Added -Scope to the Resource to fix bugs with narrower scope always m…

DSCResources/MSFT_xPowerShellExecutionPolicy/MSFT_xPowerShellExecutionPolicy.psm1

@@ -9,11 +9,18 @@ function Get-TargetResource
         [parameter(Mandatory = $true)]
         [ValidateSet("Bypass","Restricted","AllSigned","RemoteSigned","Unrestricted")]
         [System.String]
-        $ExecutionPolicy
+        $ExecutionPolicy,
+        [parameter(Mandatory = $false)]
+        [ValidateSet("CurrentUser","LocalMachine","MachinePolicy","Process","UserPolicy")]
+        [System.String]
+        $Scope = 'LocalMachine'
     )
 
     #Gets the execution policies for the current session.
-    $returnValue = @{ExecutionPolicy = $(Get-ExecutionPolicy)}
+    $returnValue = @{
+        ExecutionPolicy = $(Get-ExecutionPolicy -Scope $Scope)
+        Scope = $Scope
+    }
 
     $returnValue
 }
@@ -27,15 +34,19 @@ function Set-TargetResource
         [parameter(Mandatory = $true)]
         [ValidateSet("Bypass","Restricted","AllSigned","RemoteSigned","Unrestricted")]
         [System.String]
-        $ExecutionPolicy
+        $ExecutionPolicy,
+        [parameter(Mandatory = $false)]
+        [ValidateSet("CurrentUser","LocalMachine","MachinePolicy","Process","UserPolicy")]
+        [System.String]
+        $Scope = 'LocalMachine'
     )
 
     If($PSCmdlet.ShouldProcess("$ExecutionPolicy","Set-ExecutionPolicy"))
     {
         Try
         {
             Write-Verbose "Setting the execution policy of PowerShell."
-            Set-ExecutionPolicy -ExecutionPolicy $ExecutionPolicy -Force -ErrorAction Stop
+            Set-ExecutionPolicy -ExecutionPolicy $ExecutionPolicy -Force -ErrorAction Stop -Scope $Scope
         }
         Catch
         {
@@ -61,10 +72,14 @@ function Test-TargetResource
         [parameter(Mandatory = $true)]
         [ValidateSet("Bypass","Restricted","AllSigned","RemoteSigned","Unrestricted")]
         [System.String]
-        $ExecutionPolicy
+        $ExecutionPolicy,
+        [parameter(Mandatory = $false)]
+        [ValidateSet("CurrentUser","LocalMachine","MachinePolicy","Process","UserPolicy")]
+        [System.String]
+        $Scope = 'LocalMachine'
     )
 
-    If($(Get-ExecutionPolicy) -eq $ExecutionPolicy)
+    If($(Get-ExecutionPolicy -Scope $Scope) -eq $ExecutionPolicy)
     {
         return $true
     }

DSCResources/MSFT_xPowerShellExecutionPolicy/MSFT_xPowerShellExecutionPolicy.schema.mof

@@ -2,7 +2,8 @@
 [ClassVersion("1.0.0.0"), FriendlyName("xPowerShellExecutionPolicy")]
 class MSFT_xPowerShellExecutionPolicy : OMI_BaseResource
 {
-    [Key, Description("Changes the user preference for the Windows PowerShell execution policy."), ValueMap{"Bypass","Restricted","AllSigned","RemoteSigned","Unrestricted"}, Values{"Bypass","Restricted","AllSigned","RemoteSigned","Unrestricted"}] String ExecutionPolicy;
+    [Key, Description("Changes the preference for the Windows PowerShell execution policy."), ValueMap{"Bypass","Restricted","AllSigned","RemoteSigned","Unrestricted"}, Values{"Bypass","Restricted","AllSigned","RemoteSigned","Unrestricted"}] String ExecutionPolicy;
+    [Write, Description("Defines the scope for the preference of the Windows PowerShell execution policy."), ValueMap{"CurrentUser","LocalMachine","MachinePolicy","Process","UserPolicy"},Values{"CurrentUser","LocalMachine","MachinePolicy","Process","UserPolicy"}] String Scope;
 };
 
