Skip to content

Commit

Permalink
Merge pull request dsccommunity#42 from mhendric/FixSwitchParams
Browse files Browse the repository at this point in the history
Fix 'UsedSpaceOnly, SkipHardwareTest, HardwareEncryption properties cannot be set to False'
  • Loading branch information
mhendric authored Nov 28, 2018
2 parents 23384dd + 6892e71 commit 88bd797
Show file tree
Hide file tree
Showing 7 changed files with 98 additions and 60 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@
- Rename functions with improper Verb-Noun constructs
- Add comment based help to any functions without it
- Update Schema.mof Description fields
- Fixes issue where Switch parameters are passed to Enable-Bitlocker even if
the corresponding DSC resource parameter was set to False (Issue #12)

## 1.2.0.0

Expand Down
8 changes: 4 additions & 4 deletions Misc/xBitlockerCommon.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -208,22 +208,22 @@ function Enable-BitlockerInternal

if ($PSBoundParameters.ContainsKey("HardwareEncryption"))
{
$params.Add("HardwareEncryption", $true)
$params.Add("HardwareEncryption", $HardwareEncryption)
}

if ($PSBoundParameters.ContainsKey("Service"))
{
$params.Add("Service", $true)
$params.Add("Service", $Service)
}

if ($PSBoundParameters.ContainsKey("SkipHardwareTest"))
{
$params.Add("SkipHardwareTest", $true)
$params.Add("SkipHardwareTest", $SkipHardwareTest)
}

if ($PSBoundParameters.ContainsKey("UsedSpaceOnly"))
{
$params.Add("UsedSpaceOnly", $true)
$params.Add("UsedSpaceOnly", $UsedSpaceOnly)
}

#Now add the primary protector
Expand Down
5 changes: 0 additions & 5 deletions Tests/Integration/MSFT_xBLAutoBitlocker.Integration.tests.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -85,11 +85,6 @@ try
}

It 'Should have set the resource and all the parameters should match' {
$resourceCurrentState = $script:currentConfiguration | Where-Object -FilterScript {
$_.ConfigurationName -eq $configurationName `
-and $_.ResourceId -eq "[$($script:dscResourceFriendlyName)]Integration_Test"
}

$fixedDriveBlvs = Get-BitLockerVolume | Where-Object -FilterScript {$_.VolumeType -eq 'Data'}

foreach ($fixedDriveBlv in $fixedDriveBlvs)
Expand Down
87 changes: 42 additions & 45 deletions Tests/Integration/MSFT_xBLBitlocker.Integration.tests.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -33,14 +33,6 @@ if (!(Test-RequiredFeaturesInstalled))
return
}

# Disable Bitlocker on the OS drive before performing any tests
$sysDriveBlv = Get-BitLockerVolume -MountPoint $env:SystemDrive

if ($sysDriveBlv.KeyProtector.Count -gt 0 -or $sysDriveBlv.ProtectionStatus -ne 'Off')
{
Disable-BitLocker -MountPoint $env:SystemDrive
}

# Using try/finally to always cleanup.
try
{
Expand All @@ -49,48 +41,53 @@ try
. $configurationFile

Describe "$($script:dcsResourceName)_Integration" {
$configurationName = "$($script:dcsResourceName)_BasicTPMEncryptionOnSysDrive_Config"

Context ('When using configuration {0}' -f $configurationName) {
It 'Should compile and apply the MOF without throwing' {
{
$configurationParameters = @{
OutputPath = $TestDrive
ConfigurationData = $ConfigurationData
}

& $configurationName @configurationParameters

$startDscConfigurationParameters = @{
Path = $TestDrive
ComputerName = 'localhost'
Wait = $true
Verbose = $true
Force = $true
ErrorAction = 'Stop'
}

Start-DscConfiguration @startDscConfigurationParameters
} | Should -Not -Throw
}
$configurationNames = @(
"$($script:dcsResourceName)_BasicTPMEncryptionOnSysDrive_Config"
"$($script:dcsResourceName)_TPMEncryptionOnSysDriveWithFalseSwitchParams_Config"
)

foreach ($configurationName in $configurationNames)
{
Context ('When using configuration {0}' -f $configurationName) {
BeforeAll {
Disable-BitLockerOnTestDrive -MountPoint $env:SystemDrive
}

