As per this statement.

Update the Sampler Build tasks as per this blog post: https://dsccommunity.org/blog/updating-sampler-github-tasks/

The Ubuntu 16.04 and Windows Server 2016 Azure DevOps pipeline hosted images will be deprecated:

https://devblogs.microsoft.com/devops/hosted-pipelines-image-deprecation/

The pipeline stages need to be migrated to newer versions.

The ModuleBuilder 1.7.0 release renamed the CopyDirectories attribute to CopyPaths. Update the Build.yml to fix this issue.

Some of the code in these resources can be refactored to reduce code duplication.

See PowerShell/DscResources#424

See: https://github.com/dsccommunity/xFailOverCluster/pull/225/files

Should expose wsman:\localhost\client* properties

Add the following opt-in settings to enable CI failure on violation of these PSSA rule types:

• Common Tests - Required Script Analyzer Rules
• Common Tests - Flagged Script Analyzer Rules
• Common Tests - New Error-Level Script Analyzer Rules
• Common Tests - Custom Script Analyzer Rules

• Common Tests - Validate Example Files To Be Published
• Common Tests - Validate Markdown Links
• Common Tests - Relative Path Length

Example publishing could fail because .GitAttributes file is not included.

Copy the latest patterns for the build.yml, build.ps1 and azure-pipelines.yml from the PR:
dsccommunity/ExchangeDsc#471

build.yml

####################################################
#      DscResource.DocGenerator Configuration      #
####################################################
DscResource.DocGenerator:
  Generate_Conceptual_Help:
    MarkdownCodeRegularExpression:
      - '\`(.+?)\`' # Match inline code-block
      - '\\(\\)' # Match escaped backslash
      - '\[[^\[]+\]\((.+?)\)' # Match markdown URL
      - '_(.+?)_' # Match Italic (underscore)
      - '\*\*(.+?)\*\*' # Match bold
      - '\*(.+?)\*' # Match Italic (asterisk)

  publish:
    - publish_module_to_gallery
    - Publish_Release_To_GitHub
    - Publish_GitHub_Wiki_Content
    - Create_ChangeLog_GitHub_PR

• Also add updated issue templates and related files:
• .github\ISSUE_TEMPLATE
• .github\CONTRIBUTING.md
• .github\PULL_REQUEST_TEMPLATE.md
• .github\ISSUE_TEMPLATE\General.md
• .github\ISSUE_TEMPLATE\Problem_with_resource.yml
• .github\ISSUE_TEMPLATE\Resource_proposal.yml
• .github\ISSUE_TEMPLATE\config.yml

Add SECURITY.md as well.

Also, update GitVersion task.

The integration tests for the WSMan*Config resources could be enhanced so that the initial state of the machine is configured using DSC.

Pester 5.x has been released and both Sampler and DSCResource.Test has been updated to support it, however, Code Coverage support is not available. To solve this, pin Pester to 4.10.1.

See PowerShell/DscResource.Tests#225

Update GitVersion.yml branches section to:

branches:
  master:
    tag: preview
    regex: ^main$
  pull-request:
    tag: PR
  feature:
    tag: useBranchName
    increment: Minor
    regex: f(eature(s)?)?[\/-]
    source-branches: ['master']
  hotfix:
    tag: fix
    increment: Patch
    regex: (hot)?fix(es)?[\/-]
    source-branches: ['master']

As per: dsccommunity/dsccommunity.org#162

Replicate the changes that were made in this PR:
dsccommunity/ComputerManagementDsc#318

Enable code coverage reporting as per this blog post: https://dsccommunity.org/blog/add-codecov-support-to-repository/

From Issue #8 raised by @ttdgcp:

I've been testing with the latest version you've released, and am seeing the following error when using a certificate thumbprint:
The WinRM client cannot process the request. The certificate CN and the hostname that were provided do not match.

