DSCResources/MSFT_SPManagedAccount/MSFT_SPManagedAccount.psm1

$script:SPDscUtilModulePath = Join-Path -Path $PSScriptRoot -ChildPath '..\..\Modules\SharePointDsc.Util'
Import-Module -Name $script:SPDscUtilModulePath

function Get-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Collections.Hashtable])]
    param
    (
        [Parameter()]
        [System.Management.Automation.PSCredential]
        $Account,

        [Parameter()]
        [ValidateSet("Present", "Absent")]
        [System.String]
        $Ensure = "Present",

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $InstallAccount,

        [Parameter()]
        [System.UInt32]
        $EmailNotification,

        [Parameter()]
        [System.UInt32]
        $PreExpireDays,

        [Parameter()]
        [System.String]
        $Schedule,

        [Parameter(Mandatory = $true)]
        [System.String]
        $AccountName
    )

    Write-Verbose -Message "Getting managed account $AccountName"

    $result = Invoke-SPDscCommand -Credential $InstallAccount `
        -Arguments $PSBoundParameters `
        -ScriptBlock {
        $params = $args[0]

        $ma = Get-SPManagedAccount -Identity $params.AccountName `
            -ErrorAction SilentlyContinue
        if ($null -eq $ma)
        {
            return @{
                AccountName = $params.AccountName
                Account     = $params.Account
                Ensure      = "Absent"
            }
        }
        $schedule = $null
        if ($null -ne $ma.ChangeSchedule)
        {
            $schedule = $ma.ChangeSchedule.ToString()
        }
        return @{
            AccountName       = $ma.Username
            EmailNotification = $ma.DaysBeforeChangeToEmail
            PreExpireDays     = $ma.DaysBeforeExpiryToChange
            Schedule          = $schedule
            Account           = $params.Account
            Ensure            = "Present"
        }
    }
    return $result
}

function Set-TargetResource
{
    [CmdletBinding()]
    param
    (
        [Parameter()]
        [System.Management.Automation.PSCredential]
        $Account,

        [Parameter()]
        [ValidateSet("Present", "Absent")]
        [System.String]
        $Ensure = "Present",

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $InstallAccount,

        [Parameter()]
        [System.UInt32]
        $EmailNotification,

        [Parameter()]
        [System.UInt32]
        $PreExpireDays,

        [Parameter()]
        [System.String]
        $Schedule,

        [Parameter(Mandatory = $true)]
        [System.String]
        $AccountName
    )

    Write-Verbose -Message "Setting managed account $AccountName"

    if ($Ensure -eq "Present" -and $null -eq $Account)
    {
        $message = ("You must specify the 'Account' property as a PSCredential to create a " + `
                "managed account")
        Add-SPDscEvent -Message $message `
            -EntryType 'Error' `
            -EventID 100 `
            -Source $MyInvocation.MyCommand.Source
        throw $message
    }

    $currentValues = Get-TargetResource @PSBoundParameters
    if ($currentValues.Ensure -eq "Absent" -and $Ensure -eq "Present")
    {
        Write-Verbose -Message ("Managed account does not exist but should, creating " + `
                "the managed account")
        Invoke-SPDscCommand -Credential $InstallAccount `
            -Arguments $PSBoundParameters `
            -ScriptBlock {
            $params = $args[0]
            New-SPManagedAccount -Credential $params.Account
        }
    }

    if ($Ensure -eq "Present")
    {
        Write-Verbose -Message "Updating settings for managed account"
        Invoke-SPDscCommand -Credential $InstallAccount `
            -Arguments $PSBoundParameters `
            -ScriptBlock {
            $params = $args[0]

            $updateParams = @{
                Identity = $params.Account.UserName
            }
            if ($params.ContainsKey("EmailNotification"))
            {
                $updateParams.Add("EmailNotification", $params.EmailNotification)
            }
            if ($params.ContainsKey("PreExpireDays"))
            {
                $updateParams.Add("PreExpireDays", $params.PreExpireDays)
            }
            if ($params.ContainsKey("Schedule"))
            {
                $updateParams.Add("Schedule", $params.Schedule)
            }
            Set-SPManagedAccount @updateParams
        }
    }
    else
    {
        Write-Verbose -Message "Removing managed account"
        Invoke-SPDscCommand -Credential $InstallAccount `
            -Arguments $PSBoundParameters `
            -ScriptBlock {
            $params = $args[0]
            Remove-SPManagedAccount -Identity $params.AccountName -Confirm:$false
        }
    }
}

function Test-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Boolean])]
    param
    (
        [Parameter()]
        [System.Management.Automation.PSCredential]
        $Account,

        [Parameter()]
        [ValidateSet("Present", "Absent")]
        [System.String]
        $Ensure = "Present",

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $InstallAccount,

        [Parameter()]
        [System.UInt32]
        $EmailNotification,

        [Parameter()]
        [System.UInt32]
        $PreExpireDays,

        [Parameter()]
        [System.String]
        $Schedule,

        [Parameter(Mandatory = $true)]
        [System.String]
        $AccountName
    )

    Write-Verbose -Message "Testing managed account $AccountName"

    $PSBoundParameters.Ensure = $Ensure

    $CurrentValues = Get-TargetResource @PSBoundParameters

    Write-Verbose -Message "Current Values: $(Convert-SPDscHashtableToString -Hashtable $CurrentValues)"
    Write-Verbose -Message "Target Values: $(Convert-SPDscHashtableToString -Hashtable $PSBoundParameters)"

    $result = Test-SPDscParameterState -CurrentValues $CurrentValues `
        -Source $($MyInvocation.MyCommand.Source) `
        -DesiredValues $PSBoundParameters `
        -ValuesToCheck @("AccountName",
        "Schedule",
        "PreExpireDays",
        "EmailNotification",
        "Ensure")

    Write-Verbose -Message "Test-TargetResource returned $result"

    return $result
}

function Export-TargetResource
{
    $VerbosePreference = "SilentlyContinue"
    $ParentModuleBase = Get-Module "SharePointDsc" -ListAvailable | Select-Object -ExpandProperty Modulebase
    $module = Join-Path -Path $ParentModuleBase -ChildPath "\DSCResources\MSFT_SPManagedAccount\MSFT_SPManagedAccount.psm1" -Resolve
    $managedAccounts = Get-SPManagedAccount

    $Content = ''

    $i = 1
    $total = $managedAccounts.Length
    foreach ($managedAccount in $managedAccounts)
    {
        try
        {
            $mAccountName = $managedAccount.UserName
            Write-Host "Scanning SPManagedAccount [$i/$total] {$mAccountName}"

            $PartialContent = " SPManagedAccount " + [System.Guid]::NewGuid().toString() + "`r`n"
            $PartialContent += " {`r`n"
            <# WA - 1.6.0.0 has a bug where the Get-TargetResource returns an array of all ManagedAccount (see Issue #533) #>
            $schedule = $null
            if ($null -ne $managedAccount.ChangeSchedule)
            {
                $schedule = $managedAccount.ChangeSchedule.ToString()
            }
            $results = @{
                AccountName       = $managedAccount.UserName
                EmailNotification = $managedAccount.DaysBeforeChangeToEmail
                PreExpireDays     = $managedAccount.DaysBeforeExpiryToChange
                Schedule          = $schedule
                Ensure            = "Present"
                Account           = (Resolve-Credentials -UserName $managedAccount.UserName)
            }

            $results = Repair-Credentials -results $results

            $accountName = Get-Credentials -UserName $managedAccount.UserName
            if (!$accountName)
            {
                Save-Credentials -UserName $managedAccount.UserName
            }
            $results.AccountName = $results["Account"] + ".UserName"

            $currentBlock = Get-DSCBlock -Params $results -ModulePath $module
            $currentBlock = Convert-DSCStringParamToVariable -DSCBlock $currentBlock -ParameterName "Account"
            $currentBlock = Convert-DSCStringParamToVariable -DSCBlock $currentBlock -ParameterName "AccountName"
            $currentBlock = Convert-DSCStringParamToVariable -DSCBlock $currentBlock -ParameterName "PsDscRunAsCredential"
            $PartialContent += $currentBlock
            $PartialContent += " }`r`n"
            $i++
        }
        catch
        {
            $Global:ErrorLog += "[Managed Account]" + $managedAccount.UserName + "`r`n"
            $Global:ErrorLog += "$_`r`n`r`n"
        }
        $Content += $PartialContent
    }
    return $Content
}

Export-ModuleMember -Function *-TargetResource