Last active
April 25, 2017 13:16
-
-
Save alexjebens/2c54db430478f4695aca1d3a742fe946 to your computer and use it in GitHub Desktop.
Partial Configuration Bug Repro
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#region Ensure/Get Encryption Cert | |
function Get-CertThumbPrint(){ | |
[OutputType([string])] | |
param( | |
[string]$CertPath | |
) | |
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 | |
$cert.Import($CertPath) | |
return $cert.Thumbprint.ToLowerInvariant() | |
} | |
$certPath = (Join-Path -path $env:SystemDrive -childPath "EncryptionCertificate.cer") | |
if(! (Test-Path $certPath)) { | |
$cert = New-SelfSignedCertificate -Type DocumentEncryptionCertLegacyCsp -DnsName 'DscEncryptionCert' -HashAlgorithm SHA256 | |
# export the public key certificate | |
$cert | Export-Certificate -FilePath $certPath -Force | |
$thumbprint = $cert.Thumbprint | |
} else { | |
$thumbprint = Get-CertThumbPrint $certPath | |
} | |
$cert = @{ | |
Thumbprint = $thumbprint | |
Path = $certPath | |
} | |
#endregion | |
#region Setup Config Data | |
$credential = [PSCredential]::new("User",(ConvertTo-SecureString -AsPlainText -Force "Password")) | |
$ConfigData = @{ | |
AllNodes = @( | |
@{ | |
# The name of the node we are describing | |
NodeName = "$env:COMPUTERNAME" | |
# The path to the .cer file containing the | |
# public key of the Encryption Certificate | |
CertificateFile = $cert.Path | |
# The thumbprint of the Encryption Certificate | |
# used to decrypt the credentials | |
Thumbprint = $cert.Thumbprint | |
}; | |
); | |
} | |
#endregion | |
#region Test Encryption without Partial Configurations | |
Configuration Validation { | |
param( | |
[Parameter(Mandatory=$true)] | |
[ValidateNotNullorEmpty()] | |
[PsCredential] $Credential | |
) | |
Import-DscResource -ModuleName DscTest | |
$plaintextpw = $credential.GetNetworkCredential().Password | |
Node $AllNodes.NodeName | |
{ | |
DscCredentialValidation validation | |
{ | |
Name = 'Validation' | |
Credential = $credential | |
Password = $plaintextpw | |
} | |
LocalConfigurationManager | |
{ | |
CertificateID = $node.Thumbprint | |
} | |
} | |
} | |
Validation -Credential $credential -ConfigurationData $ConfigData | |
Set-DscLocalConfigurationManager .\Validation | |
Start-DscConfiguration -Wait -Verbose -Path .\Validation -Force | |
#endregion | |
#region Partial Configurations that both require a credential to be stored | |
[DSCLocalConfigurationManager()] | |
configuration PartialWithCreds | |
{ | |
Node $AllNodes.NodeName | |
{ | |
Settings | |
{ | |
CertificateID = $node.Thumbprint | |
} | |
PartialConfiguration Validation | |
{ | |
Description = 'Configuration to add the SharePoint service account to the Administrators group.' | |
RefreshMode = 'Push' | |
} | |
PartialConfiguration TEST | |
{ | |
Description = 'Configuration to add the SharePoint service account to the Administrators group.' | |
RefreshMode = 'Push' | |
} | |
} | |
} | |
Configuration TEST { | |
param( | |
[Parameter(Mandatory=$true)] | |
[ValidateNotNullorEmpty()] | |
[PsCredential] $Credential | |
) | |
Import-DscResource -ModuleName DscTest | |
$plaintextpw = $credential.GetNetworkCredential().Password | |
Node $AllNodes.NodeName | |
{ | |
DscCredentialValidation Validation2 | |
{ | |
Name = 'TEST' | |
Credential = $credential | |
Password = $plaintextpw | |
} | |
LocalConfigurationManager | |
{ | |
CertificateID = $node.Thumbprint | |
} | |
} | |
} | |
Test -Credential $credential -ConfigurationData $ConfigData | |
PartialWithCreds -ConfigurationData $ConfigData | |
Set-DscLocalConfigurationManager .\PartialWithCreds | |
Publish-DscConfiguration -Path .\Validation | |
Publish-DscConfiguration -Path .\Test | |
Start-DscConfiguration -Wait -Verbose -UseExisting | |
#endregion | |
#region Partial Configurations where one does not require a credential to be stored | |
# Will Fail | |
Configuration NoCreds { | |
Import-DscResource -ModuleName DscTest | |
$plaintextpw = $credential.GetNetworkCredential().Password | |
Node $AllNodes.NodeName | |
{ | |
File TEST{ | |
DestinationPath = "C:\Test.txt" | |
Contents = "TEST" | |
} | |
LocalConfigurationManager | |
{ | |
CertificateID = $node.Thumbprint | |
} | |
} | |
} | |
[DSCLocalConfigurationManager()] | |
configuration PartialNoCreds | |
{ | |
Node $AllNodes.NodeName | |
{ | |
Settings | |
{ | |
CertificateID = $node.Thumbprint | |
} | |
PartialConfiguration Validation | |
{ | |
Description = 'Configuration to add the SharePoint service account to the Administrators group.' | |
RefreshMode = 'Push' | |
} | |
PartialConfiguration NoCreds | |
{ | |
Description = 'Configuration to add the SharePoint service account to the Administrators group.' | |
RefreshMode = 'Push' | |
} | |
} | |
} | |
PartialNoCreds -ConfigurationData $ConfigData | |
NoCreds -ConfigurationData $ConfigData | |
Set-DscLocalConfigurationManager .\PartialNoCreds | |
Publish-DscConfiguration -Path .\Validation | |
Publish-DscConfiguration -Path .\NoCreds | |
Start-DscConfiguration -Wait -Verbose -UseExisting | |
#endregion |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment