Update-DbaBuildReference - Add Parameter Proxy #9174
Conversation
Add optional parameters 'Proxy' and 'ProxyCredential'
|
@fm-knopfler doubtful it'll work till also https://github.com/dataplat/dbatools/blob/development/private/functions/Invoke-TlsWebRequest.ps1 will get the addition. Also, you may need to update tests (but lets get to them after the "code" part of the PR is ironed out) |
I don't belive any changes to Invoke-WebRequest @ArgsThe parameterset is, as you assumed, designed to be able to accept a proxy URI without a credential, but not a credential without a proxy URI. [CmdletBinding(DefaultParameterSetName = 'Build')]
param (
[string]$LocalFile,
[switch]$EnableException,
[Parameter(ParameterSetName = 'Build')]
[Parameter(Mandatory, ParameterSetName = 'Proxy')]
[Parameter(ParameterSetName = 'ProxyDefaultCredential')]
[URI]$Proxy,
[Parameter(ParameterSetName = 'Proxy')]
[pscredential]$ProxyCredential,
[Parameter(ParameterSetName = 'ProxyDefaultCredential')]
[switch]$ProxyUseDefaultCredentials
) |
|
right, I forgot about the splat. I'd add -ProxyUseDefaultCredentials nonetheless then. |
For that, I assume, a change to Invoke-TlsWebRequest $url -Proxy:$Proxy -ProxyCredential:$ProxyCredential -ProxyUseDefaultCredentials:$ProxyUseDefaultCredentials -UseBasicParsing -ErrorAction Stop |
|
I'm trying to anticipate what will happen for sure: once we give out the possibility to use proxies, someone will come up asking for -ProxyUseDefaultCredentials ;-) . That being said, isn't @Args a proper hash (hence not positional) ? |
|
No, |
|
mmmhhh, it's i.e. instead of
doing this |
|
|
Implemented Parameter ProxyUseDefaultCredentials
|
I have implemented |
|
so splatting has issues with switches. As long as Invoke-TlsWebRequest doesn't end up being an advanced function (cmdletbinding) am I missing something here ? this seems to work, and UseBasicParsing should be the same "type" of -ProxyUseDefaultCredentials ... so switching the check on $PSBoundParameters should end up fine ? |
named parameter UseBasicParsing ensures mapping of unnamed parameters
|
@fm-knopfler : do you need some help polishing this PR ? |
Hi @niphlod , that would be very helpful, thanks a lot. Epecially the tests I am not familiar with. |
|
okay @fm-knopfler , I'll be available in some hours. I can fix the tests without your help later. |
|
I'm not sure I undestand this correctly. Do you intend to add every parameter of |
|
just the needed ones, and I guess those are the only needed at the moment.... unless I'm missing something. |
|
After some investigation, I found using positional parameters via function Invoke-TlsWebRequest {
Param (
[switch]$UseBasicParsing,
[switch]$ProxyUseDefaultCredentials
)
<#
Internal utility that mimics invoke-webrequest
but enables all tls available version
rather than the default, which on a lot
of standard installations is just TLS 1.0
#>
$currentVersionTls = [Net.ServicePointManager]::SecurityProtocol
$currentSupportableTls = [Math]::Max($currentVersionTls.value__, [Net.SecurityProtocolType]::Tls.value__)
$availableTls = [enum]::GetValues('Net.SecurityProtocolType') | Where-Object { $_ -gt $currentSupportableTls }
$availableTls | ForEach-Object {
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor $_
}
Invoke-WebRequest @Args -UseBasicParsing:$UseBasicParsing -ProxyUseDefaultCredentials:$ProxyUseDefaultCredentials
[Net.ServicePointManager]::SecurityProtocol = $currentVersionTls
}
# Function Call
$param = @{
"Uri" = "https://dataplat.github.io/assets/dbatools-buildref-index.json"
"Proxy" = "http://yourproxy:9000"
"UseBasicParsing" = $true
}
Invoke-TlsWebRequest @param |
|
if that works I'm not against it. it now needs to be wired correctly with update-dbabuildreference and then the "code" part should be okay.... and you should be able to use your proxy. |
|
soooo, few things to account for here ... sorry @fm-knopfler , it seems you triggered a long-standing bug in how we check for help parameters in dbatools. Be a little patient while we figure it out. Let's split "jobs"... 1. Code related@fm-knopfler , can you try the latest version I pushed which I refactored a bit to see if the code works with proxies ? 2. Tests relatedI posted the same in dbatools-dev, but I need a hand from @potatoqualitee , maybe @wsmelton too (but anyone that can chime in is welcome). For good measure, and since we'll soon discover New-DbaDbUser is probably in the need of an adjustment, @andreasjordan ^_^ Frankly, I think June's code is good, but I fail to see the error on New-DbaDbUser's param declaration.
