WebAdministrationDsc icon indicating copy to clipboard operation
WebAdministrationDsc copied to clipboard

Published 20 hours ago verified publisher icon dsccommunity

IIS Shared Configuration?

Open wasabii opened this issue 7 years ago • 9 comments

Any interest in this? I have a module as part of my own DSC pack I could contribute. It uses the Enable-IisSharedConfig PowerShell cmdlets to set it up and keep it up to date.

wasabii avatar Feb 05 '17 19:02 wasabii

Hi wasabii I'm currently working on a project that requires this functionality. Id be extremely interested in seeing this added :)

WilliamSaxton avatar Mar 09 '17 14:03 WilliamSaxton

I would also be interested in seeing this. We recently deployed our first shared config. Pulling this and centralized cert store into the DSC would be pretty cool.

LiquoriChris avatar Mar 09 '17 15:03 LiquoriChris

`

[DscResource()] class cIISSharedConfig {

[DscProperty(Key)]
[string]$Name

[DscProperty(Mandatory)]
[Ensure]$Ensure

[DscProperty(Mandatory)]
[string]$PhysicalPath

[DscProperty()]
[PSCredential]$UserCredential

[DscProperty(Mandatory)]
[string]$KeyEncryptionPassword

[DscProperty()]
[bool]$DontCopyRemoteKeys = $false

<#
	This method returns a hashtable with the current IIS shared configuration information.
#>
[Hashtable] GetIISSharedConfig()
{
	$c = ConvertFrom-StringData ((Get-IISSharedConfig) -join "`r`n").Replace('\', '\\')
	
	return @{
		Enabled = $c['Enabled'] -eq 'True'
		PhysicalPath = $c['Physical Path']
		UserName = $c['UserName']
	}
}

<#
	Enables the IIS shared configuration.
#>
[Hashtable] EnableIISSharedConfig(
	[string]$PhysicalPath, 
	[PSCredential]$UserCredential, 
	[SecureString]$KeyEncryptionPassword, 
	[bool]$DontCopyRemoteKeys)
{
    if (!($PhysicalPath)) {
        throw 'PhysicalPath required.';
    }

    if (!($KeyEncryptionPassword)) {
        throw 'KeyEncryptionPassword required.';
    }

	$c = $this.GetIISSharedConfig()
	if ($c) {
		Write-Verbose 'Enabling IIS Shared Configuration...'
        if ($UserCredential) {
		    Enable-IISSharedConfig `
			    -PhysicalPath $PhysicalPath `
			    -UserName $UserCredential.UserName `
			    -Password (ConvertTo-SecureString -AsPlainText -Force $UserCredential.GetNetworkCredential().Password) `
			    -KeyEncryptionPassword $KeyEncryptionPassword `
			    -Force
        } else {
            Enable-IISSharedConfig `
			    -PhysicalPath $PhysicalPath `
			    -KeyEncryptionPassword $KeyEncryptionPassword `
			    -Force
        }
		$c = $this.GetIISSharedConfig()
	}

	return $c
}

<#
	Disables the IIS shared configuration.
#>
[Hashtable] DisableIISSharedConfig()
{
	$c = $this.GetIISSharedConfig();
	if ($c) {
		Write-Verbose 'Disabling IIS Shared Configuration...'
		Disable-IISSharedConfig
		$c = $this.GetIISSharedConfig();
	}
	
	return $c
}

[cIISSharedConfig] Get()
{
	$c = $this.GetIISSharedConfig();
	$this.Ensure = if ($c.Enabled) { [Ensure]::Present } else { [Ensure]::Absent }
	$this.PhysicalPath = $c.PhysicalPath
	return $this
}

[void] Set()
{
	if ($this.Ensure -eq [Ensure]::Present)
	{
		$c = $this.GetIISSharedConfig()
		$cEnabled = $c.Enabled
		$cPhysicalPath = $c.PhysicalPath -eq $this.PhysicalPath
		$cUserName = if ($this.UserCredential) { $c.UserName -eq $this.UserCredential.UserName } else { [string]::IsNullOrEmpty($c.UserName) }

		# check whether any properties are different from current state
		if (!$cEnabled -or !$cPhysicalPath -or !$cUserName)
		{
			$c = $this.EnableIISSharedConfig(
				$this.PhysicalPath,
				$this.UserCredential,
				(ConvertTo-SecureString -AsPlainText -Force $this.KeyEncryptionPassword),
				$this.DontCopyRemoteKeys)
			if (!$c.Enabled) {
				throw "Could not enable IIS Shared Configuration."
			}
		}
	}

	if ($this.Ensure -eq [Ensure]::Absent)
	{
		$c = $this.GetIISSharedConfig()
		if ($c.Enabled) {
			$c = $this.DisableIISSharedConfig()
			if ($c.Enabled) {
				throw "Could not disable IIS Shared Configuration."
			}
		}
	}
}

[bool] Test()
{
	$c = $this.GetIISSharedConfig()

	if ($this.Ensure -eq [Ensure]::Present)
	{
		if ($c.Enabled -ne $true) {
			Write-Verbose "Enabled != True"
			return $false
		}

		if ($c.PhysicalPath -ne $this.PhysicalPath) {
			Write-Verbose "PhysicalPath != $($this.PhysicalPath)"
			return $false
		}

        if ($this.UserCredential) {
		    if ($c.UserName -ne $this.UserCredential.UserName) {
			    Write-Verbose "UserName != $($this.UserCredential.UserName)"
			    return $false;
		    }
        }
	}

	if ($this.Ensure -eq [Ensure]::Absent)
	{
		if ($c.Enabled -ne $false) {
			Write-Verbose "Enabled != False"
			return $false;
		}
	}

	return $true
}

} `

wasabii avatar Mar 26 '17 19:03 wasabii

So, the above worked. But, I'm going to change it up. I'm using Get-IISSharedConfig, Enable-IISSharedCOnfig, etc. These commands are available only on 2016, apparently.

wasabii avatar Mar 28 '17 13:03 wasabii

Any updated on this one?

whytoe avatar Apr 12 '18 18:04 whytoe

I labeled this as resource proposal and help wanted so that someone in the community can ran with this.

johlju avatar Apr 26 '18 13:04 johlju

So how is this one doing?

kamidon74 avatar Aug 02 '19 19:08 kamidon74

Hello, any update by chance on this one ? thanks

markatdxb avatar Feb 10 '22 08:02 markatdxb

The community has not sent in a PR that add this functionality.

johlju avatar Feb 10 '22 16:02 johlju