Skip to content

Add credential support on PowerShell adapters #758

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
+82 −11
Open

Add credential support on PowerShell adapters #758

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
6b2062c
Add credential support on PowerShell adapters
Gijsreyn Apr 21, 2025
f8e8323
Test the test
Gijsreyn Apr 21, 2025
a7c289e
Fix up test
Gijsreyn Apr 21, 2025
ec95eed
Fix up test
Gijsreyn Apr 21, 2025
a80a87e
Add debug line
Gijsreyn Apr 21, 2025
3d1d120
Fix test
Gijsreyn Apr 21, 2025
9132a2a
Runner hides length
Gijsreyn Apr 21, 2025
fa91d5f
Debug Windows PowerShell
Gijsreyn Apr 21, 2025
426b7ef
Rewrite to validate property to PSCredential
Gijsreyn Apr 21, 2025
597a4e1
Equals name
Gijsreyn Apr 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions powershell-adapter/Tests/TestClassResource/0.0.1/TestClassResource.psm1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@ class TestClassResource : BaseTestClass
[DscProperty()]
[string] $EnumProp

[DscProperty()]
[PSCredential] $Credential

[string] $NonDscProperty # This property shouldn't be in results data

hidden
Expand Down
18 changes: 18 additions & 0 deletions powershell-adapter/Tests/powershellgroup.config.tests.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -237,4 +237,22 @@ Describe 'PowerShell adapter resource tests' {
}
}
}

It 'Config works with credential object' {
$yaml = @"
`$schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
resources:
- name: Class-resource Info
type: TestClassResource/TestClassResource
properties:
Name: 'TestClassResource'
Credential:
UserName: 'User'
Password: 'Password'
"@
$out = dsc config get -i $yaml | ConvertFrom-Json
$LASTEXITCODE | Should -Be 0
$out.results.result.actualstate.Credential.UserName | Should -Be 'User'
$out.results.result.actualState.result.Credential.Password.Length | Should -Not -BeNullOrEmpty
}
}
19 changes: 12 additions & 7 deletions powershell-adapter/psDscAdapter/psDscAdapter.psm1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -416,18 +416,23 @@ function Invoke-DscOperation {

$ValidProperties = $cachedDscResourceInfo.Properties.Name

$ValidProperties | ConvertTo-Json | Write-DscTrace -Operation Trace

if ($DesiredState.properties) {
# set each property of $dscResourceInstance to the value of the property in the $desiredState INPUT object
$DesiredState.properties.psobject.properties | ForEach-Object -Process {
# handle input objects by converting them to a hash table
if ($_.Value -is [System.Management.Automation.PSCustomObject]) {
Write-DscTrace -Message "The object is a PSCustomObject"
$_.Value.psobject.properties | ForEach-Object -Begin {
$propertyHash = @{}
} -Process {
$propertyHash[$_.Name] = $_.Value
} -End {
$dscResourceInstance.$($_.Name) = $propertyHash
$validateProperty = $cachedDscResourceInfo.Properties | Where-Object -Property Name -EQ $_.Name
if ($validateProperty.PropertyType -eq 'PSCredential') {
if (-not $_.Value.Username -and -not $_.Value.Password) {
"Credential property '$($_.Name)' requires both username and password input object" | Write-DscTrace -Operation Error
exit 1
}
$dscResourceInstance.$($_.Name) = [System.Management.Automation.PSCredential]::new($_.Value.Username, (ConvertTo-SecureString -AsPlainText $_.Value.Password -Force))
}
else {
$dscResourceInstance.$($_.Name) = $_.Value.psobject.properties | ForEach-Object -Begin { $propertyHash = @{} } -Process { $propertyHash[$_.Name] = $_.Value } -End { $propertyHash }
}
}
else {
Expand Down
53 changes: 49 additions & 4 deletions powershell-adapter/psDscAdapter/win_psDscAdapter.psm1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -364,7 +364,17 @@ function Invoke-DscOperation {
# morph the INPUT object into a hashtable named "property" for the cmdlet Invoke-DscResource
$DesiredState.properties.psobject.properties | ForEach-Object -Begin { $property = @{} } -Process {
if ($_.Value -is [System.Management.Automation.PSCustomObject]) {
$property[$_.Name] = $_.Value.psobject.properties | ForEach-Object -Begin { $propertyHash = @{} } -Process { $propertyHash[$_.Name] = $_.Value } -End { $propertyHash }
$validateProperty = $cachedDscResourceInfo.Properties | Where-Object -Property Name -EQ $_.Name
if ($validateProperty.PropertyType -eq 'PSCredential') {
if (-not $_.Value.Username -and -not $_.Value.Password) {
"Credential property '$($_.Name)' requires both username and password input object" | Write-DscTrace -Operation Error
exit 1
}
$property.$($_.Name) = [System.Management.Automation.PSCredential]::new($_.Value.Username, (ConvertTo-SecureString -AsPlainText $_.Value.Password -Force))
}
else {
$property.$($_.Name) = $_.Value.psobject.properties | ForEach-Object -Begin { $propertyHash = @{} } -Process { $propertyHash[$_.Name] = $_.Value } -End { $propertyHash }
}
}
else {
$property[$_.Name] = $_.Value
Expand All @@ -373,7 +383,7 @@ function Invoke-DscOperation {

# using the cmdlet the appropriate dsc module, and handle errors
try {
Write-DscTrace -Operation Debug -Message "Module: $($cachedDscResourceInfo.ModuleName), Name: $($cachedDscResourceInfo.Name), Property: $($property)"
Write-DscTrace -Operation Debug -Message "Module: $($cachedDscResourceInfo.ModuleName), Name: $($cachedDscResourceInfo.Name), Property: $($property | ConvertTo-Json -Compress)"
$invokeResult = Invoke-DscResource -Method $Operation -ModuleName $cachedDscResourceInfo.ModuleName -Name $cachedDscResourceInfo.Name -Property $property -ErrorAction Stop

if ($invokeResult.GetType().Name -eq 'Hashtable') {
Expand Down Expand Up @@ -402,7 +412,23 @@ function Invoke-DscOperation {
if ($DesiredState.properties) {
# set each property of $dscResourceInstance to the value of the property in the $desiredState INPUT object
$DesiredState.properties.psobject.properties | ForEach-Object -Process {
$dscResourceInstance.$($_.Name) = $_.Value
# handle input objects by converting them to a hash table
if ($_.Value -is [System.Management.Automation.PSCustomObject]) {
$validateProperty = $cachedDscResourceInfo.Properties | Where-Object -Property Name -EQ $_.Name
if ($validateProperty.PropertyType -eq 'PSCredential') {
if (-not $_.Value.Username -and -not $_.Value.Password) {
"Credential property '$($_.Name)' requires both username and password input object" | Write-DscTrace -Operation Error
exit 1
}
$dscResourceInstance.$($_.Name) = [System.Management.Automation.PSCredential]::new($_.Value.Username, (ConvertTo-SecureString -AsPlainText $_.Value.Password -Force))
}
else {
$dscResourceInstance.$($_.Name) = $_.Value.psobject.properties | ForEach-Object -Begin { $propertyHash = @{} } -Process { $propertyHash[$_.Name] = $_.Value } -End { $propertyHash }
}
}
else {
$dscResourceInstance.$($_.Name) = $_.Value
}
}
}

Expand Down Expand Up @@ -444,9 +470,28 @@ function Invoke-DscOperation {
}

# morph the INPUT object into a hashtable named "property" for the cmdlet Invoke-DscResource
$DesiredState.properties.psobject.properties | ForEach-Object -Begin { $property = @{} } -Process { $property[$_.Name] = $_.Value }
$DesiredState.properties.psobject.properties | ForEach-Object -Begin { $property = @{} } -Process {
if ($_.Value -is [System.Management.Automation.PSCustomObject]) {
$validateProperty = $cachedDscResourceInfo.Properties | Where-Object -Property Name -EQ $_.Name
if ($validateProperty.PropertyType -eq 'PSCredential') {
if (-not $_.Value.Username -and -not $_.Value.Password) {
"Credential property '$($_.Name)' requires both username and password input object" | Write-DscTrace -Operation Error
exit 1
}
$property.$($_.Name) = [System.Management.Automation.PSCredential]::new($_.Value.Username, (ConvertTo-SecureString -AsPlainText $_.Value.Password -Force))
}
else {
$property.$($_.Name) = $_.Value.psobject.properties | ForEach-Object -Begin { $propertyHash = @{} } -Process { $propertyHash[$_.Name] = $_.Value } -End { $propertyHash }
}
}
else {
$property[$_.Name] = $_.Value
}
}

# using the cmdlet from PSDesiredStateConfiguration module in Windows
try {
Write-DscTrace -Operation Debug -Message "Module: $($cachedDscResourceInfo.ModuleName), Name: $($cachedDscResourceInfo.Name), Property: $($property | ConvertTo-Json -Compress)"
$invokeResult = Invoke-DscResource -Method $Operation -ModuleName $cachedDscResourceInfo.ModuleName -Name $cachedDscResourceInfo.Name -Property $property
if ($invokeResult.GetType().Name -eq 'Hashtable') {
$invokeResult.keys | ForEach-Object -Begin { $ResultProperties = @{} } -Process { $ResultProperties[$_] = $invokeResult.$_ }
Expand Down