From 41be41b7bffaccc89677f9f2515210241e2236d3 Mon Sep 17 00:00:00 2001 From: Mike Hendrickson Date: Tue, 20 Nov 2018 10:14:55 -0800 Subject: [PATCH] Create CHANGELOG.md, fix README.md warnings, and add .MetaTestOptIn.json --- .MetaTestOptIn.json | 13 + .github/PULL_REQUEST_TEMPLATE.md | 2 +- CHANGELOG.md | 58 +++++ .../ConfigureBitlockerAndAutoBitlocker.ps1 | 3 +- .../ConfigureBitlockerOnOSDrive.ps1 | 3 +- README.md | 233 +++++++++--------- 6 files changed, 188 insertions(+), 124 deletions(-) create mode 100644 .MetaTestOptIn.json create mode 100644 CHANGELOG.md diff --git a/.MetaTestOptIn.json b/.MetaTestOptIn.json new file mode 100644 index 0000000..e31336c --- /dev/null +++ b/.MetaTestOptIn.json @@ -0,0 +1,13 @@ +[ + "Common Tests - Validate Markdown Files", + "Common Tests - Validate Module Files", + "Common Tests - Validate Script Files", + "Common Tests - Validate Example Files", + "Common Tests - Validate Example Files To Be Published", + "Common Tests - Required Script Analyzer Rules", + "Common Tests - New Error-Level Script Analyzer Rules", + "Common Tests - Custom Script Analyzer Rules", + "Common Tests - Flagged Script Analyzer Rules", + "Common Tests - Relative Path Length", + "Common Tests - Validate Markdown Links" +] diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 84e1ea8..50e18d3 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -34,7 +34,7 @@ Change to [x] for each task in the task list that applies to your PR. For those task that don't apply to you PR, leave those as is. --> -- [ ] Added an entry under the Unreleased section of the change log in the README.md. +- [ ] Added an entry under the Unreleased section of the change log in the CHANGELOG.md. Entry should say what was changed, and how that affects users (if applicable). - [ ] Resource documentation added/updated in README.md. - [ ] Resource parameter descriptions added/updated in README.md, schema.mof diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..45ff1eb --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,58 @@ +# Change log for xBitlocker + +## Unreleased + +- Update appveyor.yml to use the default template. +- Added default template files .gitattributes, and .vscode settings. +- Fixes most PSScriptAnalyzer issues. +- Fix issue where AutoUnlock is not set if requested, if the disk was + originally encrypted and AutoUnlock was not used. +- Add remaining Unit Tests for xBitlockerCommon. +- Add Unit tests for MSFT_xBLTpm +- Add remaining Unit Tests for xBLAutoBitlocker + +## 1.2.0.0 + +- Converted appveyor.yml to install Pester from PSGallery instead of from + Chocolatey. +- Added Codecov support. +- Updated appveyor.yml to use the one in template. +- Added folders for future unit and integration tests. +- Added Visual Studio Code formatting settings. +- Added .gitignore file. +- Added markdown lint rules. +- Fixed encoding on README.md. +- Added `PowerShellVersion = '4.0'`, and updated copyright information, in the + module manifest. +- Fixed issue which caused Test to incorrectly succeed on fully decrypted + volumes when correct Key Protectors were present + ([issue #13](https://github.com/PowerShell/xBitlocker/issues/13)) +- Fixed issue which caused xBLAutoBitlocker to incorrectly detect Fixed vs + Removable volumes. + ([issue #11](https://github.com/PowerShell/xBitlocker/issues/11)) +- Fixed issue which made xBLAutoBitlocker unable to encrypt volumes with drive + letters assigned. + ([issue #10](https://github.com/PowerShell/xBitlocker/issues/10)) +- Fixed an issue in CheckForPreReqs function where on Server Core the + installation of the non existing