Of course we can always use InModule.Help.Exceptions.ps1 but I'd like to cross it out and figure who's wrong ^_^ |
|
I'm very busy the next days, but I can try to have a look at the weekend. |
using namend parameters and pass these to Invoke-WebRequest
|
In this commit, I declared the parameters in |
|
@fm-knopfler : were there issues with the previous implementation or not ? |
|
Yes, you can reproduce it by calling the function like this. $params = @{
"UseBasiParsing" = $true
"Proxy" = "http://yourproxy:9000"
"Uri" = "https://dataplat.github.io/assets/dbatools-buildref-index.json"
}
Invoke-TlsWebRequest @paramsBy using Invoke-TlsWebRequest:
Line |
7 | Invoke-TlsWebRequest @params
| ~~~~~~~
| Cannot process argument transformation on parameter 'ProxyUseDefaultCredentials'. Cannot convert value "System.String" to type "System.Management.Automation.SwitchParameter". Boolean parameters
accept only Boolean values and numbers, such as $True, $False, 1 or 0. |
|
this works without issues .... what am I not getting ? |
|
You haven't declared the proxy parameter, this way, it works for me too. To test, use some random URI as proxy, as $params = @{
"UseBasicParsing" = $true
"Uri" = "https://dataplat.github.io/assets/dbatools-buildref-index.json"
"Proxy" = "http://proxyurl:9000"
}
Invoke-TlsWebRequest @params |
|
owwww shush, I was aiming at keeping it simple but .... okay. |
|
Maybe someone knows a more concise way to make this work, but I wasn't able to find one. |
|
yeah, no worries and thanks for your patience. |
|
hey everyone, sorry for being an absent maintainer. I'll be back next year. I think we could use |
|
My $0.02USD here... So, I've only skimmed over the extremely long conversation on this PR; would be better served to convert that discussion to an issue for better tracking of what is going on...just an FYI. I believe it would be better served by having the proxy for web access stored inside of a configuration item. Then simply have the wrapper function pass that value to |
|
@wsmelton, @potatoqualitee : I'm up for rewriting a summary of what's happening . Issue 1:Users in the need of using a proxy can either:
Going with 2. means simplifying this PR, potentially just adding onto Update-DbaBuildReference (and later on to all invoking cmdlets) a warning in case of failures that remembers what config "key" to use to supply proxy and credentials. Wrappers then may remain simpler and use the config to know if a proxy (and credentials) are needed . Issue 2:If we don't go for a global config, problem here is that we had a simple wrapper to enable TLS1.2 for older PS versions that hit a limit. Either we remove the wrapper or we "complicate it" doing what @fm-knopfler did to make it work. Issue 3 (somewhat unrelated, but still valid):Solution 1 (having proxy and credential parameters on the cmdlet itself) create a 100% good parameterset, that is wrongly "marked as failed" by our unittests. This is due to what I consider a bug, and I found a fix, although fixing the logic shows that New-DbaDbUser has an incorrect definition of parameters. |
|
Yes, I believe this can be simplified with using dbatools' config in lieu of updating a single command plus internal commands. That way, setting the proxy can help all other commands. |
|
You mean adding an option to dbatools global config and referencing it in this (and possibly other) function? |
|
yep! then set the proxy within the internal command. |
|
Are there already predfined names for proxy and proxycredentials? Set-dbatoolsconfig -FullName network.proxy -Value $proxyUrl
Set-dbatoolsconfig -FullName network.proxycredential -Value $proxyCred |
|
Just looked and this is indeed a new category. Your proposal works! If you have issues with the credential, you can also store the username and SecureString then build up the $Cred in Invoke-TlsWebRequest like: $username = Get-DbatoolsConfigValue -FullName network.proxy.username $credential = New-Object System.Management.Automation.PSCredential ($username, $securePassword) To set that securepassword, i usually do like (Get-Credential).Password |
|
I got a version of it working, please have a look. |
|
okay this is great progress. but i think, and what do you say @niphlod, this should be in Invoke-TlsWebRequest itself. that way, if someone sets a proxy, then it works across the board and not just for one command. i also added the initialization scripts 😊 |
| @@ -0,0 +1,3 @@ | |||
| Set-DbatoolsConfig -FullName network.proxy.url -Value $null -Initialize -Validation string -Description "The URL of the network proxy." | |||
| Set-DbatoolsConfig -FullName network.proxy.username -Value $null -Initialize -Validation string -Description "The username for the network proxy." | |||
| Set-DbatoolsConfig -FullName network.proxy.securepassword -Value $null -Initialize -Validation securestring -Description "The secure password for the network proxy." | |||
There was a problem hiding this comment.
Not sure I've ever tried but is there any reason we couldn't just squash these two into a config that holds the credential object itself?
| if ($proxyUsername) { | ||
| $proxyCredential = New-Object System.Management.Automation.PSCredential ($proxyUsername, $proxySecurePassword) | ||
| } | ||
|
|
There was a problem hiding this comment.
Yeah I'm more for this being embedded into Invoke-TlsWebRequest instead of having to copy this everywhere
Add optional parameters 'Proxy' and 'ProxyCredential'
Please read -- recent changes to our repo
On November 10, 2022, we removed some bloat from our repository (for the second and final time). This change requires that all contributors reclone or refork their repo.
PRs from repos that have not been recently reforked or recloned will be closed and @potatoqualitee will cherry-pick your commits and open a new PR with your changes.
Type of Change
.\tests\manual.pester.ps1)Purpose
Allows supplying a proxy as parameter for
Update-DbaBuildReferenceApproach
Parameters "Proxy" and "ProxyCredential" are passed to function
Get-DbaBuildReferenceIndexOnline, which callsInvoke-TlsWebRequestthat in turn forwards the parameters toInvoke-WebRequest.Commands to test
Learning