I am using the following configuration:
Ensure = "Present"
Transport = "HTTPS"
CertificateThumbprint = "$thumbprinthere"

I believe this is because I cannot specify (and write) the HostName parameter that the WinRM client demands. If we could add the hostname parameter to be able to write, I believe that would solve my use case.

We're able to bind the certificate to a WSMan listener with the following command:
New-WSManInstance winrm/config/Listener -SelectorSet @{ Address="*";Transport="HTTPS"} -ValueSet @{Hostname="devOps";CertificateThumbprint=$thumbprint}

It's certainly a bit unorthodox, but it fits our use case.

Let me know if I can help any further- thank you for supporting this!

Opt-In to the PublishWikiContent in Invoke-AppVeyorDeployTask

"Common Tests - Validated Localization"

Hi @PlagueHO

Should this line not include WSManConfig?
https://github.com/PlagueHO/WSManDsc/blob/dev/WSManDsc.psd1#L73

DSC resources to export from this module

DscResourcesToExport = @('WSManListener','WSManServiceConfig')

DSC resources to export from this module

DscResourcesToExport = @('WSManListener','WSManServiceConfig','WSManConfig')

Details of the scenario you tried and the problem that is occurring

The following verbose messages in the Find-Certificate function of the WSManListener resource have got the issuer and subject parameters transposed.

• FindCertificateMessage
• FindCertificateAlternateMessage

Verbose logs showing the problem

[[WSManListener]DirectResourceAccess] Find-Certificate: Looking for machine server certificate with subject 'Issuer' issued by 'CN=T1MS02-EUW1S'.

Suggested solution to the issue

Swap the $Issuer and $Subject parameters of the relevant Write-Verbose commands in the Find-Certificate function.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

Invoke-DscResource -Name WSManListener -ModuleName WSManDsc -Method Set -Property @{Transport='https';Ensure='Present';Issuer='Issuer'} -Verbose

The operating system the target node is running

OsName               : Microsoft Windows Server 2019 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsVersion       : 1809
WindowsBuildLabEx    : 17763.1.amd64fre.rs5_release.180914-1434
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version and build of PowerShell the target node is running

Name                           Value
----                           -----
PSVersion                      5.1.17763.771
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.17763.771
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version of the DSC module that was used ('dev' if using current dev branch)

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Manifest   2.4.1.173  WSManDsc

See this PR for example: dsccommunity/NetworkingDsc#453

Should expose wsman:\localhost\* properties

Hi, it seems very nice if there are xWSManConfig resource to manage winrm/config.

There are some circumstance that exceed max envelope size with DSC, Test-DscConfiguration or others. One possible solution is just double limitation but it should be better make it so with DSC.

Set-WSManInstance -ValueSet @{MaxEnvelopeSizekb = "1000"} -ResourceURI winrm/config

The code for WSManListener assumes that the certificate's subject will only contain the CN of the server (e.g. CN=server.mydomain.local). Some organizations issue certificates with a DN as the subject (eg. CN=server.mydomain.local, O=Some Company, ST=Pennsylvania, C=US).

Can this resource be updated to support this scenario?

In X.500 parlance, the Distinguished Name (DN) is the fully-qualified object path.^1,2 For example, CN=example.com, O=IANA, C=US is a DN. In the WSManListener resource, however, the DN parameter specifies only the path part, O=IANA, C=US, better known as the Base DN.^2,3 Misnamed parameters like this create cognitive dissonance and poor usability. The documentation should be updated to note that it references the Base DN, not a DN, and the parameter name should be updated to BaseDN.

On a personal note/to give a real-world example, this has cost me time and frustration. I initially ignored the parameter because of the documentation, but when it didn't work I had to trace the code to find the problem. It's difficult for me to submit patches due to my job's legal requirements, but let me know if you have any questions.

This is because a recent change to Azure DevOps Pipelines has removed the ability to use ** in Include/Exclude paths.

https://docs.microsoft.com/en-us/azure/devops/pipelines/repos/github?view=azure-devops&tabs=yaml#wildcards

dsccommunity/ActiveDirectoryDsc#599

Details of the scenario you tried and the problem that is occurring:

We are using this module in order to configure the WinRM HTTPS listener in an unorthodox manner-- utilizing a self-signed certificate with the same "Hostname" across all machines. This has worked well for us!

