From 07b9d4d69f617d336e4c0f7118503c5dbc37df5e Mon Sep 17 00:00:00 2001 From: Luis Gizirian Date: Wed, 30 May 2018 18:08:54 -0300 Subject: [PATCH 01/17] Initial proposal - ready for testing --- .../MSFT_xWaitForBLEncryption.psm1 | 91 +++++++++++++++++++ xBitlocker.psd1 | 5 +- 2 files changed, 95 insertions(+), 1 deletion(-) create mode 100644 DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 diff --git a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 new file mode 100644 index 0000000..cae59b5 --- /dev/null +++ b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 @@ -0,0 +1,91 @@ +[DscResource()] +class WaitForBLEncryption { + + [DscProperty(Key, Mandatory)] + [string] $LogicalUnit + + [UInt64]$RetryIntervalSec = 60 + + [UInt32]$RetryCount = 30 + + [DscProperty(NotConfigurable)] + [string] $LogicalUnitState + + <# + This method is equivalent of the Set-TargetResource script function. + It sets the resource to the desired state. + #> + [void] Set() + { + $encrypted = $this.TestStatus($this.LogicalUnit) + + if (-not $encrypted) + { + for($count = 0; $count -lt $this.RetryCount; $count++) + { + if ($this.IsFullyEncrypted($this.LogicalUnit)) + { + break + } + else { + Start-Sleep $this.RetryIntervalSec + } + } + } + } + + [bool] Test() + { + return $this.TestStatus($this.LogicalUnit) + } + + [WaitForBLEncryption] Get() + { + $present = $this.TestStatus($this.LogicalUnit) + + if ($present) + { + $this.LogicalUnitState = "FullyEncrypted" + } + else + { + $this.LogicalUnitState = "Encrypting" + } + + return $this + } + + <# + Helper method to check if the file exists and it is file + #> + [bool] TestStatus([string] $Unit) + { + $encrypted = $true + + $status = Get-BitLockerVolume -MountPoint "$($Unit):" + + if (($status.PSProvider.ProtectionStatus -eq "On") -and ($status.PSProvider.EncryptionPercentage -ne 100)) + { + $encrypted = $false + } + elseif ($status -eq $null) + { + throw "Unit $($Unit) is not a logical drive." + } + + return $encrypted + } + + [bool] IsFullyEncrypted([string]$unit) + { + $status = Get-BitLockerVolume -MountPoint "$($unit):" + + if ($status.PSProvider.EncryptionPercentage -eq 100) + { + return $true + } + + return $false + } + +} diff --git a/xBitlocker.psd1 b/xBitlocker.psd1 index a2aeb8f..cf12398 100644 --- a/xBitlocker.psd1 +++ b/xBitlocker.psd1 @@ -24,7 +24,7 @@ Copyright = '(c) 2018 Microsoft Corporation. All rights reserved.' Description = 'This DSC Module allows you to configure Bitlocker on a single disk, configure a TPM chip, or automatically enable Bitlocker on multiple disks.' # Minimum version of the Windows PowerShell engine required by this module -PowerShellVersion = '4.0' +PowerShellVersion = '5.0' # Name of the Windows PowerShell host required by this module # PowerShellHostName = '' @@ -71,6 +71,9 @@ VariablesToExport = '*' # Aliases to export from this module AliasesToExport = '*' +# DSC Resources to export from this module +DscResourcesToExport = '*' + # List of all modules packaged with this module # ModuleList = @() From 9a8dc79765d4c2f4e1917332377f202f0dc42be9 Mon Sep 17 00:00:00 2001 From: Luis Gizirian Date: Thu, 31 May 2018 18:09:19 -0300 Subject: [PATCH 02/17] Fix: explicitly naming new resource for DscResourcesToExport --- xBitlocker.psd1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xBitlocker.psd1 b/xBitlocker.psd1 index cf12398..038de3b 100644 --- a/xBitlocker.psd1 +++ b/xBitlocker.psd1 @@ -72,7 +72,7 @@ VariablesToExport = '*' AliasesToExport = '*' # DSC Resources to export from this module -DscResourcesToExport = '*' +DscResourcesToExport = 'WaitForBLEncryption' # List of all modules packaged with this module # ModuleList = @() From 3b9ef4c9c9dde80d06d2909937bac122604d0275 Mon Sep 17 00:00:00 2001 From: Luis Gizirian Date: Thu, 31 May 2018 18:24:42 -0300 Subject: [PATCH 03/17] Trying to make xWaitFor... export to work. --- .../MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 | 4 ++-- README.md | 4 ++-- xBitlocker.psd1 | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 index cae59b5..1031414 100644 --- a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 +++ b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 @@ -1,5 +1,5 @@ [DscResource()] -class WaitForBLEncryption { +class xWaitForBLEncryption { [DscProperty(Key, Mandatory)] [string] $LogicalUnit @@ -39,7 +39,7 @@ class WaitForBLEncryption { return $this.TestStatus($this.LogicalUnit) } - [WaitForBLEncryption] Get() + [xWaitForBLEncryption] Get() { $present = $this.TestStatus($this.LogicalUnit) diff --git a/README.md b/README.md index d413ba2..b7f4480 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # xBitlocker The **xBitlocker** module is a part of the Windows PowerShell Desired State Configuration (DSC) Resource Kit, which is a collection of DSC Resources produced by the PowerShell Team. -This module contains the **xBLAutoBitlocker, xBLBitlocker, xBLTpm** resources. +This module contains the **xBLAutoBitlocker, xBLBitlocker, xBLTpm, xWaitForBLEncryption** resources. This DSC Module allows you to configure Bitlocker on a single disk, configure a TPM chip, or automatically enable Bitlocker on multiple disks. This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). @@ -38,7 +38,7 @@ To install **xBitlocker** module To confirm installation: -* Run **Get-DSCResource** to see that **xBLAutoBitlocker, xBLBitlocker, xBLTpm** are among the DSC Resources listed +* Run **Get-DSCResource** to see that **xBLAutoBitlocker, xBLBitlocker, xBLTpm, xWaitForBLEncryption** are among the DSC Resources listed ## Requirements diff --git a/xBitlocker.psd1 b/xBitlocker.psd1 index 038de3b..caef77a 100644 --- a/xBitlocker.psd1 +++ b/xBitlocker.psd1 @@ -72,7 +72,7 @@ VariablesToExport = '*' AliasesToExport = '*' # DSC Resources to export from this module -DscResourcesToExport = 'WaitForBLEncryption' +DscResourcesToExport = 'xWaitForBLEncryption' # List of all modules packaged with this module # ModuleList = @() From 7d971cc4a3372ca8a067b009eb744007eeb7f4b3 Mon Sep 17 00:00:00 2001 From: Luis Gizirian Date: Thu, 31 May 2018 18:33:01 -0300 Subject: [PATCH 04/17] Still trying previous to work. --- .../MSFT_xWaitForBLEncryption.psm1 | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename DSCResources/{MSFT_xWaitForBLEncryption => }/MSFT_xWaitForBLEncryption.psm1 (100%) diff --git a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 b/DSCResources/MSFT_xWaitForBLEncryption.psm1 similarity index 100% rename from DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 rename to DSCResources/MSFT_xWaitForBLEncryption.psm1 From ea780a79e98b24ae1ddc1253d982ca181788c5ae Mon Sep 17 00:00:00 2001 From: Luis Gizirian Date: Thu, 31 May 2018 18:39:33 -0300 Subject: [PATCH 05/17] DSCResources structural folder not required for PS Classes --- ...FT_xWaitForBLEncryption.psm1 => MSFT_xWaitForBLEncryption.psm1 | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename DSCResources/MSFT_xWaitForBLEncryption.psm1 => MSFT_xWaitForBLEncryption.psm1 (100%) diff --git a/DSCResources/MSFT_xWaitForBLEncryption.psm1 b/MSFT_xWaitForBLEncryption.psm1 similarity index 100% rename from DSCResources/MSFT_xWaitForBLEncryption.psm1 rename to MSFT_xWaitForBLEncryption.psm1 From 58681545d1134040361dfa8dc8912a7dd53aa801 Mon Sep 17 00:00:00 2001 From: Luis Gizirian Date: Thu, 31 May 2018 20:28:05 -0300 Subject: [PATCH 06/17] Abandonesd Class-based for MOF-based. Restored PS 4 prereq. --- .../MSFT_xWaitForBLEncryption.psm1 | 126 ++++++++++++++++++ .../MSFT_xWaitForBLEncryption.schema.mof | 8 ++ MSFT_xWaitForBLEncryption.psm1 | 91 ------------- xBitlocker.psd1 | 5 +- 4 files changed, 135 insertions(+), 95 deletions(-) create mode 100644 DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 create mode 100644 DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.schema.mof delete mode 100644 MSFT_xWaitForBLEncryption.psm1 diff --git a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 