v2.6.0

setup.cfg

@@ -1,6 +1,6 @@
 [metadata]
 name = IntuneCD
-version = 2.5.0
+version = 2.6.0
 author = Tobias Almén
 author_email = almenscorner@outlook.com
 description = Tool to backup and update configurations in Intune
@@ -20,7 +20,7 @@ package_dir =
 packages = find:
 python_requires = >=3.9
 install_requires =
-    deepdiff==8.4.2
+    deepdiff==9.1.0
     pyyaml>=6.0.2
     msrest>=0.7.1
     markdown_toclify>=0.1.7
@@ -35,4 +35,5 @@ console_scripts =
     IntuneCD-startbackup = IntuneCD.run_backup:start
     IntuneCD-startupdate = IntuneCD.run_update:start
     IntuneCD-startdocumentation = IntuneCD.run_documentation:start
+    IntuneCD-startcompare = IntuneCD.run_compare:start
     IntuneCD = IntuneCD.__main__:main

src/IntuneCD/__main__.py

@@ -7,6 +7,7 @@
     start as run_documentation,
 )
 from IntuneCD.run_update import get_parser as get_update_parser, start as run_update
+from IntuneCD.run_compare import get_parser as get_compare_parser, start as run_compare
 from importlib.metadata import version, PackageNotFoundError
 
 
@@ -80,5 +81,10 @@ def main():
     )
     documentation_parser.set_defaults(func=run_documentation)
 
+    compare_parser = subparsers.add_parser(
+        "compare", parents=[get_compare_parser(include_help=False)]
+    )
+    compare_parser.set_defaults(func=run_compare)
+
     args = parser.parse_args()
     args.func(args)

src/IntuneCD/backup/Intune/AppConfiguration.py

@@ -48,17 +48,25 @@ def main(self) -> dict[str, any]:
             return None
 
         if self.graph_data["value"]:
-            item = ""
             for item in self.graph_data["value"]:
-                for app in item["targetedMobileApps"]:
-                    app_data = self.make_graph_request(
-                        endpoint=self.endpoint + self.APP_ENDPOINT + "/" + app
+                app = None
+                try:
+                    for app in item["targetedMobileApps"]:
+                        app_data = self.make_graph_request(
+                            endpoint=self.endpoint + self.APP_ENDPOINT + "/" + app
+                        )
+                        if app_data:
+                            item.pop("targetedMobileApps")
+                            item["targetedMobileApps"] = {}
+                            item["targetedMobileApps"]["appName"] = app_data[
+                                "displayName"
+                            ]
+                            item["targetedMobileApps"]["type"] = app_data["@odata.type"]
+                except Exception as e:
+                    self.log(
+                        tag="error",
+                        msg=f"Error getting app data for App Configuration {item.get('displayName', 'Unknown')} with app id {app}: {e}",
                     )
-                    if app_data:
-                        item.pop("targetedMobileApps")
-                        item["targetedMobileApps"] = {}
-                        item["targetedMobileApps"]["appName"] = app_data["displayName"]
-                        item["targetedMobileApps"]["type"] = app_data["@odata.type"]
                 if item.get("payloadJson"):
                     item["payloadJson"] = self.decode_base64(item["payloadJson"])
                     item["payloadJson"] = json.loads(item["payloadJson"])

src/IntuneCD/backup/Intune/DeviceCompliance.py

@@ -167,9 +167,9 @@ def main(self) -> dict[str, any]:
             for action in item["scheduledActionsForRule"]:
                 self.remove_keys(action)
                 self._get_notification_template(action)
-            for config in item["scheduledActionsForRule"][0][
-                "scheduledActionConfigurations"
-            ]:
+            for config in item["scheduledActionsForRule"][0].get(
+                "scheduledActionConfigurations", []
+            ):
                 self.remove_keys(config)
 
         try:

src/IntuneCD/backup_intune.py

@@ -16,11 +16,11 @@ def import_backup_module(module_path: str):
     Dynamically imports a backup module, handling both installed and local Git repository cases.
     """
     try:
-        # Try importing as an installed package
-        return importlib.import_module(module_path, package="IntuneCD")
+        # Resolve relative to the package this file is part of, so dev runs
+        # (src.IntuneCD.*) and installed runs (IntuneCD.*) both work.
+        return importlib.import_module(module_path, package=__package__)
     except ModuleNotFoundError:
         try:
-            # If that fails, assume we're running locally and try direct relative import
             return importlib.import_module(module_path)
         except ModuleNotFoundError as e:
             print(f"[ERROR] Could not import {module_path}: {e}")

src/IntuneCD/intunecdlib/BaseBackupModule.py

@@ -9,6 +9,9 @@
 class BaseBackupModule(BaseGraphModule):
     """Base class for backup modules."""
 
