DSCResources/Grani_CredentialManager/Grani_CredentialManager.psm1

#region Initialize

function Initialize
{
    # Enum for Ensure
    Add-Type -TypeDefinition @"
        public enum EnsureType
        {
            Present,
            Absent
        }
"@
 -ErrorAction SilentlyContinue; 

    Import-Module -Name (Join-Path -Path $PSScriptRoot -ChildPath "Grani_CredentialManagerHelper.psm1") -Verbose:$false -Force
}

. Initialize;

#endregion

#region Message Definition

Data VerboseMessages {
    ConvertFrom-StringData -StringData @"
        CheckingAbsent = Detected as Ensure=Absent. Checking Target is not exists.
        CheckingPresent = Detected as Ensure=Present. Checking Target credential is as desired.
        CredentialNotExists = Ensure detected as Present but credential was missing. Please make sure credential is exists.
        FailedAbsent = Target was found as not desired.
        PassPresent = Target's Credential was detected as desired.
        RemovingCredential = Removing Target Credential. Target : {0}
        SetCredential = Setting Desired Credential to Target. Target : {0}
"@

}

Data DebugMessages {
    ConvertFrom-StringData -StringData @"
"@

}

Data ErrorMessages {
    ConvertFrom-StringData -StringData @"
        CredentialNotExistsException = Credential parameter's value not exists exception!! Please make sure credential is exists.
"@

}

#endregion

#region *-TargetResource

function Get-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Collections.Hashtable])]
    param
    (
        [parameter(Mandatory = $true)]
        [System.String]$InstanceIdentifier,

        [parameter(Mandatory = $true)]
        [System.String]$Target,

        [parameter(Mandatory = $false)]
        [System.Management.Automation.PSCredential]$Credential  = [PSCredential]::Empty,

        [parameter(Mandatory = $true)]
        [ValidateSet("Present","Absent")]
        [System.String]$Ensure
    )

    # Initialize return values
    $returnHash = @{
        # No meaning with InstanceIdentifier for "how Resource work" but it is identifier to deceive DSC Engine when you want to keep "Same target, Credential for multiple PsDscRunAsCredential".
        # Normally InstanceIdentifier can be same as Target or ConfigurationName. Just change every instance's InstanceIdentifier when you want to set as above situation.
        InstanceIdentifier = $InstanceIdentifier;
        Target = $Target;
        Credential = New-CimInstance -ClassName MSFT_Credential -Property @{Username=[string]$Credential.UserName; Password=[string]$null} -Namespace root/microsoft/windows/desiredstateconfiguration -ClientOnly;
        Ensure = [EnsureType]::Absent.ToString();
    }

    # Absent == should remove Target if exists.
    if ($Ensure -eq [EnsureType]::Absent.ToString())
    {
        Write-Verbose -Message ($VerboseMessages.CheckingAbsent);
        if (TestTarget -Target $Target)
        {
            Write-Verbose -Message ($VerboseMessages.FailedAbsent);
            $returnHash.Ensure = [EnsureType]::Present.ToString();
        }
    }

    # Present == Registered credential must match desired credential.
    if ($Ensure -eq [EnsureType]::Present.ToString())
    {
        Write-Verbose -Message ($VerboseMessages.CheckingPresent);

        if (IsCredentialEmpty -Credential $Credential)
        {
            Write-Verbose -Message ($VerboseMessages.CredentialNotExists);
        }
        elseif (TestTarget -Target $Target)
        {
            if (IsCredentialMatch -Target $Target -Credential $Credential)
            {
                Write-Verbose -Message ($VerboseMessages.PassPresent);
                $returnHash.Ensure = [EnsureType]::Present.ToString();
            }
        }
    }

    return $returnHash;
}

function Set-TargetResource
{
    [CmdletBinding()]
    param
    (
        [parameter(Mandatory = $true)]
        [System.String]$InstanceIdentifier,

        [parameter(Mandatory = $true)]
        [System.String]$Target,

        [parameter(Mandatory = $false)]
        [System.Management.Automation.PSCredential]$Credential,

        [parameter(Mandatory = $true)]
        [ValidateSet("Present","Absent")]
        [System.String]$Ensure
    )

    # Absent == Start remove existing Target
    if ($Ensure -eq [EnsureType]::Absent.ToString())
    {
        if (TestTarget -Target $Target)
        {
            Write-Verbose -Message ($VerboseMessages.RemovingCredential -f $Target);
            RemoveTarget -Target $Target;
            return;
        }
    }

    # Present == Register credential as desired
    if ($Ensure -eq [EnsureType]::Present.ToString())
    {
        if (IsCredentialEmpty -Credential $Credential)
        {
            Write-Verbose -Message ($VerboseMessages.CredentialNotExists);
            throw $ErrorMessages.CredentialNotExistsException;
        }

        Write-Verbose -Message ($VerboseMessages.SetCredential -f $Target);
        SetCredential -Target $Target -Credential $Credential;
        return;
    }
}

function Test-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Boolean])]
    param
    (
        [parameter(Mandatory = $true)]
        [System.String]$InstanceIdentifier,

        [parameter(Mandatory = $true)]
        [System.String]$Target,

        [parameter(Mandatory = $false)]
        [System.Management.Automation.PSCredential]$Credential,

        [parameter(Mandatory = $true)]
        [ValidateSet("Present","Absent")]
        [System.String]$Ensure
    )

    return (Get-TargetResource -InstanceIdentifier $InstanceIdentifier -Target $Target -Credential $Credential -Ensure $Ensure).Ensure -eq $Ensure
}

#endregion

Export-ModuleMember -Function *-TargetResource