeVersion -ErrorAction Stop | ? { $_.Name -eq $moduleName -and $_.ProvisioningState -in "Succeeded", "Failed" }))

    ""
    #endregion output dots while waiting on import to finish

    if ($requiredModule.ProvisioningState -ne "Succeeded") {
        Write-Error "Import failed. Check Azure Portal >> Automation Account >> Modules >> $moduleName details to get the reason."
    } else {
        _write " - Success" "Green"
    }
}

function New-AzureAutomationRuntime {
    <#
    .SYNOPSIS
    Function creates a new custom Azure Automation Account Runtime.
 
    .DESCRIPTION
    Function creates a new custom Azure Automation Account Runtime.
 
    Both Powershell nad Python runtimes are supported. Powershell one supports specifying Az module version.
 
    .PARAMETER runtimeName
    Name of the created runtime.
 
    .PARAMETER runtimeLanguage
    Language that will be used in created runtime.
 
    Possible values are PowerShell, Python.
 
    .PARAMETER runtimeVersion
    Version of the runtimeLanguage.
 
    For Python it is 3.8, 3.10, for PowerShell '5.1', '7.1', '7.2', but this will likely change in the future.
 
    .PARAMETER defaultPackage
    Only use for PowerShell runtimeLanguage!
 
    Hashtable where keys are default module names ('az' (both PSHs), 'azure cli' (only in PSH Core)) and values are module versions.
 
    If no defaultPackage hashtable is provided, no default modules will be enabled in created runtime.
 
    .PARAMETER description
    Runtime description.
 
    .PARAMETER resourceGroupName
    Resource group name.
 
    .PARAMETER automationAccountName
    Automation account name.
 
    .PARAMETER header
    Authentication header that can be created via New-AzureAutomationGraphToken.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    $defaultPackage = @{
        az = '8.0.0'
    }
 
    New-AzureAutomationRuntime -runtimeName 'CustomPSH51' -runtimeLanguage 'PowerShell' -runtimeVersion 5.1 -defaultPackage $defaultPackage -description 'PSH 5.1 for testing purposes' -resourceGroupName 'AdvancedLoggingRG' -automationAccountName 'EnableO365AdvancedLogging'
 
    Create new custom Powershell 5.1 runtime with Az module 8.0.0 enabled.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    New-AzureAutomationRuntime -runtimeName 'CustomPSH51' -runtimeLanguage 'PowerShell' -runtimeVersion 5.1 -description 'PSH 5.1 for testing purposes' -resourceGroupName 'AdvancedLoggingRG' -automationAccountName 'EnableO365AdvancedLogging'
 
    Create a new custom Powershell 5.1 runtime without Az module enabled.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    $defaultPackage = @{
        'az' = '8.0.0'
        'azure cli' = '2.56.0'
    }
 
    New-AzureAutomationRuntime -runtimeName 'CustomPSH72' -runtimeLanguage 'PowerShell' -runtimeVersion 7.2 -defaultPackage $defaultPackage -description 'PSH 7.2 for testing purposes' -resourceGroupName 'AdvancedLoggingRG' -automationAccountName 'EnableO365AdvancedLogging'
 
    Create a new custom Powershell 7.2 runtime with 'Az module 8.0.0' and 'azure cli 2.56.0' enabled.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    New-AzureAutomationRuntime -runtimeName 'CustomPython310' -runtimeLanguage 'Python' -runtimeVersion 3.10 -description 'Python 3.10 for testing purposes' -resourceGroupName 'AdvancedLoggingRG' -automationAccountName 'EnableO365AdvancedLogging'
 
    Create a new custom Python 3.10 runtime.
    #>


    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [string] $runtimeName,

        [Parameter(Mandatory = $true)]
        [ValidateSet('PowerShell', 'Python')]
        [string] $runtimeLanguage,

        [ArgumentCompleter( {
                param ($Command, $Parameter, $WordToComplete, $CommandAst, $FakeBoundParams)

                if ($runtimeLanguage = $FakeBoundParams.runtimeLanguage) {
                    switch ($runtimeLanguage) {
                        'PowerShell' {
                            '5.1', '7.1', '7.2' | ? { $_ -like "*$WordToComplete*" }
                        }

                        'Python' {
                            '3.8', '3.10' | ? { $_ -like "*$WordToComplete*" }
                        }
                    }
                }
            })]
        [string] $runtimeVersion,

        [hashtable] $defaultPackage,

        [string] $description,

        [string] $resourceGroupName,

        [string] $automationAccountName,

        [hashtable] $header
    )

    #region checks
    if ($defaultPackage -and $runtimeLanguage -ne 'PowerShell') {
        Write-Warning "Parameter 'defaultModuleData' can be defined only for 'PowerShell' runtime language. Will be ignored."
        $defaultPackage = @{}
    }

    if (!$defaultPackage -and $runtimeLanguage -eq 'PowerShell') {
        $defaultPackage = @{}
    }
    #endregion checks

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "$($MyInvocation.MyCommand): Authentication needed. Please call Connect-AzAccount."
    }

    #region get missing arguments
    if (!$header) {
        $header = New-AzureAutomationGraphToken
    }

    $subscriptionId = (Get-AzContext).Subscription.Id

    while (!$resourceGroupName) {
        $resourceGroupName = Get-AzResourceGroup | select -ExpandProperty ResourceGroupName | Out-GridView -OutputMode Single -Title "Select resource group you want to process"
    }

    while (!$automationAccountName) {
        $automationAccountName = Get-AzAutomationAccount -ResourceGroupName $resourceGroupName | select -ExpandProperty AutomationAccountName | Out-GridView -OutputMode Single -Title "Select automation account you want to process"
    }
    #endregion get missing arguments

    #region checks
    try {
        $runtime = $null
        $runtime = Get-AzureAutomationRuntime -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -header $header -runtimeName $runtimeName -ErrorAction Stop
    } catch {
        if ($_.exception.StatusCode -ne 'NotFound') {
            throw $_
        }
    }

    if ($runtime) {
        # prevent accidental replacing of the existing runtime
        throw "Runtime with given name '$runtimeName' already exist"
    }
    #endregion checks

    #region send web request
    $body = @{
        properties = @{
            runtime         = @{
                language = $runtimeLanguage
                version  = $runtimeVersion
            }
            defaultPackages = $defaultPackage
            description     = $description
        }
    }

    $body = $body | ConvertTo-Json

    Write-Verbose $body

    Invoke-RestMethod2 -method Put -uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Automation/automationAccounts/$automationAccountName/runtimeEnvironments/$runtimeName`?api-version=2023-05-15-preview" -body $body -headers $header
    #endregion send web request
}

function New-AzureAutomationRuntimeModule {
    <#
    .SYNOPSIS
    Function add/replace selected module in specified Azure Automation runtime by importing it from the PowerShell Gallery.
    If module has some dependencies, that are currently missing (or have incorrect version), they will be imported automatically.
 
    .DESCRIPTION
    Function add/replace selected module in specified Azure Automation runtime by importing it from the PowerShell Gallery.
 
    If module exists, it will be replaced by selected version, if it is not, it will be added.
 
    If module has some dependencies, that are currently missing (or have incorrect version), they will be imported automatically.
 
    .PARAMETER runtimeName
    Name of the runtime environment you want to retrieve.
 
    .PARAMETER resourceGroupName
    Resource group name.
 
    .PARAMETER automationAccountName
    Automation account name.
 
    .PARAMETER moduleName
    Name of the module you want to add/(replace by other version).
 
