The Vester project creates pester tests that follow a specific pattern of Describe, It, Try, Catch, Remdiate to test and then fix issues with a VMWare environment, Ex. Update-DNS.Tests.ps1.
In semi-pseudo code, the core of the algorithm is the following:
Param(
[switch]$Remediate = $false
)
Process {
Describe -Name "Test Group Name" -Tag #("Tag") -Fixture {
#Some code to load up state for the test group
foreach ($Thing in $Things) {
It -name "Name of first test" -test {
#Some code to load up state for the test
try {
#Conditional tests using Pester syntax
} catch {
if ($Remediate) {
Write-Warning -Message $_
Write-Warning -Message "Remediation Message"
#Code to remediate issues
} else {
throw $_
}
}
}
}
}
}
I would like to be able to write the code that would allow for the following Pester like DSL syntax:
Param(
[switch]$Remediate = $false
)
CheckGroup "AD User Checks" {
ForEach($Aduser in (Get-aduser -Filter * -Properties HomeDirectory)) {
Check "Home directory path exists" {
Condition {
if ($Aduser.HomeDirectory) {
Test-path $Aduser.HomeDirectory | Should be $true
}
}
Remdiation "Create home directory that doesn't exist" {
New-Item -ItemType Directory -Path $Aduser.HomeDirectory
}
}
}
}
Running this would result in something like the following actually being run:
Describe -Name "AD User Checks" -Fixture {
ForEach($Aduser in (Get-aduser -Filter * -Properties HomeDirectory)) {
It -name "Home directory path exists" -test {
try {
if ($Aduser.HomeDirectory) {
Test-path $Aduser.HomeDirectory | Should be $true
}
} catch {
if ($Remediate) {
Write-Warning -Message $_
Write-Warning -Message "Create home directory that doesn't exist"
New-Item -ItemType Directory -Path $Aduser.HomeDirectory
} else {
throw $_
}
}
}
}
}
How can I go about implementing this DSL designed specifically for performing checks and remediations?
Here is some of the code that I have written to try to accomplish this:
Function CheckGroup {
param (
[Parameter(Mandatory, Position = 0)][String]$Name,
[Parameter(Position = 1)]$CheckGroupScriptBlock
)
Describe $CheckGroupName -Fixture $CheckGroupScriptBlock
}
Function Check {
param (
[Parameter(Mandatory, Position = 0)][String]$Name,
$ConditionScriptBlock,
$RemediationScriptBlock
)
It -name $Name -test {
try {
& $ConditionScriptBlock
} catch {
& $RemediationScriptBlock
}
}
}
Function Condition {
[CmdletBinding()]
param (
[Parameter(Position = 1)]$ScriptBlock
)
& $ScriptBlock
}
Function Remediation {
[CmdletBinding()]
param (
$Name,
[Parameter(Position = 1)]$ScriptBlock,
[bool]$Remediate = $false
)
if ($Remediate) {
Write-Verbose $_
Write-Verbose $Name
& $ScriptBlock
} else {
throw $_
}
}
For the function Check I really need to be able to take in a single script block as a parameter but somehow find the Condition and Remediation function calls inside the script block passed and split them out of the script block and blend them into the appropriate spot in the Try {} Catch {} inside the It in the Check function.
Related
I am currently trying to import a .psm1 file dynamically into a script block to execute it.
I am using parallelisation along with jobs as I need to trigger several modules simultaneously as different users.
This is the code:
$tasksToRun | ForEach-Object -Parallel {
$ScriptBlock = {
param ($scriptName, $Logger, $GlobalConfig, $scriptsRootFolder )
Write-Output ("hello $($scriptsRootFolder)\tasks\$($scriptName)")
Import-Module ("$($scriptsRootFolder)\tasks\$($scriptName)")
& $scriptName -Logger $Logger -GlobalConfig $GlobalConfig
}
$job = Start-Job -scriptblock $ScriptBlock `
-credential $Cred -Name $_ `
-ArgumentList ($_, $using:Logger, $using:globalConfig, $using:scriptsRootFolder) `
Write-Host ("Running task $_")
$job | Wait-job -Timeout $using:timeout
if ($job.State -eq 'Running') {
# Job is still running, stop it
$job.StopJob()
Write-Host "Stopped $($job.Name) task as it took too long"
}
else {
# Job completed normally, get the results
$job | Receive-Job
Write-Host "Finished task $($job.Name)"
}
}
The logger variable is a hashtable as defined here:
$Logger = #{
generalLog = $function:Logger
certificateLog = $function:LoggerCertificate
alertLog = $function:LoggerAlert
endpointServiceLog = $function:LoggerEndpointService
}
Currently, it is erroring with the following:
ObjectNotFound: The term
' blah blah blah, this is the code straight from the logger function '
is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
The logger function servers the purpose of logging to a file in a specific way, it is generalised to that it can be used across many tasks.
