Move Find-Certificate Function from CertificateDsc.Common.psm1 to DscResource.Common #272
Comments
|
@johlju - Thoughts on this? This is similar to some of the SqlServerDsc functions that we moved over to DscResources.Common. After some initial digging, almost all DSC modules implement their own homebrewed way to obtain references to certificates in the local certificate stores. |
|
I would not mind having that in DscResource.Common. But a thought, there seems to be a lot of certificate related functions in CertificateDsc.Common that could be made as public functions. We could add them to a seperate new module, e.g. PSCertificate (or another name that is not taken on the gallery). The new module can be used by resource like DscResource.Common. @PlagueHO your thoughts on this? Move them to DscResource.Common? |
|
I'm happy to move this over to DscResource.Common. @hollanjs - do you have a list of the other resources you've encountered that also use similar functions? We could then raise issues in those repos to migrate them across to the function. |
PlagueHO
added
enhancement
|
@PlagueHO - I do not have a list, but I can start one and keep an eye out for other resources like this. I might take some time this weekend to look around the xxxxxxxxDsc.Common.psm1 files in the modules and see if anything sticks out. |
|
All the functions below I believe would make good candidates for DSCResource.Common. @johlju mentioned the possibility of breaking it up into different utilities. I know there are several ways of doing that (nesting modules, creating other modules and declaring as dependencies, breaking apart code by folder structures, etc.), but not sure what might work best, if at all; there is something nice about it being one module. However as the functions grow, it would be good to have some way to visibly organize them. I categorized some of the functions below as though they could be used in a separate, more specific, modules. I could picture being able to import all of these more specific modules when you import DSCResource.Common, but also being able to pull in a more specific module for finding and getting reference to certificates (ex. DSCResource.Common.Certificates). I'm also sure there's more utilities buried within some of the modules that can be dug out, or a new solution for an issue all modules are trying to solve on their own. Perhaps categorizing common utilities into separate modules or buckets will allow people to better see what is missing and expand them. Might be useful creating a DSCResource.Common.IPAddress module for IP functions useful to DHCP, DNS, Network DSC modules
Might be useful creating a DSCResource.Common.Certificates module for certificate functions useful to Web Service DSC Modules like SharePoint, OfficeOnlineServer, WebAdministration, etc...
Might be useful creating a DSCResource.Common.RegEdit module for registry functions useful to all DSC modules...
Might be useful creating a DSCResource.Common.ThrowException module for identifying and throwing exceptions. Every DSC Module seems to have their own unique way of doing this, as well as pulling in localized data...
Things for DSCResource.Common
|
|
Really impressive analysis here!
Yes, but it is not something we must do. I do like the idea you had of having an 'az' type of module that will import all the rest. I do like the way you categorized them (might chnage IPAddress to Net, and RegEdit to Registry, and ThrowException to ErrorHandling, but minor). But I see it being a lot of work of maintaining several modules and releasing them, that will be the biggest drawback for me. We would keep an eye out for PR's in several modules. See also next thought below.
I agree, and maybe we should keep one module, and automate the documenation part instead (PlatyPS). Publishing that and generating a nice start page with all the commands (https://dbatools.io/commands like) might be what is lacking in discovery?
SqlServerDsc should move to the one in DscResource.Common. Just haven't happen yet. Same for all other modules that have similiar function, should be moved to the DscResource.Common one, and maybe extend the one in DscResource.Common. In conclusion, looking at the maintaining part (unless someone raise there hand to maintain separate modules) I rather keep one module (for now at least). |
|
Very thorough job @hollanjs ! Great stuff. I think we should probably move this issue over to DscResource.Common and break it into tasks (with the first task to move Find-Certificate). I can see this being a fairly time-consuming process - but worth doing. Moving to PlatyPS would be ideal as well (I've implemented in some of my other non-DSC resource modules that use Sampler). Would be good to finally implement a PlatyPS task (something I've meant to do... but no time). |
|
@PlagueHO - The way I did this in the past with @johlju was we did PRs for both repos at the same time: one to add the function to DscResource.Common, then one to remove it from the old repo (e.x. SqlServerDsc); both PRs executed pretty much at the same time. If multiple functions should be moved to DscResource.Common, should all functions be move to DscResource.Common first, a new version published, and only after that begin updating the other modules to remove them? |
|
@hollanjs - I reckon we do this function by function. Big bang changes are a pain and too risky (not too mention the review headache). What I mean is we create an issue with a checklist that is used to track the work. E.g But regarding Find-Certificate, happy to do that using the synchronized PR approach. Just need DscCommon to be updated first as this is a build time to dependency rather than install time - which makes it simple. |
|
@PlagueHO - I can create the issue on the DscResource.Common to get this started. If you would like, you can assign both issues to me to complete and I can get the PRs queued up some time this week/weekend for yours and/or @johlju review. Can you paste a link here for the HQRM issue you referenced? I would like to check it out to see the checklist you would like to use as a template. |
|
@hollanjs you create a task list by using this It will look like this, which can be checked.
