modules/deploy/dsc/ext/PsGallery/xSharePoint.0.10.0.0/DSCResources/MSFT_xSPSecureStoreServiceApp/MSFT_xSPSecureStoreServiceApp.psm1

function Get-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Collections.Hashtable])]
    param
    (
        [parameter(Mandatory = $true)]  [System.String]  $Name,
        [parameter(Mandatory = $true)]  [System.String]  $ApplicationPool,
        [parameter(Mandatory = $true)]  [System.Boolean] $AuditingEnabled,
        [parameter(Mandatory = $false)] [System.UInt32]  $AuditlogMaxSize,
        [parameter(Mandatory = $false)] [System.String]  $DatabaseName,
        [parameter(Mandatory = $false)] [System.String]  $DatabaseServer,
        [parameter(Mandatory = $false)] [System.String]  $FailoverDatabaseServer,
        [parameter(Mandatory = $false)] [System.Boolean] $PartitionMode,
        [parameter(Mandatory = $false)] [System.Boolean] $Sharing,
        [parameter(Mandatory = $false)] [ValidateSet("Windows", "SQL")] [System.String]  $DatabaseAuthenticationType,
        [parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] $DatabaseCredentials,
        [parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] $InstallAccount
    )

    Write-Verbose -Message "Getting secure store service application '$Name'"

    $result = Invoke-xSharePointCommand -Credential $InstallAccount -Arguments $PSBoundParameters -ScriptBlock {
        $params = $args[0]

        $serviceApps = Get-SPServiceApplication -Name $params.Name -ErrorAction SilentlyContinue 
        if ($null -eq $serviceApps) { 
            return $null 
        }
        $serviceApp = $serviceApps | Where-Object { $_.TypeName -eq "Secure Store Service Application" }

        If ($null -eq $serviceApp) { 
            return $null 
        } else {
            $returnVal =  @{
                Name = $serviceApp.DisplayName
                ApplicationPool = $serviceApp.ApplicationPool.Name
                DatabaseName = $serviceApp.Database.Name
                DatabaseServer = $serviceApp.Database.Server.Name
                InstallAccount = $params.InstallAccount
            }
            return $returnVal
        }
    }
    return $result
}


function Set-TargetResource
{
    [CmdletBinding()]
    param
    (
        [parameter(Mandatory = $true)]  [System.String]  $Name,
        [parameter(Mandatory = $true)]  [System.String]  $ApplicationPool,
        [parameter(Mandatory = $true)]  [System.Boolean] $AuditingEnabled,
        [parameter(Mandatory = $false)] [System.UInt32]  $AuditlogMaxSize,
        [parameter(Mandatory = $false)] [System.String]  $DatabaseName,
        [parameter(Mandatory = $false)] [System.String]  $DatabaseServer,
        [parameter(Mandatory = $false)] [System.String]  $FailoverDatabaseServer,
        [parameter(Mandatory = $false)] [System.Boolean] $PartitionMode,
        [parameter(Mandatory = $false)] [System.Boolean] $Sharing,
        [parameter(Mandatory = $false)] [ValidateSet("Windows", "SQL")] [System.String]  $DatabaseAuthenticationType,
        [parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] $DatabaseCredentials,
        [parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] $InstallAccount
    )

    $result = Get-TargetResource @PSBoundParameters
    $params = $PSBoundParameters

    if((($params.ContainsKey("DatabaseAuthenticationType") -eq $true) -and `
        ($params.ContainsKey("DatabaseCredentials") -eq $false)) -or `
        (($params.ContainsKey("DatabaseCredentials") -eq $true) -and `
        ($params.ContainsKey("DatabaseAuthenticationType") -eq $false))) {
        throw "Where DatabaseCredentials are specified you must also specify DatabaseAuthenticationType to identify the type of credentials being passed"
        return;
    }

    switch((Get-xSharePointInstalledProductVersion).FileMajorPart) {
        16 {
            $hasOptionalParams = $false
            @("AuditlogMaxSize","DatabaseName","DatabaseServer","FailoverDatabaseServer",`
                "PartitionMode","Sharing","DatabaseCredentials") | ForEach-Object {
                if ($PSBoundParameters.ContainsKey($_) -eq $true) { $hasOptionalParams = $true }
            }
            if ($hasOptionalParams -eq $false) {
                # Add the MinDB param to ensure that the cmdlet call gets differentiated without the optional params being set
                $params.Add("EnableMinDB", $false)
            }
        }
    }

    if ($null -eq $result) { 
        Write-Verbose -Message "Creating Secure Store Service Application $Name"
        Invoke-xSharePointCommand -Credential $InstallAccount -Arguments $params -ScriptBlock {
            $params = $args[0]
            
            if ($params.ContainsKey("InstallAccount")) { $params.Remove("InstallAccount") | Out-Null }

            if($params.ContainsKey("DatabaseAuthenticationType")) {
                if ($params.DatabaseAuthenticationType -eq "SQL") {
                    $params.Add("DatabaseUsername", $params.DatabaseCredentials.Username)
                    $params.Add("DatabasePassword", (ConvertTo-SecureString $params.DatabaseCredentials.GetNetworkCredential().Password -AsPlainText -Force))
                }
                $params.Remove("DatabaseAuthenticationType")
            }

            New-SPSecureStoreServiceApplication @params | New-SPSecureStoreServiceApplicationProxy -Name "$($params.Name) Proxy"
        }
    } else {
        if ([string]::IsNullOrEmpty($ApplicationPool) -eq $false -and $ApplicationPool -ne $result.ApplicationPool) {
            Write-Verbose -Message "Updating Secure Store Service Application $Name"
            Invoke-xSharePointCommand -Credential $InstallAccount -Arguments $PSBoundParameters -ScriptBlock {
                $params = $args[0]

                $serviceApp = Get-SPServiceApplication -Name $params.Name | Where-Object { $_.TypeName -eq "Secure Store Service Application" }
                $appPool = Get-SPServiceApplicationPool -Identity $params.ApplicationPool 
                switch((Get-xSharePointInstalledProductVersion).FileMajorPart) {
                    15 {
                        Set-SPSecureStoreServiceApplication -Identity $serviceApp -ApplicationPool $appPool
                    }
                    16 {
                        Set-SPSecureStoreServiceApplication -Identity $serviceApp -ApplicationPool $appPool -EnableMinDB:$false
                    }
                    Default {
                        throw [Exception] "An unknown version of SharePoint (Major version $_) was detected. Only versions 15 (SharePoint 2013) or 16 (SharePoint 2016) are supported."
                    }
                }
            }
        }
    }
}


function Test-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Boolean])]
    param
    (
        [parameter(Mandatory = $true)]  [System.String]  $Name,
        [parameter(Mandatory = $true)]  [System.String]  $ApplicationPool,
        [parameter(Mandatory = $true)]  [System.Boolean] $AuditingEnabled,
        [parameter(Mandatory = $false)] [System.UInt32]  $AuditlogMaxSize,
        [parameter(Mandatory = $false)] [System.String]  $DatabaseName,
        [parameter(Mandatory = $false)] [System.String]  $DatabaseServer,
        [parameter(Mandatory = $false)] [System.String]  $FailoverDatabaseServer,
        [parameter(Mandatory = $false)] [System.Boolean] $PartitionMode,
        [parameter(Mandatory = $false)] [System.Boolean] $Sharing,
        [parameter(Mandatory = $false)] [ValidateSet("Windows", "SQL")] [System.String]  $DatabaseAuthenticationType,
        [parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] $DatabaseCredentials,
        [parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] $InstallAccount
    )

    $CurrentValues = Get-TargetResource @PSBoundParameters
    Write-Verbose -Message "Testing secure store service application $Name"
    if ($null -eq $CurrentValues) { return $false }
    return Test-xSharePointSpecificParameters -CurrentValues $CurrentValues -DesiredValues $PSBoundParameters -ValuesToCheck @("ApplicationPool")
}


Export-ModuleMember -Function *-TargetResource