It 'Should be able to call Get-DscConfiguration without throwing' {
{
$script:currentConfiguration = Get-DscConfiguration -Verbose -ErrorAction Stop
} | Should -Not -Throw
}
It 'Should compile and apply the MOF without throwing' {
{
$configurationParameters = @{
OutputPath = $TestDrive
ConfigurationData = $ConfigurationData
}

& $configurationName @configurationParameters

$startDscConfigurationParameters = @{
Path = $TestDrive
ComputerName = 'localhost'
Wait = $true
Verbose = $true
Force = $true
ErrorAction = 'Stop'
}

Start-DscConfiguration @startDscConfigurationParameters
} | Should -Not -Throw
}

It 'Should have set the resource and all the parameters should match' {
$resourceCurrentState = $script:currentConfiguration | Where-Object -FilterScript {
$_.ConfigurationName -eq $configurationName `
-and $_.ResourceId -eq "[$($script:dscResourceFriendlyName)]Integration_Test"
It 'Should be able to call Get-DscConfiguration without throwing' {
{
$script:currentConfiguration = Get-DscConfiguration -Verbose -ErrorAction Stop
} | Should -Not -Throw
}

(Get-BitlockerVolume -MountPoint $env:SystemDrive).KeyProtector[0].KeyProtectorType | Should -Be 'Tpm'
}
It 'Should have set the resource and all the parameters should match' {
(Get-BitlockerVolume -MountPoint $env:SystemDrive).KeyProtector[0].KeyProtectorType | Should -Be 'Tpm'
}

It 'Should return $true when Test-DscConfiguration is run' {
Test-DscConfiguration -Verbose | Should -Be $true
It 'Should return $true when Test-DscConfiguration is run' {
Test-DscConfiguration -Verbose | Should -Be $true
}
}
}
}
Expand Down
25 changes: 24 additions & 1 deletion Tests/Integration/MSFT_xBLBitlocker.config.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ else

<#
.SYNOPSIS
Enables Bitlocker on the Operating System drive using a TpmProtector
Enables Bitlocker on the Operating System drive using a TpmProtector.
#>
Configuration MSFT_xBLBitlocker_BasicTPMEncryptionOnSysDrive_Config
{
Expand All @@ -32,6 +32,29 @@ Configuration MSFT_xBLBitlocker_BasicTPMEncryptionOnSysDrive_Config
{
MountPoint = $env:SystemDrive
PrimaryProtector = 'TpmProtector'
UsedSpaceOnly = $true
}
}
}

<#
.SYNOPSIS
Enables Bitlocker on the Operating System drive using a TpmProtector
and passed multiple Switch parameters of Enable-Bitlocker with False
values.
#>
Configuration MSFT_xBLBitlocker_TPMEncryptionOnSysDriveWithFalseSwitchParams_Config
{
Import-DscResource -ModuleName 'xBitlocker'

Node $AllNodes.NodeName
{
xBLBitlocker Integration_Test
{
MountPoint = $env:SystemDrive
PrimaryProtector = 'TpmProtector'
HardwareEncryption = $false
UsedSpaceOnly = $false
}
}
}
5 changes: 0 additions & 5 deletions Tests/Integration/MSFT_xBLTpm.Integration.tests.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -73,11 +73,6 @@ try
}

It 'Should have set the resource and all the parameters should match' {
$resourceCurrentState = $script:currentConfiguration | Where-Object -FilterScript {
$_.ConfigurationName -eq $configurationName `
-and $_.ResourceId -eq "[$($script:dscResourceFriendlyName)]Integration_Test"
}

(Get-Tpm).TpmReady | Should -Be $true
}

Expand Down
26 changes: 26 additions & 0 deletions Tests/TestHelpers/xBitlockerTestHelper.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -42,3 +42,29 @@ function Test-HasPresentTpm

return $hasReadyTpm
}

<#
.SYNOPSIS
Disables BitLocker on a test drive, if Enabled
.PARAMETER MountPoint
The MountPoint to disable BitLocker on
#>
function Disable-BitLockerOnTestDrive
{
[CmdletBinding()]
param
(
[Parameter(Mandatory = $true)]
[ValidateNotNullorEmpty()]
[System.String]
$MountPoint
)

$blv = Get-BitLockerVolume -MountPoint $MountPoint

if ($blv.KeyProtector.Count -gt 0 -or $blv.ProtectionStatus -ne 'Off')
{
Disable-BitLocker -MountPoint $blv
}
}

0 comments on commit 88bd797

Please sign in to comment.