Wednesday, August 13, 2014

Generating Custom Resources for PowerShell Desired State Configuration

Creating an initial custom DSC resource is well documented on TechNet but it can be tedious if you have to do a lot of them.  Tooling is available to help automate this:

Resource Designer Tool – A walkthrough writing a DSC resource

Here’s a sample for using the Resource Designer Tool:

New-xDscResource -Name cFimService_ManagementPolicyRule -Property @(

    ### General

    New-xDscResourceProperty -Name DisplayName -Type String -Attribute Key

    New-xDscResourceProperty -Name Description -Type String -Attribute Write

    New-xDscResourceProperty -Name Enabled -Type Boolean -Attribute Write

    ### Requestors and Operations

    New-xDscResourceProperty -Name RequestorSet -Type String -Attribute Write

    New-xDscResourceProperty -Name RelativeToResourceAttributeName -Type String -Attribute Write

    New-xDscResourceProperty -Name RequestType -Type String[] -Attribute Write

    New-xDscResourceProperty -Name GrantPermission -Type Boolean -Attribute Write

    New-xDscResourceProperty -Name TransitionIn -Type Boolean -Attribute Write

    New-xDscResourceProperty -Name TransitionOut -Type Boolean -Attribute Write

    New-xDscResourceProperty -Name Request -Type Boolean -Attribute Write

    ### Target Resources

    New-xDscResourceProperty -Name ResourceSetBeforeRequest -Type String -Attribute Write

    New-xDscResourceProperty -Name ResourceSetAfterRequest -Type String -Attribute Write

    New-xDscResourceProperty -Name ResourceAttributeNames -Type String[] -Attribute Write

    ### Policy Workflows

    New-xDscResourceProperty -Name AuthenticationWorkflowDefinition -Type String[] -Attribute Write

    New-xDscResourceProperty -Name AuthorizationWorkflowDefinition -Type String[] -Attribute Write

    New-xDscResourceProperty -Name ActionWorkflowDefinition -Type String[] -Attribute Write

    ### Common FIM DSc Properties

    New-xDscResourceProperty -Name Credential -Type PSCredential -Attribute Write

    New-xDscResourceProperty -Name Ensure -Type String -Attribute Write -ValidateSet "Present", "Absent"

)  -Path 'C:\Program Files\WindowsPowerShell\Modules\FimPowerShellModule'   

 

When the command runs it generates the MOF file, and also the .PSM1 file complete with all the parameters to match the schema you’ve specified.  Pretty handy.

I got a little carried away once I got comfortable with the tool, and started to generate custom DSC resources for all sorts of things.  One experiment I did was to create a FIM DSC Resource that was generic and included every attribute in the FIM Service schema (there were 236 attributes).  This would have been very handy if it’d worked, but instead I found a limit to the MOF file size.  It might be a bug, but it feels like a gentle nudge towards better DSC resource design (use less attributes per resource).

No comments: