diff --git a/.github/linters/.powershell-psscriptanalyzer.psd1 b/.github/linters/.powershell-psscriptanalyzer.psd1 index dda4295..c85de7c 100644 --- a/.github/linters/.powershell-psscriptanalyzer.psd1 +++ b/.github/linters/.powershell-psscriptanalyzer.psd1 @@ -10,7 +10,9 @@ IncludeDefaultRules = ${true} ExcludeRules = @( 'PSUseShouldProcessForStateChangingFunctions', - 'PSAvoidUsingConvertToSecureStringWithPlainText' + 'PSAvoidUsingConvertToSecureStringWithPlainText', + 'PSUseDeclaredVarsMoreThanAssignments' + ) #IncludeRules = @( # 'PSAvoidUsingWriteHost', diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index de6a97c..01c4b03 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,10 +4,10 @@ on: pull_request: types: [closed] branches: - - main + - main push: branches: - - main + - main jobs: publish: @@ -32,7 +32,7 @@ jobs: - name: Build Module shell: pwsh run: | - Copy-Item -path src/ -Destination /tmp/artifacts/SecretManagement.Hashicorp.Vault.KV/ -Recurse -Force + Copy-Item -path SecretManagement.Hashicorp.Vault.KV/ -Destination /tmp/artifacts/SecretManagement.Hashicorp.Vault.KV/ -Recurse -Force # No need for artifacts yet # - name: Create Artifact # if: ${{ success() }} @@ -56,7 +56,6 @@ jobs: NUGET_KEY: ${{ secrets.NUGET_APIKEY }} run: | Publish-Module -Path /tmp/artifacts/SecretManagement.Hashicorp.Vault.KV -NuGetApiKey $env:NUGET_KEY - # Need to figure out tagging in pipeline first # - name: "Release" # uses: ncipollo/release-action@v1 @@ -65,4 +64,4 @@ jobs: # tag: ${{ env.tag }} # prerelease: ${{ env.prerelease }} # bodyFile: "body.md" - # token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + # token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 884f3c6..f9a483c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -3,8 +3,8 @@ name: test on: pull_request: branches: - - main - - development + - main + - development jobs: lint: @@ -46,6 +46,11 @@ jobs: run: | Set-PSRepository PSGallery -InstallationPolicy Trusted Install-Module -Name Microsoft.PowerShell.SecretManagement -ErrorAction Stop + Install-Module -Name Pester -MinimumVersion 5.2.0 -ErrorAction Stop - name: Perform the import shell: pwsh - run: Import-Module ./src/SecretManagement.Hashicorp.Vault.KV.Extension/SecretManagement.Hashicorp.Vault.KV.Extension.psd1 -ErrorAction Stop; (Get-Command -Module SecretManagement.Hashicorp.Vault.KV.Extension) -ne $null \ No newline at end of file + run: Import-Module ./SecretManagement.Hashicorp.Vault.KV/SecretManagement.Hashicorp.Vault.KV.Extension/SecretManagement.Hashicorp.Vault.KV.Extension.psd1 -ErrorAction Stop + - name: Execute Pester Tests + shell: pwsh + run: | + Invoke-Pester ./tests/* -Output Detailed diff --git a/CHANGELOG.md b/CHANGELOG.md index 3982583..fecf6d8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,32 +5,64 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [1.1.0] - 2021-08-04 + +Tested with SecretManagement 1.1.0 [#14](https://github.com/joshcorr/SecretManagement.Hashicorp.Vault.KV/issues/14) +Adding tests + ## [1.0.2] - 2021-06-10 + Default to Hashtable output. + ## [1.0.1] - 2021-06-04 + Improve Logging. Make Health Checks optional. Suggested by [Mounting to an existing