 

README.md

@@ -24,6 +24,7 @@ Please check out common DSC Resources [contributing guidelines](https://github.c
 
 ### Unreleased
 * Converted appveyor.yml to install Pester from PSGallery instead of from Chocolatey.
+* Added optional -Scope parameter
 
 ### 1.1.0.0
 

Tests/Unit/MSFT_xPowerShellExecutionpolicy.test.ps1

@@ -28,6 +28,11 @@ $Global:invalidPolicyThrowMessage += "not belong to the set `"Bypass,Restricted,
 $Global:invalidPolicyThrowMessage += "specified by the ValidateSet attribute. Supply an argument that is in the set and then "
 $Global:invalidPolicyThrowMessage += "try the command again."
 
+$Global:invalidPolicyScopeThrowMessage = "Cannot validate argument on parameter 'Scope'. The argument `"badParam`" does "
+$Global:invalidPolicyScopeThrowMessage += "not belong to the set `"CurrentUser,LocalMachine,MachinePolicy,Process,UserPolicy`" "
+$Global:invalidPolicyScopeThrowMessage += "specified by the ValidateSet attribute. Supply an argument that is in the set and then "
+$Global:invalidPolicyScopeThrowMessage += "try the command again."
+
 # Begin Testing
 try
 {
@@ -54,6 +59,16 @@ try
 
                 $result.ExecutionPolicy | should be $(Get-ExecutionPolicy)
             } 
+
+            It 'Throws when passed an invalid execution policy Scope' {
+                { Get-TargetResource -ExecutionPolicy $(Get-ExecutionPolicy) -Scope "badParam" } | should throw $invalidPolicyScopeThrowMessage
+            }
+
+            It 'Returns correct execution policy for the correct Scope' {
+                $result = Get-TargetResource -ExecutionPolicy $(Get-ExecutionPolicy) -Scope 'LocalMachine'
+                $result.ExecutionPolicy | should be $(Get-ExecutionPolicy)
+                $result.Scope | should be 'LocalMachine'
+            } 
         }
         #endregion
 
@@ -74,6 +89,21 @@ try
 
                 Test-TargetResource -ExecutionPolicy "Bypass" | should be $false 
             }
+
+            It 'Throws when passed an invalid execution policy Scope' {
+                { Test-TargetResource -ExecutionPolicy 'badParam' } | should throw $invalidPolicyScopeThrowMessage
+            }
+
+            It 'Returns true when current policy matches desired policy with correct Scope' {
+                Test-TargetResource -ExecutionPolicy $(Get-ExecutionPolicy) | should be $True 
+            }         
+
+            It 'Returns false when current policy does not match desired policy with correct Scope' {
+                Mock -CommandName Get-ExecutionPolicy -MockWith { "Restricted" }
+
+                Test-TargetResource -ExecutionPolicy "Bypass" -Scope 'LocalMachine'| should be $false 
+            }
+
         }
         #endregion
 
@@ -85,6 +115,10 @@ try
                 { Set-TargetResource -ExecutionPolicy 'badParam' } | should throw $invalidPolicyThrowMessage
             }
 
+            It 'Throws when passed an invalid execution policy' {
+                { Set-TargetResource -ExecutionPolicy 'LocalMachine' -Scope "badParam" } | should throw $invalidPolicyScopeThrowMessage
+            }
+
             It 'Set-ExecutionPolicy scope warning exception is caught' {
                 Mock -CommandName Set-ExecutionPolicy -MockWith { Throw 'Windows PowerShell updated your execution policy successfully.' } 
 
@@ -106,6 +140,14 @@ try
 
                 Assert-MockCalled -CommandName Set-ExecutionPolicy -Exactly 1 -Scope It             
             }
+
+            It 'Sets execution policy in spesified Scope' {
+                Mock -CommandName Set-ExecutionPolicy -MockWith { } 
+
+                Set-TargetResource -ExecutionPolicy "Bypass" -Scope 'LocalMachine'
+
+                Assert-MockCalled -CommandName Set-ExecutionPolicy -Exactly 1 -Scope It             
+            }
         }
         #endregion
     }