Merge pull request #2 from PaulHigin/initial_secrets_module

Implementation of supported secret types for CredMan

Modules/Microsoft.PowerShell.SecretsManagement/doBuild.ps1

@@ -22,7 +22,7 @@ function DoBuild
     copy-item "${SrcPath}/${ModuleName}.psm1" "${OutDirectory}/${ModuleName}"
 
     # copy format files here
-    #
+    copy-item "${SrcPath}/${ModuleName}.format.ps1xml" "${OutDirectory}/${ModuleName}"
 
     # copy help
     Write-Verbose -Verbose -Message "Copying help files to '$BuildOutPath'"
@@ -33,8 +33,10 @@ function DoBuild
         # build code and place it in the staging location
         Push-Location "${SrcPath}/code"
         try {
+            # Build source
             dotnet publish --configuration $BuildConfiguration --framework $BuildFramework
 
+            # Place build results
             if (! (Test-Path -Path "$BuildSrcPath/${ModuleName}.dll"))
             {
                 throw "Expected binary was not created: $BuildSrcPath/${ModuleName}.dll"

Modules/Microsoft.PowerShell.SecretsManagement/scripts/Install-SecretsManagement.ps1

@@ -0,0 +1,35 @@
+#
+# Script to install SecretsManagement prototype module
+#
+
+[CmdletBinding()]
+param (
+    [Parameter(Mandatory=$true)]
+    [ValidateNotNullOrEmpty()]
+    [string] $ModuleInstallPath,
+
+    [switch] $Force
+)
+
+$fullInstallPath = Join-Path (Resolve-Path -Path $ModuleInstallPath) "Microsoft.PowerShell.SecretsManagement"
+
+if (! (Test-Path -Path $fullInstallPath))
+{
+    [System.IO.Directory]::CreateDirectory($fullInstallPath)
+}
+else
+{
+    if (! $Force)
+    {
+        throw "Module path already exists.  Use -Force to install over existing."
+    }
+
+    Remove-Item -Path (Join-Path $fullInstallPath '*') -Recurse -Force
+}
+
+$sourcePath = "\\scratch2\scratch\paulhi\Modules\Microsoft.PowerShell.SecretsManagement"
+Copy-Item -Path (Join-Path $sourcePath "en-us") -Dest $fullInstallPath -Recurse
+Copy-Item -Path (Join-Path $sourcePath "Microsoft.PowerShell.SecretsManagement.dll") -Dest $fullInstallPath
+Copy-Item -Path (Join-Path $sourcePath "Microsoft.PowerShell.SecretsManagement.pdb") -Dest $fullInstallPath
+Copy-Item -Path (Join-Path $sourcePath "Microsoft.PowerShell.SecretsManagement.psd1") -Dest $fullInstallPath
+Copy-Item -Path (Join-Path $sourcePath "Microsoft.PowerShell.SecretsManagement.format.ps1xml") -Dest $fullInstallPath

Modules/Microsoft.PowerShell.SecretsManagement/scripts/Register-AzureVaultExtension.ps1

