Composite: Centralized SkipRule functionality (#83)

* moved to dot source file * renamed test * consolidated tests into composite.tests * added test module * updated readme * Updated common blocks * fixed SuppressMessageAttribute * fixed helper name * changed PSBoundParameters path * fixed spelling
microsoft · Aug 21, 2018 · ef79f64 · ef79f64
1 parent 3f2a382
commit ef79f64
Show file tree

Hide file tree

Showing 16 changed files with 250 additions and 418 deletions.
diff --git a/DSCResources/Browser/Browser.schema.psm1 b/DSCResources/Browser/Browser.schema.psm1
@@ -43,7 +43,7 @@ Configuration Browser
         $BrowserVersion,
 
         [Parameter()]
-        [ValidateSet('1.13','1.15','1.16')]
+        [ValidateSet('1.13', '1.15', '1.16')]
         [ValidateNotNullOrEmpty()]
         [version]
         $StigVersion,
@@ -66,54 +66,35 @@ Configuration Browser
         $SkipRuleType
     )
 
-    #region Add required data to XML
-    if ( $Exception )
-    {
-        $exceptionsObject = [StigException]::ConvertFrom( $Exception )
-    }
-    else
-    {
-        $exceptionsObject = $null
-    }
-
-    if ( $SkipRule )
-    {
-        $skipRuleObject = [SkippedRule]::ConvertFrom( $SkipRule )
-    }
-    else
-    {
-        $skipRuleObject = $null
-    }
-
-    if ( $SkipRuleType )
-    {
-        $skipRuleTypeObject = [SkippedRuleType]::ConvertFrom( $SkipRuleType )
-    }
-    else
-    {
-        $skipRuleTypeObject = $null
-    }
-
-    if ( $OrgSettings )
-    {
-        $orgSettingsObject = Get-OrgSettingsObject -OrgSettings $OrgSettings
-    }
-    else
-    {
-        $orgSettingsObject = $null
-    }
-    #endregion
+    ##### BEGIN DO NOT MODIFY #####
+    <#
+        The exception, skipped rule, and organizational settings functionality
+        is universal across all composites, so the code to process it is in a
+        central file that is dot sourced into each composite.
+    #>
+    $dscResourcesPath = Split-Path -Path $PSScriptRoot -Parent
+    $userSettingsPath = Join-Path -Path $dscResourcesPath -ChildPath 'stigdata.usersettings.ps1'
+    . $userSettingsPath
+    ##### END DO NOT MODIFY #####
 
     $technology        = [Technology]::Windows
     $technologyVersion = [TechnologyVersion]::New( 'All', $technology )
     $technologyRole    = [TechnologyRole]::New( $BrowserVersion, $technologyVersion )
-    $StigDataObject    = [StigData]::New( $StigVersion, $orgSettingsObject, $technology,
-                                       $technologyRole, $technologyVersion, $exceptionsObject,
-                                       $skipRuleTypeObject, $skipRuleObject )
-
+    $stigDataObject    = [StigData]::New( $StigVersion, $OrgSettings, $technology,
+                                          $technologyRole, $technologyVersion, $Exception,
+                                          $SkipRuleType, $SkipRule )
+    #### BEGIN DO NOT MODIFY ####
+    # $StigData is used in the resources that are dot sourced below
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseDeclaredVarsMoreThanAssignments",'')]
     $StigData = $StigDataObject.StigXml
+
     # $resourcePath is exported from the helper module in the header
 
+    # This is required to process Skipped rules
+    Import-DscResource -ModuleName PSDesiredStateConfiguration -ModuleVersion 1.1
+    . "$resourcePath\windows.Script.skip.ps1"
+    ##### END DO NOT MODIFY #####
+
     Import-DscResource -ModuleName PSDesiredStateConfiguration -ModuleVersion 1.1
     . "$resourcePath\windows.Registry.ps1"
 }
diff --git a/DSCResources/DotNetFramework/DotNetFramework.schema.psm1 b/DSCResources/DotNetFramework/DotNetFramework.schema.psm1
@@ -69,50 +69,35 @@ Configuration DotNetFramework
         $SkipRuleType
     )
 
