Add credential support on PowerShell adapters

Author: Gijsreyn

powershell-adapter/Tests/TestClassResource/0.0.1/TestClassResource.psm1

@@ -29,6 +29,9 @@ class TestClassResource : BaseTestClass
     [DscProperty()]
     [string] $EnumProp
 
+    [DscProperty()]
+    [PSCredential] $Credential
+
     [string] $NonDscProperty # This property shouldn't be in results data
 
     hidden

powershell-adapter/Tests/powershellgroup.config.tests.ps1

@@ -237,4 +237,22 @@ Describe 'PowerShell adapter resource tests' {
       }
     }
   }
+
+  It 'Config works with credential object' {
+    $yaml = @"
+        `$schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
+        resources:
+        - name: Class-resource Info
+          type: TestClassResource/TestClassResource
+          properties:
+            Name: 'TestClassResource'
+            Credential:
+              UserName: 'User'
+              Password: 'Password'
+"@
+    $out = dsc config get -i $yaml | ConvertFrom-Json
+    $LASTEXITCODE | Should -Be 0
+    $out.results[0].result.actualState.result[0].properties.Credential.UserName | Should -Be 'User'
+    $out.results[0].result.actualState.result[0].properties.Credential.Password | Should -BeNullOrEmpty
+  }
 }

powershell-adapter/Tests/win_powershellgroup.tests.ps1

@@ -211,4 +211,25 @@ resources:
         $LASTEXITCODE | Should -Be 0
         $out.results[0].result.inDesiredState | Should -Be $inDesiredState
     }
+
+    It 'Should be able to test against a service with credentials' -Skip:(!$IsWindows) {
+        $yaml = @"
+`$schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
+resources:
+  - name: Test service 
+    type: Microsoft.Windows/WindowsPowerShell 
+    properties: 
+      resources:
+      - name: Test service
+        type: PSDesiredStateConfiguration/Service
+        properties:
+          Name: 'W32Time'
+          Credential:
+            Username: "User"
+            Password: "Password"
+"@
+        $out = dsc config test -i $yaml | ConvertFrom-Json
+        $LASTEXITCODE | Should -Be 0
+        $out.results[0].result.inDesiredState | Should -Be $false
+    }
 }

powershell-adapter/psDscAdapter/psDscAdapter.psm1

@@ -421,13 +421,11 @@ function Invoke-DscOperation {
                         $DesiredState.properties.psobject.properties | ForEach-Object -Process {
                             # handle input objects by converting them to a hash table
                             if ($_.Value -is [System.Management.Automation.PSCustomObject]) {
-                                Write-DscTrace -Message "The object is a PSCustomObject"
-                                $_.Value.psobject.properties | ForEach-Object -Begin {
-                                    $propertyHash = @{}
-                                } -Process {
-                                    $propertyHash[$_.Name] = $_.Value
-                                } -End {
-                                    $dscResourceInstance.$($_.Name) = $propertyHash
+                                if ($_.Name -like '*Credential*' -and $_.Value.Username -and $_.Value.Password) {
+                                    $dscResourceInstance.$($_.Name) = [System.Management.Automation.PSCredential]::new($_.Value.Username, (ConvertTo-SecureString -AsPlainText $_.Value.Password -Force))
+                                }
+                                else {
+                                    $dscResourceInstance.$($_.Name) = $_.Value.psobject.properties | ForEach-Object -Begin { $propertyHash = @{} } -Process { $propertyHash[$_.Name] = $_.Value } -End { $propertyHash }
                                 }
                             }
                             else {

powershell-adapter/psDscAdapter/win_psDscAdapter.psm1

@@ -364,7 +364,12 @@ function Invoke-DscOperation {
                 # morph the INPUT object into a hashtable named "property" for the cmdlet Invoke-DscResource
                 $DesiredState.properties.psobject.properties | ForEach-Object -Begin { $property = @{} } -Process { 
                     if ($_.Value -is [System.Management.Automation.PSCustomObject]) {
-                        $property[$_.Name] = $_.Value.psobject.properties | ForEach-Object -Begin { $propertyHash = @{} } -Process { $propertyHash[$_.Name] = $_.Value } -End { $propertyHash }
+                        if ($_.Name -like '*Credential*' -and $_.Value.Username -and $_.Value.Password) {
+                            $property[$_.Name] = [System.Management.Automation.PSCredential]::new($_.Value.Username, (ConvertTo-SecureString -AsPlainText $_.Value.Password -Force))
+                        }
+                        else {
+                            $property[$_.Name] = $_.Value.psobject.properties | ForEach-Object -Begin { $propertyHash = @{} } -Process { $propertyHash[$_.Name] = $_.Value } -End { $propertyHash }    
+                        }
                     }
                     else {
                         $property[$_.Name] = $_.Value
@@ -373,7 +378,7 @@ function Invoke-DscOperation {
 
                 # using the cmdlet the appropriate dsc module, and handle errors
                 try {
-                    Write-DscTrace -Operation Debug -Message "Module: $($cachedDscResourceInfo.ModuleName), Name: $($cachedDscResourceInfo.Name), Property: $($property)"
+                    Write-DscTrace -Operation Debug -Message "Module: $($cachedDscResourceInfo.ModuleName), Name: $($cachedDscResourceInfo.Name), Property: $($property | ConvertTo-Json -Compress)"
                     $invokeResult = Invoke-DscResource -Method $Operation -ModuleName $cachedDscResourceInfo.ModuleName -Name $cachedDscResourceInfo.Name -Property $property -ErrorAction Stop
 
                     if ($invokeResult.GetType().Name -eq 'Hashtable') {
@@ -402,7 +407,18 @@ function Invoke-DscOperation {
                     if ($DesiredState.properties) {
                         # set each property of $dscResourceInstance to the value of the property in the $desiredState INPUT object
                         $DesiredState.properties.psobject.properties | ForEach-Object -Process {
-                            $dscResourceInstance.$($_.Name) = $_.Value
+                            # handle input objects by converting them to a hash table
+                            if ($_.Value -is [System.Management.Automation.PSCustomObject]) {
+                                if ($_.Name -like '*Credential*' -and $_.Value.Username -and $_.Value.Password) {
+                                    $dscResourceInstance.$($_.Name) = [System.Management.Automation.PSCredential]::new($_.Value.Username, (ConvertTo-SecureString -AsPlainText $_.Value.Password -Force))
+                                }
+                                else {
+                                    $dscResourceInstance.$($_.Name) = $_.Value.psobject.properties | ForEach-Object -Begin { $propertyHash = @{} } -Process { $propertyHash[$_.Name] = $_.Value } -End { $propertyHash }
+                                }
+                            }
+                            else {
+                                $dscResourceInstance.$($_.Name) = $_.Value
+                            }
                         }
                     }
 
@@ -444,9 +460,23 @@ function Invoke-DscOperation {
                 }
 
                 # morph the INPUT object into a hashtable named "property" for the cmdlet Invoke-DscResource
-                $DesiredState.properties.psobject.properties | ForEach-Object -Begin { $property = @{} } -Process { $property[$_.Name] = $_.Value }
+                $DesiredState.properties.psobject.properties | ForEach-Object -Begin { $property = @{} } -Process {
+                    if ($_.Value -is [System.Management.Automation.PSCustomObject]) {
+                        if ($_.Name -Like '*Credential*' -and $_.Value.Username -and $_.Value.Password) {
+                            $property[$_.Name] = [System.Management.Automation.PSCredential]::new($_.Value.Username, (ConvertTo-SecureString -AsPlainText $_.Value.Password -Force))
+                        }
+                        else {
+                            $property[$_.Name] = $_.Value.psobject.properties | ForEach-Object -Begin { $propertyHash = @{} } -Process { $propertyHash[$_.Name] = $_.Value } -End { $propertyHash }
+                        }
+                    }
+                    else {
+                        $property[$_.Name] = $_.Value
+                    }
+                }
+
                 # using the cmdlet from PSDesiredStateConfiguration module in Windows
                 try {
+                    Write-DscTrace -Operation Debug -Message "Module: $($cachedDscResourceInfo.ModuleName), Name: $($cachedDscResourceInfo.Name), Property: $($property | ConvertTo-Json -Compress)"
                     $invokeResult = Invoke-DscResource -Method $Operation -ModuleName $cachedDscResourceInfo.ModuleName -Name $cachedDscResourceInfo.Name -Property $property
                     if ($invokeResult.GetType().Name -eq 'Hashtable') {
                         $invokeResult.keys | ForEach-Object -Begin { $ResultProperties = @{} } -Process { $ResultProperties[$_] = $invokeResult.$_ }