path in Vault #7](https://github.com/joshcorr/SecretManagement.Hashicorp.Vault.KV/issues/7) + ## [1.0.0] - 2021-06-04 + Update About; remove Preview Tag + ## [0.0.11] - 2021-03-16 + More Bug fixes + ## [0.0.10] - 2021-03-16 + Fix login logic bug + ## [0.0.9] - 2021-03-15 + Better Token Management; Retrieving Metadata + ## [0.0.8] - 2021-03-13 + Support Hashtable; Creating Metadata; Removing Vaults + ## [0.0.7] - 2021-03-09 + Create New Vault; Fix Test-SecretVault + ## [0.0.6] - 2021-03-08 + Required Secrets Version; Fix folder structure + ## [0.0.5] - 2021-03-08 + Version Bump + ## [0.0.4] - 2021-03-08 + More Github Actions changes + ## [0.0.3] - 2021-03-08 + Github Actions changes + ## [0.0.2] - 2021-03-08 + Fixes for SecretsManagement RC1 + ## [0.0.1] - 2020-10-27 -Initial Preview Release \ No newline at end of file + +Initial Preview Release diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d4f1f2d..a0add63 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -14,6 +14,7 @@ This module is an extension for [Microsoft.PowerShell.SecretManagement](https:// - Writing Tests ### Ground Rules + Here are some guidelines for Pull Requests (PR) in this project. - All PRs to Development must have an issue @@ -21,6 +22,7 @@ Here are some guidelines for Pull Requests (PR) in this project. - Keep PRs limited to as few files as possible (if major change 1-to-1 PR) ### Your First Contribution + If this is your first time contributing to an opensource project, welcome! Here are some helpful tips for your first PR. - Look for items marked as "good first issue" (these usually only require a few easy changes) diff --git a/README.md b/README.md index dd58171..1fe1a0b 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,5 @@ # SecretManagement.Hashicorp.Vault.KV + [![GitHubSuper-Linter][]][GitHubSuper-LinterLink] [![PSGallery][]][PSGalleryLink] @@ -9,10 +10,13 @@ A PowerShell SecretManagement extension for Hashicorp Vault Key Value (KV) Engin > If Hashicorp would like to adopt this module please reach out. ## QuickStart + When registering a vault you need to provide at least these options: + ```PowerShell Register-SecretVault -ModuleName SecretManagement.Hashicorp.Vault.KV -Name PowerShellTest -VaultParameters @{ VaultServer = 'http://vault.domain.local:8200'; VaultAuthType = 'Token'} ``` + The vault name should match exactly as Hashicorp vault is case sensitive. If no VaultParameters are provided the functions will prompt you on the first execution in your session. Additionally you may provide which version of KV you are using when registering. It defaults to version 2 of KV. ```PowerShell @@ -23,22 +27,24 @@ $VaultParameters = @{ VaultServer = 'https://vault-cluster.domain.local' If you stored your secrets in a flat structure (i.e. no slashes in your path). You may want to return all secrets as a PSCredential. You can do this by providing the following: + ```powershell $VaultParameters @{ ... OutputType = 'PSCredential' } ``` + The Default is to return it as a Hashtable. You may provide either a single text string or a hashtable to the `-Secret` parameter. ## KV Version 2 distinctions + - Get-Secret only retrieves the newest secret - Get-SecretInfo retrieves the Hashicorp Metadata. - Set-Secret Adds/Updates without CheckAndSet. Althought it can be passed with `-Metadata @{cas=}` - Remove-Secret Completely Removes the secret and all versions - [GitHubSuper-Linter]: https://github.com/joshcorr/SecretManagement.Hashicorp.Vault.KV/workflows/ci/badge.svg [GitHubSuper-LinterLink]: https://github.com/marketplace/actions/super-linter diff --git a/src/SecretManagement.Hashicorp.Vault.KV.Extension/SecretManagement.Hashicorp.Vault.KV.Extension.psd1 b/SecretManagement.Hashicorp.Vault.KV/SecretManagement.Hashicorp.Vault.KV.Extension/SecretManagement.Hashicorp.Vault.KV.Extension.psd1 similarity index 87% rename from src/SecretManagement.Hashicorp.Vault.KV.Extension/SecretManagement.Hashicorp.Vault.KV.Extension.psd1 rename to SecretManagement.Hashicorp.Vault.KV/SecretManagement.Hashicorp.Vault.KV.Extension/SecretManagement.Hashicorp.Vault.KV.Extension.psd1 index ee7d946..54cf171 100644 --- a/src/SecretManagement.Hashicorp.Vault.KV.Extension/SecretManagement.Hashicorp.Vault.KV.Extension.psd1 +++ b/SecretManagement.Hashicorp.Vault.KV/SecretManagement.Hashicorp.Vault.KV.Extension/SecretManagement.Hashicorp.Vault.KV.Extension.psd1 @@ -1,5 +1,5 @@ @{ - ModuleVersion = '1.0.2' + ModuleVersion = '1.1.0' RootModule = 'SecretManagement.Hashicorp.Vault.KV.Extension.psm1' FunctionsToExport = @('Set-Secret', 'Get-Secret', 'Remove-Secret', 'Get-SecretInfo', 'Test-SecretVault', 'Unregister-SecretVault') } \ No newline at end of file diff --git a/src/SecretManagement.Hashicorp.Vault.KV.Extension/SecretManagement.Hashicorp.Vault.KV.Extension.psm1 b/SecretManagement.Hashicorp.Vault.KV/SecretManagement.Hashicorp.Vault.KV.Extension/SecretManagement.Hashicorp.Vault.KV.Extension.psm1 similarity index 100% rename from src/SecretManagement.Hashicorp.Vault.KV.Extension/SecretManagement.Hashicorp.Vault.KV.Extension.psm1 rename to SecretManagement.Hashicorp.Vault.KV/SecretManagement.Hashicorp.Vault.KV.Extension/SecretManagement.Hashicorp.Vault.KV.Extension.psm1 diff --git a/src/SecretManagement.Hashicorp.Vault.KV.psd1 b/SecretManagement.Hashicorp.Vault.KV/SecretManagement.Hashicorp.Vault.KV.psd1 similarity index 84% rename from src/SecretManagement.Hashicorp.Vault.KV.psd1 rename to SecretManagement.Hashicorp.Vault.KV/SecretManagement.Hashicorp.Vault.KV.psd1 index d742330..6aa2ad6 100644 --- a/src/SecretManagement.Hashicorp.Vault.KV.psd1 +++ b/SecretManagement.Hashicorp.Vault.KV/SecretManagement.Hashicorp.Vault.KV.psd1 @@ -1,11 +1,11 @@ @{ - ModuleVersion = '1.0.2' + ModuleVersion = '1.1.0' CompatiblePSEditions = @('Desktop', 'Core') GUID = '5dbf943d-d9c0-4db5-88a2-1995043a6305' Author = 'Josh Corrick' Copyright = '(c) 2021 Josh Corrick. All rights reserved.' Description = 'A PowerShell SecretManagement extension for Hashicorp Vault Key Value Engine' - RequiredModules = @(@{ModuleName = "Microsoft.PowerShell.SecretManagement"; ModuleVersion = "1.0.0"; GUID = "a5c858f6-4a8e-41f1-b1ee-0ff8f6ad69d3" }) + #RequiredModules = @(@{ModuleName = "Microsoft.PowerShell.SecretManagement"; ModuleVersion = "1.1.0"; GUID = "a5c858f6-4a8e-41f1-b1ee-0ff8f6ad69d3" }) NestedModules = './SecretManagement.Hashicorp.Vault.KV.Extension' PowershellVersion = '5.1' FunctionsToExport = @() @@ -16,7 +16,7 @@ PSData = @{ # Prerelease string of this module - Prerelease = 'Preview' + # Prerelease = 'Preview' Tags = 'SecretManagement', 'HashiCorp', 'Secret', 'Vault', 'MacOS', 'Linux', 'Windows' ExternalModuleDependencies = @('Microsoft.PowerShell.SecretManagement') LicenseUri = 'https://raw.githubusercontent.com/joshcorr/SecretManagement.Hashicorp.Vault.KV/main/LICENSE' diff --git a/src/en-us/about_SecretManagement.Hashicorp.Vault.KV.Extension.Help.txt b/SecretManagement.Hashicorp.Vault.KV/en-us/about_SecretManagement.Hashicorp.Vault.KV.Extension.Help.txt similarity index 100% rename from src/en-us/about_SecretManagement.Hashicorp.Vault.KV.Extension.Help.txt rename to SecretManagement.Hashicorp.Vault.KV/en-us/about_SecretManagement.Hashicorp.Vault.KV.Extension.Help.txt diff --git a/tests/SecretManagement.Hashicorp.Vault.KV.Extension.Tests.ps1 b/tests/SecretManagement.Hashicorp.Vault.KV.Extension.Tests.ps1 new file mode 100644 index 0000000..5d7e099 --- /dev/null +++ b/tests/SecretManagement.Hashicorp.Vault.KV.Extension.Tests.ps1 @@ -0,0 +1,23 @@ +BeforeDiscovery { + $s = [io.path]::DirectorySeparatorChar + $ModulePath = $PSScriptRoot, '..' -join $s + $Folder = (Get-Item $ModulePath).FullName + $File = ($PSCommandPath).Replace('.Tests.ps1', '.psd1').Split($s)[-1] + $ModuleName = ($PSCommandPath).Replace('.Tests.ps1', '').Split($s)[-1] + $Path = $Folder, $ModuleName, $File -join $s + $Extension = Get-ChildItem -Path . -Include *.psm1 -Recurse + Import-Module $Extension.FullName + $commands = Get-Command -Module $Extension.BaseName +} +AfterAll { + $Extension = Get-ChildItem -Path . -Include *.psm1 -Recurse + Remove-Module -Name $Extension.BaseName -Force -ErrorAction SilentlyContinue +} +describe "Extension loading" { + It "Should load the Extension $ModuleName" { + Get-Module -Name 'SecretManagement.Hashicorp.Vault.KV.Extension' | Should -Not -Be $null + } + It "Should have <_> function loaded" -foreach $Commands { + (Get-Command -Name $PSItem).Name | Should -Be "$PSItem" + } +} \ No newline at end of file diff --git a/tests/SecretManagement.Hashicorp.Vault.KV.Tests.ps1 b/tests/SecretManagement.Hashicorp.Vault.KV.Tests.ps1 new file mode 100644 index 0000000..020cae6 --- /dev/null +++ b/tests/SecretManagement.Hashicorp.Vault.KV.Tests.ps1 @@ -0,0 +1,17 @@ +BeforeDiscovery { + $s = [io.path]::DirectorySeparatorChar + $ModuleName = ($PSCommandPath).Replace('.Tests.ps1', '').Split($s)[-1] +} + +describe "SecretManagement Usage with $ModuleName" { + beforeall { + mock -CommandName Read-Host -MockWith {"yes"} + } + It "Should register the vault 'pester'" { + $VaultParameters = @{ VaultServer = 'http://127.0.0.1:8200'; VaultToken = $(ConvertTo-SecureString -AsPlainText -Force -String 'root'| ConvertFrom-SecureString); VaultAuthType = 'Token'; KVVersion = 'v2'} + {Register-SecretVault -ModuleName SecretManagement.Hashicorp.Vault.KV -Name pester -VaultParameters $VaultParameters} | Should -Not -Throw + } + It "Should fail to unregister the vault 'pester'" { + {Unregister-SecretVault -Name pester -ErrorAction Stop} | Should -Throw + } +} \ No newline at end of file