From 6fe7a3d472b147006eabfbcc45b30e395c8a935c Mon Sep 17 00:00:00 2001 From: Robert Petersson Date: Fri, 2 Sep 2022 22:46:09 +0200 Subject: [PATCH 01/13] Allow targeting local group policy --- .../DSC_Firewall/DSC_Firewall.data.psd1 | 65 ++++++++++--------- .../DSC_Firewall/DSC_Firewall.psm1 | 65 +++++++++++++++---- .../DSC_Firewall/DSC_Firewall.schema.mof | 2 + 3 files changed, 86 insertions(+), 46 deletions(-) diff --git a/source/DSCResources/DSC_Firewall/DSC_Firewall.data.psd1 b/source/DSCResources/DSC_Firewall/DSC_Firewall.data.psd1 index 73bc7daa..f92c0ac5 100644 --- a/source/DSCResources/DSC_Firewall/DSC_Firewall.data.psd1 +++ b/source/DSCResources/DSC_Firewall/DSC_Firewall.data.psd1 @@ -1,36 +1,37 @@ @{ ParameterList = @( - @{ Name = 'Name'; Variable = 'FirewallRule'; Type = 'String' } - @{ Name = 'DisplayName'; Variable = 'FirewallRule'; Type = 'String' } - @{ Name = 'Group'; Variable = 'FirewallRule'; Type = 'String' } - @{ Name = 'DisplayGroup'; Variable = 'FirewallRule'; Type = '' } - @{ Name = 'Enabled'; Variable = 'FirewallRule'; Type = 'String' } - @{ Name = 'Action'; Variable = 'FirewallRule'; Type = 'String' } - @{ Name = 'Profile'; Variable = 'FirewallRule'; Type = 'Array'; Delimiter = ', ' } - @{ Name = 'Direction'; Variable = 'FirewallRule'; Type = 'String' } - @{ Name = 'Description'; Variable = 'FirewallRule'; Type = 'String' } - @{ Name = 'RemotePort'; Variable = 'properties'; Property = 'PortFilters'; Type = 'Array' } - @{ Name = 'LocalPort'; Variable = 'properties'; Property = 'PortFilters'; Type = 'Array' } - @{ Name = 'Protocol'; Variable = 'properties'; Property = 'PortFilters'; Type = 'String' } - @{ Name = 'Program'; Variable = 'properties'; Property = 'ApplicationFilters'; Type = 'String' } - @{ Name = 'Service'; Variable = 'properties'; Property = 'ServiceFilters'; Type = 'String' } - @{ Name = 'Authentication'; Variable = 'properties'; Property = 'SecurityFilters'; Type = 'String' } - @{ Name = 'Encryption'; Variable = 'properties'; Property = 'SecurityFilters'; Type = 'String' } - @{ Name = 'InterfaceAlias'; Variable = 'properties'; Property = 'InterfaceFilters'; Type = 'Array' } - @{ Name = 'InterfaceType'; Variable = 'properties'; Property = 'InterfaceTypeFilters'; Type = 'String' } - @{ Name = 'LocalAddress'; Variable = 'properties'; Property = 'AddressFilters'; Type = 'ArrayIP' } - @{ Name = 'LocalUser'; Variable = 'properties'; Property = 'SecurityFilters'; Type = 'String' } - @{ Name = 'Package'; Variable = 'properties'; Property = 'ApplicationFilters'; Type = 'String' } - @{ Name = 'Platform'; Variable = 'FirewallRule'; Type = 'Array' } - @{ Name = 'RemoteAddress'; Variable = 'properties'; Property = 'AddressFilters'; Type = 'ArrayIP' } - @{ Name = 'RemoteMachine'; Variable = 'properties'; Property = 'SecurityFilters'; Type = 'String' } - @{ Name = 'RemoteUser'; Variable = 'properties'; Property = 'SecurityFilters'; Type = 'String' } - @{ Name = 'DynamicTransport'; Variable = 'properties'; Property = 'PortFilters'; Type = 'String' } - @{ Name = 'EdgeTraversalPolicy'; Variable = 'FirewallRule'; Type = 'String' } - @{ Name = 'IcmpType'; Variable = 'properties'; Property = 'PortFilters'; Type = 'Array' } - @{ Name = 'LocalOnlyMapping'; Variable = 'FirewallRule'; Type = 'Boolean' } - @{ Name = 'LooseSourceMapping'; Variable = 'FirewallRule'; Type = 'Boolean' } - @{ Name = 'OverrideBlockRules'; Variable = 'properties'; Property = 'SecurityFilters'; Type = 'Boolean' } - @{ Name = 'Owner'; Variable = 'FirewallRule'; Type = 'String' } + @{ Name = 'Name'; Variable = 'FirewallRule'; Type = 'String' } + @{ Name = 'DisplayName'; Variable = 'FirewallRule'; Type = 'String' } + @{ Name = 'Group'; Variable = 'FirewallRule'; Type = 'String' } + @{ Name = 'DisplayGroup'; Variable = 'FirewallRule'; Type = '' } + @{ Name = 'Enabled'; Variable = 'FirewallRule'; Type = 'String' } + @{ Name = 'Action'; Variable = 'FirewallRule'; Type = 