@@ -0,0 +1,186 @@
+#
+# Script to install:
+#   Azure KeyVault module
+#   Microsoft.PowerShell.SecretsManagement (prototype) module
+# and register an Azure vault extention to the PowerShell Secrets Manager
+#
+
+[CmdletBinding()]
+param (
+    [Parameter(Mandatory=$true)]
+    [ValidateNotNullOrEmpty()]
+    [string] $SecretManagerModulePath,
+
+    [Parameter(Mandatory=$true)]
+    [ValidateNotNullOrEmpty()]
+    [string] $AzVaultName,
+
+    [Parameter(Mandatory=$true)]
+    [ValidateNotNullOrEmpty()]
+    [string] $ExtensionVaultName,
+
+    [Parameter(Mandatory=$true)]
+    [ValidateNotNullOrEmpty()]
+    [string] $SubscriptionId,
+
+    [switch] $Force
+)
+
+function CheckModuleInstallation
+{
+    param (
+        [string] $ModuleName,
+        [switch] $Force
+    )
+
+    if ((Get-Module -Name $ModuleName -ListAvailable) -eq $null)
+    {
+        $shouldContinue = $Force
+        if (! $shouldContinue)
+        {
+            $shouldContinue = $PSCmdlet.ShouldContinue("The required $ModuleName module is not installed.  Install it now?", "Register-AzureVaultExtension")
+        }
+
+        if ($shouldContinue)
+        {
+            Install-Module -Name $ModuleName -Force
+        }
+    }
+
+    if ((Get-Module -Name $ModuleName -ListAvailable) -eq $null)
+    {
+        throw "Unable to find the $ModuleName module.  $ModuleName module is needed to register and use Azure vaults."
+    }
+}
+
+# Ensure Az.Accounts module is installed
+CheckModuleInstallation Az.Accounts $Force
+
+# Ensure Az.KeyVault extension module is installed
+CheckModuleInstallation Az.KeyVault $Force
+$extensionVaultModulePath = ((Get-Module -Name Az.KeyVault -ListAvailable )[0] | select Path).Path
+
+# Import Secrets Management module
+Import-Module -Name $SecretManagerModulePath -Force
+
+# Register extension vault template
+$RegisterAzSecretsVaultTemplate = @'
+    Register-SecretsVault -Name {0} `
+        -ModulePath '{1}' `
+        -GetSecretScript {{
+            param ([string] $Name,
+                   [string] $VaultName,
+                   [string] $SubscriptionId
+            )
+
+            Import-Module -Name Az.KeyVault -Force
+            Import-Module -Name Az.Accounts -Force
+
+            # $VerbosePreference = "Continue"
+
+            Write-Verbose "Checking for Azure subscription"
+            $azContext = Az.Accounts\Get-AzContext
+            if (! $azContext -or ($azContext.Subscription.Id -ne $SubscriptionId))
+            {{
+                Write-Warning "Log into Azure account for Subscription: $SubscriptionId"
+                Az.Accounts\Connect-AzAccount -Subscription $SubscriptionId
+            }}
+
+            if ([string]::IsNullOrEmpty($Name))
+            {{
+                $Name = "*"
+            }}
+
+            # Return all secrets that match Name pattern
+            if ([WildcardPattern]::ContainsWildcardCharacters($Name))
+            {{
+                $pattern = [WildcardPattern]::new($Name)
+                $vaultSecretInfos = Az.KeyVault\Get-AzKeyVaultSecret -VaultName $VaultName
+                foreach ($vaultSecretInfo in $vaultSecretInfos)
+                {{
+                    if ($pattern.IsMatch($vaultSecretInfo.Name))
+                    {{
+                        $secret = Az.KeyVault\Get-AzKeyVaultSecret -VaultName $VaultName -Name $vaultSecretInfo.Name
+                        Write-Output ([pscustomobject] @{{
+                            Name = $secret.Name
+                            Value = $secret.SecretValue
+                        }})
+                    }}
+                }}
+
+                return
+            }}
+
+            # Return single Name match value
+            $secret = Az.KeyVault\Get-AzKeyVaultSecret -VaultName $VaultName -Name $Name
+            if ($secret -ne $null)
+            {{
+                Write-Output ([pscustomobject] @{{
+                    Name = $secret.Name
+                    Value = $secret.SecretValue
+                    Vault = $VaultName
+                }})
+            }}
+        }} -GetSecretParameters @{{
+            VaultName = '{2}'
+            SubscriptionId = '{3}'
+        }} -SetSecretScript {{
+            param ([string] $Name,
+                   [object] $SecretToWrite,
+                   [string] $VaultName,
+                   [string] $SubscriptionId
+            )
+
+            if (! ($SecretToWrite -is [securestring]))
+            {{
+                throw "AzKeyVault only supports SecureString secret data types."
+            }}
+
+            Import-Module -Name Az.Accounts -Force
+            Import-Module -Name Az.KeyVault -Force
+
+            # $VerbosePreference = "Continue"
+
+            Write-Verbose "Checking for Azure subscription"
+            $azContext = Az.Accounts\Get-AzContext
+            if (! $azContext -or ($azContext.Subscription.Id -ne $SubscriptionId))
+            {{
+                Write-Warning "Log into Azure account for Subscription: $SubscriptionId"
+                Az.Accounts\Connect-AzAccount -Subscription $SubscriptionId
+            }}
+
+            Az.KeyVault\Set-AzKeyVaultSecret -VaultName $VaultName -Name $Name -SecretValue $SecretToWrite
+        }} -SetSecretParameters @{{
+            VaultName = '{2}'
+            SubscriptionId = '{3}'
+        }} -RemoveSecretScript {{
+            param ([string] $Name,
+                   [string] $VaultName,
+                   [string] $SubscriptionId
+            )
+
+            Import-Module -Name Az.Accounts -Force
+            Import-Module -Name Az.KeyVault -Force
+
+            # $VerbosePreference = "Continue"
+
+            Write-Verbose "Checking for Azure subscription"
+            $azContext = Az.Accounts\Get-AzContext
+            if (! $azContext -or ($azContext.Subscription.Id -ne $SubscriptionId))
+            {{
+                Write-Warning "Log into Azure account for Subscription: $SubscriptionId"
+                Az.Accounts\Connect-AzAccount -Subscription $SubscriptionId
+            }}
+
+            Az.KeyVault\Remove-AzKeyVaultSecret -VaultName $VaultName -Name $Name -Force
+        }} -RemoveSecretParameters @{{
+            VaultName = '{2}'
+            SubscriptionId = '{3}'
+        }}
+'@
+
+$RegisterAzSecretsVaultScript = $RegisterAzSecretsVaultTemplate -f $ExtensionVaultName, $extensionVaultModulePath, $AzVaultName, $SubscriptionId
+
+Write-Output "Registering AZ vault: $ExtensionVaultName"
+$sb = [scriptblock]::Create($RegisterAzSecretsVaultScript)
+$sb.Invoke()