new file mode 100644 index 0000000..1630863 --- /dev/null +++ b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 @@ -0,0 +1,126 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [parameter(Mandatory = $true)] + [System.String] + $Identity + ) + + #Load helper module + Import-Module "$((Get-Item -LiteralPath "$($PSScriptRoot)").Parent.Parent.FullName)\Misc\xBitlockerCommon.psm1" -Verbose:0 + + CheckForPreReqs + + $status = Get-BitLockerVolume + + if ($status -ne $null) + { + $returnValue = @{ + Identity = $Identity + } + } + + $returnValue +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [parameter(Mandatory = $true)] + [System.String] + $Identity, + + [parameter(Mandatory = $true)] + [System.String] + $LogicalUnit, + + [System.UInt32] + $RetryIntervalSec = 60, + + [System.UInt32] + $RetryCount = 30 + ) + + #Load helper module + Import-Module "$((Get-Item -LiteralPath "$($PSScriptRoot)").Parent.Parent.FullName)\Misc\xBitlockerCommon.psm1" -Verbose:0 + + CheckForPreReqs + + $PSBoundParameters.Remove("Identity") | Out-Null + + $encrypted = TestStatus($LogicalUnit) + + if (-not $encrypted) + { + for($count = 0; $count -lt $RetryCount; $count++) + { + if (IsFullyEncrypted($LogicalUnit)) + { + break + } + else { + Start-Sleep $RetryIntervalSec + } + } + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [parameter(Mandatory = $true)] + [System.String] + $Identity, + + [parameter(Mandatory = $true)] + [System.String] + $LogicalUnit + ) + + #Load helper module + Import-Module "$((Get-Item -LiteralPath "$($PSScriptRoot)").Parent.Parent.FullName)\Misc\xBitlockerCommon.psm1" -Verbose:0 + + CheckForPreReqs + + return TestStatus($LogicalUnit) +} + +function TestStatus([string] $Unit) +{ + $encrypted = $true + + $status = Get-BitLockerVolume -MountPoint "$($Unit):" + + if (($status.ProtectionStatus -eq "On") -and ($status.EncryptionPercentage -ne 100)) + { + $encrypted = $false + } + elseif ($status -eq $null) + { + throw "Unit $($Unit) is not a logical drive." + } + + return $encrypted +} + +function IsFullyEncrypted([string]$unit) +{ + $status = Get-BitLockerVolume -MountPoint "$($unit):" + + if ($status.EncryptionPercentage -eq 100) + { + return $true + } + + return $false +} + +Export-ModuleMember -Function *-TargetResource diff --git a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.schema.mof b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.schema.mof new file mode 100644 index 0000000..5d2dfb5 --- /dev/null +++ b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.schema.mof @@ -0,0 +1,8 @@ +[ClassVersion("1.0.0.0"), FriendlyName("xWaitForBLEncryption")] +class MSFT_xWaitForBLEncryption : OMI_BaseResource +{ + [Key] String Identity; //Not actually used, so could be anything + [Write] String LogicalUnit; + [Write] UInt32 RetryIntervalSeconds; + [Write] UInt32 RetryCount; +}; diff --git a/MSFT_xWaitForBLEncryption.psm1 b/MSFT_xWaitForBLEncryption.psm1 deleted file mode 100644 index 1031414..0000000 --- a/MSFT_xWaitForBLEncryption.psm1 +++ /dev/null @@ -1,91 +0,0 @@ -[DscResource()] -class xWaitForBLEncryption { - - [DscProperty(Key, Mandatory)] - [string] $LogicalUnit - - [UInt64]$RetryIntervalSec = 60 - - [UInt32]$RetryCount = 30 - - [DscProperty(NotConfigurable)] - [string] $LogicalUnitState - - <# - This method is equivalent of the Set-TargetResource script function. - It sets the resource to the desired state. - #> - [void] Set() - { - $encrypted = $this.TestStatus($this.LogicalUnit) - - if (-not $encrypted) - { - for($count = 0; $count -lt $this.RetryCount; $count++) - { - if ($this.IsFullyEncrypted($this.LogicalUnit)) - { - break - } - else { - Start-Sleep $this.RetryIntervalSec - } - } - } - } - - [bool] Test() - { - return $this.TestStatus($this.LogicalUnit) - } - - [xWaitForBLEncryption] Get() - { - $present = $this.TestStatus($this.LogicalUnit) - - if ($present) - { - $this.LogicalUnitState = "FullyEncrypted" - } - else - { - $this.LogicalUnitState = "Encrypting" - } - - return $this - } - - <# - Helper method to check if the file exists and it is file - #> - [bool] TestStatus([string] $Unit) - { - $encrypted = $true - - $status = Get-BitLockerVolume -MountPoint "$($Unit):" - - if (($status.PSProvider.ProtectionStatus -eq "On") -and ($status.PSProvider.EncryptionPercentage -ne 100)) - { - $encrypted = $false - } - elseif ($status -eq $null) - { - throw "Unit $($Unit) is not a logical drive." - } - - return $encrypted - } - - [bool] IsFullyEncrypted([string]$unit) - { - $status = Get-BitLockerVolume -MountPoint "$($unit):" - - if ($status.PSProvider.EncryptionPercentage -eq 100) - { - return $true - } - - return $false - } - -} diff --git a/xBitlocker.psd1 b/xBitlocker.psd1 index caef77a..a2aeb8f 100644 --- a/xBitlocker.psd1 +++ b/xBitlocker.psd1 @@ -24,7 +24,7 @@ Copyright = '(c) 2018 Microsoft Corporation. All rights reserved.' Description = 'This DSC Module allows you to configure Bitlocker on a single disk, configure a TPM chip, or automatically enable Bitlocker on multiple disks.' # Minimum version of the Windows PowerShell engine required by this module -PowerShellVersion = '5.0' +PowerShellVersion = '4.0' # Name of the Windows PowerShell host required by this module # PowerShellHostName = '' @@ -71,9 +71,6 @@ VariablesToExport = '*' # Aliases to export from this module AliasesToExport = '*' -# DSC Resources to export from this module -DscResourcesToExport = 'xWaitForBLEncryption' - # List of all modules packaged with this module # ModuleList = @() From 185b38c2460fd7800a6ca1381930df9f7c02966a Mon Sep 17 00:00:00 2001 From: Luis Gizirian Date: Fri, 1 Jun 2018 18:47:05 -0300 Subject: [PATCH 07/17] Remove unnecesary parameter. Key role passed to LogicalUnit --- .../MSFT_xWaitForBLEncryption.psm1 | 15 ++------------- .../MSFT_xWaitForBLEncryption.schema.mof | 3 +-- 2 files changed, 3 insertions(+), 15 deletions(-) diff --git a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 index 1630863..3619f49 100644 --- a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 +++ b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 @@ -4,9 +4,6 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [parameter(Mandatory = $true)] - [System.String] - $Identity ) #Load helper module @@ -19,7 +16,7 @@ function Get-TargetResource if ($status -ne $null) { $returnValue = @{ - Identity = $Identity + Status = $status.ProtectionStatus } } @@ -31,10 +28,6 @@ function Set-TargetResource [CmdletBinding()] param ( - [parameter(Mandatory = $true)] - [System.String] - $Identity, - [parameter(Mandatory = $true)] [System.String] $LogicalUnit, @@ -51,7 +44,7 @@ function Set-TargetResource CheckForPreReqs - $PSBoundParameters.Remove("Identity") | Out-Null + #$PSBoundParameters.Remove("Identity") | Out-Null $encrypted = TestStatus($LogicalUnit) @@ -76,10 +69,6 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [parameter(Mandatory = $true)] - [System.String] - $Identity, - [parameter(Mandatory = $true)] [System.String] $LogicalUnit diff --git a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.schema.mof b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.schema.mof index 5d2dfb5..d70d8ea 100644 --- a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.schema.mof +++ b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.schema.mof @@ -1,8 +1,7 @@ [ClassVersion("1.0.0.0"), FriendlyName("xWaitForBLEncryption")] class MSFT_xWaitForBLEncryption : OMI_BaseResource { - [Key] String Identity; //Not actually used, so could be anything - [Write] String LogicalUnit; + [Key, Description("Drive letter")] String LogicalUnit; [Write] UInt32 RetryIntervalSeconds; [Write] UInt32 RetryCount; }; From 8baeab3752b07af9f2afe3b41860c33eba4a1f99 Mon Sep 17 00:00:00 2001 From: Luis Gizirian Date: Mon, 4 Jun 2018 19:40:03 -0300 Subject: [PATCH 08/17] Test-Iteration #1 - Get-Resource params according to MOF --- .../MSFT_xWaitForBLEncryption.psm1 | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 index 3619f49..6a5b512 100644 --- a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 +++ b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 @@ -4,6 +4,15 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( + [parameter(Mandatory = $true)] + [System.String] + $LogicalUnit, + + [System.UInt32] + $RetryIntervalSec = 60, + + [System.UInt32] + $RetryCount = 30 ) #Load helper module From 22217cc8ddb0adb7461cce557fda41a81d2d101e Mon Sep 17 00:00:00 2001 From: Luis Gizirian Date: Mon, 4 Jun 2018 19:44:15 -0300 Subject: [PATCH 09/17] Test-Iteration # 2 - idem previous but for Test-Resource --- .../MSFT_xWaitForBLEncryption.psm1 | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 index 6a5b512..268efed 100644 --- a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 +++ b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 @@ -80,7 +80,13 @@ function Test-TargetResource ( [parameter(Mandatory = $true)] [System.String] - $LogicalUnit + $LogicalUnit, + + [System.UInt32] + $RetryIntervalSec = 60, + + [System.UInt32] + $RetryCount = 30 ) #Load helper module From 278b22b0e3c8c761b74301341a14f99216f0ed65 Mon Sep 17 00:00:00 2001 From: Luis Gizirian Date: Mon, 4 Jun 2018 21:21:38 -0300 Subject: [PATCH 10/17] Test-Iteration # 3 - Naming issues --- .../MSFT_xWaitForBLEncryption.psm1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 index 268efed..8e6e04a 100644 --- a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 +++ b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 @@ -9,7 +9,7 @@ function Get-TargetResource $LogicalUnit, [System.UInt32] - $RetryIntervalSec = 60, + $RetryIntervalSeconds = 60, [System.UInt32] $RetryCount = 30 @@ -42,7 +42,7 @@ function Set-TargetResource $LogicalUnit, [System.UInt32] - $RetryIntervalSec = 60, + $RetryIntervalSeconds = 60, [System.UInt32] $RetryCount = 30 @@ -66,7 +66,7 @@ function Set-TargetResource break } else { - Start-Sleep $RetryIntervalSec + Start-Sleep $RetryIntervalSeconds } } } @@ -83,7 +83,7 @@ function Test-TargetResource $LogicalUnit, [System.UInt32] - $RetryIntervalSec = 60, + $RetryIntervalSeconds = 60, [System.UInt32] $RetryCount = 30 From 78cc232f42e018f4f1c5b3762ae55bc66cbc6312 Mon Sep 17 00:00:00 2001 From: Luis Gizirian Date: Tue, 5 Jun 2018 17:21:24 -0300 Subject: [PATCH 11/17] MountPoint for LogicalUnit to play well with other resources. --- .../MSFT_xWaitForBLEncryption.psm1 | 14 +++++++------- .../MSFT_xWaitForBLEncryption.schema.mof | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 index 8e6e04a..7533e13 100644 --- a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 +++ b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 @@ -6,7 +6,7 @@ function Get-TargetResource ( [parameter(Mandatory = $true)] [System.String] - $LogicalUnit, + $MountPoint, [System.UInt32] $RetryIntervalSeconds = 60, @@ -39,7 +39,7 @@ function Set-TargetResource ( [parameter(Mandatory = $true)] [System.String] - $LogicalUnit, + $MountPoint, [System.UInt32] $RetryIntervalSeconds = 60, @@ -55,13 +55,13 @@ function Set-TargetResource #$PSBoundParameters.Remove("Identity") | Out-Null - $encrypted = TestStatus($LogicalUnit) + $encrypted = TestStatus($MountPoint) if (-not $encrypted) { for($count = 0; $count -lt $RetryCount; $count++) { - if (IsFullyEncrypted($LogicalUnit)) + if (IsFullyEncrypted($MountPoint)) { break } @@ -80,7 +80,7 @@ function Test-TargetResource ( [parameter(Mandatory = $true)] [System.String] - $LogicalUnit, + $MountPoint, [System.UInt32] $RetryIntervalSeconds = 60, @@ -94,14 +94,14 @@ function Test-TargetResource CheckForPreReqs - return TestStatus($LogicalUnit) + return TestStatus($MountPoint) } function TestStatus([string] $Unit) { $encrypted = $true - $status = Get-BitLockerVolume -MountPoint "$($Unit):" + $status = Get-BitLockerVolume -MountPoint $Unit if (($status.ProtectionStatus -eq "On") -and ($status.EncryptionPercentage -ne 100)) { diff --git a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.schema.mof b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.schema.mof index d70d8ea..047aae4 100644 --- a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.schema.mof +++ b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.schema.mof @@ -1,7 +1,7 @@ [ClassVersion("1.0.0.0"), FriendlyName("xWaitForBLEncryption")] class MSFT_xWaitForBLEncryption : OMI_BaseResource { - [Key, Description("Drive letter")] String LogicalUnit; + [Key, Description("Drive letter")] String MountPoint; [Write] UInt32 RetryIntervalSeconds; [Write] UInt32 RetryCount; }; From 8552a6e27bf6ca6e6d64eab71e400fc9c318a6de Mon Sep 17 00:00:00 2001 From: Luis Gizirian Date: Tue, 5 Jun 2018 18:01:49 -0300 Subject: [PATCH 12/17] Normalization to min --- .../MSFT_xWaitForBLEncryption.psm1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 index 7533e13..16088fd 100644 --- a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 +++ b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 @@ -97,11 +97,11 @@ function Test-TargetResource return TestStatus($MountPoint) } -function TestStatus([string] $Unit) +function TestStatus([string] $unit) { $encrypted = $true - $status = Get-BitLockerVolume -MountPoint $Unit + $status = Get-BitLockerVolume -MountPoint $unit if (($status.ProtectionStatus -eq "On") -and ($status.EncryptionPercentage -ne 100)) { @@ -109,7 +109,7 @@ function TestStatus([string] $Unit) } elseif ($status -eq $null) { - throw "Unit $($Unit) is not a logical drive." + throw "Unit $($unit) is not a logical drive." } return $encrypted @@ -117,7 +117,7 @@ function TestStatus([string] $Unit) function IsFullyEncrypted([string]$unit) { - $status = Get-BitLockerVolume -MountPoint "$($unit):" + $status = Get-BitLockerVolume -MountPoint $unit if ($status.EncryptionPercentage -eq 100) { From 4087c1c13deebbafff1d9bbf0dd04f6ca7e93187 Mon Sep 17 00:00:00 2001 From: Luis Gizirian Date: Thu, 7 Jun 2018 13:58:14 -0300 Subject: [PATCH 13/17] TestStatus checke just on the EncryptionPercentage as a wait condition --- .../MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 index 16088fd..2f3d21f 100644 --- a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 +++ b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 @@ -103,7 +103,7 @@ function TestStatus([string] $unit) $status = Get-BitLockerVolume -MountPoint $unit - if (($status.ProtectionStatus -eq "On") -and ($status.EncryptionPercentage -ne 100)) + if ($status.EncryptionPercentage -ne 100) { $encrypted = $false } From e1ca86cb4f3c07f0e65aeff9586a094435574f57 Mon Sep 17 00:00:00 2001 From: Luis Gizirian Date: Fri, 8 Jun 2018 17:11:28 -0300 Subject: [PATCH 14/17] Some coverage for xWaitForBLEncryption. --- Test/Test-xBitlocker.ps1 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Test/Test-xBitlocker.ps1 b/Test/Test-xBitlocker.ps1 index 7611fd9..9dadbb8 100644 --- a/Test/Test-xBitlocker.ps1 +++ b/Test/Test-xBitlocker.ps1 @@ -93,6 +93,10 @@ $blParams9 = @{ UsedSpaceOnly = $true } +$blParams10 = @{ + MountPoint = 'C:' +} + $autoBlParams1 = @{ DriveType = "Fixed" MinDiskCapacityGB = 20 @@ -190,6 +194,7 @@ function RunTests RunTest -TestName "TestBitlocker7" -ModulesToImport "MSFT_xBLBitlocker" -Parameters $blParams7 RunTest -TestName "TestBitlocker8" -ModulesToImport "MSFT_xBLBitlocker" -Parameters $blParams8 RunTest -TestName "TestBitlocker9" -ModulesToImport "MSFT_xBLBitlocker" -Parameters $blParams9 + RunTest -TestName "TestWaitFor" -ModulesToImport "MSFT_xWaitForBLEncryption" -Parameters $blParams10 } if ("TestAutoBitlocker" -like $Filter) From 20d789502847304fd62fb7ab0ef0295d87fd36cf Mon Sep 17 00:00:00 2001 From: Luis Gizirian Date: Fri, 8 Jun 2018 17:40:08 -0300 Subject: [PATCH 15/17] rename params at unit test for clarity --- Test/Test-xBitlocker.