alexjebens/Test.ps1

## Test.ps1
#region Ensure/Get Encryption Cert

function Get-CertThumbPrint(){
    [OutputType([string])]
    param(
        [string]$CertPath
    )
    $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
    $cert.Import($CertPath)
    return $cert.Thumbprint.ToLowerInvariant()
}

$certPath = (Join-Path -path $env:SystemDrive -childPath "EncryptionCertificate.cer")

if(! (Test-Path $certPath)) {
    $cert = New-SelfSignedCertificate -Type DocumentEncryptionCertLegacyCsp -DnsName 'DscEncryptionCert' -HashAlgorithm SHA256
    # export the public key certificate
    $cert | Export-Certificate -FilePath $certPath -Force
    $thumbprint = $cert.Thumbprint
} else {
    $thumbprint = Get-CertThumbPrint $certPath
}

$cert = @{
    Thumbprint = $thumbprint
    Path = $certPath
}

#endregion

#region Setup Config Data
$credential = [PSCredential]::new("User",(ConvertTo-SecureString -AsPlainText -Force "Password"))
$ConfigData = @{
    AllNodes = @(
        @{
            # The name of the node we are describing
            NodeName = "$env:COMPUTERNAME"

            # The path to the .cer file containing the
            # public key of the Encryption Certificate
            CertificateFile = $cert.Path

            # The thumbprint of the Encryption Certificate
            # used to decrypt the credentials
            Thumbprint = $cert.Thumbprint
        };
    );
}
#endregion

#region Test Encryption without Partial Configurations
Configuration Validation {
    param(
        [Parameter(Mandatory=$true)]
        [ValidateNotNullorEmpty()]
        [PsCredential] $Credential
        )

    Import-DscResource -ModuleName DscTest
    $plaintextpw = $credential.GetNetworkCredential().Password
    Node $AllNodes.NodeName
    {
        DscCredentialValidation validation
        {
            Name = 'Validation'
            Credential = $credential
            Password = $plaintextpw
        }
        LocalConfigurationManager
        {
            CertificateID = $node.Thumbprint
        }

    }
}

Validation -Credential $credential -ConfigurationData $ConfigData
Set-DscLocalConfigurationManager .\Validation
Start-DscConfiguration -Wait -Verbose -Path .\Validation -Force
#endregion

#region Partial Configurations that both require a credential to be stored
[DSCLocalConfigurationManager()]
configuration PartialWithCreds
{
    Node $AllNodes.NodeName
    {
        Settings
        {
            CertificateID = $node.Thumbprint
        }
        PartialConfiguration Validation
        {
            Description = 'Configuration to add the SharePoint service account to the Administrators group.'
            RefreshMode = 'Push'
        }
        PartialConfiguration TEST
        {
            Description = 'Configuration to add the SharePoint service account to the Administrators group.'
            RefreshMode = 'Push'
        }
    }
}

Configuration TEST {
    param(
        [Parameter(Mandatory=$true)]
        [ValidateNotNullorEmpty()]
        [PsCredential] $Credential
        )

    Import-DscResource -ModuleName DscTest
    $plaintextpw = $credential.GetNetworkCredential().Password
    Node $AllNodes.NodeName
    {
        DscCredentialValidation Validation2
        {
            Name = 'TEST'
            Credential = $credential
            Password = $plaintextpw
        }
        LocalConfigurationManager
        {
            CertificateID = $node.Thumbprint
        }

    }
}

Test -Credential $credential -ConfigurationData $ConfigData

PartialWithCreds -ConfigurationData $ConfigData

Set-DscLocalConfigurationManager .\PartialWithCreds
Publish-DscConfiguration -Path .\Validation
Publish-DscConfiguration -Path .\Test
Start-DscConfiguration -Wait -Verbose -UseExisting
#endregion


#region Partial Configurations where one does not require a credential to be stored
# Will Fail
Configuration NoCreds {

    Import-DscResource -ModuleName DscTest
    $plaintextpw = $credential.GetNetworkCredential().Password
    Node $AllNodes.NodeName
    {
        File TEST{
            DestinationPath = "C:\Test.txt"
            Contents = "TEST"
        }
        LocalConfigurationManager
        {
            CertificateID = $node.Thumbprint
        }

    }
}

[DSCLocalConfigurationManager()]
configuration PartialNoCreds
{
    Node $AllNodes.NodeName
    {
        Settings
        {
            CertificateID = $node.Thumbprint
        }
        PartialConfiguration Validation
        {
            Description = 'Configuration to add the SharePoint service account to the Administrators group.'
            RefreshMode = 'Push'
        }
        PartialConfiguration NoCreds
        {
            Description = 'Configuration to add the SharePoint service account to the Administrators group.'
            RefreshMode = 'Push'
        }
    }
}
PartialNoCreds -ConfigurationData $ConfigData
NoCreds -ConfigurationData $ConfigData
Set-DscLocalConfigurationManager .\PartialNoCreds
Publish-DscConfiguration -Path .\Validation
Publish-DscConfiguration -Path .\NoCreds
Start-DscConfiguration -Wait -Verbose -UseExisting
#endregion
	#region Ensure/Get Encryption Cert

	function Get-CertThumbPrint(){
	[OutputType([string])]
	param(
	[string]$CertPath
	)
	$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
	$cert.Import($CertPath)
	return $cert.Thumbprint.ToLowerInvariant()
	}

	$certPath = (Join-Path -path $env:SystemDrive -childPath "EncryptionCertificate.cer")

	if(! (Test-Path $certPath)) {
	$cert = New-SelfSignedCertificate -Type DocumentEncryptionCertLegacyCsp -DnsName 'DscEncryptionCert' -HashAlgorithm SHA256
	# export the public key certificate
	$cert \| Export-Certificate -FilePath $certPath -Force
	$thumbprint = $cert.Thumbprint
	} else {
	$thumbprint = Get-CertThumbPrint $certPath
	}

	$cert = @{
	Thumbprint = $thumbprint
	Path = $certPath
	}

	#endregion

	#region Setup Config Data
	$credential = [PSCredential]::new("User",(ConvertTo-SecureString -AsPlainText -Force "Password"))
	$ConfigData = @{
	AllNodes = @(
	@{
	# The name of the node we are describing
	NodeName = "$env:COMPUTERNAME"

	# The path to the .cer file containing the
	# public key of the Encryption Certificate
	CertificateFile = $cert.Path

	# The thumbprint of the Encryption Certificate
	# used to decrypt the credentials
	Thumbprint = $cert.Thumbprint
	};
	);
	}
	#endregion

	#region Test Encryption without Partial Configurations
	Configuration Validation {
	param(
	[Parameter(Mandatory=$true)]
	[ValidateNotNullorEmpty()]
	[PsCredential] $Credential
	)

	Import-DscResource -ModuleName DscTest
	$plaintextpw = $credential.GetNetworkCredential().Password
	Node $AllNodes.NodeName
	{
	DscCredentialValidation validation
	{
	Name = 'Validation'
	Credential = $credential
	Password = $plaintextpw
	}
	LocalConfigurationManager
	{
	CertificateID = $node.Thumbprint
	}

	}
	}

	Validation -Credential $credential -ConfigurationData $ConfigData
	Set-DscLocalConfigurationManager .\Validation
	Start-DscConfiguration -Wait -Verbose -Path .\Validation -Force
	#endregion

	#region Partial Configurations that both require a credential to be stored
	[DSCLocalConfigurationManager()]
	configuration PartialWithCreds
	{
	Node $AllNodes.NodeName
	{
	Settings
	{
	CertificateID = $node.Thumbprint
	}
	PartialConfiguration Validation
	{
	Description = 'Configuration to add the SharePoint service account to the Administrators group.'
	RefreshMode = 'Push'
	}
	PartialConfiguration TEST
	{
	Description = 'Configuration to add the SharePoint service account to the Administrators group.'
	RefreshMode = 'Push'
	}
	}
	}

	Configuration TEST {
	param(
	[Parameter(Mandatory=$true)]
	[ValidateNotNullorEmpty()]
	[PsCredential] $Credential
	)

	Import-DscResource -ModuleName DscTest
	$plaintextpw = $credential.GetNetworkCredential().Password
	Node $AllNodes.NodeName
	{
	DscCredentialValidation Validation2
	{
	Name = 'TEST'
	Credential = $credential
	Password = $plaintextpw
	}
	LocalConfigurationManager
	{
	CertificateID = $node.Thumbprint
	}

	}
	}

	Test -Credential $credential -ConfigurationData $ConfigData

	PartialWithCreds -ConfigurationData $ConfigData

	Set-DscLocalConfigurationManager .\PartialWithCreds
	Publish-DscConfiguration -Path .\Validation
	Publish-DscConfiguration -Path .\Test
	Start-DscConfiguration -Wait -Verbose -UseExisting
	#endregion


	#region Partial Configurations where one does not require a credential to be stored
	# Will Fail
	Configuration NoCreds {

	Import-DscResource -ModuleName DscTest
	$plaintextpw = $credential.GetNetworkCredential().Password
	Node $AllNodes.NodeName
	{
	File TEST{
	DestinationPath = "C:\Test.txt"
	Contents = "TEST"
	}
	LocalConfigurationManager
	{
	CertificateID = $node.Thumbprint
	}

	}
	}

	[DSCLocalConfigurationManager()]
	configuration PartialNoCreds
	{
	Node $AllNodes.NodeName
	{
	Settings
	{
	CertificateID = $node.Thumbprint
	}
	PartialConfiguration Validation
	{
	Description = 'Configuration to add the SharePoint service account to the Administrators group.'
	RefreshMode = 'Push'
	}
	PartialConfiguration NoCreds
	{
	Description = 'Configuration to add the SharePoint service account to the Administrators group.'
	RefreshMode = 'Push'
	}
	}
	}
	PartialNoCreds -ConfigurationData $ConfigData
	NoCreds -ConfigurationData $ConfigData
	Set-DscLocalConfigurationManager .\PartialNoCreds
	Publish-DscConfiguration -Path .\Validation
	Publish-DscConfiguration -Path .\NoCreds
	Start-DscConfiguration -Wait -Verbose -UseExisting
	#endregion