Merge branch 'gh-57/main/add-cidr-functions' of https://github.com/Gijsreyn/operation-methods into gh-57/main/add-cidr-functions

Author: Gijsreyn

docs/reference/schemas/resource/properties/purge.md

@@ -43,7 +43,7 @@ To add this property to a resource's instance schema, define the property with t
 snippet:
 
 ```json
-"_inDesiredState": {
+"_purge": {
   "$ref": "https://raw.githubusercontent.com/PowerShell/DSC/main/schemas/v3/resource/properties/purge.json"
 }
 ```

dsc/tests/dsc_discovery.tests.ps1

@@ -245,4 +245,55 @@ Describe 'tests for resource discovery' {
             $env:DSC_RESOURCE_PATH = $oldPath
         }
     }
+
+    It 'Resource manifest using relative path to exe: <path>' -TestCases @(
+        @{ path = '../dscecho'; success = $true }
+        @{ path = '../foo/dscecho'; success = $false }
+    ) {
+        param($path, $success)
+        $manifest = @"
+{
+    "`$schema": "https://aka.ms/dsc/schemas/v3/bundled/resource/manifest.json",
+    "type": "Microsoft.DSC.Debug/Echo",
+    "version": "1.0.0",
+    "description": "Echo resource for testing and debugging purposes",
+    "get": {
+        "executable": "$path",
+        "args": [
+            {
+                "jsonInputArg": "--input",
+                "mandatory": true
+            }
+        ]
+    },
+    "schema": {
+        "command": {
+            "executable": "$path"
+        }
+    }
+}
+"@
+        $dscEcho = Get-Command dscecho -ErrorAction Stop
+        # copy to testdrive
+        Copy-Item -Path "$($dscEcho.Source)" -Destination $testdrive
+        # create manifest in subfolder
+        $subfolder = Join-Path $testdrive 'subfolder'
+        New-Item -Path $subfolder -ItemType Directory -Force | Out-Null
+        Set-Content -Path (Join-Path $subfolder 'test.dsc.resource.json') -Value $manifest
+
+        try {
+            $env:DSC_RESOURCE_PATH = $subfolder
+            $out = dsc resource get -r 'Microsoft.DSC.Debug/Echo' -i '{"output":"RelativePathTest"}' 2> "$testdrive/error.txt" | ConvertFrom-Json
+            if ($success) {
+                $LASTEXITCODE | Should -Be 0 -Because (Get-Content -Raw -Path "$testdrive/error.txt")
+                $out.actualState.output | Should -BeExactly 'RelativePathTest'
+            } else {
+                $LASTEXITCODE | Should -Be 2 -Because (Get-Content -Raw -Path "$testdrive/error.txt")
+                (Get-Content -Raw -Path "$testdrive/error.txt") | Should -Match "ERROR.*?Executable '\.\./foo/dscecho(\.exe)?' not found"
+            }
+        }
+        finally {
+            $env:DSC_RESOURCE_PATH = $null
+        }
+    }
 }

dsc/tests/dsc_extension_discover.tests.ps1

@@ -138,7 +138,7 @@ Describe 'Discover extension tests' {
             $out = dsc -l warn resource list 2> $TestDrive/error.log | ConvertFrom-Json
             $LASTEXITCODE | Should -Be 0
             $out.Count | Should -BeGreaterThan 0
-            (Get-Content -Path "$TestDrive/error.log" -Raw) | Should -BeLike "*WARN Extension 'Microsoft.Windows.Appx/Discover' failed to discover resources: Command: Operation program not found for executable 'powershell'*" -Because (Get-Content -Path "$TestDrive/error.log" -Raw | Out-String)
+            (Get-Content -Path "$TestDrive/error.log" -Raw) | Should -BeLike "*WARN Extension 'Microsoft.Windows.Appx/Discover' failed to discover resources: Command: Operation Executable 'powershell' not found*" -Because (Get-Content -Path "$TestDrive/error.log" -Raw | Out-String)
         } finally {
             $env:PATH = $oldPath
         }

