Fixes issue where Switch parameters are passed to Enable-Bitlocker even if the corresponding DSC resource parameter was set to False - Post Review #1

Author: mhendric

CHANGELOG.md

@@ -18,6 +18,8 @@
 - Rename functions with improper Verb-Noun constructs
 - Add comment based help to any functions without it
 - Update Schema.mof Description fields
+- Fixes issue where Switch parameters are passed to Enable-Bitlocker even if
+  the corresponding DSC resource parameter was set to False (Issue #12)
 
 ## 1.2.0.0
 

Misc/xBitlockerCommon.psm1

@@ -208,22 +208,22 @@ function Enable-BitlockerInternal
 
             if ($PSBoundParameters.ContainsKey("HardwareEncryption"))
             {
-                $params.Add("HardwareEncryption", $true)
+                $params.Add("HardwareEncryption", $HardwareEncryption)
             }
 
             if ($PSBoundParameters.ContainsKey("Service"))
             {
-                $params.Add("Service", $true)
+                $params.Add("Service", $Service)
             }
 
             if ($PSBoundParameters.ContainsKey("SkipHardwareTest"))
             {
-                $params.Add("SkipHardwareTest", $true)
+                $params.Add("SkipHardwareTest", $SkipHardwareTest)
             }
 
             if ($PSBoundParameters.ContainsKey("UsedSpaceOnly"))
             {
-                $params.Add("UsedSpaceOnly", $true)
+                $params.Add("UsedSpaceOnly", $UsedSpaceOnly)
             }
 
             #Now add the primary protector

Tests/Integration/MSFT_xBLAutoBitlocker.Integration.tests.ps1

@@ -85,11 +85,6 @@ try
             }
 
             It 'Should have set the resource and all the parameters should match' {
-                $resourceCurrentState = $script:currentConfiguration | Where-Object -FilterScript {
-                    $_.ConfigurationName -eq $configurationName `
-                    -and $_.ResourceId -eq "[$($script:dscResourceFriendlyName)]Integration_Test"
-                }
-
                 $fixedDriveBlvs = Get-BitLockerVolume | Where-Object -FilterScript {$_.VolumeType -eq 'Data'}
 
                 foreach ($fixedDriveBlv in $fixedDriveBlvs)

Tests/Integration/MSFT_xBLBitlocker.Integration.tests.ps1

@@ -33,14 +33,6 @@ if (!(Test-RequiredFeaturesInstalled))
     return
 }
 
-# Disable Bitlocker on the OS drive before performing any tests
-$sysDriveBlv = Get-BitLockerVolume -MountPoint $env:SystemDrive
-
-if ($sysDriveBlv.KeyProtector.Count -gt 0 -or $sysDriveBlv.ProtectionStatus -ne 'Off')
-{
-    Disable-BitLocker -MountPoint $env:SystemDrive
-}
-
 # Using try/finally to always cleanup.
 try
 {
@@ -49,48 +41,53 @@ try
     . $configurationFile
 
     Describe "$($script:dcsResourceName)_Integration" {
-        $configurationName = "$($script:dcsResourceName)_BasicTPMEncryptionOnSysDrive_Config"
-
-        Context ('When using configuration {0}' -f $configurationName) {
-            It 'Should compile and apply the MOF without throwing' {
-                {
-                    $configurationParameters = @{
-                        OutputPath           = $TestDrive
-                        ConfigurationData    = $ConfigurationData
-                    }
-
-                    & $configurationName @configurationParameters
-
-                    $startDscConfigurationParameters = @{
-                        Path         = $TestDrive
-                        ComputerName = 'localhost'
-                        Wait         = $true
-                        Verbose      = $true
-                        Force        = $true
-                        ErrorAction  = 'Stop'
-                    }
-
-                    Start-DscConfiguration @startDscConfigurationParameters
-                } | Should -Not -Throw
-            }
+        $configurationNames = @(
+            "$($script:dcsResourceName)_BasicTPMEncryptionOnSysDrive_Config"
+            "$($script:dcsResourceName)_TPMEncryptionOnSysDriveWithFalseSwitchParams_Config"
+        )
+
+        foreach ($configurationName in $configurationNames)
+        {
+            Context ('When using configuration {0}' -f $configurationName) {
+                BeforeAll {
+                    Disable-BitLockerOnTestDrive -MountPoint $env:SystemDrive
+                }
 