    .PARAMETER moduleVersion
    Module version.
    If not specified, newest supported version for given runtime will be gathered from PSGallery.
 
    .PARAMETER moduleVersionType
    Type of the specified module version.
 
    Possible values are: 'RequiredVersion', 'MinimumVersion', 'MaximumVersion'.
 
    By default 'RequiredVersion'.
 
    .PARAMETER header
    Authentication header that can be created via New-AzureAutomationGraphToken.
 
    .PARAMETER overridePSGalleryModuleVersion
    Hashtable of hashtables where you can specify what module version should be used for given runtime if no specific version is required.
 
    This is needed in cases, where newest module version available in PSGallery isn't compatible with your runtime because of incorrect module manifest.
 
    By default:
 
    $overridePSGalleryModuleVersion = @{
        # 2.x.x PnP.PowerShell versions (2.1.1, 2.2.0) requires PSH 7.2 even though manifest doesn't say it
        # so the wrong module version would be picked up which would cause an error when trying to import
        "PnP.PowerShell" = @{
            "5.1" = "1.12.0"
        }
    }
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    New-AzureAutomationRuntimeModule -moduleName CommonStuff -moduleVersion 1.0.18
 
    Add module CommonStuff 1.0.18 to the specified Automation runtime.
    If module exists, it will be replaced by selected version, if it is not, it will be added.
    If module has some dependencies, that are currently missing (or have incorrect version), they will be imported automatically.
 
    Missing function arguments like $resourceGroupName or $automationAccountName will be interactively gathered through Out-GridView GUI.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    New-AzureAutomationRuntimeModule -resourceGroupName "AdvancedLoggingRG" -automationAccountName "EnableO365AdvancedLogging" -runtimeName Custom_PSH_51 -moduleName CommonStuff -moduleVersion 1.0.18
 
    Add module CommonStuff 1.0.18 to specified Automation runtime.
    If module exists, it will be replaced by selected version, if it is not, it will be added.
    #>


    [CmdletBinding()]
    [Alias("Set-AzureAutomationRuntimeModule")]
    param (
        [string] $runtimeName,

        [string] $resourceGroupName,

        [string] $automationAccountName,

        [Parameter(Mandatory = $true)]
        [string] $moduleName,

        [string] $moduleVersion,

        [ValidateSet('RequiredVersion', 'MinimumVersion', 'MaximumVersion')]
        [string] $moduleVersionType = 'RequiredVersion',

        [hashtable] $header,

        [int] $indent = 0,

        [hashtable[]] $overridePSGalleryModuleVersion = @{
            # 2.x.x PnP.PowerShell versions (2.1.1, 2.2.0) requires PSH 7.2 even though manifest doesn't say it
            # so the wrong module version would be picked up which would cause an error when trying to import
            "PnP.PowerShell" = @{
                "5.1" = "1.12.0"
            }
        }
    )

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "$($MyInvocation.MyCommand): Authentication needed. Please call Connect-AzAccount."
    }

    #region get missing arguments
    if (!$header) {
        $header = New-AzureAutomationGraphToken
    }

    $subscriptionId = (Get-AzContext).Subscription.Id

    while (!$resourceGroupName) {
        $resourceGroupName = Get-AzResourceGroup | select -ExpandProperty ResourceGroupName | Out-GridView -OutputMode Single -Title "Select resource group you want to process"
    }

    while (!$automationAccountName) {
        $automationAccountName = Get-AzAutomationAccount -ResourceGroupName $resourceGroupName | select -ExpandProperty AutomationAccountName | Out-GridView -OutputMode Single -Title "Select automation account you want to process"
    }

    while (!$runtimeName) {
        $runtimeName = Get-AzureAutomationRuntime -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -programmingLanguage PowerShell -runtimeSource Custom -header $header | select -ExpandProperty Name | Out-GridView -OutputMode Single -Title "Select environment you want to process"
    }
    #endregion get missing arguments

    try {
        $runtime = Get-AzureAutomationRuntime -automationAccountName $automationAccountName -ResourceGroup $resourceGroupName -runtimeName $runtimeName -programmingLanguage PowerShell -runtimeSource Custom -header $header -ErrorAction Stop
    } catch {
        throw "Runtime '$runtimeName' doesn't exist or it isn't custom created PowerShell Runtime"
    }
    $runtimeVersion = $runtime.properties.runtime.version

    $indentString = " " * $indent

    #region helper functions
    function _write {
        param ($string, $color, [switch] $noNewLine, [switch] $noIndent)

        $param = @{}
        if ($noIndent) {
            $param.Object = $string
        } else {
            $param.Object = ($indentString + $string)
        }
        if ($color) {
            $param.ForegroundColor = $color
        }
        if ($noNewLine) {
            $param.noNewLine = $true
        }

        Write-Host @param
    }

    function Compare-VersionString {
        # module version can be like "1.0.0", but also like "2.0.0-preview8", "2.0.0-rc3"
        # hence this comparison function
        param (
            [Parameter(Mandatory = $true)]
            $version1,

            [Parameter(Mandatory = $true)]
            $version2,

            [Parameter(Mandatory = $true)]
            [ValidateSet('equal', 'notEqual', 'greaterThan', 'lessThan')]
            $operator
        )

        function _convertResultToBoolean {
            # function that converts 0,1,-1 to true/false based on comparison operator
            param (
                [ValidateSet('equal', 'notEqual', 'greaterThan', 'lessThan')]
                $operator,

                $result
            )

            switch ($operator) {
                "equal" {
                    if ($result -eq 0) {
                        return $true
                    }
                }

                "notEqual" {
                    if ($result -ne 0) {
                        return $true
                    }
                }

                "greaterThan" {
                    if ($result -eq 1) {
                        return $true
                    }
                }

                "lessThan" {
                    if ($result -eq -1) {
                        return $true
                    }
                }

                default { throw "Undefined operator" }
            }

            return $false
        }

        # Split version and suffix
        $v1, $suffix1 = $version1 -split '-', 2
        $v2, $suffix2 = $version2 -split '-', 2

        # Compare versions
        $versionComparison = ([version]$v1).CompareTo([version]$v2)
        if ($versionComparison -ne 0) {
            return (_convertResultToBoolean -operator $operator -result $versionComparison)
        }

        # If versions are equal, compare suffixes
        if ($suffix1 -and !$suffix2) {
            return (_convertResultToBoolean -operator $operator -result -1)
        } elseif (!$suffix1 -and $suffix2) {
            return (_convertResultToBoolean -operator $operator -result 1)
        } elseif (!$suffix1 -and !$suffix2) {
            return (_convertResultToBoolean -operator $operator -result 0)
        } else {
            return (_convertResultToBoolean -operator $operator -result ([string]::Compare($suffix1, $suffix2)))
        }
    }
    #endregion helper functions

    if ($moduleVersion) {
        $moduleVersionString = "($moduleVersion)"
    } else {
        $moduleVersionString = ""
    }

    _write "Processing module $moduleName $moduleVersionString" "Magenta"

    #region get PSGallery module data
    $param = @{
        # IncludeDependencies = $true # cannot be used, because always returns newest usable module version, I want to use existing modules if possible (to minimize the runtime & risk that something will stop working)
        Name        = $moduleName
        ErrorAction = "Stop"
    }
    if ($moduleVersion) {
        $param.$moduleVersionType = $moduleVersion
        if (!($moduleVersion -as [version])) {
            # version is something like "2.2.0.rc4" a.k.a. pre-release version
            $param.AllowPrerelease = $true
        }
    } elseif ($runtimeVersion -eq '5.1') {
        $param.AllVersions = $true
    }

    $moduleGalleryInfo = Find-Module @param
    #endregion get PSGallery module data

    # get newest usable module version for given runtime
    if (!$moduleVersion -and $runtimeVersion -eq '5.1') {
        # no specific version was selected and older PSH version is used, make sure module that supports it, will be found
        # for example (currently newest) pnp.powershell 2.3.0 supports only PSH 7.2
        $moduleGalleryInfo = $moduleGalleryInfo | ? { $_.AdditionalMetadata.PowerShellVersion -le $runtimeVersion } | select -First 1
    }

    if (!$moduleGalleryInfo) {
        Write-Error "No supported $moduleName module was found in PSGallery"
        return
    }

    #region override module version
    # range instead of specific module version was specified
    if ($moduleVersion -and $moduleVersionType -ne 'RequiredVersion' -and $moduleVersion -ne $moduleGalleryInfo.Version) {
        _write " (version $($moduleGalleryInfo.Version) will be used instead of $moduleVersionType $moduleVersion)"
        $moduleVersion = $moduleGalleryInfo.Version
    }

    # no version was specified and module is in override list
    if (!$moduleVersion -and $moduleName -in $overridePSGalleryModuleVersion.Keys -and $overridePSGalleryModuleVersion.$moduleName.$runtimeVersion) {
        $overriddenModule = $overridePSGalleryModuleVersion.$moduleName
        $overriddenModuleVersion = $overriddenModule.$runtimeVersion
        if ($overriddenModuleVersion) {
            _write " (no version specified and override for version exists, hence will be used ($overriddenModuleVersion))"
            $moduleVersion = $overriddenModuleVersion
        }
    }

    # no version was specified, use the newest one
    if (!$moduleVersion) {
        $moduleVersion = $moduleGalleryInfo.Version
        _write " (no version specified, newest supported version from PSGallery will be used ($moduleVersion))"
    }
    #endregion override module version

    Write-Verbose "Getting current Automation modules"
    $currentAutomationModules = Get-AzureAutomationRuntimeCustomModule -automationAccountName $automationAccountName -ResourceGroup $resourceGroupName -runtimeName $runtimeName -header $header -ErrorAction Stop

    # check whether required module is present
    # there can be module in Failed state, just because update of such module failed, but if it has SizeInBytes set, it means its in working state
    $moduleExists = $currentAutomationModules | ? { $_.Name -eq $moduleName -and ($_.Properties.ProvisioningState -eq "Succeeded" -or $_.Properties.SizeInBytes) }
    if ($moduleExists) {
        $moduleExistsVersion = $moduleExists.Properties.Version
        if ($moduleVersion -and $moduleVersion -ne $moduleExistsVersion) {
            $moduleExists = $null
        }

        if ($moduleExists) {
            return ($indentString + "Module $moduleName ($moduleExistsVersion) is already present")
        } elseif (!$moduleExists -and $indent -eq 0) {
            # some module with that name exists, but not in the correct version and this is not a recursive call (because of dependency processing) hence user was not yet warned about replacing the module
            _write " - Existing module $moduleName ($moduleExistsVersion) will be replaced" "Yellow"
        }
    }

    _write " - Getting module $moduleName dependencies"
    $moduleDependency = $moduleGalleryInfo.Dependencies | Sort-Object { $_.name }

    # dependency must be installed first
    if ($moduleDependency) {
        #TODO znacit si jake moduly jsou required (at uz tam jsou nebo musim doinstalovat) a kontrolovat, ze jeden neni required s ruznymi verzemi == konflikt protoze nainstalovana muze byt jen jedna
        _write " - Depends on: $($moduleDependency.Name -join ', ')"
        foreach ($module in $moduleDependency) {
            $requiredModuleName = $module.Name
            $requiredModuleMinVersion = $module.MinimumVersion -replace "\[|]" # for some reason version can be like '[2.0.0-preview6]'
            $requiredModuleMaxVersion = $module.MaximumVersion -replace "\[|]"
            $requiredModuleReqVersion = $module.RequiredVersion -replace "\[|]"
            $notInCorrectVersion = $false

            _write " - Checking module $requiredModuleName (minVer: $requiredModuleMinVersion maxVer: $requiredModuleMaxVersion reqVer: $requiredModuleReqVersion)"

            # there can be module in Failed state, just because update of such module failed, but if it has SizeInBytes set, it means its in working state
            $existingRequiredModule = $currentAutomationModules | ? { $_.Name -eq $requiredModuleName -and ($_.Properties.ProvisioningState -eq "Succeeded" -or $_.Properties.SizeInBytes) }
            $existingRequiredModuleVersion = $existingRequiredModule.Properties.Version # version always looks like n.n.n. suffixes like rc, beta etc are always cut off!

            # check that existing module version fits
            if ($existingRequiredModule -and ($requiredModuleMinVersion -or $requiredModuleMaxVersion -or $requiredModuleReqVersion)) {
                #TODO pokud nahrazuji existujici modul, tak bych se mel podivat, jestli jsou vsechny ostatni ok s jeho novou verzi
                if ($requiredModuleReqVersion -and (Compare-VersionString $requiredModuleReqVersion $existingRequiredModuleVersion "notEqual")) {
                    $notInCorrectVersion = $true
                    _write " - module exists, but not in the correct version (has: $existingRequiredModuleVersion, should be: $requiredModuleReqVersion). Will be replaced" "Yellow"
                } elseif ($requiredModuleMinVersion -and $requiredModuleMaxVersion -and ((Compare-VersionString $existingRequiredModuleVersion $requiredModuleMinVersion "lessThan") -or (Compare-VersionString $existingRequiredModuleVersion $requiredModuleMaxVersion "greaterThan"))) {
                    $notInCorrectVersion = $true
                    _write " - module exists, but not in the correct version (has: $existingRequiredModuleVersion, should be: $requiredModuleMinVersion .. $requiredModuleMaxVersion). Will be replaced" "Yellow"
                } elseif ($requiredModuleMinVersion -and (Compare-VersionString $existingRequiredModuleVersion $requiredModuleMinVersion "lessThan")) {
                    $notInCorrectVersion = $true
                    _write " - module exists, but not in the correct version (has: $existingRequiredModuleVersion, should be > $requiredModuleMinVersion). Will be replaced" "Yellow"
                } elseif ($requiredModuleMaxVersion -and (Compare-VersionString $existingRequiredModuleVersion $requiredModuleMaxVersion "greaterThan")) {
                    $notInCorrectVersion = $true
                    _write " - module exists, but not in the correct version (has: $existingRequiredModuleVersion, should be < $requiredModuleMaxVersion). Will be replaced" "Yellow"
                }
            }

            if (!$existingRequiredModule -or $notInCorrectVersion) {
                if (!$existingRequiredModule) {
                    _write " - module is missing" "Yellow"
                }

                if ($notInCorrectVersion) {
                    #TODO kontrola, ze jina verze modulu nerozbije zavislost nejakeho jineho existujiciho modulu
                }

                #region install required module first
                $param = @{
                    moduleName            = $requiredModuleName
                    resourceGroupName     = $resourceGroupName
                    automationAccountName = $automationAccountName
                    runtimeName           = $runtimeName
                    indent                = $indent + 1
                }
                if ($requiredModuleMinVersion) {
                    $param.moduleVersion = $requiredModuleMinVersion
                    $param.moduleVersionType = 'MinimumVersion'
                }
                if ($requiredModuleMaxVersion) {
                    $param.moduleVersion = $requiredModuleMaxVersion
                    $param.moduleVersionType = 'MaximumVersion'
                }
                if ($requiredModuleReqVersion) {
                    $param.moduleVersion = $requiredModuleReqVersion
                    $param.moduleVersionType = 'RequiredVersion'
                }

                New-AzureAutomationRuntimeModule @param
                #endregion install required module first
            } else {
                if ($existingRequiredModuleVersion) {
                    _write " - module (ver. $existingRequiredModuleVersion) is already present"
                } else {
                    _write " - module is already present"
                }
            }
        }
    } else {
        _write " - No dependency found"
    }

    _write " - Uploading module $moduleName ($moduleVersion)" "Yellow"
    $modulePkgUri = "https://devopsgallerystorage.blob.core.windows.net/packages/$($moduleName.ToLower()).$moduleVersion.nupkg"

    $pkgStatus = Invoke-WebRequest -Uri $modulePkgUri -SkipHttpErrorCheck
    if ($pkgStatus.StatusCode -ne 200) {
        throw "Module $moduleName (version $moduleVersion) doesn't exist in PSGallery. Error was $($pkgStatus.StatusDescription)"
    }

    #region send web request
    $body = @{
        "properties" = @{
            "contentLink" = @{
                "uri" = $modulePkgUri
            }
            "version"     = $moduleVersion
        }
    }

    $body = $body | ConvertTo-Json

    Write-Verbose $body

    $null = Invoke-RestMethod2 -method Put -uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Automation/automationAccounts/$automationAccountName/runtimeEnvironments/$runtimeName/packages/$moduleName`?api-version=2023-05-15-preview" -body $body -headers $header
    #endregion send web request

    #region output dots while waiting on import to finish
    $i = 0
    _write " ." -noNewLine
    do {
        Start-Sleep 5

        if ($i % 3 -eq 0) {
            _write "." -noNewLine -noIndent
        }

        ++$i
    } while (!($requiredModule = Get-AzureAutomationRuntimeCustomModule -automationAccountName $automationAccountName -ResourceGroup $resourceGroupName -runtimeName $runtimeName -moduleName $moduleName -header $header -ErrorAction Stop | ? { $_.Properties.ProvisioningState -in "Succeeded", "Failed" }))

    ""
    #endregion output dots while waiting on import to finish

    if ($requiredModule.Properties.ProvisioningState -ne "Succeeded") {
        Write-Error "Import failed. Check Azure Portal >> Automation Account >> Runtime Environments >> $runtimeName >> $moduleName details to get the reason."
    } else {
        _write " - Success" "Green"
    }
}

function Remove-AzureAutomationRuntime {
    <#
    .SYNOPSIS
    Removes selected Azure Automation Account Runtime(s).
 
    .DESCRIPTION
    Removes selected Azure Automation Account Runtime(s).
 
    .PARAMETER runtimeName
    Name of the runtime environment you want to remove.
 
    .PARAMETER resourceGroupName
    Resource group name.
 
    .PARAMETER automationAccountName
    Automation account name.
 
    .PARAMETER header
    Authentication header that can be created via New-AzureAutomationGraphToken.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Remove-AzureAutomationRuntime
 
    Removes selected Automation Runtime.
 
    Missing function arguments like $runtimeName, $resourceGroupName or $automationAccountName will be interactively gathered through Out-GridView GUI.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Remove-AzureAutomationRuntime -runtimeName "PSH51Custom" -resourceGroupName "AdvancedLoggingRG" -automationAccountName "EnableO365AdvancedLogging"
 
    Removes "PSH51Custom" Automation Runtime from given Automation Account.
    #>


    [CmdletBinding()]
    param (
        [string[]] $runtimeName,

        [string] $resourceGroupName,

        [string] $automationAccountName,

        [hashtable] $header
    )

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "$($MyInvocation.MyCommand): Authentication needed. Please call Connect-AzAccount."
    }

    #region get missing arguments
    if (!$header) {
        $header = New-AzureAutomationGraphToken
    }

    $subscriptionId = (Get-AzContext).Subscription.Id

    while (!$resourceGroupName) {
        $resourceGroupName = Get-AzResourceGroup | select -ExpandProperty ResourceGroupName | Out-GridView -OutputMode Single -Title "Select resource group you want to process"
    }

    while (!$automationAccountName) {
        $automationAccountName = Get-AzAutomationAccount -ResourceGroupName $resourceGroupName | select -ExpandProperty AutomationAccountName | Out-GridView -OutputMode Single -Title "Select automation account you want to process"
    }

    if ($runtimeName) {
        foreach ($runtName in $runtimeName) {
            Write-Verbose "Checking existence of $runtName runtime"
            try {
                $runtime = Get-AzureAutomationRuntime -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -header $header -runtimeName $runtName -ErrorAction Stop
            } catch {
                if ($_.exception.StatusCode -eq 'NotFound') {
                    throw "Runtime '$runtName' doesn't exist"
                } else {
                    throw $_
                }
            }
        }
    } else {
        while (!$runtimeName) {
            $runtimeName = Get-AzureAutomationRuntime -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -header $header -programmingLanguage PowerShell -runtimeSource Custom | select -ExpandProperty Name | Out-GridView -OutputMode Multiple -Title "Select runtime you want to process"
        }
    }
    #endregion get missing arguments

    foreach ($runtName in $runtimeName) {
        Write-Verbose "Removing $runtName runtime"

        Invoke-RestMethod2 -method delete -uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Automation/automationAccounts/$automationAccountName/runtimeEnvironments/$runtName`?api-version=2023-05-15-preview" -body $body -headers $header
    }
}

function Remove-AzureAutomationRuntimeModule {
    <#
    .SYNOPSIS
    Function remove selected module from specified Azure Automation runtime.
 
    .DESCRIPTION
    Function remove selected module from specified Azure Automation runtime.
 
    .PARAMETER runtimeName
    Name of the runtime environment you want to retrieve.
 
    If not provided, all runtimes will be returned.
 
    .PARAMETER resourceGroupName
    Resource group name.
 
    .PARAMETER automationAccountName
    Automation account name.
 
    .PARAMETER moduleName
    Name of the module(s) you want to remove.
 
    .PARAMETER header
    Authentication header that can be created via New-AzureAutomationGraphToken.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Remove-AzureAutomationRuntimeModule
 
    Remove selected module(s) from the specified Automation runtime.
    Missing function arguments like $resourceGroupName or $moduleName will be interactively gathered through Out-GridView GUI.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Remove-AzureAutomationRuntimeModule -resourceGroupName "AdvancedLoggingRG" -automationAccountName "EnableO365AdvancedLogging" -runtimeName Custom_PSH_51 -moduleName CommonStuff
 
    Remove module CommonStuff from the specified Automation runtime.
    #>


    [CmdletBinding()]
    param (
        [string] $runtimeName,

        [string] $resourceGroupName,

        [string] $automationAccountName,

        [string[]] $moduleName,

        [hashtable] $header
    )

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "$($MyInvocation.MyCommand): Authentication needed. Please call Connect-AzAccount."
    }

    #region get missing arguments
    if (!$header) {
        $header = New-AzureAutomationGraphToken
    }

    $subscriptionId = (Get-AzContext).Subscription.Id

    while (!$resourceGroupName) {
        $resourceGroupName = Get-AzResourceGroup | select -ExpandProperty ResourceGroupName | Out-GridView -OutputMode Single -Title "Select resource group you want to process"
    }

    while (!$automationAccountName) {
        $automationAccountName = Get-AzAutomationAccount -ResourceGroupName $resourceGroupName | select -ExpandProperty AutomationAccountName | Out-GridView -OutputMode Single -Title "Select automation account you want to process"
    }

    while (!$runtimeName) {
        $runtimeName = Get-AzureAutomationRuntime -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -header $header -programmingLanguage PowerShell -runtimeSource Custom | select -ExpandProperty Name | Out-GridView -OutputMode Single -Title "Select runtime you want to process"
    }

    if (!$moduleName) {
        while (!$moduleName) {
            $moduleName = Get-AzureAutomationRuntimeCustomModule -runtimeName $runtimeName -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -moduleName $moduleName -header $header | select -ExpandProperty Name | Out-GridView -OutputMode Multiple -Title "Select module(s) you want to remove"
        }
    } else {
        $moduleExists = Get-AzureAutomationRuntimeCustomModule -runtimeName $runtimeName -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -moduleName $moduleName -header $header
        if (!$moduleExists) {
            throw "Module $moduleName doesn't exist in specified Automation environment"
        }
    }
    #endregion get missing arguments

    foreach ($modName in $moduleName) {
        Write-Verbose "Removing module $modName"

        Invoke-RestMethod2 -method Delete -uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Automation/automationAccounts/$automationAccountName/runtimeEnvironments/$runtimeName/packages/$modName`?api-version=2023-05-15-preview" -headers $header
    }
}

function Set-AutomationVariable2 {
    <#
    .SYNOPSIS
    Function for setting Azure RunBook variable value by exporting given value using Export-CliXml and saving the text result.
 
    .DESCRIPTION
    Function for setting Azure RunBook variable value by exporting given value using Export-CliXml and saving the text result.
    Compared to original Set-AutomationVariable this one is able to save original PSObjects as they were and not as Newtonsoft.Json.Linq.
    Variable set using this function has to be read using Get-AutomationVariable2!
 
    As original Set-AutomationVariable can be used only inside RunBook!
 
    .PARAMETER name
    Name of the RunBook variable you want to set.
 
    (to later retrieve such variable, use Get-AutomationVariable2!)
 
    .PARAMETER value
    Value you want to export to RunBook variable.
    Can be of any type.
 
    .EXAMPLE
    Set-AutomationVariable2 -name myVar -value @{name = 'John'; surname = 'Doe'}
 
    # to retrieve the variable
    #$hashTable = Get-AutomationVariable2 -name myVar
 
    Save given hashtable to variable myVar.
 
    .NOTES
    Same as original Get-AutomationVariable command, can be used only inside a Runbook!
    #>


    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [string] $name,

        $value
    )

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "Authentication needed. Please call 'Connect-AzAccount -Identity'."
    }

    if ($value) {
        # in-memory export to CliXml (similar to Export-Clixml)
        $processedValue = [string]([System.Management.Automation.PSSerializer]::Serialize($value, 2))
    } else {
        $processedValue = ''
    }

    try {
        Set-AutomationVariable -Name $name -Value $processedValue -ErrorAction Stop
    } catch {
        throw "Unable to set automation variable $name. Set value is probably too big. Error was: $_"
    }
}

function Set-AzureAutomationRunbookRuntime {
    <#
    .SYNOPSIS
    Set Runtime Environment in the selected Azure Automation Account Runbook.
 
    .DESCRIPTION
    Set Runtime Environment in the selected Azure Automation Account Runbook.
 
    .PARAMETER runtimeName
    Runtime name you want to use.
 
    .PARAMETER resourceGroupName
    Resource group name.
 
    .PARAMETER automationAccountName
    Automation account name.
 
    .PARAMETER runbookName
    Runbook name.
 
    .PARAMETER header
    Authentication header that can be created via New-AzureAutomationGraphToken.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Set-AzureAutomationRunbookRuntime
 
    Set selected Runtime Environment in selected Runbook.
    Missing function arguments like $runtimeName, $resourceGroupName, $automationAccountName or $runbookName will be interactively gathered through Out-GridView GUI.
    #>


    [CmdletBinding()]
    param (
        [string] $runtimeName,

        [string] $resourceGroupName,

        [string] $automationAccountName,

        [string] $runbookName,

        [hashtable] $header
    )

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "$($MyInvocation.MyCommand): Authentication needed. Please call Connect-AzAccount."
    }

    #region get missing arguments
    if (!$header) {
        $header = New-AzureAutomationGraphToken
    }

    $subscriptionId = (Get-AzContext).Subscription.Id

    while (!$resourceGroupName) {
        $resourceGroupName = Get-AzResourceGroup | select -ExpandProperty ResourceGroupName | Out-GridView -OutputMode Single -Title "Select resource group you want to process"
    }

    while (!$automationAccountName) {
        $automationAccountName = Get-AzAutomationAccount -ResourceGroupName $resourceGroupName | select -ExpandProperty AutomationAccountName | Out-GridView -OutputMode Single -Title "Select automation account you want to process"
    }

    while (!$runbookName) {
        $runbookName = Get-AzAutomationRunbook -AutomationAccountName $automationAccountName -ResourceGroupName $resourceGroupName | select -ExpandProperty Name | Out-GridView -OutputMode Single -Title "Select runbook you want to change"
    }
    #endregion get missing arguments

    $runbookType = Get-AzAutomationRunbook -AutomationAccountName $automationAccountName -ResourceGroupName $resourceGroupName -Name $runbookName | select -ExpandProperty RunbookType

    if ($runbookType -eq 'python2') {
        $programmingLanguage = 'Python'
    } else {
        $programmingLanguage = $runbookType
    }

    $currentRuntimeName = Get-AzureAutomationRunbookRuntime -automationAccountName $automationAccountName -resourceGroupName $resourceGroupName -runbookName $runbookName -header $header

    if ($runtimeName -and $runtimeName -eq $currentRuntimeName) {
        Write-Warning "Runtime '$runtimeName' is already set. Skipping."
        return
    } else {
        while (!$runtimeName) {
            $runtimeName = Get-AzureAutomationRuntime -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -header $header -programmingLanguage $programmingLanguage | select -ExpandProperty Name | ? { $_ -notin $currentRuntimeName } | Out-GridView -OutputMode Single -Title "Select runtime you want to set (current is '$currentRuntimeName')"
        }
    }

    #region send web request
    $body = @{
        "properties" = @{
            runtimeEnvironment = $runtimeName
        }
    }
    if ($programmingLanguage -eq 'Python') {
        # fix for bug? "The property runtimeEnvironment cannot be configured for runbookType Python2. Either use runbookType Python or remove runtimeEnvironment from input."
        $body.properties.runbookType = 'Python'
    }
    $body = $body | ConvertTo-Json

    Write-Verbose $body

    Invoke-RestMethod2 -method PATCH -uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Automation/automationAccounts/$automationAccountName/runbooks/$runbookName`?api-version=2023-05-15-preview" -body $body -headers $header
    #endregion send web request
}

function Set-AzureAutomationRuntimeDefaultModule {
    <#
    .SYNOPSIS
    Function sets Runtime Default Module(s) to given version(s) in selected Azure Automation Account PowerShell Runbook.
    Default modules are currently 'az' and 'azure cli' (just in PowerShell 7.2).
 
