allow multiple results that have same value

Author: SteveL-MSFT

dsc/tests/dsc_functions_secret.tests.ps1

@@ -12,7 +12,7 @@ Describe 'Tests for the secret() function and extensions' {
         $env:PATH = $oldPath
     }
 
-    It 'Call secret() function with just a name' {
+    It 'Just a secret name' {
         $configYaml = @'
             $schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
             resources:
@@ -27,7 +27,7 @@ Describe 'Tests for the secret() function and extensions' {
         $out.results[0].result.actualState.Output | Should -BeExactly 'Hello'
     }
 
-    It 'Call secret() function with a name and vault' {
+    It 'Name and vault' {
         $configYaml = @'
             $schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
             resources:
@@ -42,7 +42,7 @@ Describe 'Tests for the secret() function and extensions' {
         $out.results[0].result.actualState.Output | Should -BeExactly 'Hello2'
     }
 
-    It 'Call secret() function with a name that does not exist' {
+    It 'Name that does not exist' {
         $configYaml = @'
             $schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
             resources:
@@ -57,7 +57,7 @@ Describe 'Tests for the secret() function and extensions' {
         $errorMessage | Should -Match "Secret 'NonExistentSecret' not found"
     }
 
-    It 'Call secret() function with a vault that does not exist' {
+    It 'Vault that does not exist' {
         $configYaml = @'
             $schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
             resources:
@@ -72,7 +72,7 @@ Describe 'Tests for the secret() function and extensions' {
         $errorMessage | Should -Match "Secret 'MySecret' not found"
     }
 
-    It 'Call secret() function with a duplicate secret' {
+    It 'Duplicate secret' {
         $configYaml = @'
             $schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
             resources:
@@ -84,10 +84,10 @@ Describe 'Tests for the secret() function and extensions' {
         dsc -l trace config get -i $configYaml 2> $TestDrive/error.log | ConvertFrom-Json
         $LASTEXITCODE | Should -Be 2
         $errorMessage = Get-Content -Raw -Path $TestDrive/error.log
-        $errorMessage | Should -Match "Multiple secrets with the same name 'DuplicateSecret' was returned, try specifying a vault"
+        $errorMessage | Should -Match "Multiple secrets with the same name 'DuplicateSecret' and different values was returned, try specifying a vault"
     }
 
-    It 'Call secret() function with secret and vault to disambiguate' {
+    It 'Secret and vault to disambiguate' {
         $configYaml = @'
             $schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
             resources:
@@ -101,4 +101,19 @@ Describe 'Tests for the secret() function and extensions' {
         $out.results.Count | Should -Be 1
         $out.results[0].result.actualState.Output | Should -BeExactly 'World'
     }
+
+    It 'Same secret name and value in different extensions' {
+        $configYaml = @'
+            $schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
+            resources:
+            - name: Echo
+              type: Microsoft.DSC.Debug/Echo
+              properties:
+                output: "[secret('DuplicateSame')]"
+'@
+        $out = dsc -l trace config get -i $configYaml 2> $TestDrive/error.log | ConvertFrom-Json
+        $LASTEXITCODE | Should -Be 0
+        $out.results.Count | Should -Be 1
+        $out.results[0].result.actualState.Output | Should -BeExactly 'SameSecret'
+    }
 }

dsc_lib/locales/en-us.toml

@@ -300,7 +300,7 @@ invalidSecondArgType = "Invalid argument type for second parameter"
 
 [functions.secret]
 notString = "Parameter secret name is not a string"
-multipleSecrets = "Multiple secrets with the same name '%{name}' was returned, try specifying a vault"
+multipleSecrets = "Multiple secrets with the same name '%{name}' and different values was returned, try specifying a vault"
 extensionReturnedError = "Extension '%{extension}': %{error}"
 noExtensions = "No extensions supporting secrets was found"
 secretNotFound = "Secret '%{name}' not found"

dsc_lib/src/functions/secret.rs

@@ -50,7 +50,7 @@ impl Function for Secret {
             match extension.secret(&secret_name, vault_name.as_deref()) {
                 Ok(secret_result) => {
                     if let Some(secret_value) = secret_result {
-                        if secret_returned {
+                        if secret_returned && result != secret_value {
                             return Err(DscError::Function("secret".to_string(), t!("functions.secret.multipleSecrets", name = secret_name.clone()).to_string()));
                         }
 

extensions/test/secret/secret.ps1

@@ -15,6 +15,7 @@ $secretsOne = @{
     Vault1 = @{
         MySecret = 'Hello'
         DuplicateSecret = 'World'
+        DuplicateSame = 'SameSecret'
     }
     Vault2 = @{
         AnotherSecret = 'Foo'
@@ -25,6 +26,7 @@ $secretTwo = @{
     VaultA = @{
         DifferentSecret = 'Hello2'
         DuplicateSecret = 'World2'
+        DuplicateSame = 'SameSecret'
     }
 }