What I have discovered is that if we the HTTPS listener is already configured with a different certificate/hostname, the DSC resource will not overwrite the existing listener with the specified hostrname/thumbprint.

The DSC configuration that is using the resource (as detailed as possible):

In this case, we are using DSC within Chef-- but the same action occurs when using vanilla DSC:

  resource :WSManListener
  property :Transport, 'HTTPS'
  property :Ensure, 'Present'
  property :CertificateThumbprint, node['winrm']['certificate']['thumbprint']
  property :Hostname, 'Hostname'
end

In order to replicate:

Configure WinRM HTTPS listener with a self-signed certificate:

Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse

Set-Item WSMan:\localhost\MaxTimeoutms 1800000
Set-Item WSMan:\localhost\Service\Auth\Basic $true

$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force

# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"

cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm

Then use DSC to try to overwrite those values:

{
    param
    (
        [Parameter()]
        [System.String[]]
        $NodeName = 'localhost'
    )

    Import-DscResource -Module WSManDsc

    Node $NodeName
    {
        WSManListener HTTPS
        {
            Transport             = 'HTTPS'
            Ensure                = 'Present'
            CertificateThumbprint = 'F2BE91E92AF040EF116E1CDC91D75C22F47D7BD6'
            Hostname              = 'Hostname'
        } # End of WSManListener Resource
    } # End of Node
} # End of Configuration

DSC will complete successfully and indicate everything is up to date, but will not overwrite the existing listener with the new values.

Version of the Operating System and PowerShell the DSC Target Node is running:

Server 2016, PowerShell 5.1

Version of the DSC module you're using, or 'dev' if you're using current dev branch:
2.2.0.84

Any help is greatly appreciated-- thanks for your excellent work on this module!

Replace with:

  - stage: Deploy
    dependsOn: Test
    condition: |
      and(
        succeeded(),
        or(
          eq(variables['Build.SourceBranch'], 'refs/heads/master'),
          startsWith(variables['Build.SourceBranch'], 'refs/tags/')
        ),
        contains(variables['System.TeamFoundationCollectionUri'], 'dsccommunity')
      )

The azure-pipelines.yml definition needs to be updated to the latest version specified in: https://gist.github.com/johlju/2ad77aa574aa07d3e9953fe86007731c

Details of the scenario you tried and the problem that is occurring:
A module for WSMan is available but needs assistance from the community. Review, tests, and docs.
https://github.com/robwi/xWSMan

This was initially submitted in the issue PowerShell/DscResources#215, but if there are any functionality that can be gained by these resource, they should be added here. If there are no functionality that can be reused, then please close this issue.

The DSC configuration that is using the resource (as detailed as possible):
n/a

Version of the Operating System and PowerShell the DSC Target Node is running:
n/a

Version of the DSC module you're using, or 'dev' if you're using current dev branch:
n/a

The configuration name in the Examples should be updated to match the file name (except of the number prefix).

Details of the scenario you tried and the problem that is occurring:
Looking at the resource WSManListener and the Get-TargetResource it doesn't return all the properties that are in the schema.mof.

https://github.com/PlagueHO/WSManDsc/blob/1fa63e590299af76a7a38e24dd5de3daae2707ae/Modules/WSManDsc/DSCResources/DSR_WSManListener/DSR_WSManListener.psm1#L65-L73

Also when the listener is absent, only one property is returned, and not the rest.

https://github.com/PlagueHO/WSManDsc/blob/1fa63e590299af76a7a38e24dd5de3daae2707ae/Modules/WSManDsc/DSCResources/DSR_WSManListener/DSR_WSManListener.psm1#L84-L86

The DSC configuration that is using the resource (as detailed as possible):
n/a

Version of the Operating System and PowerShell the DSC Target Node is running:
n/a

Version of the DSC module you're using, or 'dev' if you're using current dev branch:
Dev

Add - Publish_GitHub_Wiki_Content to the publish: section of Build.yml.

