Private/Private/Utilities/Restore-JCOrganization.ps1

<#
ToDo
Validate Path contains *.zip file
If object exists compare the existing object against backup object for diffs
. Why is 'pester.tester2_AoCaBLbI' being associated to two groups?
. Running restore twice after objects have been deleted from the org fails
#>


<#
.Synopsis
The function exports objects from your JumpCloud organization to local json files
.Description
The function exports objects from your JumpCloud organization to local json files
.Example
Restore UserGroups and Users with their associations
PS C:\> Restore-JCOrganization -Path:('C:\Temp\JumpCloud_20201222T1324549196.zip') -Type:('UserGroup','User') -Association
 
.Example
Restore UserGroups and Users without their associations
PS C:\> Restore-JCOrganization -Path:('C:\Temp\JumpCloud_20201222T1324549196.zip') -Type:('UserGroup','User')
 
.Example
Restore all avalible JumpCloud objects and their Association
PS C:\> Restore-JCOrganization -Path:('C:\Temp\JumpCloud_20201222T1324549196.zip') -All
 
.Notes
 
.Link
https://github.com/TheJumpCloud/support/tree/master/PowerShell/JumpCloud%20Module/Docs/Restore-JCOrganization.md
#>

Function Restore-JCOrganization
{
    [CmdletBinding(DefaultParameterSetName = 'All', PositionalBinding = $false)]
    Param(
        [Parameter(Mandatory)]
        [System.String]
        # Specify input .zip file path for restore files
        ${Path},

        [Parameter(ParameterSetName = 'All')]
        [switch]
        # The Username of the JumpCloud user you wish to search for
        ${All},

        [Parameter(ParameterSetName = 'Type')]
        [ValidateSet('SystemGroup', 'UserGroup', 'User')]
        [System.String[]]
        # Specify the type of JumpCloud objects you want to backup
        ${Type},

        [Parameter(ParameterSetName = 'Type')]
        [switch]
        # Include to backup object type Association
        ${Association}
    )
    Begin
    {
        # Unzip folder
        $ZipArchive = Get-Item -Path:($Path)
        Expand-Archive -LiteralPath:($Path) -DestinationPath:($ZipArchive.Directory.FullName) -Force
        $ExpandedArchivePath = Get-Item -Path:(Join-Path -Path:($ZipArchive.Directory) -ChildPath:(($ZipArchive.Name).Replace($ZipArchive.Extension, '')))
        # When -All is provided use all type options and Association
        $Types = If ($PSCmdlet.ParameterSetName -eq 'All')
        {
            $PSBoundParameters.Add('Association', $true)
            (Get-Command $MyInvocation.MyCommand).Parameters.Type.Attributes.ValidValues
        }
        Else
        {
            $PSBoundParameters.Type
        }
        # Map to define how JCAssociation & JcSdk types relate
        $JcTypesMap = @{
            Application  = 'application';
            Command      = 'command';
            GSuite       = 'g_suite';
            LdapServer   = 'ldap_server';
            Office365    = 'office_365';
            Policy       = 'policy';
            RadiusServer = 'radius_server';
            System       = 'system';
            SystemGroup  = 'system_group';
            User         = 'user';
            UserGroup    = 'user_group';
        }
        # Get the manifest file from backup
        $ManifestFile = $ExpandedArchivePath | Get-ChildItem | Where-Object { $_.Name -eq "BackupManifest.json" }
        Write-Host ("###############################################################")
        If (-not (Test-Path -Path:($ManifestFile) -ErrorAction:('SilentlyContinue')))
        {
            Write-Error ("Unable to find manifest file: $($ManifestFile)")
        }
        Else
        {
            $Manifest = Get-Content -Path:($ManifestFile) | ConvertFrom-Json
            Write-Host ("Backup Org: $($Manifest.organizationID)")
            Write-Host ("Backup Date: $($Manifest.date)")
            Write-Host "Contains Object Files:" (-not [system.string]::IsNullOrEmpty(($($Manifest.backupFiles)))) # TODO should we keep this message or change the logic
            Write-Host "Contains Associations:" (-not [system.string]::IsNullOrEmpty(($($Manifest.associationFiles))))
        }
        Write-Host ("Backup Location: $($ZipArchive.FullName)")
        Write-Host ("Backup Time: $($ZipArchive.LastWriteTime)")
        Write-Host ("###############################################################")
    }
    Process
    {
        # Get list of files from backup location and split into object and association groups
        $RestoreFiles = Get-ChildItem -Path:($ExpandedArchivePath.FullName) -Exclude:('*Association*') | ForEach-Object { $_ | Where-Object { $_.BaseName -in $Types } }
        # For each backup file restore object
        $JcObjectsJobs = $RestoreFiles | ForEach-Object {
            $RestoreFileFullName = $_.FullName
            $RestoreFileBaseName = $_.BaseName
            Start-Job -ScriptBlock:( { Param ($RestoreFileFullName, $RestoreFileBaseName)
                    $JcObjectResults = [PSCustomObject]@{
                        Updated = @();
                        New     = @();
                        IdMap   = @();
                    }
                    # Collect old ids and new ids for mapping
                    $ExistingIds = (Invoke-Expression -Command:("Get-JcSdk{0} -Fields id" -f $RestoreFileBaseName)).id
                    $RestoreFileContent = Get-Content -Path:($RestoreFileFullName) | ConvertFrom-Json
                    $RestoreFileContent | ForEach-Object {
                        $CommandType = Invoke-Expression -Command:("[$($_.JcSdkModel)]")
                        $RestoreFileRecord = $CommandType::DeserializeFromPSObject($_)
                        # If User is managed by third-party dont create or update
                        If (-not $RestoreFileRecord.ExternallyManaged)
                        {
                            $CommandResult = If ( $RestoreFileRecord.id -notin $ExistingIds )
                            {
                                # Invoke command to create new resource
                                $Command = "`$RestoreFileRecord | $("New-JcSdk{0}" -f $RestoreFileBaseName)"
                                Write-Debug ("Running: $Command")
                                $NewJcSdkResult = Invoke-Expression -Command:($Command)
                                If (-not [System.String]::IsNullOrEmpty($NewJcSdkResult))
                                {
                                    $JcObjectResults.New += $NewJcSdkResult
                                    $NewJcSdkResult
                                }
                            }
                            Else
                            {
                                # Invoke command to update existing resource
                                $Command = "$("Set-JcSdk{0}" -f $RestoreFileBaseName) -Id:(`$RestoreFileRecord.id) -Body:(`$RestoreFileRecord)"
                                Write-Debug ("Running: $Command")
                                $SetJcSdkResult = Invoke-Expression -Command:($Command)
                                If (-not [System.String]::IsNullOrEmpty($SetJcSdkResult))
                                {
                                    $JcObjectResults.Updated += $SetJcSdkResult
                                    $SetJcSdkResult
                                }
                            }
                        }
                        $JcObjectResults.IdMap += [PSCustomObject]@{
                            OldId = $RestoreFileRecord.id
                            NewId = $CommandResult.Id
                        }
                    }
                    Return $JcObjectResults
                }) -ArgumentList:($RestoreFileFullName, $RestoreFileBaseName)
        }
        $JcObjectsJobStatus = Wait-Job -Id:($JcObjectsJobs.Id)
        $JcObjectJobResults = $JcObjectsJobStatus | Receive-Job
