DSCResources/CommonResourceHelper.psm1
|
$errorActionPreference = 'Stop' Set-StrictMode -Version 'Latest' function Read-RESTException { [CmdletBinding()] Param ( # Param1 help description [Parameter(Mandatory = $true, Position = 0)] $Exception ) $reader = New-Object -TypeName System.IO.StreamReader -ArgumentList ($Exception) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd() return $responseBody } function Get-LocalizedData { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [String] $ResourceName ) $resourceDirectory = Join-Path -Path $PSScriptRoot -ChildPath $ResourceName $localizedStringFileLocation = Join-Path -Path $resourceDirectory -ChildPath $PSUICulture if (-not (Test-Path -Path $localizedStringFileLocation)) { # Fallback to en-US $localizedStringFileLocation = Join-Path -Path $resourceDirectory -ChildPath 'en-US' } Import-LocalizedData ` -BindingVariable 'localizedData' ` -FileName "$ResourceName.strings.psd1" ` -BaseDirectory $localizedStringFileLocation return $localizedData } function Start-VaultAuth { [CmdletBinding()] Param ( [Parameter(Mandatory = $true, Position = 0)] [System.String] $VaultAddress, [System.String] $ApiPrefix = 'v1', [System.String] $AuthBackend = 'approle' ) $credentials = Get-StoredCredential -Target $VaultAddress if ($credentials -eq $null) { throw "No credentials found for target: $vaultAddress" } $apiUri = ($VaultAddress + '/' + $ApiPrefix + '/auth/' + $AuthBackend + '/login') $body = New-Object -TypeName 'System.Collections.Generic.Dictionary[[String],[String]]' $body.Add('role_id', $credentials.UserName) $body.Add('secret_id', [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($credentials.Password))) try { $apiResult = Invoke-RestMethod -Method Post -Uri $apiUri -Body ($body | ConvertTo-Json) -ContentType application/json -ErrorAction Stop return $apiResult } catch { if ($_.Exception.Response.GetResponseStream() -ne $null) { $responseBody = Read-RESTException -Exception $_.Exception.Response.GetResponseStream() if ($responseBody -match 'permission denied' ) { Write-Error -Message "Permission denied. Ensure you are using a token that has permissions to write to $VaultPath" } elseif ($responseBody -match 'invalid secret_id' ) { Write-Error -Message 'Failed to login: Invalid secret_id' } elseif ($responseBody -match 'invalid role_id' ) { Write-Error -Message 'Failed to login: Invalid role_id' } elseif ($responseBody -match 'Vault is sealed' ) { Write-Error -Message 'Vault is sealed' } else { Write-Error $responseBody } } else { "Error was $_" $line = $_.InvocationInfo.ScriptLineNumber "Error was in Line $line" } } } function Write-VaultData { [CmdletBinding()] Param ( [Parameter(Mandatory = $true, Position = 0)] [System.String] $VaultAddress, [System.String] $ApiPrefix = 'v1', [Parameter(Mandatory = $true, Position = 1)] [System.String] $VaultPath, [Parameter(Mandatory = $true, Position = 2)] [System.String] $Value, [Parameter(Mandatory = $true, Position = 3)] [System.String] $ClientToken ) $apiUri = ($VaultAddress + '/' + $ApiPrefix + '/' + $VaultPath) $headers = New-Object -TypeName 'System.Collections.Generic.Dictionary[[String],[String]]' $headers.Add('X-Vault-Token', $ClientToken) $body = New-Object -TypeName 'System.Collections.Generic.Dictionary[[String],[String]]' $body.Add('value', $Value) try { Write-Verbose -Message 'Attempting to write secret' $apiResult = Invoke-RestMethod -Method Post -Uri $apiUri -Body ($body | ConvertTo-Json) -Headers $headers -ContentType application/json -ErrorAction Stop } catch { if ($_.Exception.Response.GetResponseStream() -ne $null) { $responseBody = Read-RESTException -Exception $_.Exception.Response.GetResponseStream() if ($responseBody -match 'permission denied' ) { Write-Error -Message "Permission denied. Ensure you are using a token that has permissions to write to $VaultPath" } else { Write-Error $responseBody } } else { "Error was $_" $line = $_.InvocationInfo.ScriptLineNumber "Error was in Line $line" } } } function Read-VaultData { [CmdletBinding()] Param ( [Parameter(Mandatory = $true, Position = 0)] [System.String] $VaultAddress, [System.String] $ApiPrefix = 'v1', [Parameter(Mandatory = $true, Position = 1)] [System.String] $VaultPath, [Parameter(Mandatory = $true, Position = 2)] [System.String] $ClientToken ) $apiUri = ($VaultAddress + '/' + $ApiPrefix + '/' + $VaultPath) $headers = New-Object -TypeName 'System.Collections.Generic.Dictionary[[String],[String]]' $headers.Add('X-Vault-Token', $ClientToken) try { $apiResult = Invoke-RestMethod -Method Get -Uri $apiUri -Headers $headers -ErrorAction Stop return $apiResult } catch { if ($_.Exception.response.StatusCode.value__ -eq '404') { Write-Verbose -Message "Returned 404. No value found at $VaultPath" $apiResult = 404 return $apiResult } elseif ($_.Exception.Response.GetResponseStream() -ne $null) { $responseBody = Read-RESTException -Exception $_.Exception.Response.GetResponseStream() if ($responseBody -match 'permission denied' ) { Write-Error -Message "Permission denied. Ensure you are using a token that has permissions to write to $VaultPath" } else { Write-Error $responseBody } } else { "Error was $_" $line = $_.InvocationInfo.ScriptLineNumber "Error was in Line $line" } } } <# .SYNOPSIS Tests if the current machine is a Nano server. #> function Test-IsNanoServer { [OutputType([Boolean])] [CmdletBinding()] param () $isNanoServer = $false if (Test-CommandExists -Name 'Get-ComputerInfo') { $computerInfo = Get-ComputerInfo -ErrorAction 'SilentlyContinue' if ($null -ne $computerInfo) { $computerIsServer = 'Server' -ieq $computerInfo.OsProductType if ($computerIsServer) { $isNanoServer = 'NanoServer' -ieq $computerInfo.OsServerLevel } } } return $isNanoServer } <# .SYNOPSIS Tests whether or not the command with the specified name exists. .PARAMETER Name The name of the command to test for. #> function Test-CommandExists { [OutputType([Boolean])] [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [String] $Name ) $command = Get-Command -Name $Name -ErrorAction 'SilentlyContinue' return ($null -ne $command) } <# .SYNOPSIS Creates and throws an invalid argument exception .PARAMETER Message The message explaining why this error is being thrown .PARAMETER ArgumentName The name of the invalid argument that is causing this error to be thrown #> function New-InvalidArgumentException { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [String] $Message, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [String] $ArgumentName ) $argumentException = New-Object -TypeName 'ArgumentException' ` -ArgumentList @($Message, $ArgumentName) $newObjectParams = @{ TypeName = 'System.Management.Automation.ErrorRecord' ArgumentList = @($argumentException, $ArgumentName, 'InvalidArgument', $null) } $errorRecord = New-Object @newObjectParams throw $errorRecord } <# .SYNOPSIS Creates and throws an invalid operation exception .PARAMETER Message The message explaining why this error is being thrown .PARAMETER ErrorRecord The error record containing the exception that is causing this terminating error #> function New-InvalidOperationException { [CmdletBinding()] param ( [ValidateNotNullOrEmpty()] [String] $Message, [ValidateNotNull()] [System.Management.Automation.ErrorRecord] $errorRecord ) if ($null -eq $Message) { $invalidOperationException = New-Object -TypeName 'InvalidOperationException' } elseif ($null -eq $errorRecord) { $invalidOperationException = New-Object -TypeName 'InvalidOperationException' ` -ArgumentList @($Message) } else { $invalidOperationException = New-Object -TypeName 'InvalidOperationException' ` -ArgumentList @($Message, $errorRecord.Exception) } $newObjectParams = @{ TypeName = 'System.Management.Automation.ErrorRecord' ArgumentList = @( $invalidOperationException.ToString(), 'MachineStateIncorrect', 'InvalidOperation', $null ) } $errorRecordToThrow = New-Object @newObjectParams throw $errorRecordToThrow } <# .SYNOPSIS Retrieves the localized string data based on the machine's culture. Falls back to en-US strings if the machine's culture is not supported. .PARAMETER ResourceName The name of the resource as it appears before '.strings.psd1' of the localized string file. For example: For WindowsOptionalFeature: MSFT_WindowsOptionalFeature For Service: MSFT_ServiceResource For Registry: MSFT_RegistryResource #> Export-ModuleMember -Function @( 'Test-IsNanoServer', 'New-InvalidArgumentException', 'New-InvalidOperationException', 'Read-RESTException', 'Get-LocalizedData', 'Write-VaultData', 'Read-VaultData', 'Start-VaultAuth' ) |