-    if ( $Exception )
-    {
-        $exceptionsObject = [StigException]::ConvertFrom( $Exception )
-    }
-    else
-    {
-        $exceptionsObject = $null
-    }
-
-    if ( $SkipRule )
-    {
-        $skipRuleObject = [SkippedRule]::ConvertFrom( $SkipRule )
-    }
-    else
-    {
-        $skipRuleObject = $null
-    }
-
-    if ( $SkipRuleType )
-    {
-        $skipRuleTypeObject = [SkippedRuleType]::ConvertFrom( $SkipRuleType )
-    }
-    else
-    {
-        $skipRuleTypeObject = $null
-    }
-
-    if ( $OrgSettings )
-    {
-        $orgSettingsObject = Get-OrgSettingsObject -OrgSettings $OrgSettings
-    }
-    else
-    {
-        $orgSettingsObject = $null
-    }
-
-    $technology = [Technology]::Windows
-    $technologyVersion =  [TechnologyVersion]::New( "All", $technology )
-    $technologyRole = [TechnologyRole]::New( $FrameworkVersion, $technologyVersion )
-    $StigDataObject = [StigData]::New( $StigVersion, $orgSettingsObject, $technology, $technologyRole, $technologyVersion, $exceptionsObject , $skipRuleTypeObject, $skipRuleObject )
-
+    ##### BEGIN DO NOT MODIFY #####
+    <#
+        The exception, skipped rule, and organizational settings functionality
+        is universal across all composites, so the code to process it is in a
+        central file that is dot sourced into each composite.
+    #>
+    $dscResourcesPath = Split-Path -Path $PSScriptRoot -Parent
+    $userSettingsPath = Join-Path -Path $dscResourcesPath -ChildPath 'stigdata.usersettings.ps1'
+    . $userSettingsPath
+    ##### END DO NOT MODIFY #####
+
+    $technology        = [Technology]::Windows
+    $technologyVersion = [TechnologyVersion]::New( "All", $technology )
+    $technologyRole    = [TechnologyRole]::New( $FrameworkVersion, $technologyVersion )
+    $stigDataObject    = [StigData]::New( $StigVersion, $orgSettingsObject, $technology,
+                                          $technologyRole, $technologyVersion, $Exception,
+                                          $SkipRuleType, $SkipRule )
+    #### BEGIN DO NOT MODIFY ####
+    # $StigData is used in the resources that are dot sourced below
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseDeclaredVarsMoreThanAssignments",'')]
     $StigData = $StigDataObject.StigXml
 
-        # $resourcePath is exported from the helper module in the header
-        Import-DscResource -ModuleName PSDesiredStateConfiguration
-        . "$resourcePath\windows.Registry.ps1"
-    }
+    # $resourcePath is exported from the helper module in the header
+
+    # This is required to process Skipped rules
+    Import-DscResource -ModuleName PSDesiredStateConfiguration -ModuleVersion 1.1
+    . "$resourcePath\windows.Script.skip.ps1"
+    ##### END DO NOT MODIFY #####
+
+    Import-DscResource -ModuleName PSDesiredStateConfiguration
+    . "$resourcePath\windows.Registry.ps1"
+}
diff --git a/DSCResources/Resources/SqlServer.ScriptQuery.ps1 b/DSCResources/Resources/SqlServer.ScriptQuery.ps1
@@ -0,0 +1,38 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+
+$rules = Get-RuleClassData -StigData $StigData -Name SqlScriptQueryRule
+
+foreach ($instance in $ServerInstance)
+{
+    if ($null -ne $Database)
+    {
+        foreach ($db in $Database)
+        {
+            foreach ( $rule in $rules )
+            {
+                SqlScriptQuery "$(Get-ResourceTitle -Rule $rule)$instance"
+                {
+                    ServerInstance = $Instance
+                    GetQuery       = $rule.GetScript
+                    TestQuery      = $rule.TestScript
+                    SetQuery       = $rule.SetScript
+                    Variable       = $db
+                }
+            }
+        }
+    }
+    else
+    {
+        foreach ($rule in $rules)
+        {
+            SqlScriptQuery "$(Get-ResourceTitle -Rule $rule)$instance"
+            {
+                ServerInstance = $instance
+                GetQuery       = $rule.GetScript
+                TestQuery      = $rule.TestScript
+                SetQuery       = $rule.SetScript
+            }
+        }
+    }
+}
diff --git a/DSCResources/Resources/readme.md b/DSCResources/Resources/readme.md
@@ -3,6 +3,6 @@
 The file naming convention in this directory indicates the target platform and sub-component DSC resource.
 Many of the STIG's define registry settings so it will be reused the most, but all resources are set up and implemented in the same manner.
 
-For example 'windows.registry.ps1' indicates that it contains the DSC resource to manage the registry on the Windows platform.
+For example 'Windows.Registry.ps1' indicates that it contains the DSC resource to manage the registry on the Windows platform.
 
-Any composite resource in the PowerStigDsc module can dot-source this file without having to do any additional work.
+Any composite resource in the PowerStig module can dot-source this file without having to do any additional work.
diff --git a/DSCResources/SqlServer/SqlServer.schema.psm1 b/DSCResources/SqlServer/SqlServer.schema.psm1
@@ -44,22 +44,6 @@ using module ..\..\PowerStig.psm1
     .PARAMETER SkipRuleType
         All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule
         function. Each rule follows the same process as the SkipRule parameter.
-
-    .EXAMPLE
-        In this example the 1.16 of the Windows SQLServer2012 Instance STIG is applied to a specific instance
-
-        Import-DscResource -ModuleName PowerStigDsc
-
-        Node localhost
-        {
-            SqlServer BaseLine
-            {
-                SqlVersion     = Server2012
-                SqlRole        = Instance
-                StigVersion    = '1.16'
-                ServerInstance = 'ServerX\TestInstance'
-            }
-        }
 #>
 Configuration SqlServer
 {
@@ -113,52 +97,35 @@ Configuration SqlServer
         $SkipRuleType
     )
 
-    if ( $Exception )
-    {
-        $exceptionsObject = [StigException]::ConvertFrom( $Exception )
-    }
-    else
-    {
-        $exceptionsObject = $null
-    }
-
-    if ( $SkipRule )
-    {
-        $skipRuleObject = [SkippedRule]::ConvertFrom( $SkipRule )
-    }
-    else
-    {
-        $skipRuleObject = $null
-    }
-
-    if ( $SkipRuleType )
-    {
-        $skipRuleTypeObject = [SkippedRuleType]::ConvertFrom( $SkipRuleType )
-    }
-    else
-    {
-        $skipRuleTypeObject = $null
-    }
-
-    if ( $OrgSettings )
-    {
-        $orgSettingsObject = Get-OrgSettingsObject -OrgSettings $OrgSettings
-    }
-    else
-    {
-        $orgSettingsObject = $null
-    }
-
-    $technology = [Technology]::SqlServer
+    ##### BEGIN DO NOT MODIFY #####
+    <#
+        The exception, skipped rule, and organizational settings functionality
+        is universal across all composites, so the code to process it is in a
+        central file that is dot sourced into each composite.
+    #>
+    $dscResourcesPath = Split-Path -Path $PSScriptRoot -Parent
+    $userSettingsPath = Join-Path -Path $dscResourcesPath -ChildPath 'stigdata.usersettings.ps1'
+    . $userSettingsPath
+    ##### END DO NOT MODIFY #####
+
+    $technology        = [Technology]::SqlServer
     $technologyVersion = [TechnologyVersion]::New( $SqlVersion, $technology )
-    $technologyRole = [TechnologyRole]::New( $SqlRole, $technologyVersion )
-    $StigDataObject = [StigData]::New( $StigVersion, $orgSettingsObject, $technology,
-                                       $technologyRole, $technologyVersion, $exceptionsObject,
-                                       $skipRuleTypeObject, $skipRuleObject )
-
+    $technologyRole    = [TechnologyRole]::New( $SqlRole, $technologyVersion )
+    $stigDataObject    = [StigData]::New( $StigVersion, $OrgSettings, $technology,
+                                          $technologyRole, $technologyVersion, $Exception,
+                                          $SkipRuleType, $SkipRule )
+    #### BEGIN DO NOT MODIFY ####
+    # $StigData is used in the resources that are dot sourced below
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseDeclaredVarsMoreThanAssignments",'')]
     $StigData = $StigDataObject.StigXml
 
     # $resourcePath is exported from the helper module in the header
+
+    # This is required to process Skipped rules
+    Import-DscResource -ModuleName PSDesiredStateConfiguration -ModuleVersion 1.1
+    . "$resourcePath\windows.Script.skip.ps1"
+    ##### END DO NOT MODIFY #####
+
     Import-DscResource -ModuleName SqlServerDsc -ModuleVersion '11.4.0.0'
-    . "$resourcePath\windows.SqlScriptQuery.ps1"
+    . "$resourcePath\SqlServer.ScriptQuery.ps1"
 }