Invoke-DscResource bypassing LCM for PS7 #214
Conversation
Co-Authored-By: Steve Lee <slee@microsoft.com>
thanks Joey Co-Authored-By: Joey Aiello <joeyaiello@users.noreply.github.com>
updating RFC as per comments from Travis, Steve & Kevin
There was a problem hiding this comment.
In PowerShell 5.1 resources property types are limited to the CIM type system because of the LCM. Since the new Invoke-DSCResource will call PowerShell, is it expected all PowrShell types to be supported for resource properties?
For instance Hashtable wasn’t supported and the resource have to do conversion to CIM type to present Hashtable user input.
What would be supported types for properties?
|
@SimeonGerginov Invoke-DscResource would invoke individual resources. So you could get one resource, and the pass the result to another, but you would arrange passing the data. |
|
@dmilov Invoke-DscResource will return the exact object that the resource returns for the get method. for test, true or false would be allowed. No, output is expected for the set method and the output will be logged to the verbose stream. |
|
@TravisEz13 is it correct that The reason I ask is that Puppet uses |
|
@jpogran the PowerShell convention for |
|
@TravisEz13 apologies, my reply was slightly confusing to read before, so I'm trying again. I'm not talking about implementing DSC Resources, I'm talking about a vendor using For example, if you run the following on v5.1, you get back an indication if the state has drifted on the target machine: Puppet uses the value of |
|
I can update that. Gale, the LCM, I'm sure just returns this based on if |
|
@jpogran looking at the |
|
@dmilov The Eventually the bigger questions is what type can be easily serialized & deserialized, even if we don't use CIM, so that any tool/solution can integrate with it. But we're not there yet. |
Yes for a new class with same property (not CIM). The The I'll provide more details and update the RFC, but the returned object will expose the same properties, from different classes (not CIM). |
* updating RFC with updated discussion/comments * Update 1-Draft/RFCXXXX-RFC-Invoke-DscResource.md Co-Authored-By: Travis Plunk <travis.plunk@microsoft.com> * Update 1-Draft/RFCXXXX-RFC-Invoke-DscResource.md * updating GET result as per Travis comment
|
Just thought I would comment on this, while Ansible does not support PowerShell Core right now we do currently have a Ansible win_dsc module that uses We can see all the applicable properties, their types, whether it is mandatory, and available choices for that property which is great. What we can't do without WMI is see those same details for the Once again we have access to the same information it's just in a different form. Implementing the ability to get sub type details in |
|
My Example from my macOS dev machine: |
|
@TravisEz13 yep that's how it works right now in v5 but I'm talking about nested types and getting those properties. Maybe considering WMI will be removed then that won't be a thing anymore? |
|
On windows, Cim cmdlets will still be there. Therefore, you can examine the types. On non-windows... there probably still is a way. The difference is we won't be using CIM to deliver the objects to you. |
|
@jborean93 Nope... no way, because the nested types are not working:
I'll open an issue on DSC. cc @mgreenegit |
|
To add to what @jborean93 stated, Puppet uses that information also in one of the modules it maintains to build parameter validation logic. That PowerShell didn't give that information in pwsh6, meant we used a mof parser in ruby to build our logic. |
properties to property Co-Authored-By: Travis Plunk <travis.plunk@microsoft.com>
properties to property Co-Authored-By: Travis Plunk <travis.plunk@microsoft.com>
properties to property Co-Authored-By: Travis Plunk <travis.plunk@microsoft.com>
- expanding LCM/WMI - reboot and $Global:DSCMachineStatus - superfluous text
|
Quick update that could be of interest for @jpogran & @jborean93: I think there's a way to find the type information without using Get-CimClass. I got it to work with MOF based resource, exploring for class based ones atm. [Microsoft.PowerShell.DesiredStateConfiguration.Internal.DscClassCache]::ClearCache()
[Microsoft.PowerShell.DesiredStateConfiguration.Internal.DscClassCache]::Initialize()
$module = Get-Module -Name mod1 -ListAvailable -SkipEditionCheck
$resourceName = 'RsrcWithSubType'
$schemaFilePath = $null
$functionsToDefine = [System.Collections.Generic.Dictionary[string,ScriptBlock]]::new(([System.StringComparer]::OrdinalIgnoreCase))
$MyErrors = [System.Collections.ObjectModel.Collection[System.Exception]]::new()