Windows Feature + 'RSAT-Feature-Tools-BitLocker-RemoteAdminTool' was erroneously checked. + ([issue #8](https://github.com/PowerShell/xBitlocker/issues/8)) + +## 1.1.0.0 + +- Versioning updates + +## 1.0.1.1 + +- Reduced the number of acceptable values for PrimaryProtector in + xBLAutoBitlocker and xBLBitlocker. +- Changed the properties that are returned by Get-TargetResource in + xBLAutoBitlocker, xBLBitlocker, and xBLTpm. +- Fixed issue which caused protectors to be continually re-added. + +## 1.0.0.0 + +- Initial release with the following resources + - xBLAutoBitlocker + - xBLBitlocker + - xBLTpm diff --git a/Examples/ConfigureBitlockerAndAutoBitlocker/ConfigureBitlockerAndAutoBitlocker.ps1 b/Examples/ConfigureBitlockerAndAutoBitlocker/ConfigureBitlockerAndAutoBitlocker.ps1 index 1dfe486..3d69fe6 100644 --- a/Examples/ConfigureBitlockerAndAutoBitlocker/ConfigureBitlockerAndAutoBitlocker.ps1 +++ b/Examples/ConfigureBitlockerAndAutoBitlocker/ConfigureBitlockerAndAutoBitlocker.ps1 @@ -1,6 +1,7 @@ Configuration ConfigureBitlockerAndAutoBitlocker { - Import-DscResource -Module xBitlocker + Import-DscResource �ModuleName PSDesiredStateConfiguration + Import-DscResource -ModuleName xBitlocker Node 'E15-1' { diff --git a/Examples/ConfigureBitlockerOnOSDrive/ConfigureBitlockerOnOSDrive.ps1 b/Examples/ConfigureBitlockerOnOSDrive/ConfigureBitlockerOnOSDrive.ps1 index 98ee7d5..ec9af74 100644 --- a/Examples/ConfigureBitlockerOnOSDrive/ConfigureBitlockerOnOSDrive.ps1 +++ b/Examples/ConfigureBitlockerOnOSDrive/ConfigureBitlockerOnOSDrive.ps1 @@ -1,6 +1,7 @@ Configuration ConfigureBitlockerOnOSDrive { - Import-DscResource -Module xBitlocker + Import-DscResource �ModuleName PSDesiredStateConfiguration + Import-DscResource -ModuleName xBitlocker Node "E15-1" { diff --git a/README.md b/README.md index cef4a54..f2e6689 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,18 @@ # xBitlocker -The **xBitlocker** module is a part of the Windows PowerShell Desired State Configuration (DSC) Resource Kit, which is a collection of DSC Resources produced by the PowerShell Team. +The **xBitlocker** module is a part of the Windows PowerShell Desired State +Configuration (DSC) Resource Kit, which is a collection of DSC Resources +produced by the PowerShell Team. This module contains the **xBLAutoBitlocker, xBLBitlocker, xBLTpm** resources. -This DSC Module allows you to configure Bitlocker on a single disk, configure a TPM chip, or automatically enable Bitlocker on multiple disks. +This DSC Module allows you to configure Bitlocker on a single disk, configure a +TPM chip, or automatically enable Bitlocker on multiple disks. -This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). -For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. +This project has adopted the +[Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/) +. For more information see the +[Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or +contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any +additional questions or comments. ## Branches @@ -28,7 +35,9 @@ This development branch will periodically be merged to the master branch, and be released to [PowerShell Gallery](https://www.powershellgallery.com/). ## Contributing -Please check out common DSC Resources [contributing guidelines](https://github.com/PowerShell/DscResource.Kit/blob/master/CONTRIBUTING.md). + +Please check out common DSC Resources +[contributing guidelines](https://github.com/PowerShell/DscResource.Kit/blob/master/CONTRIBUTING.md). ## Installation @@ -38,143 +47,125 @@ To install **xBitlocker** module To confirm installation: -* Run **Get-DSCResource** to see that **xBLAutoBitlocker, xBLBitlocker, xBLTpm** are among the DSC Resources listed +* Run **Get-DSCResource** to see that **xBLAutoBitlocker**, **xBLBitlocker**, + **xBLTpm** are among the DSC Resources listed. ## Requirements -This module requires that both the 'Bitlocker' and 'RSAT-Feature-Tools-Bitlocker' features are installed. -It also requires the latest version of PowerShell (v4.0, which ships in Windows 8.1 or Windows Server 2012R2). -To easily use PowerShell 4.0 on older operating systems, [install WMF 4.0](http://www.microsoft.com/en-us/download/details.aspx?id=40855). -Please read the installation instructions that are present on both the download page and the release notes for WMF 4.0. +This module requires that both the **Bitlocker** and +**RSAT-Feature-Tools-Bitlocker** features are installed. +It also requires the latest version of PowerShell (v4.0, which ships in Windows +8.1 or Windows Server 2012R2). +To easily use PowerShell 4.0 on older operating systems, +[Install WMF 4.0](http://www.microsoft.com/en-us/download/details.aspx?id=40855) +. Please read the installation instructions that are present on both the +download page and the release notes for WMF 4.0. ## Description -The **xBitlocker ** module contains the **xBLAutoBitlocker, xBLBitlocker, xBLTpm** DSC Resources. -This DSC Module allows you to configure Bitlocker on a single disk, configure a TPM chip, or automatically enable Bitlocker on multiple disks. +The **xBitlocker** module contains the **xBLAutoBitlocker, xBLBitlocker, +xBLTpm** DSC Resources. +This DSC Module allows you to configure Bitlocker on a single disk, configure a +TPM chip, or automatically enable Bitlocker on multiple disks. ## Resources -**xBLAutoBitlocker** is used to automatically enable Bitlocker on drives of type Fixed or Removable. +**xBLAutoBitlocker** is used to automatically enable Bitlocker on drives of +type Fixed or Removable. It does not work on Operating System drives. **xBLAutoBitlocker** has the following properties. -Where no description is listed, properties correspond directly to [Enable-Bitlocker](http://technet.microsoft.com/en-us/library/jj649837.aspx) parameters. - -* *DriveType:The type of volume to auto apply Bitlocker to. Valid values are "Fixed" or "Removable" -* *PrimaryProtector:The primary protector type to be used for AutoBitlocker. -Valid values are: "AdAccountOrGroupProtector", "PasswordProtector", "Pin", "RecoveryKeyProtector", "RecoveryPasswordProtector", "StartupKeyProtector", or "TpmProtector" -* MinDiskCapacityGB:If specified, only disks this size or greater will auto apply Bitlocker -* AutoUnlock:Whether volumes should be enabled for auto unlock using Enable-BitlockerAutoUnlock -* AdAccountOrGroup -* AdAccountOrGroupProtector -* EncryptionMethod -* HardwareEncryption -* Password -* PasswordProtector -* Pin -* RecoveryKeyPath -* RecoveryKeyProtector -* RecoveryPasswordProtector -* Service -* SkipHardwareTest -* StartupKeyPath -* StartupKeyProtector -* TpmProtector -* UsedSpaceOnly +Where no description is listed, properties correspond directly to +[Enable-Bitlocker](https://docs.microsoft.com/en-us/powershell/module/bitlocker/enable-bitlocker) +parameters. + +* DriveType: The type of volume to auto apply Bitlocker to. Valid values are + "Fixed" or "Removable" +* PrimaryProtector: The primary protector type to be used for AutoBitlocker. + Valid values are: "AdAccountOrGroupProtector", "PasswordProtector", "Pin", + "RecoveryKeyProtector", "RecoveryPasswordProtector", "StartupKeyProtector", + or "TpmProtector" +* MinDiskCapacityGB: If specified, only disks