+    REMOVE_CHARACTERS = '/\\:*?<>"|'
+    ZERO_WIDTH_CHARACTERS = "\u200b\u200c\u200d\u2060\ufeff"
+
     def __init__(
         self,
         path: str = None,
@@ -80,11 +83,11 @@ def _prepare_file_name(self, filename: str) -> str:
             str: The prepared filename
         """
 
-        remove_characters = '/\\:*?<>"|'
         if not isinstance(filename, str):
             filename = str(filename)
-        for character in remove_characters:
-            filename = filename.replace(character, "_")
+        filename = re.sub(r"[\x00-\x1f\x7f]+", "", filename)
+        filename = re.sub(rf"[{re.escape(self.ZERO_WIDTH_CHARACTERS)}]+", "", filename)
+        filename = re.sub(rf"[{re.escape(self.REMOVE_CHARACTERS)}]", "_", filename)
 
         return filename
 

src/IntuneCD/intunecdlib/BaseUpdateModule.py

@@ -67,6 +67,7 @@ def __init__(
         self.azure_update = False
         self.config_type = None
         self.match_info = None
+        self.match_id = None
         self.config_endpoint = None
         self.downstream_assignments = None
         self.create_request = None
@@ -399,16 +400,72 @@ def create_downstream_data(
                     repo_assignments, [], self.assignment_key, self.create_request["id"]
                 )
 
-    def get_match_data(self, intune_data: dict, match_info: dict) -> tuple:
+    _FILENAME_ID_RE = re.compile(
+        r"__(?P<id>[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})(?=\.[^.]+$)"
+    )
+
+    def _match_id_from_filename(self, filename: str) -> str:
+        """Extracts an `__<guid>` suffix from a backup filename, if present."""
+        if not filename:
+            return None
+        match = self._FILENAME_ID_RE.search(filename)
+        return match.group("id") if match else None
+
+    def _duplicate_filenames_to_skip(self, filenames: list) -> set:
+        """Detects filenames that would resolve to the same tenant object.
+
+        Groups files by their name with any `__<guid>` suffix stripped. If a
+        group has more than one file:
+          - If any file in the group has an ID suffix, files without one are
+            skipped (the ID-suffixed entry is the authoritative copy).
+          - If no file in the group has an ID, all but the first are skipped.
+        """
+        groups: dict = {}
+        for f in filenames:
+            base = self._FILENAME_ID_RE.sub("", f)
+            groups.setdefault(base, []).append(f)
+
+        skip: set = set()
+        for base, fnames in groups.items():
+            if len(fnames) <= 1:
+                continue
+            with_id = [f for f in fnames if self._FILENAME_ID_RE.search(f)]
+            without_id = [f for f in fnames if not self._FILENAME_ID_RE.search(f)]
+            if with_id:
+                for f in without_id:
+                    skip.add(f)
+                    self.log(
+                        tag="warning",
+                        msg=f"Skipping {f}: duplicate of ID-suffixed file(s) {with_id}",
+                    )
+            else:
+                for f in without_id[1:]:
+                    skip.add(f)
+                    self.log(
+                        tag="error",
+                        msg=f"Skipping {f}: duplicate of {without_id[0]} with no ID to disambiguate",
+                    )
+        return skip
+
+    def get_match_data(
+        self, intune_data: dict, match_info: dict, match_id: str = None
+    ) -> tuple:
         """Gets the matching data
 
         Args:
             intune_data (dict): The intune data
             match_info (dict): The match info from the repository
+            match_id (str, optional): If provided, prefer an item with this id
+                before falling back to match_info matching.
 
         Returns:
             tuple: The matching data
         """
+        if match_id:
+            for item in intune_data:
+                if item.get("id") == match_id:
+                    intune_data.remove(item)
+                    return dict(item), item["id"]
         config_match_count = len(match_info)
         intune_item = None
         intune_id = None
@@ -626,7 +683,7 @@ def process_update(
             self.downstream_id = downstream_data.get("id", "")
         else:
             self.downstream_object, self.downstream_id = self.get_match_data(
-                downstream_data, self.match_info
+                downstream_data, self.match_info, self.match_id
             )
 
         if self.downstream_object: