NewResourceName: AdcsAiaExtension. A feature to add/remove AIA URI extensions - New Resource Issue #78.

ActiveDirectoryCSDsc.psd1

@@ -41,7 +41,8 @@
         'AdcsEnrollmentPolicyWebService',
         'AdcsOnlineResponder',
         'AdcsWebEnrollment',
-        'AdcsOcspExtension'
+        'AdcsOcspExtension',
+        'AdcsAiaExtension'
         )
 
     # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
@@ -62,7 +63,8 @@
             # IconUri = ''
 
             # ReleaseNotes of this module
-        ReleaseNotes = '- Added "DscResourcesToExport" to manifest to improve information in
+        ReleaseNotes = '- Added new resource AdcsAiaExtension - see [Issue 78](https://github.com/PowerShell/ActiveDirectoryCSDsc/issues/78).
+- Added "DscResourcesToExport" to manifest to improve information in
   PowerShell Gallery - fixes [Issue 68](https://github.com/PowerShell/ActiveDirectoryCSDsc/issues/68).
 - Removed unused CAType variables and references in AdcsOnlineResponder - fixes
   [issue 52](https://github.com/PowerShell/ActiveDirectoryCSDsc/issues/52).
@@ -84,4 +86,3 @@
         } # End of PSData hashtable
     } # End of PrivateData hashtable
 }
-

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ## Unreleased
 
+- Added new resource AdcsAiaExtension - see [Issue #78](https://github.com/PowerShell/ActiveDirectoryCSDsc/issues/78).
 - Remove reference to StorageDsc in README.md - fixes [Issue #76](https://github.com/PowerShell/ActiveDirectoryCSDsc/issues/76).
 
 ## 3.2.0.0

DSCResources/MSFT_AdcsAiaExtension/MSFT_AdcsAiaExtension.psm1

@@ -0,0 +1,254 @@
+$modulePath = Join-Path -Path (Split-Path -Path (Split-Path -Path $PSScriptRoot -Parent) -Parent) -ChildPath 'Modules'
+
+# Import the ADCS Deployment Resource Common Module.
+Import-Module -Name (Join-Path -Path $modulePath `
+        -ChildPath (Join-Path -Path 'ActiveDirectoryCSDsc.CommonHelper' `
+            -ChildPath 'ActiveDirectoryCSDsc.CommonHelper.psm1'))
+
+# Import the ADCS Deployment Resource Helper Module.
+Import-Module -Name (Join-Path -Path $modulePath `
+        -ChildPath (Join-Path -Path 'ActiveDirectoryCSDsc.ResourceHelper' `
+            -ChildPath 'ActiveDirectoryCSDsc.ResourceHelper.psm1'))
+
+# Import Localization Strings.
+$LocalizedData = Get-LocalizedData `
+    -ResourceName 'MSFT_AdcsAiaExtension' `
+    -ResourcePath (Split-Path -Parent $script:MyInvocation.MyCommand.Path)
+
+<#
+    .SYNOPSIS
+        Gets the current certification authority AddToCertificateAia (boolean) and Uniform Resource Identifiers (URI)
+        settings.
+
+    .PARAMETER IsSingleInstance
+        Specifies the resource is a single instance, the value must be 'Yes'.
+
+    .PARAMETER AiaUriPath
+        Specifies the URI location where issuer of certificate is located.
+
+    .PARAMETER RestartService
+        Specifies if the service should be restarted.
+
+    .PARAMETER Ensure
+        Ensures that the Authority Information Access (AIA) Uniform Resource Identifiers (URI) is Present or Absent.
+#>
+function Get-TargetResource
+{
+    [CmdletBinding()]
+    [OutputType([System.Collections.Hashtable])]
+    param
+    (
+        [Parameter(Mandatory = $true)]
+        [ValidateSet('Yes')]
+        [System.String]
+        $IsSingleInstance,
+
+        [Parameter(Mandatory = $true)]
+        [System.String[]]
+        $AiaUriPath,
+
+        [Parameter()]
+        [System.Boolean]
+        $RestartService,
+
+        [Parameter()]
+        [ValidateSet('Present', 'Absent')]
+        [System.String]
+        $Ensure = 'Present'
+    )
+
+    Write-Verbose -Message $localizedData.GetAiaUriPaths
+
+    [System.Array] $currentAiaUriPathList = (Get-CAAuthorityInformationAccess).Where( {
+            $_.AddToCertificateAia -eq $true
+        } ).Uri
+
+    return @{
+        AiaUriPath       = $currentAiaUriPathList
+        Ensure           = $Ensure
+        IsSingleInstance = $IsSingleInstance
+        RestartService   = $RestartService
+    }
+}
+
+<#
+    .SYNOPSIS
+        Configures the current Authority Information Access (AIA) settings for the certification authority.
+
+    .PARAMETER IsSingleInstance
+        Specifies the resource is a single instance, the value must be 'Yes'.
+
+    .PARAMETER AiaUriPath
+        Specifies the URI location where issuer of certificate is located.
+
+    .PARAMETER RestartService
+        Specifies if the service should be restarted.
+
+    .PARAMETER Ensure
+        Specifies if the AIA responder URI should be present or absent.
+#>
+function Set-TargetResource
+{
+    [CmdletBinding()]
+    param
+    (
+        [Parameter(Mandatory = $true)]
+        [ValidateSet('Yes')]
+        [System.String]
+        $IsSingleInstance,
+
+        [Parameter(Mandatory = $true)]
+        [System.String[]]
+        $AiaUriPath,
+
+        [Parameter()]
+        [System.Boolean]
+        $RestartService,
+
+        [Parameter()]
+        [ValidateSet('Present', 'Absent')]
+        [System.String]
+        $Ensure = 'Present'
+    )
+
+    $currentState = Get-TargetResource @PSBoundParameters
+
+    if ($Ensure -eq 'Present')
+    {
+        foreach ($oldField in $currentState.AiaUriPath)
+        {
+            Write-Verbose -Message ($localizedData.RemoveAiaUriPaths -f $oldField)
+            Remove-CAAuthorityInformationAccess -Uri $oldField -Force -ErrorAction Stop
+        }
+
+        foreach ($newField in $AiaUriPath)
+        {
+            Write-Verbose -Message ($localizedData.AddAiaUriPaths -f $newField)
+            Add-CAAuthorityInformationAccess -Uri $newField -AddToCertificateAia -Force -ErrorAction Stop
+        }
+    }
+    else {
+        foreach ($field in $AiaUriPath)
+        {
+            Write-Verbose -Message ($localizedData.RemoveAiaUriPaths -f $field)
+            Remove-CAAuthorityInformationAccess -Uri $field -Force -ErrorAction Stop
+        }
+    }
+
+    if ($RestartService)
+    {
+        Write-Verbose -Message $localizedData.RestartService
+        Restart-ServiceIfExists -Name CertSvc
+    }
+}
+
+<#
+    .SYNOPSIS
+        Tests the current certification authority AddToCertificateAia (boolean) and Uniform Resource Identifiers (URI)
+        settings.
+
+    .PARAMETER IsSingleInstance
+        Specifies the resource is a single instance, the value must be 'Yes'.
+
+    .PARAMETER AiaUriPath
+        Specifies the URI location where issuer of certificate is located.
+
+    .PARAMETER RestartService
+        Specifies if the service should be restarted.
+
+    .PARAMETER Ensure
+        Ensures that the Authority Information Access (AIA) Uniform Resource Identifiers (URI) is Present or Absent.
+#>
+function Test-TargetResource
+{
+    [CmdletBinding()]
+    [OutputType([System.Boolean])]
+    param
+    (
+        [Parameter(Mandatory = $true)]
+        [ValidateSet('Yes')]
+        [System.String]
+        $IsSingleInstance,
+
+        [Parameter(Mandatory = $true)]
+        [System.String[]]
+        $AiaUriPath,
+
+        [Parameter()]
+        [System.Boolean]
+        $RestartService,
+
+        [Parameter()]
+        [ValidateSet('Present', 'Absent')]
+        [System.String]
+        $Ensure = 'Present'
+    )
+
+    $currentState = Get-TargetResource @PSBoundParameters
+
+    $inDesiredState = $true
+
+    if ($Ensure -eq 'Present')
+    {
+        if ($currentState.AiaUriPath.Count -ne $AiaUriPath.Count)
+        {
+            if ($null -ne $currentState.AiaUriPath)
+            {
+                $compareAiaUriPaths = Compare-Object -ReferenceObject $AiaUriPath -DifferenceObject $currentState.AiaUriPath -PassThru
+
+                # Desired state AIA URI path(s) not found in reference set.
+                $desiredAiaUriPathsMissing = $compareAiaUriPaths.Where( {
+                        $_.SideIndicator -eq '<='
+                    } ) -join ', '
+
+                # AIA URI path(s) found in $currentState that do not match $AiaUriPath desired state.
+                $notDesiredAiaUriPathsFound = $compareAiaUriPaths.Where( {
+                        $_.SideIndicator -eq '=>'
+                    } ) -join ', '
+
+                if ($desiredAiaUriPathsMissing)
+                {
+                    Write-Verbose -Message ($localizedData.DesiredAiaPathsMissing -f $desiredAiaUriPathsMissing)
+                    $inDesiredState = $false
+                }
+
+                if ($notDesiredAiaUriPathsFound)
+                {
+                    Write-Verbose -Message ($localizedData.AdditionalAiaPathsFound -f $notDesiredAiaUriPathsFound)
+                    $inDesiredState = $false
+                }
+            }
+            else
+            {
+                $aiaUriPathList = $AiaUriPath -join ', '
+
+                Write-Verbose -Message ($localizedData.AiaPathsNull -f $aiaUriPathList)
+                $inDesiredState = $false
+            }
+        }
+
+        foreach ($uri in $currentState.AiaUriPath)
+        {
+            if ($uri -notin $AiaUriPath)
+            {
+                Write-Verbose -Message ($localizedData.IncorrectAiaUriFound -f $uri)
+                $inDesiredState = $false
+            }
+        }
+    }
+    else
+    {
+        foreach ($uri in $AiaUriPath)
+        {
+            if ($uri -in $currentState.AiaUriPath)
+            {
+                Write-Verbose -Message ($localizedData.EnsureAbsentButUriPathsExist -f $uri)
+                $inDesiredState = $false
+            }
+        }
+    }
+
+    return $inDesiredState
+}
+
+Export-ModuleMember -Function Get-TargetResource, Test-TargetResource, Set-TargetResource