'String' } + @{ Name = 'Profile'; Variable = 'FirewallRule'; Type = 'Array'; Delimiter = ', ' } + @{ Name = 'Direction'; Variable = 'FirewallRule'; Type = 'String' } + @{ Name = 'Description'; Variable = 'FirewallRule'; Type = 'String' } + @{ Name = 'RemotePort'; Variable = 'properties'; Property = 'PortFilters'; Type = 'Array' } + @{ Name = 'LocalPort'; Variable = 'properties'; Property = 'PortFilters'; Type = 'Array' } + @{ Name = 'Protocol'; Variable = 'properties'; Property = 'PortFilters'; Type = 'String' } + @{ Name = 'Program'; Variable = 'properties'; Property = 'ApplicationFilters'; Type = 'String' } + @{ Name = 'Service'; Variable = 'properties'; Property = 'ServiceFilters'; Type = 'String' } + @{ Name = 'Authentication'; Variable = 'properties'; Property = 'SecurityFilters'; Type = 'String' } + @{ Name = 'Encryption'; Variable = 'properties'; Property = 'SecurityFilters'; Type = 'String' } + @{ Name = 'InterfaceAlias'; Variable = 'properties'; Property = 'InterfaceFilters'; Type = 'Array' } + @{ Name = 'InterfaceType'; Variable = 'properties'; Property = 'InterfaceTypeFilters'; Type = 'String' } + @{ Name = 'LocalAddress'; Variable = 'properties'; Property = 'AddressFilters'; Type = 'ArrayIP' } + @{ Name = 'LocalUser'; Variable = 'properties'; Property = 'SecurityFilters'; Type = 'String' } + @{ Name = 'Package'; Variable = 'properties'; Property = 'ApplicationFilters'; Type = 'String' } + @{ Name = 'Platform'; Variable = 'FirewallRule'; Type = 'Array' } + @{ Name = 'RemoteAddress'; Variable = 'properties'; Property = 'AddressFilters'; Type = 'ArrayIP' } + @{ Name = 'RemoteMachine'; Variable = 'properties'; Property = 'SecurityFilters'; Type = 'String' } + @{ Name = 'RemoteUser'; Variable = 'properties'; Property = 'SecurityFilters'; Type = 'String' } + @{ Name = 'DynamicTransport'; Variable = 'properties'; Property = 'PortFilters'; Type = 'String' } + @{ Name = 'EdgeTraversalPolicy'; Variable = 'FirewallRule'; Type = 'String' } + @{ Name = 'IcmpType'; Variable = 'properties'; Property = 'PortFilters'; Type = 'Array' } + @{ Name = 'LocalOnlyMapping'; Variable = 'FirewallRule'; Type = 'Boolean' } + @{ Name = 'LooseSourceMapping'; Variable = 'FirewallRule'; Type = 'Boolean' } + @{ Name = 'OverrideBlockRules'; Variable = 'properties'; Property = 'SecurityFilters'; Type = 'Boolean' } + @{ Name = 'Owner'; Variable = 'FirewallRule'; Type = 'String' } + @{ Name = 'PolicyStoreSourceType'; Variable = 'FirewallRule'; Type = 'String' } # Use this instead of PolicyStore as Get-NetFirewallRule does not include PoliyStore ) } diff --git a/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 b/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 index f5dd463d..9b9c43c3 100644 --- a/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 +++ b/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 @@ -45,7 +45,11 @@ function Get-TargetResource [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [String] - $Name + $Name, + [Parameter()] + [ValidateSet('PersistentStore', 'localhost')] + [String] + $PolicyStore = 'PersistentStore' ) $ErrorActionPreference = 'Stop' @@ -57,7 +61,7 @@ function Get-TargetResource $($script:localizedData.FindFirewallRuleMessage) -f $Name ) -join '') - $firewallRule = Get-FirewallRule -Name $Name + $firewallRule = Get-FirewallRule -Name $Name -PolicyStore $PolicyStore if (-not $firewallRule) { @@ -70,7 +74,7 @@ function Get-TargetResource } } - $properties = Get-FirewallRuleProperty -FirewallRule $firewallRule + $properties = Get-FirewallRuleProperty -FirewallRule $firewallRule -PolicyStore $PolicyStore $result = @{ Ensure = 'Present' @@ -397,7 +401,17 @@ function Set-TargetResource [Parameter()] [ValidateNotNullOrEmpty()] [String] - $Owner + $Owner, + + [Parameter()] + [ValidateSet('PersistentStore', 'localhost')] + [String] + $PolicyStore = 'PersistentStore', + + [Parameter()] + [ValidateNotNullOrEmpty()] + [String] + $PolicyStoreSourceType ) Write-Verbose -Message ( @( "$($MyInvocation.MyCommand): " @@ -410,7 +424,7 @@ function Set-TargetResource Write-Verbose -Message ( @( "$($MyInvocation.MyCommand): " $($script:localizedData.FindFirewallRuleMessage) -f $Name ) -join '') - $firewallRule = Get-FirewallRule -Name $Name + $firewallRule = Get-FirewallRule -Name $Name -PolicyStore $PolicyStore $exists = ($null -ne $firewallRule) @@ -446,7 +460,7 @@ function Set-TargetResource Merge the existing rule values into the PSBoundParameters so that it can be splatted. #> - $properties = Get-FirewallRuleProperty -FirewallRule $firewallRule + $properties = Get-FirewallRuleProperty -FirewallRule $firewallRule -PolicyStore $PolicyStore <# Loop through each possible property and if it is not passed as a parameter @@ -820,7 +834,17 @@ function Test-TargetResource [Parameter()] [ValidateNotNullOrEmpty()] [String] - $Owner + $Owner, + + [Parameter()] + [ValidateSet('PersistentStore', 'localhost')] + [String] + $PolicyStore = 'PersistentStore', + + [Parameter()] + [ValidateNotNullOrEmpty()] + [String] + $PolicyStoreSourceType ) Write-Verbose -Message ( @( "$($MyInvocation.MyCommand): " @@ -834,7 +858,7 @@ function Test-TargetResource $($script:localizedData.FindFirewallRuleMessage) -f $Name ) -join '') - $firewallRule = Get-FirewallRule -Name $Name + $firewallRule = Get-FirewallRule -Name $Name -PolicyStore $PolicyStore $exists = ($null -ne $firewallRule) @@ -1139,10 +1163,14 @@ function Test-RuleProperties [Parameter()] [String] - $Owner + $Owner, + [Parameter()] + [ValidateSet('PersistentStore', 'localhost')] + [String] + $PolicyStore = 'PersistentStore' ) - $properties = Get-FirewallRuleProperty -FirewallRule $FirewallRule + $properties = Get-FirewallRuleProperty -FirewallRule $FirewallRule -PolicyStore $PolicyStore $desiredConfigurationMatch = $true <# @@ -1243,7 +1271,7 @@ function Test-RuleProperties .PARAMETER Name The name of the Firewall Rule to Retrieve. #> -function Get-FirewallRule +function Get-FirewallRule # DONE { [CmdletBinding()] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] @@ -1252,10 +1280,14 @@ function Get-FirewallRule [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [String] - $Name + $Name, + [Parameter()] + [ValidateSet('PersistentStore', 'localhost')] + [String] + $PolicyStore = 'PersistentStore' ) - $firewallRule = @(Get-NetFirewallRule -Name (ConvertTo-FirewallRuleNameEscapedString -Name $Name) -ErrorAction SilentlyContinue) + $firewallRule = @(Get-NetFirewallRule -Name (ConvertTo-FirewallRuleNameEscapedString -Name $Name) -PolicyStore $PolicyStore -ErrorAction SilentlyContinue) if (-not $firewallRule) { @@ -1293,7 +1325,12 @@ function Get-FirewallRuleProperty param ( [Parameter(Mandatory = $true)] - $FirewallRule + $FirewallRule, + + [Parameter()] + [ValidateSet('PersistentStore', 'localhost')] + [String] + $PolicyStore = 'PersistentStore' ) Write-Verbose -Message ( @( "$($MyInvocation.MyCommand): " diff --git a/source/DSCResources/DSC_Firewall/DSC_Firewall.schema.mof b/source/DSCResources/DSC_Firewall/DSC_Firewall.schema.mof index ab750490..37573f71 100644 --- a/source/DSCResources/DSC_Firewall/DSC_Firewall.schema.mof +++ b/source/DSCResources/DSC_Firewall/DSC_Firewall.schema.mof @@ -33,5 +33,7 @@ class DSC_Firewall : OMI_BaseResource [Write, Description("Indicates that matching firewall rules of the indicated value are created.")] Boolean LooseSourceMapping; [Write, Description("Indicates that matching network traffic that would otherwise be blocked are allowed.")] Boolean OverrideBlockRules; [Write, Description("Specifies that matching firewall rules of the indicated owner are created.")] String Owner; + [Write, Description("Specifies the policy store from which to retrieve the rules to be created."), ValueMap{"PersistantStore", "localhost"},Values{"PersistantStore", "localhost"}] String PolicyStore; + [Write, Description("Specifies that firewall rules that match the indicated policy store source type are retrieved.")] String PolicyStoreSourceType; [Read, Description("The current value of the Display Group of the Firewall Rule.")] string DisplayGroup; }; From 18fbd2fdc6d12b34aa90f86a269facc904c2061c Mon Sep 17 00:00:00 2001 From: Robert Petersson Date: Fri, 2 Sep 2022 22:49:20 +0200 Subject: [PATCH 02/13] fix syntax --- source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 b/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 index 9b9c43c3..3bd94fa0 100644 --- a/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 +++ b/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 @@ -46,6 +46,7 @@ function Get-TargetResource [ValidateNotNullOrEmpty()] [String] $Name, + [Parameter()] [ValidateSet('PersistentStore', 'localhost')] [String] @@ -1164,6 +1165,7 @@ function Test-RuleProperties [Parameter()] [String] $Owner, + [Parameter()] [ValidateSet('PersistentStore', 'localhost')] [String] @@ -1271,7 +1273,7 @@ function Test-RuleProperties .PARAMETER Name The name of the Firewall Rule to Retrieve. #> -function Get-FirewallRule # DONE +function Get-FirewallRule { [CmdletBinding()] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] @@ -1281,6 +1283,7 @@ function Get-FirewallRule # DONE [ValidateNotNullOrEmpty()] [String] $Name, + [Parameter()] [ValidateSet('PersistentStore', 'localhost')] [String] From 9218fd2c990eba72762748782992e6f40d5e20b6 Mon Sep 17 00:00:00 2001 From: Robert Petersson Date: Fri, 2 Sep 2022 23:01:10 +0200 Subject: [PATCH 03/13] Removal of rule should target PolicyStore --- source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 b/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 index 3bd94fa0..dad5cc2e 100644 --- a/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 +++ b/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 @@ -455,7 +455,7 @@ function Set-TargetResource if ($PSBoundParameters.ContainsKey('Group') ` -and ($Group -ne $FirewallRule.Group)) { - Remove-NetFirewallRule -Name (ConvertTo-FirewallRuleNameEscapedString -Name $Name) + Remove-NetFirewallRule -Name (ConvertTo-FirewallRuleNameEscapedString -Name $Name) -PolicyStore $PolicyStore <# Merge the existing rule values into the PSBoundParameters @@ -547,7 +547,7 @@ function Set-TargetResource ) -join '') # Remove the existing Firewall rule - Remove-NetFirewallRule -Name (ConvertTo-FirewallRuleNameEscapedString -Name $Name) + Remove-NetFirewallRule -Name (ConvertTo-FirewallRuleNameEscapedString -Name $Name) -PolicyStore $PolicyStore } else { From bb81c7788cfce5c6efc01a2bc303fe9682623d3b Mon Sep 17 00:00:00 2001 From: Robert Petersson Date: Sat, 3 Sep 2022 20:54:27 +0200 Subject: [PATCH 04/13] change PolicyStoreSourceType to read only --- source/DSCResources/DSC_Firewall/DSC_Firewall.schema.mof | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/DSCResources/DSC_Firewall/DSC_Firewall.schema.mof b/source/DSCResources/DSC_Firewall/DSC_Firewall.schema.mof index 37573f71..85224062 100644 --- a/source/DSCResources/DSC_Firewall/DSC_Firewall.schema.mof +++ b/source/DSCResources/DSC_Firewall/DSC_Firewall.schema.mof @@ -34,6 +34,6 @@ class DSC_Firewall : OMI_BaseResource [Write, Description("Indicates that matching network traffic that would otherwise be blocked are allowed.")] Boolean OverrideBlockRules; [Write, Description("Specifies that matching firewall rules of the indicated owner are created.")] String Owner; [Write, Description("Specifies the policy store from which to retrieve the rules to be created."), ValueMap{"PersistantStore", "localhost"},Values{"PersistantStore", "localhost"}] String PolicyStore; - [Write, Description("Specifies that firewall rules that match the indicated policy store source type are retrieved.")] String PolicyStoreSourceType; + [Read, Description("Specifies that firewall rules that match the indicated policy store source type are retrieved.")] String PolicyStoreSourceType; [Read, Description("The current value of the Display Group of the Firewall Rule.")] string DisplayGroup; }; From 56249c97743635948156bfe998e15dfe4fe958b3 Mon Sep 17 00:00:00 2001 From: Robert Petersson Date: Sat, 3 Sep 2022 21:22:35 +0200 Subject: [PATCH 05/13] update changelog --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 824bd648..b5787a9c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Added + +- Firewall + - Added `PolicyStore` parameter and read only property `PolicyStoreSourceType` - fixes [Issue #428](https://github.com/dsccommunity/NetworkingDsc/issues/428). + ### Changed - Updated CHANGELOG.md From 89eb83a152bbf4a2a72b84889eaf46774b398347 Mon Sep 17 00:00:00 2001 From: Robert Petersson Date: Sat, 3 Sep 2022 21:59:50 +0200 Subject: [PATCH 06/13] update description of added feature --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b5787a9c..2caba9c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added - Firewall - - Added `PolicyStore` parameter and read only property `PolicyStoreSourceType` - fixes [Issue #428](https://github.com/dsccommunity/NetworkingDsc/issues/428). + - Added `PolicyStore` parameter (defaults to PersistentStore to prevent a breaking change) and read only property `PolicyStoreSourceType` - fixes [Issue #428](https://github.com/dsccommunity/NetworkingDsc/issues/428). ### Changed From 81c4e5a8fa09e174c2dd855ee7161a9574974610 Mon Sep 17 00:00:00 2001 From: Robert Petersson Date: Sat, 3 Sep 2022 22:14:07 +0200 Subject: [PATCH 07/13] Update comment based help --- .../DSC_Firewall/DSC_Firewall.psm1 | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 b/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 index dad5cc2e..36ada891 100644 --- a/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 +++ b/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 @@ -34,6 +34,9 @@ $script:parameterList = $script:resourceData.ParameterList .PARAMETER Name Name of the firewall rule. + + .PARAMETER PolicyStore + Targets the policy store from which to retrieve the rules. #> function Get-TargetResource { @@ -243,6 +246,12 @@ function Get-TargetResource .PARAMETER Owner Specifies that matching firewall rules of the indicated owner are created. + + .PARAMETER PolicyStore + Specifies the policy store from which to retrieve the rules to be created. + + .PARAMETER PolicyStoreSourceType + Specifies that firewall rules that match the indicated policy store source type are retrieved. #> function Set-TargetResource { @@ -675,6 +684,12 @@ function Set-TargetResource .PARAMETER Owner Specifies that matching firewall rules of the indicated owner are created. + + .PARAMETER PolicyStore + Specifies the policy store from which to retrieve the rules to be created. + + .PARAMETER PolicyStoreSourceType + Specifies that firewall rules that match the indicated policy store source type are retrieved. #> function Test-TargetResource { @@ -1014,6 +1029,10 @@ function Test-TargetResource .PARAMETER Owner Specifies that matching firewall rules of the indicated owner are created. + + .PARAMETER PolicyStore + Specifies the policy store from which to retrieve the rules to be created. + #> function Test-RuleProperties { @@ -1272,6 +1291,9 @@ function Test-RuleProperties .PARAMETER Name The name of the Firewall Rule to Retrieve. + + .PARAMETER PolicyStore + Specifies the policy store from which to retrieve the rules to be created. #> function Get-FirewallRule { @@ -1320,6 +1342,9 @@ function Get-FirewallRule .PARAMETER FirewallRule The firewall rule object to pull the additional firewall objects for. + + .PARAMETER PolicyStore + Specifies the policy store from which to retrieve the rules to be created. #> function Get-FirewallRuleProperty { From 24d25489c637110ee302a1d6636c5d95ce37d96c Mon Sep 17 00:00:00 2001 From: robpe49 Date: Wed, 28 Sep 2022 13:53:11 +0200 Subject: [PATCH 08/13] add missing PolicyStoreSourceType parameter --- source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 