A cut down example of a logger (probably won't compile, just deleted a bunch of lines to give you the general idea):
function LoggerEndpointService {
param (
# The full service name.
[string]$ServiceFullName,
# The unique identifier of the service assigned by the operating system.
[string]$ServiceId,
# The description of the service.
[string]$Description,
# The friendly service name.
[string]$ServiceFriendlyName,
# The start mode for the service. (disabled, manual, auto)
[string]$StartMode,
# The status of the service. (critical, started, stopped, warning)
[string]$Status,
# The user account associated with the service.
[string]$User,
# The vendor and product name of the Endpoint solution that reported the event, such as Carbon Black Cb Response.
[string]$VendorProduct
)
$ServiceFullName = If ([string]::IsNullOrEmpty($ServiceFullName)) { "" } Else { $ServiceFullName }
$ServiceId = If ([string]::IsNullOrEmpty($ServiceId)) { "" } Else { $ServiceId }
$ServiceFriendlyName = If ([string]::IsNullOrEmpty($ServiceFriendlyName)) { "" } Else { $ServServiceFriendlyNameiceName }
$StartMode = If ([string]::IsNullOrEmpty($StartMode)) { "" } Else { $StartMode }
$Status = If ([string]::IsNullOrEmpty($Status)) { "" } Else { $Status }
$User = If ([string]::IsNullOrEmpty($User)) { "" } Else { $User }
$Description = If ([string]::IsNullOrEmpty($Description)) { "" } Else { $Description }
$VendorProduct = If ([string]::IsNullOrEmpty($VendorProduct)) { "" } Else { $VendorProduct }
$EventTimeStamp = Get-Date -Format "yyyy-MM-ddTHH:mm:ssK"
$Delay = 100
For ($i = 0; $i -lt 30; $i++) {
try {
$logLine = "{{timestamp=""{0}"" dest=""{1}"" description=""{2}"" service=""{3}"" service_id=""{4}""" `
+ "service_name=""{5}"" start_mode=""{6}"" vendor_product=""{7}"" user=""{8}"" status=""{9}""}}"
$logLine -f $EventTimeStamp, $env:ComputerName, $Description, $ServiceFullName, $ServiceId, $ServiceFriendlyName, $StartMode, $VendorProduct, $User, $Status | Add-Content $LogFile -ErrorAction Stop
break;
}
catch {
Start-Sleep -Milliseconds $Delay
}
if ($i -eq 29) {
Write-Error "Alert logger failed to log, likely due to Splunk holding the file, check eventlog for details." -ErrorAction Continue
if ([System.Diagnostics.EventLog]::SourceExists("SDOLiveScripts") -eq $False) {
Write-Host "Doesn't exist"
New-EventLog -LogName Application -Source "SDOLiveScripts"
}
Write-EventLog -LogName "Application" -Source "SDOLiveScripts" `
-EventID 1337 `
-EntryType Error `
-Message "Failed to log to file $_.Exception.InnerException.Message" `
-ErrorAction Continue
}
}
}
Export-ModuleMember -Function LoggerEndpointService
If anyone could help that'd be great, thank you!
As mentioned in the comments, PowerShell Jobs execute in separate processes and you can't share live objects across process boundaries.
By the time the job executes, $Logger.generalLog is no longer a reference to the scriptblock registered as the Logger function in the calling process - it's just a string, containing the definition of the source function.
You can re-create it from the source code:
$actualLogger = [scriptblock]::Create($Logger.generalLog)
or, in your case, to recreate all of them:
#($Logger.Keys) |ForEach-Object { $Logger[$_] = [scriptblock]::Create($Logger[$_]) }
This will only work if the logging functions are completely independent of their environment - any references to variables in the calling scope or belonging to the source module will fail to resolve!
I have a few functions that get called either from Jenkins as part of a pipeline, they also get called from a pester test or lastly they can get called from the powershell console. The issue I have really stems from Jenkins not seeming to handle write-output in the way I think it should.
So what I am doing is creating a Boolean param that will allow my to choose if I terminate my function with a exit code or a return message. The exit code will be used by my pipeline logic and the return message for the rest ?
