DSCResources/Grani_CredentialManager/Grani_CredentialManager.psm1
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 |
#region Initialize function Initialize { # Enum for Ensure Add-Type -TypeDefinition @" public enum EnsureType { Present, Absent } "@ -ErrorAction SilentlyContinue; Import-Module -Name (Join-Path -Path $PSScriptRoot -ChildPath "Grani_CredentialManagerHelper.psm1") -Verbose:$false -Force } . Initialize; #endregion #region Message Definition Data VerboseMessages { ConvertFrom-StringData -StringData @" CheckingAbsent = Detected as Ensure=Absent. Checking Target is not exists. CheckingPresent = Detected as Ensure=Present. Checking Target credential is as desired. CredentialNotExists = Ensure detected as Present but credential was missing. Please make sure credential is exists. FailedAbsent = Target was found as not desired. PassPresent = Target's Credential was detected as desired. RemovingCredential = Removing Target Credential. Target : {0} SetCredential = Setting Desired Credential to Target. Target : {0} "@ } Data DebugMessages { ConvertFrom-StringData -StringData @" "@ } Data ErrorMessages { ConvertFrom-StringData -StringData @" CredentialNotExistsException = Credential parameter's value not exists exception!! Please make sure credential is exists. "@ } #endregion #region *-TargetResource function Get-TargetResource { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] param ( [parameter(Mandatory = $true)] [System.String]$InstanceIdentifier, [parameter(Mandatory = $true)] [System.String]$Target, [parameter(Mandatory = $false)] [System.Management.Automation.PSCredential]$Credential = [PSCredential]::Empty, [parameter(Mandatory = $true)] [ValidateSet("Present", "Absent")] [System.String]$Ensure ) # Initialize return values $returnHash = @{ # No meaning with InstanceIdentifier for "how Resource work" but it is identifier to deceive DSC Engine when you want to keep "Same target, Credential for multiple PsDscRunAsCredential". # Normally InstanceIdentifier can be same as Target or ConfigurationName. Just change every instance's InstanceIdentifier when you want to set as above situation. InstanceIdentifier = $InstanceIdentifier; Target = $Target; Credential = New-CimInstance -ClassName MSFT_Credential -Property @{Username = [string]$Credential.UserName; Password = [string]$null} -Namespace root/microsoft/windows/desiredstateconfiguration -ClientOnly; Ensure = [EnsureType]::Absent.ToString(); } # Absent == should remove Target if exists. if ($Ensure -eq [EnsureType]::Absent.ToString()) { Write-Verbose -Message ($VerboseMessages.CheckingAbsent); if (TestTarget -Target $Target) { Write-Verbose -Message ($VerboseMessages.FailedAbsent); $returnHash.Ensure = [EnsureType]::Present.ToString(); } } # Present == Registered credential must match desired credential. if ($Ensure -eq [EnsureType]::Present.ToString()) { Write-Verbose -Message ($VerboseMessages.CheckingPresent); if (IsCredentialEmpty -Credential $Credential) { Write-Verbose -Message ($VerboseMessages.CredentialNotExists); } elseif (TestTarget -Target $Target) { if (IsCredentialMatch -Target $Target -Credential $Credential) { Write-Verbose -Message ($VerboseMessages.PassPresent); $returnHash.Ensure = [EnsureType]::Present.ToString(); } } } return $returnHash; } function Set-TargetResource { [CmdletBinding()] param ( [parameter(Mandatory = $true)] [System.String]$InstanceIdentifier, [parameter(Mandatory = $true)] [System.String]$Target, [parameter(Mandatory = $false)] [System.Management.Automation.PSCredential]$Credential, [parameter(Mandatory = $true)] [ValidateSet("Present", "Absent")] [System.String]$Ensure ) # Absent == Start remove existing Target if ($Ensure -eq [EnsureType]::Absent.ToString()) { if (TestTarget -Target $Target) { Write-Verbose -Message ($VerboseMessages.RemovingCredential -f $Target); RemoveTarget -Target $Target; return; } } # Present == Register credential as desired if ($Ensure -eq [EnsureType]::Present.ToString()) { if (IsCredentialEmpty -Credential $Credential) { Write-Verbose -Message ($VerboseMessages.CredentialNotExists); throw $ErrorMessages.CredentialNotExistsException; } Write-Verbose -Message ($VerboseMessages.SetCredential -f $Target); SetCredential -Target $Target -Credential $Credential; return; } } function Test-TargetResource { [CmdletBinding()] [OutputType([System.Boolean])] param ( [parameter(Mandatory = $true)] [System.String]$InstanceIdentifier, [parameter(Mandatory = $true)] [System.String]$Target, [parameter(Mandatory = $false)] [System.Management.Automation.PSCredential]$Credential, [parameter(Mandatory = $true)] [ValidateSet("Present", "Absent")] [System.String]$Ensure ) return (Get-TargetResource -InstanceIdentifier $InstanceIdentifier -Target $Target -Credential $Credential -Ensure $Ensure).Ensure -eq $Ensure } #endregion Export-ModuleMember -Function *-TargetResource |