-            It 'Should be able to call Get-DscConfiguration without throwing' {
-                {
-                    $script:currentConfiguration = Get-DscConfiguration -Verbose -ErrorAction Stop
-                } | Should -Not -Throw
-            }
+                It 'Should compile and apply the MOF without throwing' {
+                    {
+                        $configurationParameters = @{
+                            OutputPath           = $TestDrive
+                            ConfigurationData    = $ConfigurationData
+                        }
+
+                        & $configurationName @configurationParameters
+
+                        $startDscConfigurationParameters = @{
+                            Path         = $TestDrive
+                            ComputerName = 'localhost'
+                            Wait         = $true
+                            Verbose      = $true
+                            Force        = $true
+                            ErrorAction  = 'Stop'
+                        }
+
+                        Start-DscConfiguration @startDscConfigurationParameters
+                    } | Should -Not -Throw
+                }
 
-            It 'Should have set the resource and all the parameters should match' {
-                $resourceCurrentState = $script:currentConfiguration | Where-Object -FilterScript {
-                    $_.ConfigurationName -eq $configurationName `
-                    -and $_.ResourceId -eq "[$($script:dscResourceFriendlyName)]Integration_Test"
+                It 'Should be able to call Get-DscConfiguration without throwing' {
+                    {
+                        $script:currentConfiguration = Get-DscConfiguration -Verbose -ErrorAction Stop
+                    } | Should -Not -Throw
                 }
 
-                (Get-BitlockerVolume -MountPoint $env:SystemDrive).KeyProtector[0].KeyProtectorType | Should -Be 'Tpm'
-            }
+                It 'Should have set the resource and all the parameters should match' {
+                    (Get-BitlockerVolume -MountPoint $env:SystemDrive).KeyProtector[0].KeyProtectorType | Should -Be 'Tpm'
+                }
 
-            It 'Should return $true when Test-DscConfiguration is run' {
-                Test-DscConfiguration -Verbose | Should -Be $true
+                It 'Should return $true when Test-DscConfiguration is run' {
+                    Test-DscConfiguration -Verbose | Should -Be $true
+                }
             }
         }
     }

Tests/Integration/MSFT_xBLBitlocker.config.ps1

@@ -20,7 +20,7 @@ else
 
 <#
     .SYNOPSIS
-        Enables Bitlocker on the Operating System drive using a TpmProtector
+        Enables Bitlocker on the Operating System drive using a TpmProtector.
 #>
 Configuration MSFT_xBLBitlocker_BasicTPMEncryptionOnSysDrive_Config
 {
@@ -32,6 +32,29 @@ Configuration MSFT_xBLBitlocker_BasicTPMEncryptionOnSysDrive_Config
         {
             MountPoint       = $env:SystemDrive
             PrimaryProtector = 'TpmProtector'
+            UsedSpaceOnly    = $true
+        }
+    }
+}
+
+<#
+    .SYNOPSIS
+        Enables Bitlocker on the Operating System drive using a TpmProtector
+        and passed multiple Switch parameters of Enable-Bitlocker with False
+        values.
+#>
+Configuration MSFT_xBLBitlocker_TPMEncryptionOnSysDriveWithFalseSwitchParams_Config
+{
+    Import-DscResource -ModuleName 'xBitlocker'
+
+    Node $AllNodes.NodeName
+    {
+        xBLBitlocker Integration_Test
+        {
+            MountPoint         = $env:SystemDrive
+            PrimaryProtector   = 'TpmProtector'
+            HardwareEncryption = $false
+            UsedSpaceOnly      = $false
         }
     }
 }

Tests/Integration/MSFT_xBLTpm.Integration.tests.ps1

@@ -73,11 +73,6 @@ try
             }
 
             It 'Should have set the resource and all the parameters should match' {
-                $resourceCurrentState = $script:currentConfiguration | Where-Object -FilterScript {
-                    $_.ConfigurationName -eq $configurationName `
-                    -and $_.ResourceId -eq "[$($script:dscResourceFriendlyName)]Integration_Test"
-                }
-
                 (Get-Tpm).TpmReady | Should -Be $true
             }
 

Tests/TestHelpers/xBitlockerTestHelper.psm1

@@ -42,3 +42,29 @@ function Test-HasPresentTpm
 
     return $hasReadyTpm
 }
+
+<#
+    .SYNOPSIS
+        Disables BitLocker on a test drive, if Enabled
+
+    .PARAMETER MountPoint
+        The MountPoint to disable BitLocker on
+#>
+function Disable-BitLockerOnTestDrive
+{
+    [CmdletBinding()]
+    param
+    (
+        [Parameter(Mandatory = $true)]
+        [ValidateNotNullorEmpty()]
+        [System.String]
+        $MountPoint
+    )
+
+    $blv = Get-BitLockerVolume -MountPoint $MountPoint
+
+    if ($blv.KeyProtector.Count -gt 0 -or $blv.ProtectionStatus -ne 'Off')
+    {
+        Disable-BitLocker -MountPoint $blv
+    }
+}