dsccommunity · brajjan · Sep 9, 2022 · Sep 9, 2022
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- FirewallProfile
+  - Added `PolicyStore` parameter (defaults to PersistentStore to prevent a breaking change) - fixes [Issue #428](https://github.com/dsccommunity/NetworkingDsc/issues/428).
+
 ### Changed
 
 - Updated CHANGELOG.md

diff --git a/source/DSCResources/DSC_FirewallProfile/DSC_FirewallProfile.psm1 b/source/DSCResources/DSC_FirewallProfile/DSC_FirewallProfile.psm1
@@ -22,10 +22,13 @@ $script:parameterList = $resourceData.ParameterList
 
 <#
     .SYNOPSIS
-        Returns the current Firewall Profile.
+        Returns the current Firewall Profile of the selected Policy Store
 
     .PARAMETER Name
         The name of the firewall profile to configure.
+
+    .PARAMETER PolicyStore
+        Specifies the policy store from which to retrieve the rules to be created.
 #>
 function Get-TargetResource
 {
@@ -36,7 +39,12 @@ function Get-TargetResource
         [Parameter(Mandatory = $true)]
         [ValidateSet('Domain', 'Public', 'Private')]
         [System.String]
-        $Name
+        $Name,
+
+        [Parameter()]
+        [ValidateSet('PersistentStore', 'localhost')]
+        [String]
+        $PolicyStore = 'PersistentStore'
     )
 
     Write-Verbose -Message ( @(
@@ -48,11 +56,13 @@ function Get-TargetResource
     # Get the current Dns Client Global Settings
     $netFirewallProfile = Get-NetFirewallProfile `
         -Name $Name `
+        -PolicyStore $Policystore `
         -ErrorAction Stop
 
     # Generate the return object.
     $returnValue = @{
-        Name = $Name
+        Name        = $Name
+        PolicyStore = $PolicyStore
     }
 
     foreach ($parameter in $script:parameterList)
@@ -65,10 +75,9 @@ function Get-TargetResource
     return $returnValue
 } # Get-TargetResource
 
-
 <#
     .SYNOPSIS
-        Sets the Firewall Profile.
+        Sets the Firewall Profile of the selected Policy Store.
 
     .PARAMETER Name
         The name of the firewall profile to configure.
@@ -129,6 +138,9 @@ function Get-TargetResource
 
     .PARAMETER NotifyOnListen
         Allows the notification of listening for inbound connections by a service.
+
+    .PARAMETER PolicyStore
+        Specifies the policy store from which to retrieve the rules to be created.
 #>
 function Set-TargetResource
 {
@@ -215,14 +227,19 @@ function Set-TargetResource
         $LogIgnored,
 
         [Parameter()]
-        [ValidateRange(1,32767)]
+        [ValidateRange(1, 32767)]
         [System.Uint64]
         $LogMaxSizeKilobytes,
 
         [Parameter()]
         [ValidateSet('True', 'False', 'NotConfigured')]
         [System.String]
-        $NotifyOnListen
+        $NotifyOnListen,
+
+        [Parameter()]
+        [ValidateSet('PersistentStore', 'localhost')]
+        [String]
+        $PolicyStore = 'PersistentStore'
     )
 
     Write-Verbose -Message ( @(
@@ -234,6 +251,7 @@ function Set-TargetResource
     # Get the current Firewall Profile Settings
     $netFirewallProfile = Get-NetFirewallProfile `
         -Name $Name `
+        -PolicyStore $PolicyStore `
         -ErrorAction Stop
 
     # Generate a list of parameters that will need to be changed.
@@ -245,38 +263,38 @@ function Set-TargetResource
         $parameterNewValue = (Get-Variable -Name ($parameter.name)).Value
 
         if ($PSBoundParameters.ContainsKey($parameter.Name) `
-            -and (Compare-Object -ReferenceObject $parameterSourceValue -DifferenceObject $parameterNewValue -SyncWindow 0))
+                -and (Compare-Object -ReferenceObject $parameterSourceValue -DifferenceObject $parameterNewValue -SyncWindow 0))
         {
             $changeParameters += @{
                 $($parameter.name) = $parameterNewValue
             }
 
             Write-Verbose -Message ( @(
-                "$($MyInvocation.MyCommand): "
-                $($script:localizedData.FirewallProfileUpdateParameterMessage) `
-                    -f $Name,$parameter.Name,$parameterNewValue
+                    "$($MyInvocation.MyCommand): "
+                    $($script:localizedData.FirewallProfileUpdateParameterMessage) `
+                        -f $Name, $parameter.Name, $parameterNewValue
                 ) -join '' )
         } # if
     } # foreach
 
     if ($changeParameters.Count -gt 0)
     {
         # Update any parameters that were identified as different
-        $null = Set-NetFirewallProfile -Name $Name `
+        $null = Set-NetFirewallProfile -Name $Name -PolicyStore $PolicyStore `
             @ChangeParameters `
             -ErrorAction Stop
 
         Write-Verbose -Message ( @(
-            "$($MyInvocation.MyCommand): "
-            $($script:localizedData.FirewallProfileUpdatedMessage) `
-                -f $Name
+                "$($MyInvocation.MyCommand): "
+                $($script:localizedData.FirewallProfileUpdatedMessage) `
+                    -f $Name
             ) -join '' )
     } # if
 } # Set-TargetResource
 
 <#
     .SYNOPSIS
-        Tests the state of Firewall Profile.
+        Tests the state of Firewall Profile of the selected Policy Store.
 
     .PARAMETER Name
         The name of the firewall profile to configure.
@@ -337,6 +355,9 @@ function Set-TargetResource
 
     .PARAMETER NotifyOnListen
         Allows the notification of listening for inbound connections by a service.
+
+    .PARAMETER PolicyStore
+        Specifies the policy store from which to retrieve the rules to be created.
 #>
 function Test-TargetResource
 {
@@ -424,14 +445,19 @@ function Test-TargetResource
         $LogIgnored,
 
         [Parameter()]
-        [ValidateRange(1,32767)]
+        [ValidateRange(1, 32767)]
         [System.Uint64]
         $LogMaxSizeKilobytes,
 
         [Parameter()]
         [ValidateSet('True', 'False', 'NotConfigured')]
         [System.String]
-        $NotifyOnListen
+        $NotifyOnListen,
+
+        [Parameter()]
+        [ValidateSet('PersistentStore', 'localhost')]
+        [String]
+        $PolicyStore = 'PersistentStore'
     )
 
     Write-Verbose -Message ( @(
@@ -446,6 +472,7 @@ function Test-TargetResource
     # Get the current Dns Client Global Settings
     $netFirewallProfile = Get-NetFirewallProfile `
         -Name $Name `
+        -PolicyStore $PolicyStore `
         -ErrorAction Stop
 
     # Check each parameter
@@ -455,12 +482,12 @@ function Test-TargetResource
         $parameterNewValue = (Get-Variable -Name ($parameter.name)).Value
 
         if ($PSBoundParameters.ContainsKey($parameter.Name) `
-            -and (Compare-Object -ReferenceObject $parameterSourceValue -DifferenceObject $parameterNewValue -SyncWindow 0))
+                -and (Compare-Object -ReferenceObject $parameterSourceValue -DifferenceObject $parameterNewValue -SyncWindow 0))
         {
             Write-Verbose -Message ( @(
-                "$($MyInvocation.MyCommand): "
-                $($script:localizedData.FirewallProfileParameterNeedsUpdateMessage) `
-                    -f $Name,$parameter.Name,$parameterSourceValue,$parameterNewValue
+                    "$($MyInvocation.MyCommand): "
+                    $($script:localizedData.FirewallProfileParameterNeedsUpdateMessage) `
+                        -f $Name, $parameter.Name, $parameterSourceValue, $parameterNewValue
                 ) -join '' )
 
             $desiredConfigurationMatch = $false

diff --git a/source/DSCResources/DSC_FirewallProfile/DSC_FirewallProfile.schema.mof b/source/DSCResources/DSC_FirewallProfile/DSC_FirewallProfile.schema.mof
@@ -19,4 +19,5 @@ class DSC_FirewallProfile : OMI_BaseResource
     [Write, Description("Specifies how to log the ignored packets in the location specified by the LogFileName parameter."), ValueMap{"True", "False", "NotConfigured"}, Values{"True", "False", "NotConfigured"}] String LogIgnored;
     [Write, Description("Specifies the maximum file size of the log, in kilobytes. The acceptable values for this parameter are: 1 through 32767.")] UInt64 LogMaxSizeKilobytes;
     [Write, Description("Allows the notification of listening for inbound connections by a service."), ValueMap{"True", "False", "NotConfigured"}, Values{"True", "False", "NotConfigured"}] String NotifyOnListen;
+    [Write, Description("Specifies the policy store from which to retrieve the rules to be created."), ValueMap{"localhost", "PersistentStore"}, Values{"localhost", "PersistentStore"}] String PolicyStore;
 };