Copy the files:

.github/ISSUE_TEMPLATE/General.md
.github/ISSUE_TEMPLATE/Problem_with_resource.md
.github/PULL_REQUEST_TEMPLATE.md

From:
dsccommunity/xPSDesiredStateConfiguration#438

Change to:

Import-Module -Name DscResource.Test -Force -ErrorAction 'Stop'

Use this resource module as a trial for converting the tests to Pester v5: https://dsccommunity.org/blog/convert-tests-to-pester5-for-dsc-community-repository/

The current resource WSManServiceConfig only configures settings in the wsman:\localhost\service* path. We should create a new resource that manages the items in the Wsman:\localhost* path called WSManConfig.

This would also imply a resource should be created called WSManClientConfig and WSManShellConfig.

These new resources would be copied from WSManServiceConfig with the data files changed. Although combining these properties into the existing WSManServiceConfig would be a simple approach too (with some modification) it would result in the name needing to be changed to correctly indicate the purpose of the resource - which would result in a breaking change.

So implementing multiple resources seems to be the best approach.

See https://github.com/PlagueHO/WSManDsc/issues/2#issuecomment-532773432

Tagging @fullenw1

@johlju - any thoughts on this one?

Update to use latest version of ModuleBuilder module. This also allows merging the HISTORIC_CHANGELOG.MD into the CHANGELOG.MD.

Details of the scenario you tried and the problem that is occurring:
As of Pester v4 the syntax of the Should cmdlet has changed from Should Be to Should -Be.

There is a helpful script that can be used to easily perform the conversion:
https://gist.github.com/indented-automation/aeb14825e39dd8849beee44f681fbab3

This script should be used to correct the Pester syntax.

Should expose wsman:\localhost\shell* properties

This resource module should be used as a trial for converting to the class-based resource pattern.

https://dsccommunity.org/blog/class-based-dsc-resources/

Update the pipeline to use the latest patterns.

The Windows Server Core 1803 image is being removed on March 23, 2020. This repository is using the image and must be removed or transition to another image as appropriate.

https://dsccommunity.org/blog/add-codecov-support-to-repository/

Update GitVersion Fixes Regex:

  feature:
    tag: useBranchName
    increment: Minor
    regex: f(eature(s)?)?[\/-]
    source-branches: ['master']
  hotfix:
    tag: fix
    increment: Patch
    regex: (hot)?fix(es)?[\/-]
    source-branches: ['master']

Details of the scenario you tried and the problem that is occurring:

I am trying to use WSManListener to create an HTTPS listener with a certificate that only has "CN=devOps"; it is not issued by the local machine. Is there any way to pass a thumbprint directly to the Find-Certificate cmdlet instead of having it search through issuers and DN and forcing the issuer to be the local computer hostname? I noticed the CertificateThumbprint parameter, but it is only configured for read operations and not write?

The DSC configuration that is using the resource (as detailed as possible):

I am primarily attempting to use this resource via Chef, but I have tested locally with DSC and have the same issue:

Configuration Example
{
    param
    (
        [Parameter()]
        [System.String[]]
        $NodeName = 'localhost'
    )
    Import-DscResource -Module WSManDsc
    Node $NodeName
    {
        WSManListener HTTPS
        {
            Transport = 'HTTPS'
            Ensure    = 'Present'
            Issuer    = 'CN=devOps'
        } # End of WSManListener Resource
    } # End of Node
} # End of Configuration

The relevant details of the certificate:

Issuer                   : CN=devOps
Subject                  : CN=devOps

Version of the Operating System and PowerShell the DSC Target Node is running:
Server 2016, PowerShell 5.1

Version of the DSC module you're using, or 'dev' if you're using current dev branch:
2.0.0.51

If you need any more details, please let me know; thanks for your excellent work on this module.