Is there a alternate approach I should be using this seems to be a bit of a hack.
function Get-ServerPowerState
{
[CmdletBinding()]
param
(
[string[]]$ilo_ip,
[ValidateSet('ON', 'OFF')]
[string]$Status,
[boolean]$fail
)
BEGIN
{
$here = Split-Path -Parent $Script:MyInvocation.MyCommand.Path
$Credentials = IMPORT-CLIXML "$($here)\Lib\iLOCred.xml"
}
PROCESS
{
foreach ($ip in $ilo_ip)
{
New-LogEntry -Message ("Getting current powerstate " + $ip)
If (Test-Connection -ComputerName $ip.ToString() -Count 1 -Quiet)
{
$hostPower = Get-HPiLOhostpower -Server $ip -Credential
$Credentials -DisableCertificateAuthentication
}
}
}
END
{
If($fail){
New-LogEntry -Message "Script been set to fail with exit code" -Log Verbose
New-LogEntry -Message "The host is powered - $($HostPower.Host_Power)" -Log Verbose
If($hostPower.HOST_POWER -match $Status)
{
Exit 0
}
else {
Exit 1
}
}
else {
New-LogEntry -Message "Script been set to NOT fail with exit code" -Log Verbose
New-LogEntry -Message "The host is powered - $($HostPower.Host_Power)" -Log Verbose
If($hostPower.HOST_POWER -match $Status)
{
return 0
}
else {
return 1
}
}
}
}
Like this
function Get-Output {
param ([switch]$asint)
if ($asint) {
return 1
}
else {
write-output 'one'
}
}
Get-Output
Get-Output -asint
If you intend to use the output in the pipeline then use Write-Output. If you intend to only send it to the host process then use Write-Host. I typically use the return keyword if I want to assign a return value to a variable.
[int]$result = Get-Output -asint
I'm working on a PS script (v5 on the machine I'm using) that uses Invoke-WebRequest to grab information from a web address and returns the results.
When attempting to pipe my output to Out-GridView with more than 9 results, the column containing data lists "..." on the 10th line.
I've tried doing several types of joins, and am just wondering if I need to have my result in a specific type to avoid having this effect (hashtable maybe?)
Checking MS forums has only yielded results about joining on line-end's, which doesn't seem to help in this case.
The pages I'm querying are simple HTML showing the output of .txt files, however the .Content property of my Invoke-WebRequest query seems to be one long string.
Here's my code thus far:
[cmdletBinding(
DefaultParameterSetName='FileWithURIs'
)]
Param(
[Parameter(ParameterSetName='FileWithURIs',
Mandatory=$true
)]
[ValidateNotNull()]
[ValidateNotNullOrEmpty()]
[ValidateScript({
if(-Not ($_ | Test-Path) ){
throw "File or folder does not exist"
}
if(-Not ($_ | Test-Path -PathType Leaf) ){
throw "The Path argument must be a file. Folder paths are not allowed."
}
if($_ -notmatch "(\.txt)"){
throw "The file specified in the path argument must be of type txt"
}
return $true
})]
[String]$FileWithURIs,
[Parameter(ParameterSetName='SingleURI',
Mandatory=$True)]
[ValidateNotNull()]
[ValidateNotNullOrEmpty()]
[ValidateScript({
if($_.StartsWith("http://") -eq $false -and $_.StartsWith("https://" -eq $false))
{
throw "User specified URI must start with http:// or https://"
}
else
{
return $true
}
})]
[String]$URI,
[Switch]$ViewAsGrid
)
BEGIN
{
Function Check-CustomType()
{
if("TrustAllCertsPolicy" -as [type])
{
Out-Null
}
else
{
Set-CustomType
}
}
Function Set-CustomType()
{
add-type #"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"#
$script:newCertPolicy = [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
}
Function Evaluate-URIs()
{
if($URI)
{
Get-Blocklist -ListURI $URI
}
elseif($FileWithURIs)
{
$lines = Get-Content $FileWithURIs
foreach($line in $lines)
{
Get-Blocklist -ListURI $line
}
}
}
Function Create-Table()
{
$script:tabName = "ResultTable"
# Create Table object
$script:table = New-Object System.Data.DataTable “$script:tabName”
# Create first column
$script:col1 = New-Object System.Data.DataColumn SiteName,([string])
$script:table.columns.add($script:col1)
}
Function Add-RowToTable($Value)
{
# Create new row
$newRow = $script:table.NewRow()
# Add value to row
$newRow.SiteName = $Value
# Add row to table
$script:table.Rows.Add($newRow)
}
Function Get-Blocklist($ListURI)
{
try
{
$query = Invoke-WebRequest -Uri "$ListURI"
if($ViewAsGrid)
{
Create-Table
$content = #($query.Content.Split("`r`n"))
foreach($entry in $content)
{
Add-RowToTable -Value $entry
}
$script:table | Out-GridView -Title "Blocklist for $ListURI"
}
else
{
Write-Host "`nBlocklist for $ListURI " -ForegroundColor Yellow -NoNewline
Write-Host "`n`n$($query.Content | Sort -Descending)"
}
}
catch [Exception]
{
Write-Host "`nUnable to connect to resource " -ForegroundColor Yellow -NoNewline
Write-Host "$ListURI" -ForegroundColor Red
Write-Host "`nERROR: $($Error[0].Exception)"
}
}
Function Run-Stack()
{
Check-CustomType
Evaluate-URIs
}
}
PROCESS
{
Run-Stack
}
END { Write-Host "`nEnd of script" }
The idea is to only use Out-GridView if a single, user-entered address is the input. Otherwise it just becomes console output.