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Test/Test-xBitlocker.ps1 b/Test/Test-xBitlocker.ps1 index 9dadbb8..df71fc2 100644 --- a/Test/Test-xBitlocker.ps1 +++ b/Test/Test-xBitlocker.ps1 @@ -93,7 +93,7 @@ $blParams9 = @{ UsedSpaceOnly = $true } -$blParams10 = @{ +$waitForBLEParams1 = @{ MountPoint = 'C:' } @@ -194,7 +194,7 @@ function RunTests RunTest -TestName "TestBitlocker7" -ModulesToImport "MSFT_xBLBitlocker" -Parameters $blParams7 RunTest -TestName "TestBitlocker8" -ModulesToImport "MSFT_xBLBitlocker" -Parameters $blParams8 RunTest -TestName "TestBitlocker9" -ModulesToImport "MSFT_xBLBitlocker" -Parameters $blParams9 - RunTest -TestName "TestWaitFor" -ModulesToImport "MSFT_xWaitForBLEncryption" -Parameters $blParams10 + RunTest -TestName "TestWaitFor" -ModulesToImport "MSFT_xWaitForBLEncryption" -Parameters $waitForBLEParams1 } if ("TestAutoBitlocker" -like $Filter) From b74e9ff461a3c7490e31bb4b036d54d402dfc1e3 Mon Sep 17 00:00:00 2001 From: Luis Gizirian Date: Mon, 11 Jun 2018 17:16:34 -0300 Subject: [PATCH 16/17] Post review fixes. --- .../MSFT_xWaitForBLEncryption.psm1 | 56 +++++++++++++------ .../MSFT_xWaitForBLEncryption.schema.mof | 6 +- README.md | 8 +++ Test/Test-xBitlocker.ps1 | 14 +++++ 4 files changed, 65 insertions(+), 19 deletions(-) diff --git a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 index 2f3d21f..92f87bf 100644 --- a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 +++ b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 @@ -1,31 +1,48 @@ +<# +.SYNOPSIS + Resource that waits for a drive to get encrypted before proceeding. Follows the Wait-For pattern. +.DESCRIPTION +.NOTES +#> + function Get-TargetResource { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] param ( - [parameter(Mandatory = $true)] + [Parameter(Mandatory = $true)] [System.String] $MountPoint, + [Parameter()] [System.UInt32] $RetryIntervalSeconds = 60, + [Parameter()] [System.UInt32] $RetryCount = 30 ) - #Load helper module + # Load helper module Import-Module "$((Get-Item -LiteralPath "$($PSScriptRoot)").Parent.Parent.FullName)\Misc\xBitlockerCommon.psm1" -Verbose:0 CheckForPreReqs - $status = Get-BitLockerVolume + $status = Get-BitLockerVolume -MountPoint $MountPoint if ($status -ne $null) { $returnValue = @{ - Status = $status.ProtectionStatus + Write-Verbose "Status for drive available." + Status = "$($MountPoint) drive ProtectionStatus is $($status.ProtectionStatus)." + } + } + else + { + $returnValue = @{ + Write-Verbose "Status for drive unavailable." + Status = "No information could be retrieved for specified drive." } } @@ -37,35 +54,39 @@ function Set-TargetResource [CmdletBinding()] param ( - [parameter(Mandatory = $true)] + [Parameter(Mandatory = $true)] [System.String] $MountPoint, + [Parameter()] [System.UInt32] $RetryIntervalSeconds = 60, + [Parameter()] [System.UInt32] $RetryCount = 30 ) - #Load helper module + # Load helper module Import-Module "$((Get-Item -LiteralPath "$($PSScriptRoot)").Parent.Parent.FullName)\Misc\xBitlockerCommon.psm1" -Verbose:0 CheckForPreReqs - #$PSBoundParameters.Remove("Identity") | Out-Null - - $encrypted = TestStatus($MountPoint) + $encrypted = Test-Status($MountPoint) if (-not $encrypted) { + Write-Verbose "Not yet fully encrypted. About to start waiting loop." for($count = 0; $count -lt $RetryCount; $count++) { - if (IsFullyEncrypted($MountPoint)) + if (IsFully-Encrypted($MountPoint)) { + Write-Verbose "Drive encryption complete. Exiting." break } - else { + else + { + Write-Verbose "Still encrypting..." Start-Sleep $RetryIntervalSeconds } } @@ -78,26 +99,29 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [parameter(Mandatory = $true)] + [Parameter(Mandatory = $true)] [System.String] $MountPoint, + [Parameter()] [System.UInt32] $RetryIntervalSeconds = 60, + [Parameter()] [System.UInt32] $RetryCount = 30 ) - #Load helper module + # Load helper module Import-Module "$((Get-Item -LiteralPath "$($PSScriptRoot)").Parent.Parent.FullName)\Misc\xBitlockerCommon.psm1" -Verbose:0 CheckForPreReqs - return TestStatus($MountPoint) + Write-Verbose "About to check the status for drive." + return