From 2bd250971b4d3ad2c05c88b0dff27feaeb36b294 Mon Sep 17 00:00:00 2001 From: pinguinfuss Date: Mon, 10 Oct 2022 10:00:42 +0200 Subject: [PATCH 1/2] Fix optional module dependencies (#75) #### :book: Summary - Fix the optional dependencies. - DataONTAP was never a PSGallery module, and we have to custom build that. - NetApp finally submitted NetApp.ONTAP into PSGallery, so we can depend on that. - Updates UCS- and VMware-modules. #### :bookmark_tabs: Test Plan > :bulb: Select your test plan for the code changes. - [ ] Tested via Drone.io pipeline - [ ] Custom test - [x] No test plan ##### Details / Justification Sadly, you have to run it. The module loader does not have a unit test. #### :books: Additional Notes Co-authored-by: OCram85 Reviewed-on: https://gitea.ocram85.com/OCram85/PSCredentialStore/pulls/75 Reviewed-by: OCram85 Co-authored-by: pinguinfuss Co-committed-by: pinguinfuss --- src/PSCredentialStore.psd1 | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/PSCredentialStore.psd1 b/src/PSCredentialStore.psd1 index efe91d9..c8ce1cf 100644 --- a/src/PSCredentialStore.psd1 +++ b/src/PSCredentialStore.psd1 @@ -146,27 +146,27 @@ ExternalModuleDependencies = @( @{ ModuleName = 'VMware.VimAutomation.Core' - ModuleVersion = '6.5.2.6234650' + ModuleVersion = '12.7.0.20091293' }, @{ ModuleName = 'VMware.VimAutomation.Cis.Core' - ModuleVersion = '6.5.4.6983166' + ModuleVersion = '12.6.0.19601368' }, @{ - ModuleName = 'Cisco.UCS.Core' - ModuleVersion = '2.3.1.5' + ModuleName = 'Cisco.UCS.Common' + ModuleVersion = '3.0.1.2' }, @{ ModuleName = 'Cisco.UCSManager' - ModuleVersion = '2.5.2.2' + ModuleVersion = '3.0.1.2' }, @{ ModuleName = 'WinSCP' ModuleVersion = '5.17.8.1' }, @{ - ModuleName = 'DataONTAP' - ModuleVersion = '9.7.1.1' + ModuleName = 'NetApp.ONTAP' + ModuleVersion = '9.10.1.2111' } ) From 42fdb0a373f079b8d2f7d7d8978dc389a1453be1 Mon Sep 17 00:00:00 2001 From: pinguinfuss Date: Mon, 10 Oct 2022 10:05:08 +0200 Subject: [PATCH 2/2] Fix Set-CredentialStoreItem (#76) #### :book: Summary - Fix Set-CredentialStoreItem. Currently it doesn't warn if the user is trying to update a CredentialStoreItem, that does not exist. - Also add a bit of documentation and UnitTests. - Fix the quotation of Test-CredentialStoreItem. #### :bookmark_tabs: Test Plan > :bulb: Select your test plan for the code changes. - [x] Tested via Drone.io pipeline - [ ] Custom test - [ ] No test plan ##### Details / Justification #### :books: Additional Notes Co-authored-by: OCram85 Reviewed-on: https://gitea.ocram85.com/OCram85/PSCredentialStore/pulls/76 Reviewed-by: OCram85 Co-authored-by: pinguinfuss Co-committed-by: pinguinfuss --- src/Item/Set-CredentialStoreItem.Tests.ps1 | 130 +++++++++++++++++++++ src/Item/Set-CredentialStoreItem.ps1 | 53 +++++++-- src/Item/Test-CredentialStoreItem.ps1 | 16 +-- 3 files changed, 179 insertions(+), 20 deletions(-) create mode 100644 src/Item/Set-CredentialStoreItem.Tests.ps1 diff --git a/src/Item/Set-CredentialStoreItem.Tests.ps1 b/src/Item/Set-CredentialStoreItem.Tests.ps1 new file mode 100644 index 0000000..c65b3b1 --- /dev/null +++ b/src/Item/Set-CredentialStoreItem.Tests.ps1 @@ -0,0 +1,130 @@ +[Diagnostics.CodeAnalysis.SuppressMessageAttribute( + 'PSAvoidUsingConvertToSecureStringWithPlainText', + '', + Justification = 'just used in pester tests.' +)] +[Diagnostics.CodeAnalysis.SuppressMessageAttribute( + 'PSProvideCommentHelp', + '', + Justification = 'no need in internal pester helpers.' +)] +param () + +BeforeAll { + $ManifestFile = (Get-Item -Path './src/*.psd1').FullName + Import-Module $ManifestFile -Force + + $PrivateFunctions = (Get-ChildItem -Path './src/Private/*.ps1' | Where-Object { + $_.BaseName -notmatch '.Tests' + } + ).FullName + foreach ( $func in $PrivateFunctions) { + . $func + } + + # Backup existing credential stores + $VerbosePreference = 'Continue' + Write-Verbose -Message 'Backup private Credential Store...' + $CSPath = Get-DefaultCredentialStorePath + $BackupFile = '{0}.back' -f $CSPath + if (Test-Path -Path $CSPath) { + Move-Item -Path $CSPath -Destination $BackupFile + } + Write-Verbose -Message 'Backup shared CredentialStore...' + $CSShared = Get-DefaultCredentialStorePath -Shared + $BackupSharedFile = '{0}.back' -f $CSShared + if (Test-Path -Path $CSShared) { + Move-Item -Path $CSShared -Destination $BackupSharedFile + } + Write-Verbose -Message 'Remove old CredentialStore in Temp dir' + $CSTemp = Join-Path -Path (Get-TempDir) -ChildPath '/CredentialStore.json' + if (Test-Path -Path $CSTemp) { + Remove-Item -Path $CSTemp + } + $VerbosePreference = 'SilentlyContinue' +} + +Describe 'New-CredentialStoreItem' { + Context 'Private Credential Store tests' { + It 'Add entry to a private store.' { + # Create a fresh CredentialStore first + New-CredentialStore -Force + + # Define the content of the CredentialStoreItem. + $RemoteHost = 'barfoo' + $UserName = 'MyUser' + $Password = 'fooobarysdfsfs' | ConvertTo-SecureString -AsPlainText -Force + + # Form the CredentialObject. + $creds = [PSCredential]::new($UserName, $Password) + + # Create the CredentialStoreItem. + New-CredentialStoreItem -RemoteHost $RemoteHost -Credential $creds + + # Formulate an update to the CredentialStoreItem. + $ClearPassword = 'fooobaryadfafa' + $Password = $ClearPassword | ConvertTo-SecureString -AsPlainText -Force + $creds = [PSCredential]::new($UserName, $Password) + { + Set-CredentialStoreItem -RemoteHost $RemoteHost -Credential $creds + } | Should -Not -Throw + + # Control the content of the CredentialStore. + $content = Get-CredentialStoreItem -RemoteHost $RemoteHost + $content.GetNetworkCredential().Password | Should -Be $ClearPassword + } + } + Context 'Shared Credential Store tests' { + It 'Add entry to a shared store.' { + # Create a fresh CredentialStore first + $tmpCS = Join-Path -Path (Get-TempDir) -ChildPath '/CredentialStore.json' + New-CredentialStore -Path $tmpCS -Force -Shared + + # Define the content of the CredentialStoreItem. + $RemoteHost = 'barfoo' + $UserName = 'MyUser' + $Password = 'fooobarysdfsfs' | ConvertTo-SecureString -AsPlainText -Force + + # Form the CredentialObject. + $creds = [PSCredential]::new($UserName, $Password) + + # Create the CredentialStoreItem. + New-CredentialStoreItem -RemoteHost $RemoteHost -Credential $creds -Path $tmpCS -Shared + + # Formulate an update to the CredentialStoreItem. + $ClearPassword = 'fooobaryadfafa' + $Password = $ClearPassword | ConvertTo-SecureString -AsPlainText -Force + $creds = [PSCredential]::new($UserName, $Password) + + { + Set-CredentialStoreItem -RemoteHost $RemoteHost -Credential $creds -Path $tmpCS -Shared + } | Should -Not -Throw + + # Control the content of the CredentialStore. + $content = Get-CredentialStoreItem -RemoteHost $RemoteHost -Path $tmpCS -Shared + $content.GetNetworkCredential().Password | Should -Be $ClearPassword + } + } +} + +AfterAll { + # Cleanup test stores and restore existing ones. + $VerbosePreference = 'Continue' + Write-Verbose -Message 'Restoring private CredentialStore' + If (Test-Path -Path $BackupFile) { + If (Test-Path -Path $CSPath) { + Remove-Item -Path $CSPath + Move-Item -Path $BackupFile -Destination $CSPath + } + } + + Write-Verbose -Message 'Restoring shared CredentialStore' + If (Test-Path -Path $BackupSharedFile) { + If (Test-Path -Path $CSShared) { + Remove-Item -Path $CSShared + Move-Item -Path $BackupSharedFile -Destination $CSShared + } + } + $VerbosePreference = 'SilentlyContinue' + +} diff --git a/src/Item/Set-CredentialStoreItem.ps1 b/src/Item/Set-CredentialStoreItem.ps1 index 5a821a7..26ede48 100644 --- a/src/Item/Set-CredentialStoreItem.ps1 +++ b/src/Item/Set-CredentialStoreItem.ps1 @@ -13,7 +13,7 @@ function Set-CredentialStoreItem { Specify the host you for which you would like to change the credentials. .PARAMETER Identifier - Defaults to "". Specify a string, which separates two CredentialStoreItems for the + Defaults to ''. Specify a string, which separates two CredentialStoreItems for the same hostname. .PARAMETER Shared @@ -30,10 +30,10 @@ function Set-CredentialStoreItem { [None] .EXAMPLE - Set-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local" + Set-CredentialStoreItem -Path 'C:\TMP\mystore.json' -RemoteHost 'esx01.myside.local' .EXAMPLE - Set-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local" -Identifier svc + Set-CredentialStoreItem -Path 'C:\TMP\mystore.json' -RemoteHost 'esx01.myside.local' -Identifier svc #> [CmdletBinding(DefaultParameterSetName = 'Private')] @@ -65,7 +65,7 @@ function Set-CredentialStoreItem { begin { # Set the CredentialStore for private, shared or custom mode. - Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName) + Write-Debug ('ParameterSetName: {0}' -f $PSCmdlet.ParameterSetName) if ($PSCmdlet.ParameterSetName -eq 'Private') { $Path = Get-DefaultCredentialStorePath } @@ -77,32 +77,52 @@ function Set-CredentialStoreItem { } process { - # Lets do a quick test on the given CredentialStore. - if (-not(Test-CredentialStore -Shared -Path $Path)) { + # Define the default splatting. + $DefaultSplatting = @{ + Path = $Path + } + + # Check if the user passed -Shared. If he added -Shared, we'll pass it into the splatting + if ($PSBoundParameters.ContainsKey('Shared')) { + $DefaultSplatting.Add('Shared', $true) + } + else { + $DefaultSplatting.Add('Shared', $false) + } + + # Now lets check the given CredentialStore. + if (-not(Test-CredentialStore @DefaultSplatting)) { $MessageParams = @{ - Message = 'Could not add anything into the given CredentailStore.' + Message = ('The given CredentialStore ({0}) does no exist.' -f $Path) ErrorAction = 'Stop' } Write-Error @MessageParams } # Read the file content based on the given ParameterSetName - $CSContent = Get-CredentialStore -Shared -Path $Path + $CSContent = Get-CredentialStore @DefaultSplatting + # Get a formatted current date for the last update time of the Item. $CurrentDate = Get-Date -Format 'u' - if ($Identifier -ne "") { - $CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost + # Check if the user supplied an identifier. If so, we need to mangle the CredentialName, as that's where + # the identifier is actually added. + if ($Identifier -ne '') { + $CredentialName = $RemoteHost = '{0}/{1}' -f $Identifier, $RemoteHost } else { $CredentialName = $RemoteHost } + # If the user didn't supply a CredentialObject, we need to prompt for it. if (-not($Credential)) { $Credential = Get-Credential -Message $CredentialName } - if ($Credential.UserName) { + # If the username isn't empty, we ca go ahead and update the entry. + if ($null -ne $Credential.UserName -and -not [string]::IsNullOrWhiteSpace($Credential.UserName)) { + # Check if the path to the PfxCertificate is stored in the CredentialStore. If so load the certificate. + # If not, load try loading the certificate from the Filepath of the CredentialStore. if ($null -eq $CSContent.PfxCertificate) { $Cert = Get-CSCertificate -Type $CSContent.Type -Thumbprint $CSContent.Thumbprint } @@ -110,13 +130,17 @@ function Set-CredentialStoreItem { $Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop } + # Now locate the Item. if (Get-Member -InputObject $CSContent -Name $CredentialName -MemberType Properties) { + # Get a random AES key for the entry. $RSAKey = Get-RandomAESKey $CSContent.$CredentialName.User = $Credential.UserName $ConvertParams = @{ SecureString = $Credential.Password Key = $RSAKey } + + # Now create a updated item containing the updated credentials. $CSContent.$CredentialName.Password = ConvertFrom-SecureString @ConvertParams $CSContent.$CredentialName.LastChange = $CurrentDate $CSContent.$CredentialName.EncryptedKey = [Convert]::ToBase64String( @@ -125,10 +149,15 @@ function Set-CredentialStoreItem { [System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1 ) ) + + # Convert the CredentialStore back into JSON and save it to the file. ConvertTo-Json -InputObject $CSContent -Depth 5 | Out-File -FilePath $Path -Encoding utf8 } + else { + Write-Warning -Message ('Unable to locate CredentialStoreItem for {0}' -f $CredentialName) + } } - Else { + else { $MessageParams = @{ Message = 'Please Provide at least a valid user!' ErrorAction = 'Stop' diff --git a/src/Item/Test-CredentialStoreItem.ps1 b/src/Item/Test-CredentialStoreItem.ps1 index 66269e6..ec77438 100644 --- a/src/Item/Test-CredentialStoreItem.ps1 +++ b/src/Item/Test-CredentialStoreItem.ps1 @@ -33,11 +33,11 @@ function Test-CredentialStoreItem { [None] .EXAMPLE - if (Test-CredentialStoreItem -RemoteHost "Default") { - Get-CredentialStoreItem -RemoteHost "Default" + if (Test-CredentialStoreItem -RemoteHost 'Default') { + Get-CredentialStoreItem -RemoteHost 'Default' } else { - Write-Warning ("The given Remote Host {0} does not exist in the credential Store!" -f $RemoteHost) + Write-Warning ('The given Remote Host {0} does not exist in the credential Store!' -f $RemoteHost) } #> @@ -45,7 +45,7 @@ function Test-CredentialStoreItem { [OutputType([bool])] param ( [Parameter(Mandatory = $false, ParameterSetName = 'Shared')] - [string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData, + [string]$Path = '{0}\PSCredentialStore\CredentialStore.json' -f $env:ProgramData, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] @@ -61,7 +61,7 @@ function Test-CredentialStoreItem { begin { # Set the CredentialStore for private, shared or custom mode. - Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName) + Write-Debug ('ParameterSetName: {0}' -f $PSCmdlet.ParameterSetName) if ($PSCmdlet.ParameterSetName -eq 'Private') { $Path = Get-DefaultCredentialStorePath } @@ -73,8 +73,8 @@ function Test-CredentialStoreItem { } process { - if ($Identifier -ne "") { - $CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost + if ($Identifier -ne '') { + $CredentialName = $RemoteHost = '{0}/{1}' -f $Identifier, $RemoteHost } else { $CredentialName = $RemoteHost @@ -92,7 +92,7 @@ function Test-CredentialStoreItem { } else { $MsgParams = @{ - Message = "The given credential store ({0}) does not exist!" -f $Path + Message = 'The given credential store ({0}) does not exist!' -f $Path } Write-Warning @MsgParams return $false