diff --git a/src/GitHub/GitHub.ps1 b/src/GitHub/GitHub.ps1 index 79c1d6ddf..babae939b 100644 --- a/src/GitHub/GitHub.ps1 +++ b/src/GitHub/GitHub.ps1 @@ -1,8 +1,8 @@ $scriptFilePath = $MyInvocation.MyCommand.Path -Write-Verbose "[$scriptFilePath] - Initializing GitHub module..." +Write-Verbose "[$scriptFilePath] - Initializing GitHub PowerShell module..." -Initialize-SecretVault -Name $script:SecretVault.Name -Type $script:SecretVault.Type +Initialize-Store -Name 'GitHubPowerShell' -SecretVaultName $script:Config.Name -SecretVaultType $script:Config.Type # Autologon if a token is present in environment variables $envVar = Get-ChildItem -Path 'Env:' | Where-Object Name -In 'GH_TOKEN', 'GITHUB_TOKEN' | Select-Object -First 1 diff --git a/src/GitHub/data/Config.psd1 b/src/GitHub/data/Config.psd1 new file mode 100644 index 000000000..fdb54946e --- /dev/null +++ b/src/GitHub/data/Config.psd1 @@ -0,0 +1,5 @@ +@{ + Name = 'SecretStore' # $script:Config.Name + Type = 'Microsoft.PowerShell.SecretStore' # $script:Config.Type + Prefix = 'GHPS' # $script:Config.Prefix +} diff --git a/src/GitHub/data/SecretVault.psd1 b/src/GitHub/data/SecretVault.psd1 deleted file mode 100644 index 6a669c66a..000000000 --- a/src/GitHub/data/SecretVault.psd1 +++ /dev/null @@ -1,5 +0,0 @@ -@{ - Name = 'SecretStore' # $script:SecretVault.Name - Type = 'Microsoft.PowerShell.SecretStore' # $script:SecretVault.Type - Prefix = 'GHPS_' # $script:SecretVault.Prefix -} diff --git a/src/GitHub/private/Config/Initialize-SecretVault.ps1 b/src/GitHub/private/Config/Initialize-SecretVault.ps1 deleted file mode 100644 index e39dd3d90..000000000 --- a/src/GitHub/private/Config/Initialize-SecretVault.ps1 +++ /dev/null @@ -1,74 +0,0 @@ -#Requires -Version 7.0 -#Requires -Modules Microsoft.PowerShell.SecretManagement -#Requires -Modules Microsoft.PowerShell.SecretStore - -function Initialize-SecretVault { - <# - .SYNOPSIS - Initialize a secret vault. - - .DESCRIPTION - Initialize a secret vault. If the vault does not exist, it will be created. - - .EXAMPLE - Initialize-SecretVault -Name 'SecretStore' -Type 'Microsoft.PowerShell.SecretStore' - - Initializes a secret vault named 'SecretStore' using the 'Microsoft.PowerShell.SecretStore' module. - - .NOTES - For more information about secret vaults, see - https://learn.microsoft.com/en-us/powershell/utility-modules/secretmanagement/overview?view=ps-modules - #> - [OutputType([void])] - [CmdletBinding()] - param ( - # The name of the secret vault. - [Parameter()] - [string] $Name = 'SecretStore', - - # The type of the secret vault. - [Parameter()] - [Alias('ModuleName')] - [string] $Type = 'Microsoft.PowerShell.SecretStore' - ) - - $functionName = $MyInvocation.MyCommand.Name - - $vault = Get-SecretVault | Where-Object { $_.ModuleName -eq $Type } - if (-not $vault) { - Write-Verbose "[$functionName] - [$Type] - Registering" - - switch ($Type) { - 'Microsoft.PowerShell.SecretStore' { - $vaultParameters = @{ - Authentication = 'None' - PasswordTimeout = -1 - Interaction = 'None' - Scope = 'CurrentUser' - WarningAction = 'SilentlyContinue' - Confirm = $false - Force = $true - } - Reset-SecretStore @vaultParameters - } - } - Write-Verbose "[$functionName] - [$Type] - Done" - } else { - Write-Verbose "[$functionName] - [$Type] - already registered" - } - - $secretStore = Get-SecretVault | Where-Object { $_.Name -eq $Name } - if (-not $secretStore) { - Write-Verbose "[$functionName] - [$Name] - Registering" - $secretVault = @{ - Name = $Name - ModuleName = $Type - DefaultVault = $true - Description = 'SecretStore' - } - Register-SecretVault @secretVault - Write-Verbose "[$functionName] - [$Name] - Done" - } else { - Write-Verbose "[$functionName] - [$Name] - already registered" - } -} diff --git a/src/GitHub/public/Config/Get-GitHubConfig.ps1 b/src/GitHub/public/Config/Get-GitHubConfig.ps1 index ecb5394cc..c4f40cfd4 100644 --- a/src/GitHub/public/Config/Get-GitHubConfig.ps1 +++ b/src/GitHub/public/Config/Get-GitHubConfig.ps1 @@ -1,4 +1,6 @@ -function Get-GitHubConfig { +#Requires -Modules Store + +function Get-GitHubConfig { <# .SYNOPSIS Get configuration value. @@ -30,38 +32,22 @@ 'RefreshToken', 'RefreshTokenExpirationDate', 'Repo', + 'SecretVaultName', + 'SecretVaultType', 'Scope', 'UserName' )] [string] $Name ) - $prefix = $script:SecretVault.Prefix + $prefix = $script:Config.Prefix - switch ($Name) { - 'AccessToken' { - Get-Secret -Name "$prefix`AccessToken" - } - 'RefreshToken' { - Get-Secret -Name "$prefix`RefreshToken" + switch -Regex ($Name) { + '^AccessToken$|^RefreshToken$' { + Get-StoreConfig -Name "$prefix$Name" } default { - $RefreshTokenSecretInfo = Get-SecretInfo -Name "$prefix`RefreshToken" - if ($null -ne $RefreshTokenSecretInfo.Metadata) { - $RefreshTokenMetadata = $RefreshTokenSecretInfo.Metadata | ConvertFrom-HashTable | ConvertTo-HashTable - } - - $AccessTokenSecretInfo = Get-SecretInfo -Name "$prefix`AccessToken" - if ($null -ne $AccessTokenSecretInfo.Metadata) { - $AccessTokenMetadata = $AccessTokenSecretInfo.Metadata | ConvertFrom-HashTable | ConvertTo-HashTable - } - $metadata = Join-Object -Main $RefreshTokenMetadata -Overrides $AccessTokenMetadata -AsHashtable - - if ($Name) { - $metadata.$Name - } else { - $metadata.GetEnumerator() | Sort-Object -Property Name - } + Get-StoreConfig -Name $Name } } } diff --git a/src/GitHub/public/Config/Set-GitHubConfig.ps1 b/src/GitHub/public/Config/Set-GitHubConfig.ps1 index ba389cd65..b8cb3e567 100644 --- a/src/GitHub/public/Config/Set-GitHubConfig.ps1 +++ b/src/GitHub/public/Config/Set-GitHubConfig.ps1 @@ -1,4 +1,6 @@ -function Set-GitHubConfig { +#Requires -Modules Store + +function Set-GitHubConfig { <# .SYNOPSIS Set the GitHub configuration. @@ -63,6 +65,14 @@ [Parameter()] [string] $Repo, + # Set the secret vault name. + [Parameter()] + [string] $SecretVaultName, + + # Set the secret vault type. + [Parameter()] + [string] $SecretVaultType, + # Set the scope. [Parameter()] [string] $Scope, @@ -72,108 +82,32 @@ [string] $UserName ) - $prefix = $script:SecretVault.Prefix - - #region AccessToken - $secretName = "$prefix`AccessToken" - $removeKeys = 'AccessToken', 'RefreshToken', 'RefreshTokenExpirationDate' - $keepTypes = 'String', 'Int', 'DateTime' - - # Get existing metadata if it exists - $newSecretMetadata = @{} - if (Get-SecretInfo -Name $secretName) { - $secretGetInfoParam = @{ - Name = $secretName - Vault = $script:SecretVault.Name - } - $secretInfo = Get-SecretInfo @secretGetInfoParam - Write-Verbose "$secretName - secretInfo : $($secretInfo | Out-String)" - $secretMetadata = $secretInfo.Metadata | ConvertFrom-HashTable | ConvertTo-HashTable - $newSecretMetadata = Join-Object -Main $newSecretMetadata -Overrides $secretMetadata -AsHashtable - } - - # Get metadata updates from parameters and clean up unwanted data - $updateSecretMetadata = $PSBoundParameters | ConvertFrom-HashTable | ConvertTo-HashTable - Write-Verbose "updateSecretMetadata : $($updateSecretMetadata | Out-String)" - Write-Verbose "updateSecretMetadataType : $($updateSecretMetadata.GetType())" - Remove-HashtableEntry -Hashtable $updateSecretMetadata -KeepTypes $keepTypes -RemoveNames $removeKeys - Write-Verbose "updateSecretMetadata : $($updateSecretMetadata | Out-String)" - - $newSecretMetadata = Join-Object -Main $newSecretMetadata -Overrides $updateSecretMetadata -AsHashtable - Write-Verbose "newSecretMetadata : $($newSecretMetadata | Out-String)" - Write-Verbose "newSecretMetadataType : $($newSecretMetadata.GetType())" - - if ($AccessToken) { - $accessTokenSetParam = @{ - Name = $secretName - Vault = $script:SecretVault.Name - SecureStringSecret = $AccessToken - } - if ($PSCmdlet.ShouldProcess("secret [$secretName] in secret vault [$($script:SecretVault.Name)]", 'Set')) { - Set-Secret @accessTokenSetParam - } - } - - if (Get-SecretInfo -Name $secretName) { - $secretSetInfoParam = @{ - Name = $secretName - Vault = $script:SecretVault.Name - Metadata = $newSecretMetadata - } - if ($PSCmdlet.ShouldProcess("secret [$secretName] in secret vault [$($script:SecretVault.Name)]", 'Set')) { - Set-SecretInfo @secretSetInfoParam - } - } - #endregion AccessToken - - #region RefreshToken - $secretName = "$prefix`RefreshToken" - $removeKeys = 'AccessToken', 'RefreshToken', 'AccessTokenExpirationDate' - - # Get existing metadata if it exists - $newSecretMetadata = @{} - if (Get-SecretInfo -Name $secretName) { - $secretGetInfoParam = @{ - Name = $secretName - Vault = $script:SecretVault.Name - } - $secretInfo = Get-SecretInfo @secretGetInfoParam - Write-Verbose "$secretName - secretInfo : $($secretInfo | Out-String)" - $secretMetadata = $secretInfo.Metadata | ConvertFrom-HashTable | ConvertTo-HashTable - $newSecretMetadata = Join-Object -Main $newSecretMetadata -Overrides $secretMetadata -AsHashtable + $prefix = $script:Config.Prefix + + $Settings = @{ + "$prefix`AccessToken" = $AccessToken + AccessTokenExpirationDate = $AccessTokenExpirationDate + AccessTokenType = $AccessTokenType + ApiBaseUri = $ApiBaseUri + ApiVersion = $ApiVersion + AuthType = $AuthType + DeviceFlowType = $DeviceFlowType + Owner = $Owner + "$prefix`RefreshToken" = $RefreshToken + RefreshTokenExpirationDate = $RefreshTokenExpirationDate + Repo = $Repo + SecretVaultName = $SecretVaultName + SecretVaultType = $SecretVaultType + Scope = $Scope + UserName = $UserName } - # Get metadata updates from parameters and clean up unwanted data - $updateSecretMetadata = $PSBoundParameters | ConvertFrom-HashTable | ConvertTo-HashTable - Write-Verbose "updateSecretMetadata : $($updateSecretMetadata | Out-String)" - Write-Verbose "updateSecretMetadataType : $($updateSecretMetadata.GetType())" - Remove-HashtableEntry -Hashtable $updateSecretMetadata -KeepTypes $keepTypes -RemoveNames $removeKeys - Write-Verbose "updateSecretMetadata : $($updateSecretMetadata | Out-String)" - - $newSecretMetadata = Join-Object -Main $newSecretMetadata -Overrides $updateSecretMetadata -AsHashtable - Write-Verbose "newSecretMetadata : $($newSecretMetadata | Out-String)" - Write-Verbose "newSecretMetadataType : $($newSecretMetadata.GetType())" - - if ($RefreshToken) { - $refreshTokenSetParam = @{ - Name = $secretName - Vault = $script:SecretVault.Name - SecureStringSecret = $RefreshToken - } - if ($PSCmdlet.ShouldProcess("secret [$secretName] in secret vault [$($script:SecretVault.Name)]", 'Set')) { - Set-Secret @refreshTokenSetParam - } - } + $Settings | Remove-HashtableEntry -NullOrEmptyValues - if (Get-SecretInfo -Name $secretName) { - $secretSetInfoParam = @{ - Name = $secretName - Vault = $script:SecretVault.Name - Metadata = $newSecretMetadata - } - if ($PSCmdlet.ShouldProcess("secret [$secretName] in secret vault [$($script:SecretVault.Name)]", 'Set')) { - Set-SecretInfo @secretSetInfoParam + foreach ($key in $Settings.Keys) { + if ($PSCmdlet.ShouldProcess("Setting $key", "Setting $key to $($Settings[$key])")) { + Write-Verbose "Setting $key to $($Settings[$key])" + Set-StoreConfig -Name $key -Value $Settings[$key] } } - #endregion AccessToken }