search

dsccommunity / FailoverClusterDsc

This module contains DSC resources for deployment and configuration of Windows Server Failover Cluster.
MIT License
60 stars 54 forks source link

xCluster: FailoverClusterIPAddress isn't checked for type [ipaddress] before building MOF #263

Closed dennisl68-castra closed 3 years ago

dennisl68-castra commented 3 years ago

Details of the scenario you tried and the problem that is occurring

When entering a non IP address in FailoverClusterIPAddress as 'a.b.c.d' or FailoverClusterIgnoreNetwork as 'a.b.c.d/y', no check is done before generating the MOF if it's of type [ipaddress]

This will make DSC Set fail.

Verbose logs showing the problem

PowerShell DSC resource MSFT_xCluster failed to execute Set-TargetResource functionality with error message: The specified IP address 'x.x.x.x/y' is invalid.

Suggested solution to the issue

Force ip-strings to be typed as [ipaddress]

Line 137-139

[Parameter()]
[System.Net.IpAddress]
$StaticIPAddress,

or Line 199-204...

try
{
    if ([System.Net.IpAddress]$StaticIPAddress)
    {
        $newClusterParameters += @{
            StaticAddress = $StaticIPAddress
        }
    }
}
catch
{
    write-verbose -Message '<error message>'
}

The DSC configuration that is used to reproduce the issue (as detailed as possible)

FailoverClusterIPAddress = 'x.x.x.x'
FailoverClusterIgnoreNetwork = 'x.x.x.x/y'

The operating system the target node is running

OsName               : Microsoft Windows Server 2012 R2 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsBuildLabEx    : 9600.20111.amd64fre.winblue_ltsb_escrow.210812-0920
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version and build of PowerShell the target node is running

Name                           Value
----                           -----
PSVersion                      5.1.14409.1018
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.14409.1018
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version of the DSC module that was used

johlju commented 3 years ago

Have you tried this change? Can the schema still be String for the property?

dennisl68-castra commented 3 years ago

Yes, you can keep it is as string and just check if it also is a legitimate ip address using the try-catch suggestion. Mind though, legitimate IP-adresses can also be entered as integers and partial addresses according to [System.Net.IpAddress].

So maybe it's not that a useful addition?

In that case there is always regx...

johlju commented 3 years ago

Since the schema mof is string there will not be possible to assert that it is a correct IP address on compiling the MOF. I don't think it is possible to have another type that can check this in the schema mof during compile time. 🤔

If it just a matter of asserting that the IP address is valid during runtime then we can use https://github.com/dsccommunity/DscResource.Common#assert-ipaddress

dennisl68-castra commented 3 years ago

Ah, I see.