dsc/tests/dsc_parameters.tests.ps1

@@ -577,4 +577,128 @@ Describe 'Parameters tests' {
         $LASTEXITCODE | Should -Be 4
         $testError | Should -Match 'Circular dependency or unresolvable parameter references detected in parameters'
     }
+
+    It 'Default value violates <constraint> constraint' -TestCases @(
+        @{ constraint = 'minLength'; type = 'string'; value = 'ab'; min = 3; max = 20; errorMatch = 'minimum length' }
+        @{ constraint = 'maxLength'; type = 'string'; value = 'verylongusernamethatexceedslimit'; min = 3; max = 20; errorMatch = 'maximum length' }
+        @{ constraint = 'minValue'; type = 'int'; value = 0; min = 1; max = 65535; errorMatch = 'minimum value' }
+        @{ constraint = 'maxValue'; type = 'int'; value = 99999; min = 1; max = 65535; errorMatch = 'maximum value' }
+    ) {
+        param($constraint, $type, $value, $min, $max, $errorMatch)
+
+        if ($type -eq 'string') {
+            $value = "'$value'"
+        }
+
+        $minConstraint = if ($type -eq 'string') { "minLength: $min" } else { "minValue: $min" }
+        $maxConstraint = if ($type -eq 'string') { "maxLength: $max" } else { "maxValue: $max" }
+
+        $config_yaml = @"
+            `$schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
+            parameters:
+              param1:
+                type: $type
+                $minConstraint
+                $maxConstraint
+                defaultValue: $value
+            resources:
+            - name: Echo
+              type: Microsoft.DSC.Debug/Echo
+              properties:
+                output: '[parameters(''param1'')]'
+"@
+
+        $testError = & {$config_yaml | dsc config get -f - 2>&1}
+        $LASTEXITCODE | Should -Be 4
+        $testError | Should -Match $errorMatch
+    }
+
+    It 'Default value violates allowedValues constraint for <type>' -TestCases @(
+        @{ type = 'string'; value = 'staging'; allowed = @('dev', 'test', 'prod') }
+        @{ type = 'int'; value = 7; allowed = @(1, 5, 10) }
+    ) {
+        param($type, $value, $allowed)
+
+        if ($type -eq 'string') {
+            $value = "'$value'"
+        }
+
+        $config_yaml = @"
+            `$schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
+            parameters:
+              param1:
+                type: $type
+                allowedValues: $($allowed | ConvertTo-Json -Compress)
+                defaultValue: $value
+            resources:
+            - name: Echo
+              type: Microsoft.DSC.Debug/Echo
+              properties:
+                output: '[parameters(''param1'')]'
+"@
+
+        $testError = & {$config_yaml | dsc config get -f - 2>&1}
+        $LASTEXITCODE | Should -Be 4
+        $testError | Should -Match 'allowed values'
+    }
+
+    It 'Default values pass constraint validation for <type>' -TestCases @(
+        @{ type = 'string'; value = 'admin'; min = 3; max = 20 }
+        @{ type = 'string'; value = 'abc'; min = 3; max = 20 }
+        @{ type = 'string'; value = 'abcdefghijklmnopqrst'; min = 3; max = 20 }
+        @{ type = 'int'; value = 8080; min = 1; max = 65535 }
+        @{ type = 'int'; value = 1; min = 1; max = 65535 }
+        @{ type = 'int'; value = 65535; min = 1; max = 65535 }
+    ) {
+        param($type, $value, $min, $max)
+
+        $minConstraint = if ($type -eq 'string') { "minLength: $min" } else { "minValue: $min" }
+        $maxConstraint = if ($type -eq 'string') { "maxLength: $max" } else { "maxValue: $max" }
+
+        $config_yaml = @"
+            `$schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
+            parameters:
+              param1:
+                type: $type
+                $minConstraint
+                $maxConstraint
+                defaultValue: $value
+            resources:
+            - name: Echo
+              type: Microsoft.DSC.Debug/Echo
+              properties:
+                output: '[parameters(''param1'')]'
+"@
+
+        $out = $config_yaml | dsc config get -f - | ConvertFrom-Json
+        $LASTEXITCODE | Should -Be 0
+        $out.results[0].result.actualState.output | Should -BeExactly $value
+    }
+
+    It 'Default values with allowedValues pass validation for <type>' -TestCases @(
+        @{ type = 'string'; value = 'dev'; allowed = @('dev', 'test', 'prod') }
+        @{ type = 'string'; value = 'prod'; allowed = @('dev', 'test', 'prod') }
+        @{ type = 'int'; value = 5; allowed = @(1, 5, 10) }
+        @{ type = 'int'; value = 10; allowed = @(1, 5, 10) }
+    ) {
+        param($type, $value, $allowed)
+
+        $config_yaml = @"
+            `$schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
+            parameters:
+              param1:
+                type: $type
+                allowedValues: $($allowed | ConvertTo-Json -Compress)
+                defaultValue: $value
+            resources:
+            - name: Echo
+              type: Microsoft.DSC.Debug/Echo
+              properties:
+                output: '[parameters(''param1'')]'
+"@
+
+        $out = $config_yaml | dsc config get -f - | ConvertFrom-Json
+        $LASTEXITCODE | Should -Be 0
+        $out.results[0].result.actualState.output | Should -BeExactly $value
+    }
 }