Any help would be appreciated!
I have a PowerShell function (Add-EventLogSource) that checks if an event log source exists. If it does not exist and the shell is not elevated, I start a new, elevated shell and call the function again.
I can't seem to get the return values correct. If the event log source does not exist, and I call Add-EventLogSource, I am not getting the return value all the way back to instance that originally called Add-EventLogSource. Can anyone see the problem? The code looks like this:
Function Add-EventLogSource {
Param (
[Parameter(Mandatory=$True)]
$EventLogSource
)
# Check if $EventLogSource exists as a source. If the shell is not elevated and the check fails to access the Security log, assume the source does not exist.
Try {
$sourceExists = [System.Diagnostics.EventLog]::SourceExists("$EventLogSource")
}
Catch {
$sourceExists = $False
}
If ((([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] “Administrator”)) -AND ($sourceExists -eq $False)) { # Shell is elevated...
Try {
New-EventLog –LogName Application –Source $EventLogSource -ErrorAction Stop
}
Catch {
Return "Error"
}
Return "Created"
}
ElseIf ($sourceExists -eq $False) {
$return = Start-Process PowerShell –Verb RunAs -ArgumentList "Add-EventLogSource -EventLogSource $EventLogSource; start-sleep 5" -Wait
Return $return
}
Else {
Return "Exists"
}
}
Thanks.
I am having share with write access. I am writing a powershell script to write a log file in that share.
I would like to check the condition whether i am having write access to this share before writing in it.
How to check for write access/Full control using powershell?
I have tried with Get-ACL cmdlet.
$Sharing= GEt-ACL "\\Myshare\foldername
If ($Sharing.IsReadOnly) { "REadonly access" , you can't write" }
It has Isreadonly property, But is there any way to ensure that the user has Fullcontrol access?
This does the same thing as #Christian's C# just without compiling C#.
function Test-Write {
[CmdletBinding()]
param (
[parameter()] [ValidateScript({[IO.Directory]::Exists($_.FullName)})]
[IO.DirectoryInfo] $Path
)
try {
$testPath = Join-Path $Path ([IO.Path]::GetRandomFileName())
[IO.File]::Create($testPath, 1, 'DeleteOnClose') > $null
# Or...
<# New-Item -Path $testPath -ItemType File -ErrorAction Stop > $null #>
return $true
} catch {
return $false
} finally {
Remove-Item $testPath -ErrorAction SilentlyContinue
}
}
Test-Write '\\server\share'
I'd like to look into implementing GetEffectiveRightsFromAcl in PowerShell because that will better answer the question....
I use this way to check if current user has write access to a path:
# add this type in powershell
add-type #"
using System;
using System.IO;
public class CheckFolderAccess {
public static string HasAccessToWrite(string path)
{
try
{
using (FileStream fs = File.Create(Path.Combine(path, "Testing.txt"), 1, FileOptions.DeleteOnClose))
{ }
return "Allowed";
}
catch (Exception e)
{
return e.Message;
}
}
}
"#
# use it in this way:
if ([checkfolderaccess]::HasAccessToWrite( "\\server\share" ) -eq "Allowed") { ..do this stuff } else { ..do this other stuff.. }
Code doesn't check ACL but just if is possible to write a file in the path, if it is possible returns string 'allowed' else return the exception's message error.
Here's a pretty simple function I built. It returns "Read", "Write", "ReadWrite", and "" (for no access):
function Test-Access()
{
param([String]$Path)
$guid = [System.Guid]::NewGuid()
$d = dir $Path -ea SilentlyContinue -ev result
if ($result.Count -eq 0){
$access += "Read"
}
Set-Content $Path\$guid -Value $null -ea SilentlyContinue -ev result
if ($result.Count -eq 0){
$access += "Write";
Remove-Item -Force $Path\$guid
}
$access
}