Modules/Microsoft.PowerShell.SecretsManagement/src/Microsoft.PowerShell.SecretsManagement.format.ps1xml

@@ -0,0 +1,51 @@
+<Configuration>
+  <ViewDefinitions>
+    <View>
+      <Name>VaultInfo</Name>
+      <ViewSelectedBy>
+        <TypeName>Microsoft.PowerShell.SecretsManagement.SecretsVaultInfo</TypeName>
+      </ViewSelectedBy>
+      <TableControl>
+        <TableHeaders>
+          <TableColumnHeader>
+            <Label>Name</Label>
+          </TableColumnHeader>
+          <TableColumnHeader>
+            <Label>ModuleName</Label>
+          </TableColumnHeader>
+          <TableColumnHeader>
+            <Label>SupportsGet</Label>
+          </TableColumnHeader>
+          <TableColumnHeader>
+            <Label>SupportsSet</Label>
+          </TableColumnHeader>
+          <TableColumnHeader>
+            <Label>SupportsRemove</Label>
+          </TableColumnHeader>
+        </TableHeaders>
+        <TableRowEntries>
+          <TableRowEntry>
+            <Wrap/>
+            <TableColumnItems>
+              <TableColumnItem>
+                <PropertyName>Name</PropertyName>
+              </TableColumnItem>
+              <TableColumnItem>
+                <PropertyName>ModuleName</PropertyName>
+              </TableColumnItem>
+              <TableColumnItem>
+                <ScriptBlock>$_.HaveGetCmdlet -or ($_.GetSecretScript -ne $null)</ScriptBlock>
+              </TableColumnItem>
+              <TableColumnItem>
+                <ScriptBlock>$_.HaveSetCmdlet -or ($_.SetSecretScript -ne $null)</ScriptBlock>
+              </TableColumnItem>
+              <TableColumnItem>
+                <ScriptBlock>$_.HaveRemoveCmdlet -or ($_.RemoveSecretScript -ne $null)</ScriptBlock>
+              </TableColumnItem>
+            </TableColumnItems>
+          </TableRowEntry>
+        </TableRowEntries>
+      </TableControl>
+    </View>
+  </ViewDefinitions>
+</Configuration>

Modules/Microsoft.PowerShell.SecretsManagement/src/Microsoft.PowerShell.SecretsManagement.psd1

@@ -36,35 +36,8 @@ for use in managing and retrieving secrets.
 # Minimum version of the PowerShell engine required by this module
 PowerShellVersion = '5.1'
 
-# Name of the PowerShell host required by this module
-# PowerShellHostName = ''
-
-# Minimum version of the PowerShell host required by this module
-# PowerShellHostVersion = ''
-
-# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
-# DotNetFrameworkVersion = ''
-
-# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
-# CLRVersion = ''
-
-# Processor architecture (None, X86, Amd64) required by this module
-# ProcessorArchitecture = ''
-
-# Modules that must be imported into the global environment prior to importing this module
-# RequiredModules = @()
-
-# Assemblies that must be loaded prior to importing this module
-# RequiredAssemblies = @()
-
-# Script files (.ps1) that are run in the caller's environment prior to importing this module.
-# ScriptsToProcess = @()
-
-# Type files (.ps1xml) to be loaded when importing this module
-# TypesToProcess = @()
-
 # Format files (.ps1xml) to be loaded when importing this module
-# FormatsToProcess = @()
+FormatsToProcess = @('Microsoft.PowerShell.SecretsManagement.format.ps1xml')
 
 # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
 # NestedModules = @()
@@ -73,7 +46,9 @@ PowerShellVersion = '5.1'
 FunctionsToExport = @()
 
 # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
-CmdletsToExport = 'Register-SecretsVault','Unregister-SecretsVault','Get-SecretsVault','Add-Secret','Remove-Secret','Get-Secret'
+CmdletsToExport = @(
+    'Register-SecretsVault','Unregister-SecretsVault','Get-SecretsVault','Add-Secret','Remove-Secret','Get-Secret','Get-SecretInfo')
+#    'Add-LocalSecret','Get-LocalSecret','Remove-LocalSecret')
 
 # Variables to export from this module
 VariablesToExport = '*'

Modules/Microsoft.PowerShell.SecretsManagement/src/code/Microsoft.PowerShell.SecretsManagement.csproj

@@ -11,6 +11,10 @@
     <TargetFramework>netstandard2.0</TargetFramework>
   </PropertyGroup>
 
+  <PropertyGroup Condition=" '$(OS)' != 'Windows_NT' ">
+    <DefineConstants>$(DefineConstants);UNIX</DefineConstants>
+  </PropertyGroup>
+
   <ItemGroup>
     <PackageReference Include="PowerShellStandard.Library" Version="5.1.0-*" />
     <PackageReference Include="Microsoft.CSharp" version="4.5.0-*" />