lib/dsc-lib/locales/en-us.toml

@@ -724,3 +724,5 @@ failedToGetExePath = "Can't get 'dsc' executable path"
 settingNotFound = "Setting '%{name}' not found"
 failedToAbsolutizePath = "Failed to absolutize path '%{path}'"
 invalidExitCodeKey = "Invalid exit code key '%{key}'"
+executableNotFoundInWorkingDirectory = "Executable '%{executable}' not found with working directory '%{cwd}'"
+executableNotFound = "Executable '%{executable}' not found"

lib/dsc-lib/src/configure/mod.rs

@@ -895,6 +895,9 @@ impl Configurator {
                     };
 
                     if let Ok(value) = value_result {
+                        check_length(name, &value, parameter)?;
+                        check_allowed_values(name, &value, parameter)?;
+                        check_number_limits(name, &value, parameter)?;
                         validate_parameter_type(name, &value, &parameter.parameter_type)?;
                         self.context.parameters.insert(name.to_string(), (value, parameter.parameter_type.clone()));
                         resolved_in_this_pass.push(name.clone());

lib/dsc-lib/src/discovery/command_discovery.rs

@@ -20,14 +20,13 @@ use serde::Deserialize;
 use std::{collections::{BTreeMap, HashMap, HashSet}, sync::{LazyLock, RwLock}};
 use std::env;
 use std::ffi::OsStr;
-use std::fs;
+use std::fs::{create_dir_all, read, read_to_string, write};
 use std::path::{Path, PathBuf};
 use std::str::FromStr;
 use tracing::{debug, info, trace, warn};
-use which::which;
 
 use crate::util::get_setting;
-use crate::util::get_exe_path;
+use crate::util::{canonicalize_which, get_exe_path};
 
 const DSC_EXTENSION_EXTENSIONS: [&str; 3] = [".dsc.extension.json", ".dsc.extension.yaml", ".dsc.extension.yml"];
 const DSC_MANIFEST_LIST_EXTENSIONS: [&str; 3] = [".dsc.manifests.json", ".dsc.manifests.yaml", ".dsc.manifests.yml"];
@@ -621,7 +620,7 @@ fn insert_resource(resources: &mut BTreeMap<String, Vec<DscResource>>, resource:
 ///
 /// * Returns a `DscError` if the manifest could not be loaded or parsed.
 pub fn load_manifest(path: &Path) -> Result<Vec<ImportedManifest>, DscError> {
-    let contents = fs::read_to_string(path)?;
+    let contents = read_to_string(path)?;
     let file_name_lowercase = path.file_name().and_then(OsStr::to_str).unwrap_or("").to_lowercase();
     let extension_is_json = path.extension().is_some_and(|ext| ext.eq_ignore_ascii_case("json"));
     if DSC_RESOURCE_EXTENSIONS.iter().any(|ext| file_name_lowercase.ends_with(ext)) {
@@ -711,38 +710,38 @@ fn load_resource_manifest(path: &Path, manifest: &ResourceManifest) -> Result<Ds
 
