From df94f463674824c0a7771bfcbd89b93a94bc4179 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Mon, 9 Dec 2024 21:29:03 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=A9=B9=20[Patch]:=20Ensure=20that=20the?= =?UTF-8?q?=20vault=20is=20always=20present=20before=20using=20it=20(#69)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Description - Ensure that the vault is always present before using it. ## Type of change - [ ] 📖 [Docs] - [ ] 🪲 [Fix] - [x] 🩹 [Patch] - [ ] ⚠️ [Security fix] - [ ] 🚀 [Feature] - [ ] 🌟 [Breaking change] ## Checklist - [x] I have performed a self-review of my own code - [x] I have commented my code, particularly in hard-to-understand areas --- src/functions/private/Get-ContextVault.ps1 | 55 ------------------- ...-ContextVault.ps1 => Set-ContextVault.ps1} | 48 +++++++++++----- src/functions/public/Get-Context.ps1 | 2 +- src/functions/public/Get-ContextInfo.ps1 | 1 + src/functions/public/Remove-Context.ps1 | 2 +- src/functions/public/Rename-Context.ps1 | 6 +- src/functions/public/Set-Context.ps1 | 2 +- src/variables/private/Config.ps1 | 1 - tests/Context.Tests.ps1 | 9 ++- 9 files changed, 49 insertions(+), 77 deletions(-) delete mode 100644 src/functions/private/Get-ContextVault.ps1 rename src/functions/private/{Initialize-ContextVault.ps1 => Set-ContextVault.ps1} (61%) diff --git a/src/functions/private/Get-ContextVault.ps1 b/src/functions/private/Get-ContextVault.ps1 deleted file mode 100644 index fe5ca9e..0000000 --- a/src/functions/private/Get-ContextVault.ps1 +++ /dev/null @@ -1,55 +0,0 @@ -#Requires -Modules @{ ModuleName = 'Microsoft.PowerShell.SecretManagement'; RequiredVersion = '1.1.2' } - -function Get-ContextVault { - <# - .SYNOPSIS - Retrieves the context vault. - - .DESCRIPTION - Connects to a context vault. - If the vault name is not set in the configuration, it throws an error. - If the specified vault is not found, it throws an error. - Otherwise, it returns the secret vault object. - - .EXAMPLE - Get-ContextVault - - This example retrieves the context vault. - #> - [CmdletBinding()] - param() - - begin { - $commandName = $MyInvocation.MyCommand.Name - Write-Debug "[$commandName] - Start" - } - - process { - try { - if (-not $script:Config.Initialized) { - Initialize-ContextVault - Write-Debug "Connected to context vault [$($script:Config.VaultName)]" - } - } catch { - Write-Error $_ - throw 'Failed to initialize secret vault' - } - - try { - $secretVault = Get-SecretVault -Verbose:$false | Where-Object { $_.Name -eq $script:Config.VaultName } - if (-not $secretVault) { - Write-Error $_ - throw "Context vault [$($script:Config.VaultName)] not found" - } - - return $secretVault - } catch { - Write-Error $_ - throw 'Failed to get context vault' - } - } - - end { - Write-Debug "[$commandName] - End" - } -} diff --git a/src/functions/private/Initialize-ContextVault.ps1 b/src/functions/private/Set-ContextVault.ps1 similarity index 61% rename from src/functions/private/Initialize-ContextVault.ps1 rename to src/functions/private/Set-ContextVault.ps1 index 583d82e..0ea7cd6 100644 --- a/src/functions/private/Initialize-ContextVault.ps1 +++ b/src/functions/private/Set-ContextVault.ps1 @@ -1,13 +1,13 @@ #Requires -Modules @{ ModuleName = 'Microsoft.PowerShell.SecretManagement'; RequiredVersion = '1.1.2' } #Requires -Modules @{ ModuleName = 'Microsoft.PowerShell.SecretStore'; RequiredVersion = '1.0.6' } -function Initialize-ContextVault { +function Set-ContextVault { <# .SYNOPSIS - Initialize a context vault. + Sets the context vault. .DESCRIPTION - Initialize a context vault. If the vault does not exist, it will be created and registered. + Sets the context vault. If the vault does not exist, it will be created and registered. The SecretStore is created with the following parameters: - Authentication: None @@ -16,20 +16,34 @@ function Initialize-ContextVault { - Scope: CurrentUser .EXAMPLE - Initialize-ContextVault + Set-ContextVault - Initializes a context vault named 'ContextVault' using the 'Microsoft.PowerShell.SecretStore' module. + Sets a context vault named 'ContextVault' using the 'Microsoft.PowerShell.SecretStore' module. + + .EXAMPLE + Set-ContextVault -Name 'MyVault' -Type 'MyModule' + + Sets a context vault named 'MyVault' using the 'MyModule' module. + + .EXAMPLE + Set-ContextVault -PassThru + + Sets a context vault using the default values and returns the secret vault object. #> [OutputType([Microsoft.PowerShell.SecretManagement.SecretVaultInfo])] - [CmdletBinding()] + [CmdletBinding(SupportsShouldProcess)] param ( - # The name of the secret vault. + # The name of the context vault. [Parameter()] [string] $Name = $script:Config.VaultName, - # The type of the secret vault. + # The type of the context vault. [Parameter()] - [string] $Type = $script:Config.VaultType + [string] $Type = $script:Config.VaultType, + + # Pass the vault through the pipeline. + [Parameter()] + [switch] $PassThru ) begin { @@ -53,7 +67,9 @@ function Initialize-ContextVault { Force = $true Verbose = $false } - Reset-SecretStore @vaultParameters + if ($PSCmdlet.ShouldProcess('SecretStore', 'Reset')) { + Reset-SecretStore @vaultParameters + } Write-Debug "[$Type] - Done" Write-Debug "[$Name] - Registering vault" $secretVault = @{ @@ -63,18 +79,20 @@ function Initialize-ContextVault { Description = 'SecretStore' Verbose = $false } - Register-SecretVault @secretVault + if ($PSCmdlet.ShouldProcess('SecretVault', 'Register')) { + $vault = Register-SecretVault @secretVault -PassThru + } Write-Debug "[$Name] - Done" } $script:Config.VaultName = $vault.Name - - Get-SecretVault -Verbose:$false | Where-Object { $_.ModuleName -eq $Type } - Write-Debug "[$Name] - Vault registered" - $script:Config.Initialized = $true + Write-Debug "Connected to context vault [$($script:Config.VaultName)]" } catch { Write-Error $_ throw 'Failed to initialize context vault' } + if ($PassThru) { + $vault + } } end { diff --git a/src/functions/public/Get-Context.ps1 b/src/functions/public/Get-Context.ps1 index 8c62f33..9388d18 100644 --- a/src/functions/public/Get-Context.ps1 +++ b/src/functions/public/Get-Context.ps1 @@ -31,7 +31,7 @@ filter Get-Context { begin { $commandName = $MyInvocation.MyCommand.Name Write-Debug "[$commandName] - Start" - $null = Get-ContextVault + Set-ContextVault $vaultName = $script:Config.VaultName $contextInfos = Get-ContextInfo } diff --git a/src/functions/public/Get-ContextInfo.ps1 b/src/functions/public/Get-ContextInfo.ps1 index e4c0bb0..ae75e70 100644 --- a/src/functions/public/Get-ContextInfo.ps1 +++ b/src/functions/public/Get-ContextInfo.ps1 @@ -18,6 +18,7 @@ begin { $commandName = $MyInvocation.MyCommand.Name Write-Debug "[$commandName] - Start" + Set-ContextVault $vaultName = $script:Config.VaultName $secretPrefix = $script:Config.SecretPrefix } diff --git a/src/functions/public/Remove-Context.ps1 b/src/functions/public/Remove-Context.ps1 index 3aa97cb..1e69b8b 100644 --- a/src/functions/public/Remove-Context.ps1 +++ b/src/functions/public/Remove-Context.ps1 @@ -32,7 +32,7 @@ filter Remove-Context { begin { $commandName = $MyInvocation.MyCommand.Name Write-Debug "[$commandName] - Start" - $null = Get-ContextVault + Set-ContextVault } process { diff --git a/src/functions/public/Rename-Context.ps1 b/src/functions/public/Rename-Context.ps1 index 4dab03e..feff341 100644 --- a/src/functions/public/Rename-Context.ps1 +++ b/src/functions/public/Rename-Context.ps1 @@ -30,6 +30,10 @@ begin { $commandName = $MyInvocation.MyCommand.Name Write-Debug "[$commandName] - Start" + Set-ContextVault + } + + process { $context = Get-Context -ID $ID if (-not $context) { throw "Context with ID '$ID' not found." @@ -39,9 +43,7 @@ if ($existingContext -and -not $Force) { throw "Context with ID '$NewID' already exists." } - } - process { if ($PSCmdlet.ShouldProcess("Renaming context '$ID' to '$NewID'")) { try { Set-Context -ID $NewID -Context $context diff --git a/src/functions/public/Set-Context.ps1 b/src/functions/public/Set-Context.ps1 index 2619fc6..55a4cc7 100644 --- a/src/functions/public/Set-Context.ps1 +++ b/src/functions/public/Set-Context.ps1 @@ -37,7 +37,7 @@ function Set-Context { begin { $commandName = $MyInvocation.MyCommand.Name Write-Debug "[$commandName] - Start" - $null = Get-ContextVault + Set-ContextVault $vaultName = $script:Config.VaultName $secretPrefix = $script:Config.SecretPrefix } diff --git a/src/variables/private/Config.ps1 b/src/variables/private/Config.ps1 index 689054b..d7883a5 100644 --- a/src/variables/private/Config.ps1 +++ b/src/variables/private/Config.ps1 @@ -1,5 +1,4 @@ $script:Config = [pscustomobject]@{ - Initialized = $false # $script:Config.Initialized SecretPrefix = 'Context:' # $script:Config.SecretPrefix VaultName = 'ContextVault' # $script:Config.VaultName VaultType = 'Microsoft.PowerShell.SecretStore' # $script:Config.VaultType diff --git a/tests/Context.Tests.ps1 b/tests/Context.Tests.ps1 index 6de770d..b1936aa 100644 --- a/tests/Context.Tests.ps1 +++ b/tests/Context.Tests.ps1 @@ -5,7 +5,14 @@ param() BeforeAll { - Get-SecretInfo | Remove-Secret + $secrets = Get-SecretInfo -Verbose + Write-Verbose "Secrets: $($secrets.Count)" -Verbose + Write-Verbose ($secrets | Format-Table | Out-String) -Verbose + $secrets | Remove-Secret -Verbose + $vault = Get-SecretVault -Verbose + Write-Verbose "Vault: $($vault.Count)" -Verbose + Write-Verbose ($vault | Format-Table | Out-String) -Verbose + $vault | Unregister-SecretVault -Verbose } Describe 'Functions' {