    .DESCRIPTION
    Function sets Runtime Default Module(s) to given version(s) in selected Azure Automation Account PowerShell Runbook.
    Default modules are currently 'az' and 'azure cli' (just in PowerShell 7.2).
 
    .PARAMETER runtimeName
    Name of the runtime environment you want to update.
 
    .PARAMETER resourceGroupName
    Resource group name.
 
    .PARAMETER automationAccountName
    Automation account name.
 
    .PARAMETER defaultPackage
    Hashtable where keys are default module names ('az' (both PSHs), 'azure cli' (only in PSH 7.2)) and values are module versions.
 
    If empty hashtable is provided, currently set default module(s) will be removed (set to 'not configured' in GUI terms).
 
    .PARAMETER replace
    Switch for replacing current default modules with the ones in 'defaultPackage' parameter.
    Hence what is not defined, will be removed.
 
    By default default modules not specified in the 'defaultPackage' parameter are ignored.
 
    .PARAMETER header
    Authentication header that can be created via New-AzureAutomationGraphToken.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    $defaultPackage = @{
        'az' = '8.3.0'
        'azure cli' = '2.56.0'
    }
 
    Set-AzureAutomationRuntimeDefaultModule -defaultPackage $defaultPackage
 
    Set default modules to versions specified in $defaultPackage.
    Missing function arguments like $resourceGroupName or $automationAccountName will be interactively gathered through Out-GridView GUI.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    $defaultPackage = @{
        'azure cli' = '2.56.0'
    }
 
    Set-AzureAutomationRuntimeDefaultModule -defaultPackage $defaultPackage
 
    Set default module 'azure cli' to version '2.56.0'.
    In case that any other default module ('az') is set in the modified Runtime too, it will stay intact.
    Missing function arguments like $resourceGroupName or $automationAccountName will be interactively gathered through Out-GridView GUI.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    $defaultPackage = @{
        'azure cli' = '2.56.0'
    }
 
    Set-AzureAutomationRuntimeDefaultModule -defaultPackage $defaultPackage -replace
 
    Set default module 'azure cli' to version '2.56.0'.
    In case that any other default module ('az') is set in the modified Runtime too, it will be removed.
    Missing function arguments like $resourceGroupName or $automationAccountName will be interactively gathered through Out-GridView GUI.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Set-AzureAutomationRuntimeDefaultModule -defaultPackage @{}
 
    All default modules in selected Runtime will be removed.
    Missing function arguments like $resourceGroupName or $automationAccountName will be interactively gathered through Out-GridView GUI.
    #>


    [CmdletBinding()]
    param (
        [string] $runtimeName,

        [string] $resourceGroupName,

        [string] $automationAccountName,

        [Parameter(Mandatory = $true)]
        [hashtable] $defaultPackage,

        [switch] $replace,

        [hashtable] $header
    )

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "$($MyInvocation.MyCommand): Authentication needed. Please call Connect-AzAccount."
    }

    #region get missing arguments
    if (!$header) {
        $header = New-AzureAutomationGraphToken
    }

    $subscriptionId = (Get-AzContext).Subscription.Id

    while (!$resourceGroupName) {
        $resourceGroupName = Get-AzResourceGroup | select -ExpandProperty ResourceGroupName | Out-GridView -OutputMode Single -Title "Select resource group you want to process"
    }

    while (!$automationAccountName) {
        $automationAccountName = Get-AzAutomationAccount -ResourceGroupName $resourceGroupName | select -ExpandProperty AutomationAccountName | Out-GridView -OutputMode Single -Title "Select automation account you want to process"
    }

    while (!$runtimeName) {
        $runtimeName = Get-AzureAutomationRuntime -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -header $header -programmingLanguage PowerShell | select -ExpandProperty Name | Out-GridView -OutputMode Single -Title "Select environment you want to process"
    }
    #endregion get missing arguments

    #region checks
    $runtime = Get-AzureAutomationRuntime -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -runtimeName $runtimeName -header $header

    if (!$runtime) {
        throw "Runtime '$runtimeName' wasn't found"
    }

    # what default modules are currently set
    $currentDefaultModule = Get-AzureAutomationRuntimeSelectedDefaultModule -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -runtimeName $runtimeName -header $header

    # check default modules defined in given hashtable vs allowed/currently set ones
    $defaultPackage.GetEnumerator() | % {
        $defaultModuleName = $_.Key
        $defaultModuleVersion = $_.Value

        $currentDefaultModuleVersion = $currentDefaultModule.$defaultModuleName

        if ($defaultModuleVersion -eq $currentDefaultModuleVersion) {
            Write-Warning "Module '$defaultModuleName' already has version $defaultModuleVersion"
        }
    }
    #endregion checks

    #region send web request
    if ($defaultPackage.Count -eq 0) {
        # remove all default modules

        Write-Verbose "Removing all default modules"

        $body = @{
            properties = @{
                runtime         = @{
                    language = $runtime.properties.runtime.language
                    version  = $runtime.properties.runtime.version
                }
                defaultPackages = @{}
            }
        }

        $method = "Put"
    } else {
        # modify current default modules

        Write-Verbose "Replacing current default modules with the defined ones"

        if ($replace) {
            # replace

            $body = @{
                properties = @{
                    runtime         = @{
                        language = $runtime.properties.runtime.language
                        version  = $runtime.properties.runtime.version
                    }
                    defaultPackages = $defaultPackage
                }
            }

            $method = "Put"
        } else {
            # modify

            Write-Verbose "Updating defined default modules"

            $body = @{
                properties = @{
                    defaultPackages = $defaultPackage
                }
            }

            $method = "Patch"
        }
    }

    $body = $body | ConvertTo-Json

    Write-Verbose $body

    Invoke-RestMethod2 -method $method -uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Automation/automationAccounts/$automationAccountName/runtimeEnvironments/$runtimeName`?api-version=2023-05-15-preview" -body $body -headers $header
    #endregion send web request
}

function Set-AzureAutomationRuntimeDescription {
    <#
    .SYNOPSIS
    Function set Azure Automation Account Runtime description.
 
    .DESCRIPTION
    Function set Azure Automation Account Runtime description.
 
    .PARAMETER runtimeName
    Name of the runtime environment you want to update.
 
    .PARAMETER resourceGroupName
    Resource group name.
 
    .PARAMETER automationAccountName
    Automation account name.
 
    .PARAMETER description
    Runtime description.
 