     let mut capabilities: Vec<Capability> = vec![];
     if let Some(get) = &manifest.get {
-        verify_executable(&manifest.resource_type, "get", &get.executable);
+        verify_executable(&manifest.resource_type, "get", &get.executable, path.parent().unwrap());
         capabilities.push(Capability::Get);
     }
     if let Some(set) = &manifest.set {
-        verify_executable(&manifest.resource_type, "set", &set.executable);
+        verify_executable(&manifest.resource_type, "set", &set.executable, path.parent().unwrap());
         capabilities.push(Capability::Set);
         if set.handles_exist == Some(true) {
             capabilities.push(Capability::SetHandlesExist);
         }
     }
     if let Some(what_if) = &manifest.what_if {
-        verify_executable(&manifest.resource_type, "what_if", &what_if.executable);
+        verify_executable(&manifest.resource_type, "what_if", &what_if.executable, path.parent().unwrap());
         capabilities.push(Capability::WhatIf);
     }
     if let Some(test) = &manifest.test {
-        verify_executable(&manifest.resource_type, "test", &test.executable);
+        verify_executable(&manifest.resource_type, "test", &test.executable, path.parent().unwrap());
         capabilities.push(Capability::Test);
     }
     if let Some(delete) = &manifest.delete {
-        verify_executable(&manifest.resource_type, "delete", &delete.executable);
+        verify_executable(&manifest.resource_type, "delete", &delete.executable, path.parent().unwrap());
         capabilities.push(Capability::Delete);
     }
     if let Some(export) = &manifest.export {
-        verify_executable(&manifest.resource_type, "export", &export.executable);
+        verify_executable(&manifest.resource_type, "export", &export.executable, path.parent().unwrap());
         capabilities.push(Capability::Export);
     }
     if let Some(resolve) = &manifest.resolve {
-        verify_executable(&manifest.resource_type, "resolve", &resolve.executable);
+        verify_executable(&manifest.resource_type, "resolve", &resolve.executable, path.parent().unwrap());
         capabilities.push(Capability::Resolve);
     }
     if let Some(SchemaKind::Command(command)) = &manifest.schema {
-        verify_executable(&manifest.resource_type, "schema", &command.executable);
+        verify_executable(&manifest.resource_type, "schema", &command.executable, path.parent().unwrap());
     }
 
     let resource = DscResource {
@@ -768,15 +767,15 @@ fn load_extension_manifest(path: &Path, manifest: &ExtensionManifest) -> Result<
 
     let mut capabilities: Vec<dscextension::Capability> = vec![];
     if let Some(discover) = &manifest.discover {
-        verify_executable(&manifest.r#type, "discover", &discover.executable);
+        verify_executable(&manifest.r#type, "discover", &discover.executable, path.parent().unwrap());
         capabilities.push(dscextension::Capability::Discover);
     }
     if let Some(secret) = &manifest.secret {
-        verify_executable(&manifest.r#type, "secret", &secret.executable);
+        verify_executable(&manifest.r#type, "secret", &secret.executable, path.parent().unwrap());
         capabilities.push(dscextension::Capability::Secret);
     }
     let import_extensions = if let Some(import) = &manifest.import {
-        verify_executable(&manifest.r#type, "import", &import.executable);
+        verify_executable(&manifest.r#type, "import", &import.executable, path.parent().unwrap());
         capabilities.push(dscextension::Capability::Import);
         if import.file_extensions.is_empty() {
             warn!("{}", t!("discovery.commandDiscovery.importExtensionsEmpty", extension = manifest.r#type));
@@ -803,8 +802,8 @@ fn load_extension_manifest(path: &Path, manifest: &ExtensionManifest) -> Result<
     Ok(extension)
 }
 
