Merge pull request #1308 from mimachniak/win_psDscAdapter-PSCredentials-fix-ScriptDSC

win_psDscAdapter and psDscAdapter PScredentials fix for passing username and password

Author: SteveL-MSFT

.github/workflows/rust.yml

@@ -10,7 +10,6 @@ on:
       - "*.md"
       - ".vscode/*.json"
       - ".github/ISSUE_TEMPLATE/**"
-
 env:
   CARGO_TERM_COLOR: always
 

adapters/powershell/Tests/TestScriptBaseDSC/DSCResources/CredentialValidation/CredentialValidation.psm1

@@ -0,0 +1,83 @@
+$VerbosePreference = 'SilentlyContinue'
+$InformationPreference = 'SilentlyContinue'
+$ProgressPreference = 'Continue'
+$ErrorActionPreference = 'SilentlyContinue'
+
+function Get-TargetResource {
+    [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidGlobalVars', '')]
+    [OutputType([Hashtable])]
+    param (
+        [Parameter(Mandatory)]
+        [string] $Name,
+
+        [Parameter(Mandatory = $true)]
+        [System.Management.Automation.PSCredential]
+        $Credential
+    )
+    Write-Verbose "[GET] Get Function running"
+    return @{
+            Name = $Name
+            Credential = $Credential
+    }
+  
+}
+
+function Test-TargetResource {
+    [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidGlobalVars', '')]
+    [OutputType([System.Boolean])]
+    param (
+        [Parameter(Mandatory)]
+        [string] $Name,
+
+        [Parameter(Mandatory = $true)]
+        [System.Management.Automation.PSCredential]
+        $Credential
+
+    )
+    Write-Verbose "[TEST]Checking credentials"
+    Write-Verbose "[TEST]Checking credentials UserName:  $($Credential.UserName)"
+    Write-Verbose "[TEST]Checking credentials Password:  <redacted>"
+
+   if ($null -eq $Credential) {
+          $inDesiredState = $false
+          return $false
+        }
+
+    if ($Credential.UserName -ne 'MyUser') {
+            $inDesiredState = $false
+    } else {
+            $inDesiredState = $true
+    }
+
+
+    return $inDesiredState
+    
+}
+
+function Set-TargetResource {
+    [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidGlobalVars', '')]
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory)]
+        [string] $Name,
+
+        [Parameter(Mandatory = $true)]
+        [System.Management.Automation.PSCredential]
+        $Credential
+
+    )
+
+       if ($null -eq $Credential) {
+          $inDesiredState = $false
+          return $false
+        }
+
+        if ($Credential.UserName -ne 'MyUser') {
+                $inDesiredState = $false
+        } else {
+                $inDesiredState = $true
+        }
+
+    Write-Verbose "[SET]Credential cannot be remediated by DSC."
+        return $inDesiredState
+}

adapters/powershell/Tests/TestScriptBaseDSC/DSCResources/CredentialValidation/CredentialValidation.schema.mof

@@ -0,0 +1,6 @@
+[ClassVersion("1.0.0.0"), FriendlyName("CredentialValidation")]
+class CredentialValidation : OMI_BaseResource
+{
+    [Key] string Name;
+    [Required, Description("Test Credentials for Script Base"), EmbeddedInstance("MSFT_Credential")] String Credential;
+};