    .PARAMETER header
    Authentication header that can be created via New-AzureAutomationGraphToken.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Set-AzureAutomationRuntimeDescription -description "testing runtime"
 
    Set given description in given Automation Runtime.
    Missing function arguments like $resourceGroupName or $automationAccountName will be interactively gathered through Out-GridView GUI.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Set-AzureAutomationRuntimeDescription -resourceGroupName "AdvancedLoggingRG" -automationAccountName "EnableO365AdvancedLogging" -description "testing runtime"
 
    Set given description in given Automation Runtime.
    #>


    [CmdletBinding()]
    param (
        [string] $runtimeName,

        [string] $resourceGroupName,

        [string] $automationAccountName,

        [Parameter(Mandatory = $true)]
        [string] $description,

        [hashtable] $header
    )

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "$($MyInvocation.MyCommand): Authentication needed. Please call Connect-AzAccount."
    }

    #region get missing arguments
    if (!$header) {
        $header = New-AzureAutomationGraphToken
    }

    $subscriptionId = (Get-AzContext).Subscription.Id

    while (!$resourceGroupName) {
        $resourceGroupName = Get-AzResourceGroup | select -ExpandProperty ResourceGroupName | Out-GridView -OutputMode Single -Title "Select resource group you want to process"
    }

    while (!$automationAccountName) {
        $automationAccountName = Get-AzAutomationAccount -ResourceGroupName $resourceGroupName | select -ExpandProperty AutomationAccountName | Out-GridView -OutputMode Single -Title "Select automation account you want to process"
    }

    while (!$runtimeName) {
        $runtimeName = Get-AzureAutomationRuntime -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -header $header -programmingLanguage PowerShell | select -ExpandProperty Name | Out-GridView -OutputMode Single -Title "Select environment you want to process"
    }
    #endregion get missing arguments

    #region send web request
    $body = @{
        "properties" = @{
            "description" = $description
        }
    }
    $body = $body | ConvertTo-Json

    Write-Verbose $body

    Invoke-RestMethod2 -method Patch -uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Automation/automationAccounts/$automationAccountName/runtimeEnvironments/$runtimeName`?api-version=2023-05-15-preview" -body $body -headers $header
    #endregion send web request
}

function Update-AzureAutomationModule {
    [CmdletBinding()]
    param (
        [string[]] $moduleName,

        [string] $moduleVersion,

        [switch] $allModule,

        [switch] $allCustomModule,

        [Parameter(Mandatory = $true)]
        [string] $resourceGroupName,

        [string[]] $automationAccountName,

        [ValidateSet('5.1', '7.2')]
        [string] $runtimeVersion = '5.1'
    )

    if ($allCustomModule -and $moduleName) {
        throw "Choose moduleName or allCustomModule"
    }
    if ($allCustomModule -and $allModule) {
        throw "Choose allModule or allCustomModule"
    }

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "$($MyInvocation.MyCommand): Authentication needed. Please call Connect-AzAccount."
    }

    $subscription = $((Get-AzContext).Subscription.Name)

    $automationAccount = Get-AzAutomationAccount -ResourceGroupName $resourceGroupName

    if (!$automationAccount) {
        throw "No Automation account found in the current Subscription '$subscription' and Resource group '$resourceGroupName'"
    }

    if ($automationAccountName) {
        $automationAccount = $automationAccount | ? AutomationAccountName -EQ $automationAccountName
    }

    if (!$automationAccount) {
        throw "No Automation account match the selected criteria"
    }

    foreach ($atmAccount in $automationAccount) {
        $atmAccountName = $atmAccount.AutomationAccountName
        $atmAccountResourceGroup = $atmAccount.ResourceGroupName

        "Processing Automation account '$atmAccountName' (ResourceGroup: '$atmAccountResourceGroup' Subscription: '$subscription')"

        $currentAutomationModules = Get-AzAutomationModule -AutomationAccountName $atmAccountName -ResourceGroup $atmAccountResourceGroup -RuntimeVersion $runtimeVersion

        if ($allCustomModule) {
            $automationModulesToUpdate = $currentAutomationModules | ? IsGlobal -EQ $false
        } elseif ($moduleName) {
            $automationModulesToUpdate = $currentAutomationModules | ? Name -In $moduleName
            if ($moduleVersion -and $automationModulesToUpdate) {
                Write-Verbose "Selecting only module(s) with version $moduleVersion or lower"
                $automationModulesToUpdate = $automationModulesToUpdate | ? { [version]$_.Version -lt [version] $moduleVersion }
            }
        } elseif ($allModule) {
            $automationModulesToUpdate = $currentAutomationModules
        } else {
            $automationModulesToUpdate = $currentAutomationModules | Out-GridView -PassThru
            if ($moduleVersion -and $automationModulesToUpdate) {
                Write-Verbose "Selecting only module(s) with version $moduleVersion or lower"
                $automationModulesToUpdate = $automationModulesToUpdate | ? { [version]$_.Version -lt [version] $moduleVersion }
            }
        }

        if (!$automationModulesToUpdate) {
            Write-Warning "No module match the selected update criteria. Skipping"
            continue
        }

        foreach ($module in $automationModulesToUpdate) {
            $moduleName = $module.Name
            $requiredModuleVersion = $moduleVersion

            #region get PSGallery module data
            $param = @{
                # IncludeDependencies = $true # cannot be used, because always returns newest available modules, I want to use existing modules if possible (to minimize risk that something will stop working)
                Name        = $moduleName
                ErrorAction = "Stop"
            }
            if ($requiredModuleVersion) {
                $param.RequiredVersion = $requiredModuleVersion
            } else {
                $param.AllVersions = $true
            }

            $moduleGalleryInfo = Find-Module @param
            #endregion get PSGallery module data

            # get newest usable module version for given runtime
            if (!$requiredModuleVersion -and $runtimeVersion -eq '5.1') {
                # no specific version was selected and older PSH version is used, make sure module that supports it, will be found
                # for example (currently newest) pnp.powershell 2.3.0 supports only PSH 7.2
                $moduleGalleryInfo = $moduleGalleryInfo | ? { $_.AdditionalMetadata.PowerShellVersion -le $runtimeVersion } | select -First 1
            }

            if (!$moduleGalleryInfo) {
                Write-Error "No supported $moduleName module was found in PSGallery"
                continue
            }

            if (!$requiredModuleVersion) {
                # no version specified, newest version from PSGallery will be used"
                $requiredModuleVersion = $moduleGalleryInfo.Version

                if ($requiredModuleVersion -eq $module.Version) {
                    Write-Warning "Module $moduleName already has newest available version $requiredModuleVersion. Skipping"
                    continue
                }
            }

            $param = @{
                resourceGroupName     = $module.ResourceGroupName
                automationAccountName = $module.AutomationAccountName
                moduleName            = $module.Name
                runtimeVersion        = $runtimeVersion
                moduleVersion         = $requiredModuleVersion
            }

            "Updating module $($module.Name) $($module.Version) >> $requiredModuleVersion"
            New-AzureAutomationModule @param
        }
    }
}

function Update-AzureAutomationRunbookModule {
    <#
    .SYNOPSIS
    Function updates all/selected custom modules in given Azure Automation Account Environment Runtime.
 
    Custom module means module you have to explicitly import (not 'Az' or 'azure cli').
 
    .DESCRIPTION
    Function updates all/selected custom modules in given Azure Automation Account Environment Runtime.
 
    Custom module means module you have to explicitly import (not 'Az' or 'azure cli').
 
    .PARAMETER moduleName
    Name of the module you want to add/(replace by other version).
 
    .PARAMETER moduleVersion
    Target module version you want to update to.
 
    Applies to all updated modules!
 
    If not specified, newest supported version for used runtime language version will be gathered from PSGallery.
 
    .PARAMETER allCustomModule
    Parameter description
 
    .PARAMETER resourceGroupName
    Resource group name.
 
    .PARAMETER automationAccountName
    Automation account name.
 
    .PARAMETER runtimeName
    Name of the runtime environment you want to retrieve.
 
    .PARAMETER header
    Authentication header that can be created via New-AzureAutomationGraphToken.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Update-AzureAutomationRunbookModule -moduleName CommonStuff -moduleVersion 1.0.18
 
    Updates module CommonStuff to the version 1.0.18 in the specified Automation runtime(s).
    If module has some dependencies, that are currently missing (or have incorrect version), they will be imported automatically.
 
