PowerShell / Modules

MIT License

112 stars 25 forks source link

Cannot return a PSCredential object to the module #33

Closed Agazoth closed 4 years ago

Agazoth commented 4 years ago

When returning a PSCredential object to the Module I get Get-Secret: The secret was not found.

Steps to reproduce

Build an extension that returns a PSCredential object

Get-Secret -Name MySecret -Vault MyVault

Expected behavior

UserName    Password
--------         --------
MyUser         System.Security.SecureString

Actual behavior

Get-Secret: The secret MySecret was not found.

Environment data

Module version:

Name                           Value
----                           -----
PSVersion                      7.0.0-rc.2
PSEdition                      Core
GitCommitId                    7.0.0-rc.2
OS                             Microsoft Windows 10.0.18363
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

PaulHigin commented 4 years ago

I can't really comment on this, since there is no information about how MyVault extension is implemented. There seems to be a bug in the implementation.

Agazoth commented 4 years ago

The MyVault extension is implemented in the same way as your AKKeyVAultScript:

function Get-Secret
{
    param (
        [string] $Name,
        [hashtable] $AdditionalParameters
    )

    Check-SubscriptionLogIn $AdditionalParameters.SubscriptionId $AdditionalParameters.AZKVaultName

    Import-Module -Name Az.KeyVault

    $secret = Az.KeyVault\Get-AzKeyVaultSecret -Name $Name -VaultName $AdditionalParameters.AZKVaultName
    if ($secret -ne $null)
    {
        return $secret.SecretValue
    }
}

But in stead of delivering a securestring, it delivers a PSCredential object:

return [pscredential]::new($Secret.Name,$Secret.SecretValue)

The PSCredential object is returned if the code is run directly in the PowerSehll console.

PaulHigin commented 4 years ago

Sorry for the late reply. I tried to repro this but was unable to. I modified the AKVaultScript code to return a PSCredential type as you show above.

...
$secret = Az.KeyVault\Get-AzKeyVaultSecret -Name $Name -VaultName $AdditionalParameters.AZKVaultName
if ($secret -ne $null)
{
    # return $secret.SecretValue
    return [pscredential]::new($secret.Name, $secret.SecretValue)
}

But I get the expected behavior:

PS C:\> Get-Secret CredToken -Vault AzKeyVaultS

UserName                      Password
--------                      --------
CredToken System.Security.SecureString

nlsdg commented 4 years ago

And Get-SecretInfo -Name MySecret -Vault MyVault does return the secret?

PaulHigin commented 4 years ago

Yes, as shown above it returns the PSCredential object as expected.