|
|
Instead of transferring tis issue I suggest creating an issue in DscResource.Common whith a task list of all functions that should be moved from different repos (your suggestions above) over as new commands, or... create several new issues, one for each command that should be brought over, which can be auto closed by PR's. Either way is good. |
|
@hollanjs you are now assigned. Sorry for taking long to answer - have very busy days for a while now. |
|
@johlju - no worries! Same here on my end. I should be able to have a PR for this by end of the weekend. |
|
@johlju - I've pretty much got it all working, except for some issues with the tests. I rewrote the tests to use a mocked certificate object rather than it actually needing to create/delete a certificate on a windows machine to use as reference. All is good with the mocked cert objects, however there were tests to ensure |
|
@hollanjs - thanks for working on this. It is possible that when we created the Can you check that:
Thanks for fixing up past laziness in the tests. |
|
@PlagueHO - Anytime! Sorry, just realized I should have been talking about the PR and mock issues in the DscResource.Common thread, as those pertained to the I will go through the tests and refactor like you mentioned! |
|
@PlagueHO - I've been stuck on something, trying to figure it out for some time. The ...
Describing DSC_CertificateExport\Set-TargetResource
Context Certificate is not found
[-] should not throw exception 39ms
CommandNotFoundException: Could not find Command Find-Certificate
at Validate-Command, Z:\DSC\CertificateDsc\output\RequiredModules\Pester\4.10.1\Functions\Mock.ps1: line 914
at Mock, Z:\DSC\CertificateDsc\output\RequiredModules\Pester\4.10.1\Functions\Mock.ps1: line 215
at <ScriptBlock>, Z:\DSC\CertificateDsc\tests\Unit\DSC_CertificateExport.Tests.ps1: line 214
at Invoke-Blocks, Z:\DSC\CertificateDsc\output\RequiredModules\Pester\4.10.1\Functions\SetupTeardown.ps1: line 135
at Invoke-TestCaseSetupBlocks, Z:\DSC\CertificateDsc\output\RequiredModules\Pester\4.10.1\Functions\SetupTeardown.ps1: line 113
[-] should call the expected mocks 33ms
CommandNotFoundException: Could not find Command Find-Certificate
at Validate-Command, Z:\DSC\CertificateDsc\output\RequiredModules\Pester\4.10.1\Functions\Mock.ps1: line 914
at Mock, Z:\DSC\CertificateDsc\output\RequiredModules\Pester\4.10.1\Functions\Mock.ps1: line 215
at <ScriptBlock>, Z:\DSC\CertificateDsc\tests\Unit\DSC_CertificateExport.Tests.ps1: line 214
at Invoke-Blocks, Z:\DSC\CertificateDsc\output\RequiredModules\Pester\4.10.1\Functions\SetupTeardown.ps1: line 135
at Invoke-TestCaseSetupBlocks, Z:\DSC\CertificateDsc\output\RequiredModules\Pester\4.10.1\Functions\SetupTeardown.ps1: line 113
...Here is the mock: $mockFindCertificate = {
if ($Thumbprint -eq $certificateThumbprint)
{
$validCertificate
}
}
...
Describe 'DSC_CertificateExport\Set-TargetResource' -Tag 'Set' {
BeforeEach {
Mock `
-CommandName Find-Certificate `
-MockWith $mockFindCertificate
}
Context 'Certificate is not found' {
Mock `
-CommandName Export-Certificate
Mock `
-CommandName Export-PfxCertificate
It 'should not throw exception' {
{ Set-TargetResource @validCertificateNotFoundParameters -Verbose } | Should -Not -Throw
}
It 'should call the expected mocks' {
Assert-MockCalled -CommandName Find-Certificate -Exactly -Times 1
Assert-MockCalled -CommandName Export-Certificate -Exactly -Times 0
Assert-MockCalled -CommandName Export-PfxCertificate -Exactly -Times 0
}
}
...If you've seen this before, let me know! Any assistance would be greatly appreciated :-) |
|
Is it Pester that cannot find the command |
Move
Find-Certificatefunction, and all function dependencies and tests from CertificateDsc.Common.psm1 to DscResource.Common.I've found that several DSC code bases are implementing their own methods for obtaining references to certificates, when this should be a standardized functional call.
Moving the function to DscResource.Common would ensure its availability to modules like SharePointDsc, who need to obtain certificate reference when, for example, when using the resource
SPTrustedRootAuthority:SharePointDsc Issue #1417
The text was updated successfully, but these errors were encountered: