Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

PSDesiredStateConfiguration Cannot Encrypt Credentials on Linux #11656

Copy link
Copy link
Closed
Closed
PSDesiredStateConfiguration Cannot Encrypt Credentials on Linux#11656
Copy link
Labels
Area-DSCDesired State Configuration issuesDesired State Configuration issuesIssue-Questionideally support can be provided via other mechanisms, but sometimes folks do open an issue to get aideally support can be provided via other mechanisms, but sometimes folks do open an issue to get a
@mrhockeymonkey

Description

@mrhockeymonkey
mrhockeymonkey
opened on Jan 22, 2020
Issue body actions

When compiling a DSC configuration on Linux using Powershell 7, credentials cannot be encrypted because Protect-CmsMessage is not present on the Linux platform. This is expected since i understand it uses the CertStore #3224.

Since this is a fundamental part of a DSC Configuration is there any plan fix this or add support for encryption using a different cmdlet?

Steps to reproduce

$ConfigData = @{
    AllNodes = @(
        @{
            NodeName = 'hostname'
            CertificateFile = '/tmp/certificates/hostname.cer'
            Thumbprint = '3A9016961C4650036E298DE4AA0D3BE1054B9610'
        }
    )
}

Configuration CredsRequired {
    Import-DscResource -ModuleName PSDscResources

    $myPassword = 'password' | ConvertTo-SecureString -AsPlainText -Force
    $myCredential = [System.Management.Automation.PSCredential]::New('myUser', $myPassword)

    Node $AllNodes.NodeName {
        Group Administrators {
            GroupName        = 'Administrators'
            MembersToInclude = 'myGroup'
            Credential       = $myCredential
        }
    }
}

& CredsRequired -ConfigurationData $ConfigData

Expected behavior

This should produce a mof file containing 'myPassword' as an encrypted blob

Actual behavior

Write-Error: /opt/microsoft/powershell/7-preview/Modules/PSDesiredStateConfiguration/PSDesiredStateConfiguration.psm1:317
Line |
 317 |              ConvertTo-MOFInstance MSFT_Credential $newValue
     |              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | System.Management.Automation.CommandNotFoundException error processing property 'Password' OF TYPE 'MSFT_Credential': The term
     | 'Protect-CmsMessage' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the
     | name, or if a path was included, verify that the path is correct and try again.

Write-Error: /opt/microsoft/powershell/7-preview/Modules/PSDesiredStateConfiguration/PSDesiredStateConfiguration.psm1:2307
Line |
2307 |Write-NodeMOFFile $Name $mofNode $Script:NodeInstanceAlia|                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Invalid MOF definition for node 'hostname': Exception calling "ValidateInstanceText" with "1" argument(s): "Value cannot
     | be null."



    Directory: /tmp/CredsRequired

Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
-----          01/22/2020    12:16           1090 hostname.mof.error
InvalidOperation: /opt/microsoft/powershell/7-preview/Modules/PSDesiredStateConfiguration/PSDesiredStateConfiguration.psm1:3745
Line |
3745 |      throw $ErrorRecord
     |      ~~~~~~~~~~~~~~~~~~
     | Errors occurred while processing configuration 'CredsRequired'.

Environment data

ame                           Value
----                           -----
PSVersion                      7.0.0-rc.2
PSEdition                      Core
GitCommitId                    7.0.0-rc.2
OS                             Linux 3.10.0-957.1.3.el7.x86_64 #1 SMP Thu Nov 29 14:49:43 UTC 2018
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

NAME="Ubuntu"
VERSION="18.04.3 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.3 LTS"
Reactions are currently unavailable

Metadata

Metadata

Assignees

No one assigned

    Labels

    Area-DSCDesired State Configuration issuesDesired State Configuration issuesIssue-Questionideally support can be provided via other mechanisms, but sometimes folks do open an issue to get aideally support can be provided via other mechanisms, but sometimes folks do open an issue to get a

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      Morty Proxy This is a proxified and sanitized view of the page, visit original site.