When compiling a DSC configuration on Linux using Powershell 7, credentials cannot be encrypted because Protect-CmsMessage is not present on the Linux platform. This is expected since i understand it uses the CertStore #3224.
Since this is a fundamental part of a DSC Configuration is there any plan fix this or add support for encryption using a different cmdlet?
Steps to reproduce
$ConfigData = @{
AllNodes = @(
@{
NodeName = 'hostname'
CertificateFile = '/tmp/certificates/hostname.cer'
Thumbprint = '3A9016961C4650036E298DE4AA0D3BE1054B9610'
}
)
}
Configuration CredsRequired {
Import-DscResource -ModuleName PSDscResources
$myPassword = 'password' | ConvertTo-SecureString -AsPlainText -Force
$myCredential = [System.Management.Automation.PSCredential]::New('myUser', $myPassword)
Node $AllNodes.NodeName {
Group Administrators {
GroupName = 'Administrators'
MembersToInclude = 'myGroup'
Credential = $myCredential
}
}
}
& CredsRequired -ConfigurationData $ConfigDataExpected behavior
This should produce a mof file containing 'myPassword' as an encrypted blob
Actual behavior
Write-Error: /opt/microsoft/powershell/7-preview/Modules/PSDesiredStateConfiguration/PSDesiredStateConfiguration.psm1:317
Line |
317 | ConvertTo-MOFInstance MSFT_Credential $newValue
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| System.Management.Automation.CommandNotFoundException error processing property 'Password' OF TYPE 'MSFT_Credential': The term
| 'Protect-CmsMessage' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the
| name, or if a path was included, verify that the path is correct and try again.
Write-Error: /opt/microsoft/powershell/7-preview/Modules/PSDesiredStateConfiguration/PSDesiredStateConfiguration.psm1:2307
Line |
2307 | … Write-NodeMOFFile $Name $mofNode $Script:NodeInstanceAlia …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Invalid MOF definition for node 'hostname': Exception calling "ValidateInstanceText" with "1" argument(s): "Value cannot
| be null."
Directory: /tmp/CredsRequired
Mode LastWriteTime Length Name
---- ------------- ------ ----
----- 01/22/2020 12:16 1090 hostname.mof.error
InvalidOperation: /opt/microsoft/powershell/7-preview/Modules/PSDesiredStateConfiguration/PSDesiredStateConfiguration.psm1:3745
Line |
3745 | throw $ErrorRecord
| ~~~~~~~~~~~~~~~~~~
| Errors occurred while processing configuration 'CredsRequired'.Environment data
ame Value
---- -----
PSVersion 7.0.0-rc.2
PSEdition Core
GitCommitId 7.0.0-rc.2
OS Linux 3.10.0-957.1.3.el7.x86_64 #1 SMP Thu Nov 29 14:49:43 UTC 2018
Platform Unix
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
NAME="Ubuntu"
VERSION="18.04.3 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.3 LTS"
When compiling a DSC configuration on Linux using Powershell 7, credentials cannot be encrypted because
Protect-CmsMessageis not present on the Linux platform. This is expected since i understand it uses the CertStore #3224.Since this is a fundamental part of a DSC Configuration is there any plan fix this or add support for encryption using a different cmdlet?
Steps to reproduce
Expected behavior
Actual behavior
Environment data