Self-Signed Certificate Removed When Used with Modules that Restart AppVeyor

[PlagueHO]

The Self-signed certificate that is used for compiling the Example DSC files is created and the location assigned to ENV: variables inside the Invoke-AppveyorInstallTask. However, some DSC Resources reboot the AppVeyor container afte the Invoke-AppveyorInstallTask runs (e.g. so that some Windows Features can be installed fully). This clears the ENV: variables, so that they can no longer be accessed by Invoke-AppveyorTestScriptTask (or other code).

It is possible to execute Invoke-AppveyorInstallTask a second time, after the reboot in the test_script: section of the AppVeyor.yml, but this seems counter-intuitive. An alternative would be to move the:

    $certificate = New-DscSelfSignedCertificate
    Write-Info -Message ('Created self-signed certificate ''{0}''.' -f $certificate.Subject)
    Write-Info -Message ('$env:DscPublicCertificatePath: {0}' -f $env:DscPublicCertificatePath)
    Write-Info -Message ('$env:DscCertificateThumbprint: {0}' -f $env:DscCertificateThumbprint)

down into the Invoke-AppveyorTestScriptTask function instead.

[PlagueHO]

See https://ci.appveyor.com/project/PlagueHO/activedirectorycsdsc#L319

[johlju]

I thought by setting them to ’machine’ they would be permanent and would be loaded into the session again on reboot. 🤔

If that is not the case, then I’m okay with moving those line into the test-phase function instead.

[PlagueHO]

It doesn't seem to be the case - at least not with what I'm seeing. I'll submit a PR.

[PlagueHO]

I had a think about this and actually, what might be the best idea is to convert New-DscSelfSignedCertificate into an idempotent function Initialize-DscSelfSignedCertificate. This function will then be called in both Invoke-AppveyorInstallTask and Invoke-AppveyorTestScriptTask.

[johlju]

Do you mean Initialize-DscSelfSignedCertificate will only create a new certificate using New-DscSelfSignedCertificate when there is not a certificate already created (or the environment variable is not set)?

[PlagueHO]

Correction: I'll just update New-DscSelfSignedCertificate so that it will still only create the certificate if it doesn't exist, but it will always assign the environment variables - even if the certificate already existed. That way New-DscSelfSignedCertificate becomes idempotent and can be run more than once and will always result in the certificate being created and the environment variables being assigned.

[johlju]

Sounds good! 👍

[PlagueHO]

Cool! Just testing the changes with ActiveDirectorCSDsc. I should submit the changes in a little bit.