-fn verify_executable(resource: &str, operation: &str, executable: &str) {
-    if which(executable).is_err() {
+fn verify_executable(resource: &str, operation: &str, executable: &str, directory: &Path) {
+    if canonicalize_which(executable, Some(directory.to_string_lossy().as_ref())).is_err() {
         info!("{}", t!("discovery.commandDiscovery.executableNotFound", resource = resource, operation = operation, executable = executable));
     }
 }
@@ -839,8 +838,8 @@ fn save_adapted_resources_lookup_table(lookup_table: &HashMap<String, String>)
 
         let path = std::path::Path::new(&file_path);
         if let Some(prefix) = path.parent() {
-            if fs::create_dir_all(prefix).is_ok()  {
-                if fs::write(file_path.clone(), lookup_table_json).is_err() {
+            if create_dir_all(prefix).is_ok()  {
+                if write(file_path.clone(), lookup_table_json).is_err() {
                     info!("Unable to write lookup_table file {file_path:?}");
                 }
             } else {
@@ -858,7 +857,7 @@ fn load_adapted_resources_lookup_table() -> HashMap<String, String>
 {
     let file_path = get_lookup_table_file_path();
 
-    let lookup_table: HashMap<String, String> = match fs::read(file_path.clone()){
+    let lookup_table: HashMap<String, String> = match read(file_path.clone()){
         Ok(data) => { serde_json::from_slice(&data).unwrap_or_default() },
         Err(_) => { HashMap::new() }
     };

lib/dsc-lib/src/dscerror.rs

@@ -26,6 +26,9 @@ pub enum DscError {
     #[error("{t} '{0}' [{t2} {1}] {t3}: {2}", t = t!("dscerror.commandResource"), t2 = t!("dscerror.exitCode"), t3 = t!("dscerror.manifestDescription"))]
     CommandExitFromManifest(String, i32, String),
 
+    #[error("{0}")]
+    CommandNotFound(String),
+
     #[error("{t} {0} {t2} '{1}'", t = t!("dscerror.commandOperation"), t2 = t!("dscerror.forExecutable"))]
     CommandOperation(String, String),
 

lib/dsc-lib/src/dscresources/command_resource.rs

@@ -7,7 +7,7 @@ use rust_i18n::t;
 use serde::Deserialize;
 use serde_json::{Map, Value};
 use std::{collections::HashMap, env, process::Stdio};
-use crate::configure::{config_doc::ExecutionKind, config_result::{ResourceGetResult, ResourceTestResult}};
+use crate::{configure::{config_doc::ExecutionKind, config_result::{ResourceGetResult, ResourceTestResult}}, util::canonicalize_which};
 use crate::dscerror::DscError;
 use super::{dscresource::{get_diff, redact}, invoke_result::{ExportResult, GetResult, ResolveResult, SetResult, TestResult, ValidateResult, ResourceGetResponse, ResourceSetResponse, ResourceTestResponse, get_in_desired_state}, resource_manifest::{ArgKind, InputKind, Kind, ResourceManifest, ReturnKind, SchemaKind}};
 use tracing::{error, warn, info, debug, trace};
@@ -763,6 +763,7 @@ fn convert_hashmap_string_keys_to_i32(input: Option<&HashMap<String, String>>) -
 #[allow(clippy::implicit_hasher)]
 pub fn invoke_command(executable: &str, args: Option<Vec<String>>, input: Option<&str>, cwd: Option<&str>, env: Option<HashMap<String, String>>, exit_codes: Option<&HashMap<String, String>>) -> Result<(i32, String, String), DscError> {
     let exit_codes = convert_hashmap_string_keys_to_i32(exit_codes)?;
+    let executable = canonicalize_which(executable, cwd)?;
 
     tokio::runtime::Builder::new_multi_thread().enable_all().build().unwrap().block_on(
         async {
@@ -771,7 +772,7 @@ pub fn invoke_command(executable: &str, args: Option<Vec<String>>, input: Option
                 trace!("{}", t!("dscresources.commandResource.commandCwd", cwd = cwd));
             }
 
-            match run_process_async(executable, args, input, cwd, env, exit_codes.as_ref()).await {
+            match run_process_async(&executable, args, input, cwd, env, exit_codes.as_ref()).await {
                 Ok((code, stdout, stderr)) => {
                     Ok((code, stdout, stderr))
                 },