DSCResources/MSFT_AdcsAiaExtension/MSFT_AdcsAiaExtension.schema.mof

@@ -0,0 +1,8 @@
+[ClassVersion("1.0.0"), FriendlyName("AdcsAiaExtension")]
+class MSFT_AdcsAiaExtension : OMI_BaseResource
+{
+    [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance;
+    [Required, Description("Specifies the URI location where issuer of certificate is located.")] String AiaUriPath[];
+    [Write, Description("Specifies if the service should be restarted.")] Boolean RestartService;
+    [Write, Description("Ensures that the Authority Information Access (AIA) Uniform Resource Identifiers (URI) is Present or Absent."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] String Ensure;
+};

DSCResources/MSFT_AdcsAiaExtension/README.md

@@ -0,0 +1,6 @@
+# Description
+
+This resource can be used to configure the AIA URI extensions on the
+Certificate Authority after the feature has been installed on the server.
+Using this DSC Resource to configure an ADCS Certificate Authority assumes that
+the `ADCS-Cert-Authority` feature has already been installed.

DSCResources/MSFT_AdcsAiaExtension/en-US/MSFT_AdcsAiaExtension.strings.psd1

@@ -0,0 +1,11 @@
+ConvertFrom-StringData @'
+    AdditionalAiaPathsFound      = Not in desired state, additional AIA URI paths found, "{0}", running Set.
+    AddAiaUriPaths               = Adding "{0}" to desired AIA URI paths.
+    DesiredAiaPathsMissing       = Not in desired state, missing desired AIA URI paths, "{0}", running Set.
+    EnsureAbsentButUriPathsExist = Not in desired state, AIA URI paths should be Absent, but found "{0}".
+    GetAiaUriPaths               = Getting all AIA URI paths.
+    AiaPathsNull                 = Not in desired state, AIA URI paths empty, missing "{0}", running Set.
+    RemoveAiaUriPaths            = Removing "{0}" AIA URI paths.
+    RestartService               = Preparing to restart the CertSvc for changes to take affect.
+    IncorrectAiaUriFound         = Not in desired state, AIA URI path incorrect, found "{0}", running Set.
+'@

Examples/Resources/AdcsAiaExtension/1-AdcsAiaExtension_AddAiaPath_Config.ps1

@@ -0,0 +1,43 @@
+<#PSScriptInfo
+.VERSION 1.0.0
+.GUID 93c71497-c4ac-452e-baf1-aff17bd4ecac
+.AUTHOR Microsoft Corporation
+.COMPANYNAME Microsoft Corporation
+.COPYRIGHT
+.TAGS DSCConfiguration
+.LICENSEURI https://github.com/PowerShell/ActiveDirectoryCSDsc/blob/master/LICENSE
+.PROJECTURI https://github.com/PowerShell/ActiveDirectoryCSDsc
+.ICONURI
+.EXTERNALMODULEDEPENDENCIES
+.REQUIREDSCRIPTS
+.EXTERNALSCRIPTDEPENDENCIES
+.RELEASENOTES First version.
+.PRIVATEDATA 2016-Datacenter,2016-Datacenter-Server-Core
+#>
+
+#Requires -module ActiveDirectoryCSDsc
+
+<#
+    .DESCRIPTION
+        A DSC configuration script to add desired AIA URI path extensions for a Certificate Authority.
+        This will remove all existing AIA URI paths from the Certificate Authority.
+#>
+configuration AdcsAiaExtension_AddAiaPath_Config
+{
+    Import-DscResource -ModuleName ActiveDirectoryCSDsc
+
+    node localhost
+    {
+        AdcsAiaExtension AddAiaUriPath
+        {
+            IsSingleInstance = 'Yes'
+            AiaUriPath       = @(
+                'http://setAIAPathTest1/Certs/<CATruncatedName>.cer'
+                'http://setAIAPathTest2/Certs/<CATruncatedName>.cer'
+                'http://setAIAPathTest3/Certs/<CATruncatedName>.cer'
+            )
+            RestartService   = $true
+            Ensure           = 'Present'
+        }
+    }
+}