InputFunctions.ps1
# Hash table of known variable info. The formatted env var name is the lookup key. # # The purpose of this hash table is to keep track of known variables. The hash table # needs to be maintained for multiple reasons: # 1) to distinguish between env vars and job vars # 2) to distinguish between secret vars and public # 3) to know the real variable name and not just the formatted env var name. $script:knownVariables = @{ } $script:vault = @{ } <# .SYNOPSIS Gets an endpoint. .DESCRIPTION Gets an endpoint object for the specified endpoint name. The endpoint is returned as an object with three properties: Auth, Data, and Url. The Data property requires a 1.97 agent or higher. .PARAMETER Require Writes an error to the error pipeline if the endpoint is not found. #> function Get-Endpoint { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$Name, [switch]$Require) $originalErrorActionPreference = $ErrorActionPreference try { $ErrorActionPreference = 'Stop' # Get the URL. $description = Get-LocString -Key PSLIB_EndpointUrl0 -ArgumentList $Name $key = "ENDPOINT_URL_$Name" $url = Get-VaultValue -Description $description -Key $key -Require:$Require # Get the auth object. $description = Get-LocString -Key PSLIB_EndpointAuth0 -ArgumentList $Name $key = "ENDPOINT_AUTH_$Name" if ($auth = (Get-VaultValue -Description $description -Key $key -Require:$Require)) { $auth = ConvertFrom-Json -InputObject $auth } # Get the data. $description = "'$Name' service endpoint data" $key = "ENDPOINT_DATA_$Name" if ($data = (Get-VaultValue -Description $description -Key $key)) { $data = ConvertFrom-Json -InputObject $data } # Return the endpoint. if ($url -or $auth -or $data) { New-Object -TypeName psobject -Property @{ Url = $url Auth = $auth Data = $data } } } catch { $ErrorActionPreference = $originalErrorActionPreference Write-Error $_ } } <# .SYNOPSIS Gets an input. .DESCRIPTION Gets the value for the specified input name. .PARAMETER AsBool Returns the value as a bool. Returns true if the value converted to a string is "1" or "true" (case insensitive); otherwise false. .PARAMETER AsInt Returns the value as an int. Returns the value converted to an int. Returns 0 if the conversion fails. .PARAMETER Default Default value to use if the input is null or empty. .PARAMETER Require Writes an error to the error pipeline if the input is null or empty. #> function Get-Input { [CmdletBinding(DefaultParameterSetName = 'Require')] param( [Parameter(Mandatory = $true)] [string]$Name, [Parameter(ParameterSetName = 'Default')] $Default, [Parameter(ParameterSetName = 'Require')] [switch]$Require, [switch]$AsBool, [switch]$AsInt) # Get the input from the vault. Splat the bound parameters hashtable. Splatting is required # in order to concisely invoke the correct parameter set. $null = $PSBoundParameters.Remove('Name') $description = Get-LocString -Key PSLIB_Input0 -ArgumentList $Name $key = "INPUT_$($Name.Replace(' ', '_').ToUpperInvariant())" Get-VaultValue @PSBoundParameters -Description $description -Key $key } <# .SYNOPSIS Gets a task variable. .DESCRIPTION Gets the value for the specified task variable. .PARAMETER AsBool Returns the value as a bool. Returns true if the value converted to a string is "1" or "true" (case insensitive); otherwise false. .PARAMETER AsInt Returns the value as an int. Returns the value converted to an int. Returns 0 if the conversion fails. .PARAMETER Default Default value to use if the input is null or empty. .PARAMETER Require Writes an error to the error pipeline if the input is null or empty. #> function Get-TaskVariable { [CmdletBinding(DefaultParameterSetName = 'Require')] param( [Parameter(Mandatory = $true)] [string]$Name, [Parameter(ParameterSetName = 'Default')] $Default, [Parameter(ParameterSetName = 'Require')] [switch]$Require, [switch]$AsBool, [switch]$AsInt) $originalErrorActionPreference = $ErrorActionPreference try { $ErrorActionPreference = 'Stop' $description = Get-LocString -Key PSLIB_TaskVariable0 -ArgumentList $Name $variableKey = Get-VariableKey -Name $Name if ($script:knownVariables.$variableKey.Secret) { # Get secret variable. Splatting is required to concisely invoke the correct parameter set. $null = $PSBoundParameters.Remove('Name') $vaultKey = "SECRET_$variableKey" Get-VaultValue @PSBoundParameters -Description $description -Key $vaultKey } else { # Get public variable. $item = $null $path = "Env:$variableKey" if ((Test-Path -LiteralPath $path) -and ($item = Get-Item -LiteralPath $path).Value) { # Intentionally empty. Value was successfully retrieved. } elseif (!$script:nonInteractive) { # The value wasn't found and the module is running in interactive dev mode. # Prompt for the value. Set-Item -LiteralPath $path -Value (Read-Host -Prompt $description) if (Test-Path -LiteralPath $path) { $item = Get-Item -LiteralPath $path } } # Get the converted value. Splatting is required to concisely invoke the correct parameter set. $null = $PSBoundParameters.Remove('Name') Get-Value @PSBoundParameters -Description $description -Key $variableKey -Value $item.Value } } catch { $ErrorActionPreference = $originalErrorActionPreference Write-Error $_ } } <# .SYNOPSIS Gets all job variables available to the task. Requires 2.104.1 agent or higher. .DESCRIPTION Gets a snapshot of the current state of all job variables available to the task. Requires a 2.104.1 agent or higher for full functionality. Returns an array of objects with the following properties: [string]Name [string]Value [bool]Secret Limitations on an agent prior to 2.104.1: 1) The return value does not include all public variables. Only public variables that have been added using setVariable are returned. 2) The name returned for each secret variable is the formatted environment variable name, not the actual variable name (unless it was set explicitly at runtime using setVariable). #> function Get-TaskVariableInfo { [CmdletBinding()] param() foreach ($info in $script:knownVariables.Values) { New-Object -TypeName psobject -Property @{ Name = $info.Name Value = Get-TaskVariable -Name $info.Name Secret = $info.Secret } } } <# .SYNOPSIS Sets a task variable. .DESCRIPTION Sets a task variable in the current task context as well as in the current job context. This allows the task variable to retrieved by subsequent tasks within the same job. #> function Set-TaskVariable { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$Name, [string]$Value, [switch]$Secret) # Once a secret always a secret. $variableKey = Get-VariableKey -Name $Name [bool]$Secret = $Secret -or $script:knownVariables.$variableKey.Secret if ($Secret) { $vaultKey = "SECRET_$variableKey" if (!$Value) { # Clear the secret. Write-Verbose "Set $Name = ''" $script:vault.Remove($vaultKey) } else { # Store the secret in the vault. Write-Verbose "Set $Name = '********'" $script:vault[$vaultKey] = New-Object System.Management.Automation.PSCredential( $vaultKey, (ConvertTo-SecureString -String $Value -AsPlainText -Force)) } # Clear the environment variable. Set-Item -LiteralPath "Env:$variableKey" -Value '' } else { # Set the environment variable. Write-Verbose "Set $Name = '$Value'" Set-Item -LiteralPath "Env:$variableKey" -Value $Value } # Store the metadata. $script:knownVariables[$variableKey] = New-Object -TypeName psobject -Property @{ Name = $name Secret = $Secret } # Persist the variable in the task context. Write-SetVariable -Name $Name -Value $Value -Secret:$Secret } ######################################## # Private functions. ######################################## function Get-VaultValue { [CmdletBinding(DefaultParameterSetName = 'Require')] param( [Parameter(Mandatory = $true)] [string]$Description, [Parameter(Mandatory = $true)] [string]$Key, [Parameter(ParameterSetName = 'Require')] [switch]$Require, [Parameter(ParameterSetName = 'Default')] [object]$Default, [switch]$AsBool, [switch]$AsInt) # Attempt to get the vault value. $value = $null if ($psCredential = $script:vault[$Key]) { $value = $psCredential.GetNetworkCredential().Password } elseif (!