Cannot use output from `Get-SecretInfo` in `-CredentialInfo` parameter (no cast from `SecretInformation` to `PSCredentialInfo`)

[sean-r-williams]

Prerequisites

• [X] Write a descriptive title.
• [X] Make sure you are able to repro it on the latest released version
• [X] Search the existing issues.

Steps to reproduce

• Register a secret store per SecretStore/SecretManagement module
• Register a repository with PSResourceGet via Register-PSResourceRepository
• Call Set-PSResourceRepository -Name <repo> -CredentialInfo (Get-SecretInfo -Vault <vault> -Name <secret>)

Expected behavior

PS> Set-PSResourceRepository -Name Artifactory -CredentialInfo (Get-SecretInfo -Vault "Default" -Name "Artifactory")
PS> # no error

Actual behavior

PS> Set-PSResourceRepository -Name Artifactory -CredentialInfo (Get-SecretInfo -Vault "Default" -Name "Artifactory")
Set-PSResourceRepository : Cannot bind parameter 'CredentialInfo'. Cannot convert the "Microsoft.PowerShell.SecretManagement.SecretInformation" value of type "Microsoft.PowerShell.SecretManagement.SecretInformation" to type
"Microsoft.PowerShell.PSResourceGet.UtilClasses.PSCredentialInfo".
At line:1 char:93
+ ... dentialInfo (Get-SecretInfo -Vault "Default" -Name "Artifactory") ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Set-PSResourceRepository], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.PowerShell.PSResourceGet.Cmdlets.SetPSResourceRepository

Error details

Set-PSResourceRepository : Cannot bind parameter 'CredentialInfo'. Cannot convert the "Microsoft.PowerShell.SecretManagement.SecretInformation" value of type "Microsoft.PowerShell.SecretManagement.SecretInformation" to type
"Microsoft.PowerShell.PSResourceGet.UtilClasses.PSCredentialInfo".
At line:1 char:93
+ ... dentialInfo (Get-SecretInfo -Vault LocalUser_Auto -Name Artifactory_a ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Set-PSResourceRepository], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.PowerShell.PSResourceGet.Cmdlets.SetPSResourceRepository

Environment data

PS> Get-Module Microsoft.PowerShell.PSResourceGet; $PSVersionTable | ft

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Binary     1.0.2      Microsoft.PowerShell.PSResourceGet  {Find-PSResource, Get-InstalledPSResource, Get-PSResourceRepository, Get-PSScriptFileInfo...}



Name                           Value
----                           -----
PSVersion                      5.1.19041.3803
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.19041.3803
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Visuals

No response

[sean-r-williams]

It looks like #866 was supposed to add this functionality, but type coercion appears to be broken:

PS C:\> [Microsoft.PowerShell.PSResourceGet.UtilClasses.PSCredentialInfo](Get-SecretInfo -Vault "Default" -Name "Artifactory")
Cannot convert the "Microsoft.PowerShell.SecretManagement.SecretInformation" value of type "Microsoft.PowerShell.SecretManagement.SecretInformation" to type "Microsoft.PowerShell.PSResourceGet.UtilClasses.PSCredentialInfo".
At line:1 char:1
+ [Microsoft.PowerShell.PSResourceGet.UtilClasses.PSCredentialInfo](Get ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [], RuntimeException
    + FullyQualifiedErrorId : ConvertToFinalInvalidCastException

PS C:\> [Microsoft.PowerShell.PSResourceGet.UtilClasses.PSCredentialInfo]::new((Get-SecretInfo -Vault "Default" -Name "Artifactory"))
Exception calling ".ctor" with "1" argument(s): "Invalid CredentialInfo, SecretName must be a non-empty string"
At line:1 char:1
+ [Microsoft.PowerShell.PSResourceGet.UtilClasses.PSCredentialInfo]::ne ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : ArgumentException

(@FriedrichWeinmann, is there something we're missing here?)

Looking at the implementation for PSCredentialInfo, the problem appears to be multifold:

• There's no cast op/ctor accepting a SecretInformation, so we can't use any of the custom converters to that effect.
• There is a PSObject ctor for PSCredentialInfo, however:
  • It sets the SecretName property first
  • This throws because SecretName is null (the property is just Name)
  • There's a separate if-then afterwards, but the previous exception wasn't caught so we never get to try it

Some possible options come to mind:

• Add a conversion operator for SecretInformation -> PSCredentialInfo
  • This would most-likely mean a dependency on SecretManagement's reference libraries (no idea if these are kept updated)
• Register a PSTypeConverter on PSCredentialInfo and capture/convert objects that appear to be of type SecretInformation
  • This might be doable without depending on SecretManagement

[SydneyhSmith]

@sean-r-williams thanks so much for the issue, we likely won't have time to get to this in the near future but it looks like you have a good understanding of the issue and we would be happy to accept a PR-- thanks