b/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 index 36ada891..cf364bb1 100644 --- a/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 +++ b/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 @@ -1188,7 +1188,12 @@ function Test-RuleProperties [Parameter()] [ValidateSet('PersistentStore', 'localhost')] [String] - $PolicyStore = 'PersistentStore' + $PolicyStore = 'PersistentStore', + + [Parameter()] + [ValidateSet('None', 'Local', 'GroupPolicy', 'Dynamic', 'Generated', 'Hardcoded')] + [String] + $PolicyStoreSourceType ) $properties = Get-FirewallRuleProperty -FirewallRule $FirewallRule -PolicyStore $PolicyStore From fe4855e44122c747bce60dc3cb26bd93fc1d5cf4 Mon Sep 17 00:00:00 2001 From: robpe49 Date: Wed, 28 Sep 2022 13:53:44 +0200 Subject: [PATCH 09/13] correct the validateset for PolicyStoreSourceType --- source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 b/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 index cf364bb1..1a73fc80 100644 --- a/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 +++ b/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 @@ -419,7 +419,7 @@ function Set-TargetResource $PolicyStore = 'PersistentStore', [Parameter()] - [ValidateNotNullOrEmpty()] + [ValidateSet('None', 'Local', 'GroupPolicy', 'Dynamic', 'Generated', 'Hardcoded')] [String] $PolicyStoreSourceType ) @@ -858,7 +858,7 @@ function Test-TargetResource $PolicyStore = 'PersistentStore', [Parameter()] - [ValidateNotNullOrEmpty()] + [ValidateSet('None', 'Local', 'GroupPolicy', 'Dynamic', 'Generated', 'Hardcoded')] [String] $PolicyStoreSourceType ) @@ -1441,7 +1441,7 @@ function ConvertTo-FirewallRuleNameEscapedString $Name ) - return $Name.Replace('[','`[').Replace(']','`]').Replace('*','`*') + return $Name.Replace('[', '`[').Replace(']', '`]').Replace('*', '`*') } Export-ModuleMember -Function *-TargetResource From ff91f4139e10d09d14de3d92e8e713dcf54706df Mon Sep 17 00:00:00 2001 From: robpe49 Date: Wed, 28 Sep 2022 13:58:45 +0200 Subject: [PATCH 10/13] update parameter documentation --- source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 b/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 index 1a73fc80..c17bd901 100644 --- a/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 +++ b/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 @@ -1033,6 +1033,8 @@ function Test-TargetResource .PARAMETER PolicyStore Specifies the policy store from which to retrieve the rules to be created. + .PARAMETER PolicyStoreSourceType + Specifies that firewall rules that match the indicated policy store source type are retrieved. #> function Test-RuleProperties { From 6ea1c8f737e23da7a5a7bf19c3487a679e19b227 Mon Sep 17 00:00:00 2001 From: robpe49 Date: Wed, 28 Sep 2022 14:27:36 +0200 Subject: [PATCH 11/13] fix spelling --- source/DSCResources/DSC_Firewall/DSC_Firewall.schema.mof | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/DSCResources/DSC_Firewall/DSC_Firewall.schema.mof b/source/DSCResources/DSC_Firewall/DSC_Firewall.schema.mof index 85224062..bd8a846a 100644 --- a/source/DSCResources/DSC_Firewall/DSC_Firewall.schema.mof +++ b/source/DSCResources/DSC_Firewall/DSC_Firewall.schema.mof @@ -33,7 +33,7 @@ class DSC_Firewall : OMI_BaseResource [Write, Description("Indicates that matching firewall rules of the indicated value are created.")] Boolean LooseSourceMapping; [Write, Description("Indicates that matching network traffic that would otherwise be blocked are allowed.")] Boolean OverrideBlockRules; [Write, Description("Specifies that matching firewall rules of the indicated owner are created.")] String Owner; - [Write, Description("Specifies the policy store from which to retrieve the rules to be created."), ValueMap{"PersistantStore", "localhost"},Values{"PersistantStore", "localhost"}] String PolicyStore; + [Write, Description("Specifies the policy store from which to retrieve the rules to be created."), ValueMap{"PersistentStore", "localhost"},Values{"PersistantStore", "localhost"}] String PolicyStore; [Read, Description("Specifies that firewall rules that match the indicated policy store source type are retrieved.")] String PolicyStoreSourceType; [Read, Description("The current value of the Display Group of the Firewall Rule.")] string DisplayGroup; }; From c3477865a816203f209e924a98482eb0c1561e9b Mon Sep 17 00:00:00 2001 From: robpe49 Date: Wed, 28 Sep 2022 14:59:38 +0200 Subject: [PATCH 12/13] remove read only property from test and set --- .../DSC_Firewall/DSC_Firewall.psm1 | 20 ++----------------- 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 b/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 index c17bd901..e44b5c2a 100644 --- a/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 +++ b/source/DSCResources/DSC_Firewall/DSC_Firewall.psm1 @@ -249,9 +249,6 @@ function Get-TargetResource .PARAMETER PolicyStore Specifies the policy store from which to retrieve the rules to be created. - - .PARAMETER PolicyStoreSourceType - Specifies that firewall rules that match the indicated policy store source type are retrieved. #> function Set-TargetResource { @@ -416,12 +413,7 @@ function Set-TargetResource [Parameter()] [ValidateSet('PersistentStore', 'localhost')] [String] - $PolicyStore = 'PersistentStore', - - [Parameter()] - [ValidateSet('None', 'Local', 'GroupPolicy', 'Dynamic', 'Generated', 'Hardcoded')] - [String] - $PolicyStoreSourceType + $PolicyStore = 'PersistentStore' ) Write-Verbose -Message ( @( "$($MyInvocation.MyCommand): " @@ -687,9 +679,6 @@ function Set-TargetResource .PARAMETER PolicyStore Specifies the policy store from which to retrieve the rules to be created. - - .PARAMETER PolicyStoreSourceType - Specifies that firewall rules that match the indicated policy store source type are retrieved. #> function Test-TargetResource { @@ -855,12 +844,7 @@ function Test-TargetResource [Parameter()] [ValidateSet('PersistentStore', 'localhost')] [String] - $PolicyStore = 'PersistentStore', - - [Parameter()] - [ValidateSet('None', 'Local', 'GroupPolicy', 'Dynamic', 'Generated', 'Hardcoded')] - [String] - $PolicyStoreSourceType + $PolicyStore = 'PersistentStore' ) Write-Verbose -Message ( @( "$($MyInvocation.MyCommand): " From 41abbf90f407bc7af6efb252f0d91f59c5cbb322 Mon Sep 17 00:00:00 2001 From: robpe49 Date: Wed, 28 Sep 2022 15:15:19 +0200 Subject: [PATCH 13/13] fix additional spelling --- source/DSCResources/DSC_Firewall/DSC_Firewall.schema.mof | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/DSCResources/DSC_Firewall/DSC_Firewall.schema.mof b/source/DSCResources/DSC_Firewall/DSC_Firewall.schema.mof index bd8a846a..d8c41f7b 100644 --- a/source/DSCResources/DSC_Firewall/DSC_Firewall.schema.mof +++ b/source/DSCResources/DSC_Firewall/DSC_Firewall.schema.mof @@ -33,7 +33,7 @@ class DSC_Firewall : OMI_BaseResource [Write, Description("Indicates that matching firewall rules of the indicated value are created.")] Boolean LooseSourceMapping; [Write, Description("Indicates that matching network traffic that would otherwise be blocked are allowed.")] Boolean OverrideBlockRules; [Write, Description("Specifies that matching firewall rules of the indicated owner are created.")] String Owner; - [Write, Description("Specifies the policy store from which to retrieve the rules to be created."), ValueMap{"PersistentStore", "localhost"},Values{"PersistantStore", "localhost"}] String PolicyStore; + [Write, Description("Specifies the policy store from which to retrieve the rules to be created."), ValueMap{"PersistentStore", "localhost"},Values{"PersistentStore", "localhost"}] String PolicyStore; [Read, Description("Specifies that firewall rules that match the indicated policy store source type are retrieved.")] String PolicyStoreSourceType; [Read, Description("The current value of the Display Group of the Firewall Rule.")] string DisplayGroup; };