$script:nonInteractive) { # The value wasn't found. Prompt for the value if running in interactive dev mode. $value = Read-Host -Prompt $Description if ($value) { $script:vault[$Key] = New-Object System.Management.Automation.PSCredential( $Key, (ConvertTo-SecureString -String $value -AsPlainText -Force)) } } Get-Value -Value $value @PSBoundParameters } function Get-Value { [CmdletBinding(DefaultParameterSetName = 'Require')] param( [string]$Value, [Parameter(Mandatory = $true)] [string]$Description, [Parameter(Mandatory = $true)] [string]$Key, [Parameter(ParameterSetName = 'Require')] [switch]$Require, [Parameter(ParameterSetName = 'Default')] [object]$Default, [switch]$AsBool, [switch]$AsInt) $result = $Value if ($result) { if ($Key -like 'ENDPOINT_AUTH_*') { Write-Verbose "$($Key): '********'" } else { Write-Verbose "$($Key): '$result'" } } else { Write-Verbose "$Key (empty)" # Write error if required. if ($Require) { Write-Error "$(Get-LocString -Key PSLIB_Required0 $Description)" return } # Fallback to the default if provided. if ($PSCmdlet.ParameterSetName -eq 'Default') { $result = $Default $OFS = ' ' Write-Verbose " Defaulted to: '$result'" } else { $result = '' } } # Convert to bool if specified. if ($AsBool) { if ($result -isnot [bool]) { $result = "$result" -in '1', 'true' Write-Verbose " Converted to bool: $result" } return $result } # Convert to int if specified. if ($AsInt) { if ($result -isnot [int]) { try { $result = [int]"$result" } catch { $result = 0 } Write-Verbose " Converted to int: $result" } return $result } return $result } function Initialize-Inputs { # Store endpoints, inputs, and secret variables in the vault. foreach ($variable in (Get-ChildItem -Path Env:ENDPOINT_?*, Env:INPUT_?*, Env:SECRET_?*, Env:SECUREFILE_?*)) { # Record the secret variable metadata. This is required by Get-TaskVariable to # retrieve the value. In a 2.104.1 agent or higher, this metadata will be overwritten # when $env:VSTS_SECRET_VARIABLES is processed. if ($variable.Name -like 'SECRET_?*') { $variableKey = $variable.Name.Substring('SECRET_'.Length) $script:knownVariables[$variableKey] = New-Object -TypeName psobject -Property @{ # This is technically not the variable name (has underscores instead of dots), # but it's good enough to make Get-TaskVariable work in a pre-2.104.1 agent # where $env:VSTS_SECRET_VARIABLES is not defined. Name = $variableKey Secret = $true } } # Store the value in the vault. $vaultKey = $variable.Name if ($variable.Value) { $script:vault[$vaultKey] = New-Object System.Management.Automation.PSCredential( $vaultKey, (ConvertTo-SecureString -String $variable.Value -AsPlainText -Force)) } # Clear the environment variable. Remove-Item -LiteralPath "Env:$($variable.Name)" } # Record the public variable names. Env var added in 2.104.1 agent. if ($env:VSTS_PUBLIC_VARIABLES) { foreach ($name in (ConvertFrom-Json -InputObject $env:VSTS_PUBLIC_VARIABLES)) { $variableKey = Get-VariableKey -Name $name $script:knownVariables[$variableKey] = New-Object -TypeName psobject -Property @{ Name = $name Secret = $false } } $env:VSTS_PUBLIC_VARIABLES = '' } # Record the secret variable names. Env var added in 2.104.1 agent. if ($env:VSTS_SECRET_VARIABLES) { foreach ($name in (ConvertFrom-Json -InputObject $env:VSTS_SECRET_VARIABLES)) { $variableKey = Get-VariableKey -Name $name $script:knownVariables[$variableKey] = New-Object -TypeName psobject -Property @{ Name = $name Secret = $true } } $env:VSTS_SECRET_VARIABLES = '' } } function Get-VariableKey { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$Name) if ($Name -ne 'agent.jobstatus') { $Name = $Name.Replace('.', '_') } $Name.ToUpperInvariant() } |