Closed denelon closed 4 months ago
Ideally, this would be supported for both DSC v2 PowerShell Class based resources and DSC v3 resources.
A few approaches spring to mind for DSCv3 resources, all in the resource manifest:
elevation
property to the top-level of the manifest, with the enum values default
, prohibited
, required
, and self
- the expectation here is that the resource executes according to this setting, regardless of the operation. So if a resource is defined with "elevation": "required"
, it must be run elevated for get
, test
, and set
operations. If the property isn't specified, the resource is interpreted as having a value of default
.elevation
for set
has no effect on whether elevation is required or prohibited for get
.I think it would be possible to support both, but only one in a manifest - if the top-level elevation
is set it should be prohibited in the operation properties and vice versa.
I don't see a way to do this for existing PSDSC resources, short of introducing a new attribute (like DscElevation()
) or a not-required method, like GetElevationInfo()
. It can't be worked backwards into the existing DscResource()
attribute as far as I know.
Summary of the new feature / enhancement
I would like to be able to "inspect" a DSC resource and have it provide information regarding elevation requirements.
WinGet package manifests have a concept of "elevationRequired", "elevationProhibited", and "elevatesSelf".
This kind of annotation or property would help orchestrators or commands calling resources understand based on the context they are being called in (system, user, elevated user) to know if the resource should work or fail before calling them.
It would also help when building tooling to generate a configuration file to appropriately decorate the configuration file as to the elevation requirements for those resources.
Proposed technical implementation details (optional)
No response