this size or greater will auto + apply Bitlocker +* AutoUnlock: Whether volumes should be enabled for auto unlock using + Enable-BitlockerAutoUnlock +* AdAccountOrGroup +* AdAccountOrGroupProtector +* EncryptionMethod +* HardwareEncryption +* Password +* PasswordProtector +* Pin +* RecoveryKeyPath +* RecoveryKeyProtector +* RecoveryPasswordProtector +* Service +* SkipHardwareTest +* StartupKeyPath +* StartupKeyProtector +* TpmProtector +* UsedSpaceOnly **xBLBitlocker** has the following properties. -Where no description is listed, properties correspond directly to [Enable-Bitlocker](http://technet.microsoft.com/en-us/library/jj649837.aspx) parameters. - -* *MountPoint:The MountPoint name as reported in Get-BitLockerVolume -* *PrimaryProtector:The primary protector type to be used for AutoBitlocker. -Valid values are: "AdAccountOrGroupProtector", "PasswordProtector", "Pin", "RecoveryKeyProtector", "RecoveryPasswordProtector", "StartupKeyProtector", or "TpmProtector" -* AutoUnlock:Whether volumes should be enabled for auto unlock using Enable-BitlockerAutoUnlock -* AllowImmediateReboot:Whether the computer can be immediately rebooted after enabling Bitlocker on an OS drive. -Defaults to false. - -* AdAccountOrGroup -* AdAccountOrGroupProtector -* EncryptionMethod -* HardwareEncryption -* Password -* PasswordProtector -* Pin -* RecoveryKeyPath -* RecoveryKeyProtector -* RecoveryPasswordProtector -* Service -* SkipHardwareTest -* StartupKeyPath -* StartupKeyProtector -* TpmProtector -* UsedSpaceOnly - -**xBLTpm** is used to initialize a TPM chip using [Initialize-TPM](http://technet.microsoft.com/en-us/library/jj603112.aspx). +Where no description is listed, properties correspond directly to +[Enable-Bitlocker](https://docs.microsoft.com/en-us/powershell/module/bitlocker/enable-bitlocker) +parameters. + +* MountPoint: The MountPoint name as reported in Get-BitLockerVolume +* PrimaryProtector: The primary protector type to be used for AutoBitlocker. + Valid values are: "AdAccountOrGroupProtector", "PasswordProtector", "Pin", + "RecoveryKeyProtector", "RecoveryPasswordProtector", "StartupKeyProtector", + or "TpmProtector" +* AutoUnlock: Whether volumes should be enabled for auto unlock using + Enable-BitlockerAutoUnlock +* AllowImmediateReboot: Whether the computer can be immediately rebooted after + enabling Bitlocker on an OS drive. + Defaults to false. + +* AdAccountOrGroup +* AdAccountOrGroupProtector +* EncryptionMethod +* HardwareEncryption +* Password +* PasswordProtector +* Pin +* RecoveryKeyPath +* RecoveryKeyProtector +* RecoveryPasswordProtector +* Service +* SkipHardwareTest +* StartupKeyPath +* StartupKeyProtector +* TpmProtector +* UsedSpaceOnly + +**xBLTpm** is used to initialize a TPM chip using +[Initialize-TPM](https://docs.microsoft.com/en-us/powershell/module/trustedplatformmodule/initialize-tpm) +. **xBLTpm** has the following properties. -* *Identity:Not actually used, so could be anything -* AllowClear:Indicates that the provisioning process clears the TPM, if necessary, to move the TPM closer to complying with Windows Server 2012 standards -* AllowPhysicalPresence:Indicates that the provisioning process may send physical presence commands that require a user to be present in order to continue. -* AllowImmediateReboot:Whether the computer can rebooted immediately after initializing the TPM - -## Versions - -### Unreleased - -* Update appveyor.yml to use the default template. -* Added default template files .gitattributes, and .vscode settings. -* Fixes most PSScriptAnalyzer issues. -* Fix issue where AutoUnlock is not set if requested, if the disk was - originally encrypted and AutoUnlock was not used. -* Add remaining Unit Tests for xBitlockerCommon. -* Add Unit tests for MSFT_xBLTpm -* Add remaining Unit Tests for xBLAutoBitlocker -* Add Unit tests for MSFT_xBLBitlocker - -### 1.2.0.0 - -* Converted appveyor.yml to install Pester from PSGallery instead of from Chocolatey. -* Added Codecov support. -* Updated appveyor.yml to use the one in template. -* Added folders for future unit and integration tests. -* Added Visual Studio Code formatting settings. -* Added .gitignore file. -* Added markdown lint rules. -* Fixed encoding on README.md. -* Added `PowerShellVersion = '4.0'`, and updated copyright information, in the - module manifest. -* Fixed issue which caused Test to incorrectly succeed on fully decrypted volumes when correct Key Protectors were present ([issue #13](https://github.com/PowerShell/xBitlocker/issues/13)) -* Fixed issue which caused xBLAutoBitlocker to incorrectly detect Fixed vs Removable volumes. ([issue #11](https://github.com/PowerShell/xBitlocker/issues/11)) -* Fixed issue which made xBLAutoBitlocker unable to encrypt volumes with drive letters assigned. ([issue #10](https://github.com/PowerShell/xBitlocker/issues/10)) -* Fixed an issue in CheckForPreReqs function where on Server Core the installation of the non existing Windows Feature 'RSAT-Feature-Tools-BitLocker-RemoteAdminTool' was erroneously checked. ([issue #8](https://github.com/PowerShell/xBitlocker/issues/8)) - - -### 1.1.0.0 - -* Versioning updates - -### 1.0.1.1 - -* Reduced the number of acceptable values for PrimaryProtector in xBLAutoBitlocker and xBLBitlocker. -* Changed the properties that are returned by Get-TargetResource in xBLAutoBitlocker, xBLBitlocker, and xBLTpm. -* Fixed issue which caused protectors to be continually re-added. - - -### 1.0.0.0 - -* Initial release with the following resources - * xBLAutoBitlocker - * xBLBitlocker - * xBLTpm +* Identity: Not actually used, so could be anything +* AllowClear: Indicates that the provisioning process clears the TPM, if + necessary, to move the TPM closer to complying with Windows Server 2012 + standards +* AllowPhysicalPresence: Indicates that the provisioning process may send + physical presence commands that require a user to be present in order to + continue. +* AllowImmediateReboot: Whether the computer can rebooted immediately after + initializing the TPM ## Examples ### [ConfigureBitlockerOnOSDrive](Examples/ConfigureBitlockerOnOSDrive) This example enables Bitlocker on an Operating System drive. -The example code for ConfigureBitlockerOnOSDrive is located in [`ConfigureBitlockerOnOSDrive.ps1`](Examples/ConfigureBitlockerOnOSDrive/ConfigureBitlockerOnOSDrive.ps1). +The example code for ConfigureBitlockerOnOSDrive is located in +[`ConfigureBitlockerOnOSDrive.ps1`](Examples/ConfigureBitlockerOnOSDrive/ConfigureBitlockerOnOSDrive.ps1) +. ### [ConfigureBitlockerAndAutoBitlocker](Examples/ConfigureBitlockerAndAutoBitlocker) -Enables Bitlocker on an Operating System drive, and automatically enables Bitlocker on all drives of type 'Fixed'. -The example code for ConfigureBitlockerAndAutoBitlocker is located in [`ConfigureBitlockerAndAutoBitlocker.ps1`](Examples/ConfigureBitlockerAndAutoBitlocker/ConfigureBitlockerAndAutoBitlocker.ps1). - +Enables Bitlocker on an Operating System drive, and automatically enables +Bitlocker on all drives of type 'Fixed'. The example code for +ConfigureBitlockerAndAutoBitlocker is located in +[`ConfigureBitlockerAndAutoBitlocker.ps1`](Examples/ConfigureBitlockerAndAutoBitlocker/ConfigureBitlockerAndAutoBitlocker.ps1) +.