        # Foreach type start a new job and restore object association records
        If ($PSBoundParameters.Association)
        {
            $IdMap = $JcObjectJobResults.IdMap
            $RestoreAssociationFiles = Get-ChildItem -Path:($ExpandedArchivePath.FullName) -Filter:('*Association*') | ForEach-Object { $_ | Where-Object { $_.BaseName.Replace('-Association', '') -in $Types } }
            $AssociationsJobs = ForEach ($RestoreAssociationFile In $RestoreAssociationFiles)
            {
                Start-Job -ScriptBlock:( { Param ($RestoreAssociationFile, $IdMap, $JcTypesMap)
                        $AssociationResults = [PSCustomObject]@{
                            Existing = @();
                            New      = @();
                            Failed   = @();
                        }
                        $AssociationContent = Get-Content -Path:($RestoreAssociationFile.FullName) -Raw | ConvertFrom-Json
                        ForEach ($AssociationItem In $AssociationContent)
                        {
                            $Id = If ([System.String]::IsNullOrEmpty(($IdMap | Where-Object { $_.OldId -eq $AssociationItem.Id }).NewId))
                            {
                                # Check to see if the Id from the file exists in the console
                                $JcTypeLookup = $JcTypesMap.GetEnumerator() | Where-Object { $_.Value -eq $AssociationItem.type }
                                $GetExistingCommand = "Get-JcSdk$($JcTypeLookup.Key) | Where-Object { `$_.id -eq '$($AssociationItem.id)' }"
                                (Invoke-Expression -Command:($GetExistingCommand)).id
                            }
                            Else
                            {
                                ($IdMap | Where-Object { $_.OldId -eq $AssociationItem.Id }).NewId
                            }
                            # If the targetId does not exist in the IdMap then use the targetId from the file
                            $TargetId = If ([System.String]::IsNullOrEmpty(($IdMap | Where-Object { $_.OldId -eq $AssociationItem.TargetId }).NewId))
                            {
                                # Check to see if the targetId from the file exists in the console
                                $JcTypeLookup = $JcTypesMap.GetEnumerator() | Where-Object { $_.Value -eq $AssociationItem.TargetType }
                                $GetExistingCommand = "Get-JcSdk$($JcTypeLookup.Key) | Where-Object { `$_.id -eq '$($AssociationItem.TargetId)' }"
                                (Invoke-Expression -Command:($GetExistingCommand)).id
                            }
                            Else
                            {
                                ($IdMap | Where-Object { $_.OldId -eq $AssociationItem.TargetId }).NewId
                            }
                            # Only create associations for the ids that were created or updated in the previous step
                            If ([System.String]::IsNullOrEmpty($Id))
                            {
                                $AssociationResults.Failed += $AssociationItem
                                Write-Error ("Unable to create association. Id does not exist in org: $($AssociationItem.Type) $($AssociationItem.Id)")
                            }
                            ElseIf ([System.String]::IsNullOrEmpty($TargetId))
                            {
                                $AssociationResults.Failed += $AssociationItem
                                Write-Error ("Unable to create association. TargetId does not exist in org: $($AssociationItem.TargetType) $($AssociationItem.TargetId)")
                            }
                            Else
                            {
                                # Check for existing association
                                $ExistingAssociation = Get-JCAssociation -Type:($AssociationItem.Type) -Id:($Id) -TargetType:($AssociationItem.TargetType) | Where-Object { $_.TargetId -eq $TargetId }
                                If ([System.String]::IsNullOrEmpty($ExistingAssociation))
                                {
                                    $NewAssociationCommand = "New-JCAssociation -Type:('$($AssociationItem.Type)') -Id:('$($Id)') -TargetType:('$($AssociationItem.TargetType)') -TargetId:('$($TargetId)') -Force"
                                    Write-Debug ("Running: $NewAssociationCommand")
                                    $AssociationResults.New += Invoke-Expression -Command:($NewAssociationCommand)
                                }
                                Else
                                {
                                    $AssociationResults.Existing += $ExistingAssociation
                                }
                            }
                        }
                        Return $AssociationResults
                    }) -ArgumentList:($RestoreAssociationFile, $IdMap, $JcTypesMap)
            }
            $AssociationsJobStatus = Wait-Job -Id:($AssociationsJobs.Id)
            $AssociationResults = $AssociationsJobStatus | Receive-Job
        }
    }
    End
    {
        # Clean up temp directory
        If (Test-Path -Path:($ExpandedArchivePath.FullName))
        {
            Remove-Item -Path:($ExpandedArchivePath.FullName) -Force -Recurse
        }
        # Output
        If (-not [System.String]::IsNullOrEmpty($JcObjectJobResults))
        {
            Write-Host "$($JcObjectJobResults.New.Count) Objects have been restored"
            Write-Host "$($JcObjectJobResults.Updated.Count) Objects existed and have been updated"
        }
        If (-not [System.String]::IsNullOrEmpty($AssociationResults))
        {
            Write-Host "$($AssociationResults.New.Count) Associations have been restored"
            Write-Host "$($AssociationResults.Existing.Count) Associations existed and have been skipped"
            Write-Host "$($AssociationResults.Failed.Count) Associations failed to restore"
        }
    }
}