[Microsoft.PowerShell.DesiredStateConfiguration.Internal.DscClassCache]::ImportCimKeywordsFromModule($module, $ResourceName, [ref] $SchemaFilePath, $functionsToDefine, $MyErrors)
[System.Management.Automation.Language.DynamicKeyword]::GetKeyword($ResourceName).Properties
# Key Value
# --- -----
# DependsOn System.Management.Automation.Language.DynamicKeywordProperty
# PsDscRunAsCredential System.Management.Automation.Language.DynamicKeywordProperty
# Ensure System.Management.Automation.Language.DynamicKeywordProperty
# Name System.Management.Automation.Language.DynamicKeywordProperty
# SubTypeProperty System.Management.Automation.Language.DynamicKeywordProperty
[System.Management.Automation.Language.DynamicKeyword]::GetKeyword('SubType').Properties
# Key Value
# --- -----
# Property1 System.Management.Automation.Language.DynamicKeywordProperty
# Property2 System.Management.Automation.Language.DynamicKeywordProperty
# Property3 System.Management.Automation.Language.DynamicKeywordProperty
This works (on Windows) both for PS 5.1 & PS7.preview3 (minus the [edit] [edit 2020-04-19] Adding the equivalent with Class based resources: [Microsoft.PowerShell.DesiredStateConfiguration.Internal.DscClassCache]::ClearCache()
[Microsoft.PowerShell.DesiredStateConfiguration.Internal.DscClassCache]::Initialize()
$module = Get-Module -Name mod1 -ListAvailable -SkipEditionCheck
$functionsToDefine = [System.Collections.Generic.Dictionary[string,ScriptBlock]]::new(([System.StringComparer]::OrdinalIgnoreCase))
$className = [string[]]'ClassRsrcWithSubType'
$resources = [Microsoft.PowerShell.DesiredStateConfiguration.Internal.DscClassCache]::ImportClassResourcesFromModule($Module, $className, $functionsToDefine)
[System.Management.Automation.Language.DynamicKeyword]::GetKeyword($resources[0]).Properties
# Key Value
# --- -----
# Property1 System.Management.Automation.Language.DynamicKeywordProperty
[System.Management.Automation.Language.DynamicKeyword]::GetKeyword($resources[1]).Properties
# Key Value
# --- -----
# DependsOn System.Management.Automation.Language.DynamicKeywordProperty
# PsDscRunAsCredential System.Management.Automation.Language.DynamicKeywordProperty
# Ensure System.Management.Automation.Language.DynamicKeywordProperty
# Name System.Management.Automation.Language.DynamicKeywordProperty
# SubTypeProperty System.Management.Automation.Language.DynamicKeywordProperty |
| to invoke the resource in a different user context, using PowerShell Jobs. | ||
|
|
||
| If the key `PsDscRunAsCredential` is to be found amongst the keys of the | ||
| `-Property` parameter, then `Invoke-DscResource` will throw an exception, |
There was a problem hiding this comment.
we should be using ThrowTerminatingError
There was a problem hiding this comment.
The module is written in PowerShell...
|
|
||
| `Invoke-DscResource` in PowerShell 7+ will not be aware of other instances being executed, and as such it will be possible to execute several instances in parallel when isolated in their own runspace, or run in parallel with the LCM. | ||
|
|
||
| This means that it enables concurrent execution, but also risks conflict if two conflicting resources are run simultaneously. |
There was a problem hiding this comment.
a mutex should enable system wide locking if you go down this path.
There was a problem hiding this comment.
I think system wide locking is not desired.
Allowing concurrent execution is good, just wanted to warn about the implication to the end user.
| True | ||
| ``` | ||
|
|
||
| In PS7+, `Invoke-DscResource -Method Test ...` will return an object (not CIM) |
There was a problem hiding this comment.
should this be strongly typed (rather than a pscustomobject with NoteProperties?
|
|
||
| # Out of Scope for initial work & other notes | ||
|
|
||
| We're aware that some extra work or feature could be solved at the same time, but we're trying to have the MVP (minimum viable product) out as soon as possible, to help addressing the points raised in the [Motivation](#Motivation) section. |
There was a problem hiding this comment.
as noted in Motivation is this work sufficient to unblock those that can't move to PS7?
This is an RFC to add support for an Invoke-DscResource in PowerShell 7.
Since
Get-DscResourceandConfigurationhave been fixed, this RFC is only to add something similar in syntax than the WMF 5.1'sInvoke-DscResource, but not using the LCM or CIM, and only consuming PowerShell resource directly.This RFC mainly specify an MVP (Minimum Viable Product), but feel free to comment or add in the
out of scopesection, what should come next.