fix tests and clippy

Author: SteveL-MSFT

dsc/tests/dsc_parameters.tests.ps1

@@ -274,26 +274,61 @@ Describe 'Parameters tests' {
       $out.results[0].result.inDesiredState | Should -BeTrue
     }
 
-    It 'secure types can be passed as objects to resources but redacted in output' {
-      $out = dsc -l trace config -f $PSScriptRoot/../examples/secure_parameters.parameters.yaml get -f $PSScriptRoot/../examples/secure_parameters.dsc.yaml 2> $TestDrive/error.log | ConvertFrom-Json
+    It 'secure types can be passed as objects to resources but redacted in output: <operation> <property>' -TestCases @(
+        @{ operation = 'get'; property = 'actualState' }
+        @{ operation = 'set'; property = 'beforeState' }
+        @{ operation = 'set'; property = 'afterState' }
+        @{ operation = 'test'; property = 'desiredState' }
+        @{ operation = 'test'; property = 'actualState' }
+        @{ operation = 'export'; property = $null }
+    ) {
+      param($operation, $property)
+
+      $out = dsc -l trace config -f $PSScriptRoot/../examples/secure_parameters.parameters.yaml $operation -f $PSScriptRoot/../examples/secure_parameters.dsc.yaml 2> $TestDrive/error.log | ConvertFrom-Json
       $LASTEXITCODE | Should -Be 0
-      $out.results.Count | Should -Be 4
-      $out.results[0].result.actualState.output | Should -BeExactly '<secureValue>'
-      $out.results[1].result.actualState.output | Should -BeExactly '<secureValue>'
-      $out.results[2].result.actualState.output[0] | Should -BeExactly '<secureValue>'
-      $out.results[2].result.actualState.output[1] | Should -BeExactly '<secureValue>'
-      $out.results[3].result.actualState.output | Should -BeExactly '<secureValue>'
+      if ($operation -eq 'export') {
+        $out.resources.Count | Should -Be 4
+        $out.resources[0].properties.output | Should -BeExactly '<secureValue>'
+        $out.resources[1].properties.output | Should -BeExactly '<secureValue>'
+        $out.resources[2].properties.output[0] | Should -BeExactly '<secureValue>'
+        $out.resources[2].properties.output[1] | Should -BeExactly '<secureValue>'
+        $out.resources[3].properties.output | Should -BeExactly '<secureValue>'
+      } else {
+        $out.results.Count | Should -Be 4 -Because ($out | ConvertTo-Json -Dep 10 | Out-String)
+        $out.results[0].result.$property.output | Should -BeExactly '<secureValue>' -Because ($out | ConvertTo-Json -Dep 10 | Out-String)
+        $out.results[1].result.$property.output | Should -BeExactly '<secureValue>'
+        $out.results[2].result.$property.output[0] | Should -BeExactly '<secureValue>'
+        $out.results[2].result.$property.output[1] | Should -BeExactly '<secureValue>'
+        $out.results[3].result.$property.output | Should -BeExactly '<secureValue>'
+      }
     }
 
-    It 'secure types can be passed as objects to resources' {
-      $out = dsc config -f $PSScriptRoot/../examples/secure_parameters_shown.parameters.yaml get -f $PSScriptRoot/../examples/secure_parameters.dsc.yaml | ConvertFrom-Json
+    It 'secure types can be passed as objects to resources: <operation> <property>' -TestCases @(
+        # `set` beforeState is redacted in output, `test` desiredState is redacted in output so those test cases are not included here
+        @{ operation = 'get'; property = 'actualState' }
+        @{ operation = 'set'; property = 'afterState' }
+        @{ operation = 'test'; property = 'actualState' }
+        @{ operation = 'export'; property = $null }
+    ) {
+      param($operation, $property)
+
+      $out = dsc config -f $PSScriptRoot/../examples/secure_parameters_shown.parameters.yaml $operation -f $PSScriptRoot/../examples/secure_parameters.dsc.yaml | ConvertFrom-Json
       $LASTEXITCODE | Should -Be 0
-      $out.results.Count | Should -Be 4
-      $out.results[0].result.actualState.output.secureString | Should -BeExactly 'mySecret'
-      $out.results[1].result.actualState.output.secureString | Should -BeExactly 'mySecretProperty'
-      $out.results[2].result.actualState.output[0].secureString | Should -BeExactly 'item1'
-      $out.results[2].result.actualState.output[1].secureString | Should -BeExactly 'item2'
-      $out.results[3].result.actualState.output.secureObject.secureString | Should -BeExactly 'item2'
+      if ($operation -eq 'export') {
+        $out.resources.Count | Should -Be 4 -Because ($out | ConvertTo-Json -Dep 10 | Out-String)
+        $out.resources[0].properties.output.secureString | Should -BeExactly 'mySecret'
+        $out.resources[1].properties.output.secureString | Should -BeExactly 'mySecretProperty'
+        $out.resources[2].properties.output[0].secureString | Should -BeExactly 'item1'
+        $out.resources[2].properties.output[1].secureString | Should -BeExactly 'item2'
+        $out.resources[3].properties.output.secureObject.secureString | Should -BeExactly 'item2'
+      } else {
+        $out.results.Count | Should -Be 4
+        $out.results[0].result.$property.output.secureString | Should -BeExactly 'mySecret' -Because ($out | ConvertTo-Json -Dep 10 | Out-String)
+        $out.results[1].result.$property.output.secureString | Should -BeExactly 'mySecretProperty'
+        $out.results[2].result.$property.output[0].secureString | Should -BeExactly 'item1'
+        $out.results[2].result.$property.output[1].secureString | Should -BeExactly 'item2'
+        $out.results[3].result.$property.output.secureObject.secureString | Should -BeExactly 'item2'
+      }
     }
 
     It 'parameter types are validated for <type>' -TestCases @(

dsc_lib/src/dscresources/command_resource.rs

@@ -120,8 +120,9 @@ pub fn invoke_set(resource: &ResourceManifest, cwd: &str, desired: &str, skip_te
         };
 
         if in_desired_state && execution_type == &ExecutionKind::Actual {
+            let before_state = redact(&serde_json::from_str(desired)?);
             return Ok(SetResult::Resource(ResourceSetResponse{
-                before_state: serde_json::from_str(desired)?,
+                before_state,
                 after_state: actual_state,
                 changed_properties: None,
             }));
@@ -152,7 +153,7 @@ pub fn invoke_set(resource: &ResourceManifest, cwd: &str, desired: &str, skip_te
     else {
         return Err(DscError::Command(resource.resource_type.clone(), exit_code, stderr));
     };
-    let pre_state = if pre_state_value.is_object() {
+    let mut pre_state = if pre_state_value.is_object() {
         let mut pre_state_map: Map<String, Value> = serde_json::from_value(pre_state_value)?;
 
         // if the resource is an adapter, then the `get` will return a `result`, but a full `set` expects the before state to be `resources`
@@ -200,6 +201,7 @@ pub fn invoke_set(resource: &ResourceManifest, cwd: &str, desired: &str, skip_te
 
             // for changed_properties, we compare post state to pre state
             let diff_properties = get_diff( &actual_value, &pre_state);
+            pre_state = redact(&pre_state);
             Ok(SetResult::Resource(ResourceSetResponse{
                 before_state: pre_state,
                 after_state: actual_value,
@@ -241,6 +243,7 @@ pub fn invoke_set(resource: &ResourceManifest, cwd: &str, desired: &str, skip_te
                 }
             };
             let diff_properties = get_diff( &actual_state, &pre_state);
+            pre_state = redact(&pre_state);
             Ok(SetResult::Resource(ResourceSetResponse {
                 before_state: pre_state,
                 after_state: actual_state,

dscecho/src/main.rs

@@ -17,45 +17,42 @@ const SECURE_VALUE_REDACTED: &str = "<secureValue>";
 
 fn main() {
     let args = Args::parse();
-    match args.input {
-        Some(input) => {
-            let mut echo = match serde_json::from_str::<Echo>(&input) {
-                Ok(echo) => echo,
-                Err(err) => {
-                    eprintln!("{}: {err}", t!("main.invalidJson"));
-                    std::process::exit(1);
-                }
-            };
-            if echo.show_secrets != Some(true) {
-                match echo.output {
-                    Output::SecureString(_) | Output::SecureObject(_) => {
-                        echo.output = Output::String(SECURE_VALUE_REDACTED.to_string());
-                    },
-                    Output::Array(ref mut arr) => {
-                        for item in arr.iter_mut() {
-                            if is_secure_value(item) {
-                                *item = Value::String(SECURE_VALUE_REDACTED.to_string());
-                            } else {
-                                *item = redact(item);
-                            }
+    if let Some(input) = args.input {
+        let mut echo = match serde_json::from_str::<Echo>(&input) {
+            Ok(echo) => echo,
+            Err(err) => {
+                eprintln!("{}: {err}", t!("main.invalidJson"));
+                std::process::exit(1);
+            }
+        };
+        if echo.show_secrets != Some(true) {
+            match echo.output {
+                Output::SecureString(_) | Output::SecureObject(_) => {
+                    echo.output = Output::String(SECURE_VALUE_REDACTED.to_string());
+                },
+                Output::Array(ref mut arr) => {
+                    for item in arr.iter_mut() {
+                        if is_secure_value(item) {
+                            *item = Value::String(SECURE_VALUE_REDACTED.to_string());
+                        } else {
+                            *item = redact(item);
                         }
-                    },
-                    Output::Object(ref mut obj) => {
-                        *obj = redact(obj);
-                    },
-                    _ => {}
-                }
+                    }
+                },
+                Output::Object(ref mut obj) => {
+                    *obj = redact(obj);
+                },
+                _ => {}
             }
-            let json = serde_json::to_string(&echo).unwrap();
-            println!("{json}");
-            return;
-        },
-        None => {
-            let schema = schema_for!(Echo);
-            let json = serde_json::to_string_pretty(&schema).unwrap();
-            println!("{json}");
         }
+        let json = serde_json::to_string(&echo).unwrap();
+        println!("{json}");
+        return;
     }
+
+    let schema = schema_for!(Echo);
+    let json = serde_json::to_string_pretty(&schema).unwrap();
+    println!("{json}");
 }
 
 fn is_secure_value(value: &Value) -> bool {