adapters/powershell/Tests/TestScriptBaseDSC/TestScriptBaseDSC.psd1

@@ -0,0 +1,62 @@
+@{
+    # Script module or binary module file associated with this manifest.
+    RootModule            = 'TestScriptBaseDSC.psm1'
+
+    # Version number of this module.
+    moduleVersion        = '0.0.1'
+
+    # ID used to uniquely identify this module
+    GUID                 = 'c3775be8-84a1-43f5-a99c-1b9f2d6bc178'
+
+    # Author of this module
+    Author               = ''
+
+    # Company or vendor of this module
+    CompanyName          = ''
+
+    # Copyright statement for this module
+    Copyright            = ''
+
+    # Description of the functionality provided by this module
+    Description          = ''
+
+    # Minimum version of the Windows PowerShell engine required by this module
+    PowerShellVersion    = '5.0'
+
+    # Cmdlets to export from this module
+    CmdletsToExport      = @()
+
+    # Variables to export from this module
+    VariablesToExport    = @()
+
+    # Aliases to export from this module
+    AliasesToExport      = @()
+
+    # Dsc Resources to export from this module
+    DscResourcesToExport = @('CredentialValidation')
+
+    # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+    PrivateData          = @{
+
+        PSData = @{
+
+            # Tags applied to this module. These help with module discovery in online galleries.
+            Tags         = @('DesiredStateConfiguration', 'DSC', 'DSCResourceKit', 'DSCResource')
+
+            # A URL to the license for this module.
+            LicenseUri   = ''
+
+            # A URL to the main website for this project.
+            ProjectUri   = ''
+
+            # A URL to an icon representing this module.
+            IconUri      = ''
+
+            # ReleaseNotes of this module
+            ReleaseNotes = ''
+
+            # Set to a prerelease string value if the release should be a prerelease.
+            Prerelease   = ''
+        } # End of PSData hashtable
+    } # End of PrivateData hashtable
+}

adapters/powershell/Tests/TestScriptBaseDSC/TestScriptBaseDSC.psm1

@@ -0,0 +1,2 @@
+# Root module for CredentialValidationDsc
+# No code required

adapters/powershell/Tests/class_ps_resources_secret.dsc.yaml

@@ -0,0 +1,29 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+$schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
+parameters:
+  showSecrets:
+    type: bool
+    defaultValue: true
+  cred:
+    type: secureObject
+metadata:
+  Microsoft.DSC:
+    requiredSecurityContext: elevated # this is the default and just used as an example indicating this config works for admins and non-admins
+resources:
+- name: Working with classic DSC resources
+  type: Microsoft.DSC/PowerShell
+  properties:
+    resources:
+    - name: Class-resource Info
+      type: TestClassResource/TestClassResource
+      properties:
+        Name: TestClassResource1
+        Prop1: ValueForProp1
+        Credential: "[parameters('cred')]"
+- name: SecureObject
+  type: Microsoft.DSC.Debug/Echo
+  properties:
+    output: "[parameters('cred')]"
+    showSecrets: "[parameters('showSecrets')]"

adapters/powershell/Tests/class_ps_resources_secret.parameters.yaml

@@ -0,0 +1,4 @@
+parameters:
+  cred:
+    username: admin
+    password: {To be Override}

adapters/powershell/Tests/powershellgroup.config.tests.ps1

@@ -300,19 +300,28 @@ Describe 'PowerShell adapter resource tests' {
   It 'Config works with credential object' {
     $yaml = @"
         `$schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
+        parameters:
+          Credential:
+            type: secureObject
+            defaultValue:
+              username: User
+              password: Password
         resources:
-        - name: Class-resource Info
-          type: TestClassResource/TestClassResource
+        - name: Working with classic DSC resources
+          type: Microsoft.DSC/PowerShell
           properties:
-            Name: 'TestClassResource'
-            Credential:
-              UserName: 'User'
-              Password: 'Password'
+            resources:
+            - name: Class-resource Info
+              type: TestClassResource/TestClassResource
+              properties:
+                Name: TestClassResource1
+                Prop1: ValueForProp1
+                Credential: "[parameters('Credential')]"
 "@
     $out = dsc config get -i $yaml | ConvertFrom-Json
     $LASTEXITCODE | Should -Be 0
-    $out.results.result.actualstate.Credential.UserName | Should -Be 'User'
-    $out.results.result.actualState.result.Credential.Password.Length | Should -Not -BeNullOrEmpty
+    $out.results.result.actualstate.result.properties.Credential.UserName | Should -Be 'User'
+    $out.results.result.actualState.result.properties.Credential.Password.Length | Should -Not -BeNullOrEmpty
   }
 
   It 'Config does not work when credential properties are missing required fields' {

adapters/powershell/Tests/script_ps_resources_secret.dsc.yaml

@@ -0,0 +1,20 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+$schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
+parameters:
+  cred:
+    type: secureObject
+    defaultValue:
+      username: MyUser
+      password: Password
+resources:
+- name: Working with classic DSC resources
+  type: Microsoft.Windows/WindowsPowerShell
+  properties:
+    resources:
+    - name: Script-resource Info
+      type: TestScriptBaseDSC/CredentialValidation
+      properties:
+        Name: TestScriptResource1
+        Credential: "[parameters('cred')]"