Test-Status($MountPoint) } -function TestStatus([string] $unit) +function Test-Status([Parameter()][string] $unit) { $encrypted = $true @@ -115,7 +139,7 @@ function TestStatus([string] $unit) return $encrypted } -function IsFullyEncrypted([string]$unit) +function IsFully-Encrypted([Parameter()][string]$unit) { $status = Get-BitLockerVolume -MountPoint $unit diff --git a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.schema.mof b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.schema.mof index 047aae4..d7c0ee4 100644 --- a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.schema.mof +++ b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.schema.mof @@ -1,7 +1,7 @@ [ClassVersion("1.0.0.0"), FriendlyName("xWaitForBLEncryption")] class MSFT_xWaitForBLEncryption : OMI_BaseResource { - [Key, Description("Drive letter")] String MountPoint; - [Write] UInt32 RetryIntervalSeconds; - [Write] UInt32 RetryCount; + [Key, Description("Drive letter to be checked for Encryption status and completeness")] String MountPoint; + [Write, Description("Indicates seconds to wait before checking back")] UInt32 RetryIntervalSeconds; + [Write, Description("Indicates how many times should retry before giving up")] UInt32 RetryCount; }; diff --git a/README.md b/README.md index b7f4480..a8f7826 100644 --- a/README.md +++ b/README.md @@ -117,6 +117,14 @@ Defaults to false. * AllowImmediateReboot:Whether the computer can rebooted immediately after initializing the TPM +**xWaitForBLEncryption** adds the ability to wait for a unit to get fully encrypted. This allow you to +make sure a full encryption happened before (depending on) going down the road on you DSC script. +**xWaitForBLEncryption** has the following properties. + +* *MountPoint:Drive letter to be checked for Encryption status and completeness. +* RetryIntervalSeconds:Indicates seconds to wait before checking back. Defaults to 60. +* RetryCount:Indicates how many times should retry before giving up. Defaults to 30. + ## Versions ### Unreleased diff --git a/Test/Test-xBitlocker.ps1 b/Test/Test-xBitlocker.ps1 index df71fc2..603f226 100644 --- a/Test/Test-xBitlocker.ps1 +++ b/Test/Test-xBitlocker.ps1 @@ -97,6 +97,18 @@ $waitForBLEParams1 = @{ MountPoint = 'C:' } +$waitForBLEParams2 = @{ + MountPoint = 'C:' + RetryIntervalSeconds = 20 + RetryCount = 20 +} + +$waitForBLEParams3 = @{ + MountPoint = 'C:' + RetryIntervalSeconds = 30 + RetryCount = 30 +} + $autoBlParams1 = @{ DriveType = "Fixed" MinDiskCapacityGB = 20 @@ -195,6 +207,8 @@ function RunTests RunTest -TestName "TestBitlocker8" -ModulesToImport "MSFT_xBLBitlocker" -Parameters $blParams8 RunTest -TestName "TestBitlocker9" -ModulesToImport "MSFT_xBLBitlocker" -Parameters $blParams9 RunTest -TestName "TestWaitFor" -ModulesToImport "MSFT_xWaitForBLEncryption" -Parameters $waitForBLEParams1 + RunTest -TestName "TestWaitFor" -ModulesToImport "MSFT_xWaitForBLEncryption" -Parameters $waitForBLEParams2 + RunTest -TestName "TestWaitFor" -ModulesToImport "MSFT_xWaitForBLEncryption" -Parameters $waitForBLEParams3 } if ("TestAutoBitlocker" -like $Filter) From f05e2ed683ae0ff9d51a600bcbbc6ee441183b69 Mon Sep 17 00:00:00 2001 From: Luis Gizirian Date: Mon, 11 Jun 2018 17:39:57 -0300 Subject: [PATCH 17/17] Fix. Broken return value. --- .../MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 index 92f87bf..3aa12cd 100644 --- a/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 +++ b/DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1 @@ -33,15 +33,15 @@ function Get-TargetResource if ($status -ne $null) { + Write-Verbose "Status for drive available." $returnValue = @{ - Write-Verbose "Status for drive available." Status = "$($MountPoint) drive ProtectionStatus is $($status.ProtectionStatus)." } } else { + Write-Verbose "Status for drive unavailable." $returnValue = @{ - Write-Verbose "Status for drive unavailable." Status = "No information could be retrieved for specified drive." } }