    Missing function arguments like $runtimeName, $resourceGroupName or $automationAccountName will be interactively gathered through Out-GridView GUI.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Update-AzureAutomationRunbookModule -moduleName CommonStuff
 
    Updates module CommonStuff to the newest available version in the specified Automation runtime(s).
    If module has some dependencies, that are currently missing (or have incorrect version), they will be imported automatically.
 
    Missing function arguments like $runtimeName, $resourceGroupName or $automationAccountName will be interactively gathered through Out-GridView GUI.
 
    .EXAMPLE
    Connect-AzAccount
 
    Set-AzContext -Subscription "IT_Testing"
 
    Update-AzureAutomationRunbookModule -allCustomModule
 
    Updates all custom modules to the newest available version in the specified Automation runtime(s).
    If module(s) have some dependencies, that are currently missing (or have incorrect version), they will be imported automatically.
 
    Missing function arguments like $runtimeName, $resourceGroupName or $automationAccountName will be interactively gathered through Out-GridView GUI.
    #>


    [CmdletBinding()]
    param (
        [string[]] $moduleName,

        [string] $moduleVersion,

        [switch] $allCustomModule,

        [string] $resourceGroupName,

        [string] $automationAccountName,

        [string[]] $runtimeName,

        [hashtable] $header
    )

    if ($allCustomModule -and $moduleName) {
        throw "Choose moduleName or allCustomModule"
    }

    if (!(Get-Command 'Get-AzAccessToken' -ErrorAction silentlycontinue) -or !($azAccessToken = Get-AzAccessToken -ErrorAction SilentlyContinue) -or $azAccessToken.ExpiresOn -lt [datetime]::now) {
        throw "$($MyInvocation.MyCommand): Authentication needed. Please call Connect-AzAccount."
    }

    #region get missing arguments
    if (!$header) {
        $header = New-AzureAutomationGraphToken
    }

    $subscriptionId = (Get-AzContext).Subscription.Id
    $subscription = $((Get-AzContext).Subscription.Name)

    $automationAccount = Get-AzAutomationAccount -ResourceGroupName $resourceGroupName

    while (!$resourceGroupName) {
        $resourceGroupName = Get-AzResourceGroup | select -ExpandProperty ResourceGroupName | Out-GridView -OutputMode Single -Title "Select resource group you want to process"
    }

    while (!$automationAccountName) {
        $automationAccountName = Get-AzAutomationAccount -ResourceGroupName $resourceGroupName | select -ExpandProperty AutomationAccountName | Out-GridView -OutputMode Single -Title "Select automation account you want to process"
    }

    while (!$runtimeName) {
        $runtimeName = Get-AzureAutomationRuntime -resourceGroupName $resourceGroupName -automationAccountName $automationAccountName -programmingLanguage PowerShell -runtimeSource Custom -header $header | select -ExpandProperty Name | Out-GridView -OutputMode Multiple -Title "Select environment you want to process"
    }

    $runtimeVersion = $runtime.properties.runtime.version
    #endregion get missing arguments

    foreach ($runtName in $runtimeName) {
        "Processing Runtime '$runtName' (ResourceGroup: '$resourceGroupName' Subscription: '$subscription')"

        $currentAutomationCustomModules = Get-AzureAutomationRuntimeCustomModule -automationAccountName $atmAccountName -ResourceGroup $atmAccountResourceGroup -runtimeName $runtName -header $header

        if ($allCustomModule) {
            $automationModulesToUpdate = $currentAutomationCustomModules
        } elseif ($moduleName) {
            $automationModulesToUpdate = $currentAutomationCustomModules | ? Name -In $moduleName

            if ($moduleVersion -and $automationModulesToUpdate) {
                Write-Verbose "Selecting only module(s) with version $moduleVersion or lower"
                $automationModulesToUpdate = $automationModulesToUpdate | ? { [version]$_.Version -lt [version] $moduleVersion }
            }
        } else {
            $automationModulesToUpdate = $currentAutomationCustomModules | Out-GridView -PassThru -Title "Select module(s) to update"

            if ($moduleVersion -and $automationModulesToUpdate) {
                Write-Verbose "Selecting only module(s) with version $moduleVersion or lower"
                $automationModulesToUpdate = $automationModulesToUpdate | ? { [version]$_.Version -lt [version] $moduleVersion }
            }
        }

        if (!$automationModulesToUpdate) {
            Write-Warning "No module match the selected update criteria. Skipping"
            continue
        }

        foreach ($module in $automationModulesToUpdate) {
            $moduleName = $module.Name
            $requiredModuleVersion = $moduleVersion

            #region get PSGallery module data
            $param = @{
                # IncludeDependencies = $true # cannot be used, because always returns newest available modules, I want to use existing modules if possible (to minimize risk that something will stop working)
                Name        = $moduleName
                ErrorAction = "Stop"
            }
            if ($requiredModuleVersion) {
                $param.RequiredVersion = $requiredModuleVersion
            } else {
                $param.AllVersions = $true
            }

            $moduleGalleryInfo = Find-Module @param
            #endregion get PSGallery module data

            # get newest usable module version for given runtime
            if (!$requiredModuleVersion -and $runtimeVersion -eq '5.1') {
                # no specific version was selected and older PSH version is used, make sure module that supports it, will be found
                # for example (currently newest) pnp.powershell 2.3.0 supports only PSH 7.2
                $moduleGalleryInfo = $moduleGalleryInfo | ? { $_.AdditionalMetadata.PowerShellVersion -le $runtimeVersion } | select -First 1
            }

            if (!$moduleGalleryInfo) {
                Write-Error "No supported $moduleName module was found in PSGallery"
                continue
            }

            if (!$requiredModuleVersion) {
                # no version specified, newest version from PSGallery will be used"
                $requiredModuleVersion = $moduleGalleryInfo.Version

                if ($requiredModuleVersion -eq $module.Version) {
                    Write-Warning "Module $moduleName already has newest available version $requiredModuleVersion. Skipping"
                    continue
                }
            }

            $param = @{
                resourceGroupName     = $module.ResourceGroupName
                automationAccountName = $module.AutomationAccountName
                runtimeName           = $runtimeName
                moduleName            = $module.Name
                runtimeVersion        = $runtimeVersion
                moduleVersion         = $requiredModuleVersion
                header                = $header
            }

            "Updating module $($module.Name) $($module.Version) >> $requiredModuleVersion"
            New-AzureAutomationRuntimeModule @param
        }
    }
}

Export-ModuleMember -function Copy-AzureAutomationRuntime, Export-VariableToStorage, Get-AutomationVariable2, Get-AzureAutomationRunbookRuntime, Get-AzureAutomationRuntime, Get-AzureAutomationRuntimeAvailableDefaultModule, Get-AzureAutomationRuntimeCustomModule, Get-AzureAutomationRuntimeSelectedDefaultModule, Get-AzureResource, Import-VariableFromStorage, New-AzureAutomationGraphToken, New-AzureAutomationModule, New-AzureAutomationRuntime, New-AzureAutomationRuntimeModule, Remove-AzureAutomationRuntime, Remove-AzureAutomationRuntimeModule, Set-AutomationVariable2, Set-AzureAutomationRunbookRuntime, Set-AzureAutomationRuntimeDefaultModule, Set-AzureAutomationRuntimeDescription, Update-AzureAutomationModule, Update-AzureAutomationRunbookModule

Export-ModuleMember -alias Get-AzureAutomationRuntimeAzModule, New-AzAutomationModule2, Set-AzureAutomationModule, Set-AzureAutomationRuntimeModule