Merge pull request #54 from dsccommunity/DistributionGroups_Scopes

CMDistributionGroups adding SecurityScopes

CHANGELOG.md

@@ -62,6 +62,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Added UDP 1434 to the defaults for the xSCCMPreReqs.
 - Fixed newline in the CMIniFile resource.
 - Removed WSUS top level feature.
+- Added Security Scopes to CMDistributionGroup Resource
 
 ### Removed
 

README.md

@@ -908,6 +908,12 @@ Please check out common DSC Community [contributing guidelines](https://dsccommu
  Distribution Points to add to the Distribution Group.
 - **[String] DistributionPointsToExclude[]** _(Write)_: Specifies an array of
  Distribution Points to remove from the Distribution Group.
+- **[String] SecurityScopes[]** _(Write)_: Specifies an array of Security Scopes
+ to match to the Distribution Group.
+- **[String] SecurityScopesToInclude[]** _(Write)_: Specifies an array of
+ Security Scopes to add to the Distribution Group.
+- **[String] SecurityScopesToExclude[]** _(Write)_: Specifies an array of
+ Security Scopes to remove from the Distribution Group.
 - **[String] Ensure** _(Write)_: Specifies whether the Distribution Group
  is present or absent.
  - Values include: { Present | Absent }

source/DSCResources/DSC_CMDistributionGroup/DSC_CMDistributionGroup.psm1

@@ -47,6 +47,13 @@ function Get-TargetResource
  $dpMembers += $dp.NetworkOSPath.SubString(2)
  }
 
+ $scopeObject = Get-CMObjectSecurityScope -InputObject $groupStatus
+
+ foreach ($item in $scopeObject)
+ {
+ [array]$scopes += $item.CategoryName
+ }
+
  $group = 'Present'
  }
  else
@@ -58,6 +65,7 @@ function Get-TargetResource
  SiteCode = $SiteCode
  DistributionGroup = $DistributionGroup
  DistributionPoints = $dpMembers
+ SecurityScopes = $scopes
  Ensure = $group
  }
 }
@@ -81,6 +89,15 @@ function Get-TargetResource
  .PARAMETER DistributionPointsToExclude
  Specifies an array of Distribution Points to remove from the Distribution Group.
 
+ .PARAMETER SecurityScopes
+ Specifies an array of Security Scopes to match to the Distribution Group.
+
+ .PARAMETER SecurityScopesToInclude
+ Specifies an array of Security Scopes to add to the Distribution Group.
+
+ .PARAMETER SecurityScopesToExclude
+ Specifies an array of Security Scopes to remove from the Distribution Group.
+
  .PARAMETER Ensure
  Specifies if the Distribution Group is to be present or absent.
 #>
@@ -109,6 +126,18 @@ function Set-TargetResource
  [String[]]
  $DistributionPointsToExclude,
 
+ [Parameter()]
+ [String[]]
+ $SecurityScopes,
+
+ [Parameter()]
+ [String[]]
+ $SecurityScopesToInclude,
+
+ [Parameter()]
+ [String[]]
+ $SecurityScopesToExclude,
+
  [Parameter()]
  [ValidateSet('Present','Absent')]
  [String]
@@ -137,6 +166,19 @@ function Set-TargetResource
  }
  }
 
+ if (-not $PSBoundParameters.ContainsKey('SecurityScopes') -and
+ $PSBoundParameters.ContainsKey('SecurityScopesToInclude') -and
+ $PSBoundParameters.ContainsKey('SecurityScopesToExclude'))
+ {
+ foreach ($item in $SecurityScopesToInclude)
+ {
+ if ($SecurityScopesToExclude -contains $item)
+ {
+ throw ($script:localizedData.ScopeInEx -f $item)
+ }
+ }
+ }
+
  if ($state.Ensure -eq 'Absent')
  {
  Write-Verbose -Message ($script:localizedData.AddGroup -f $DistributionGroup)
@@ -156,6 +198,7 @@ function Set-TargetResource
 
  if ($distroCompare.Missing)
  {
+ $distro = 'Distribution Point'
  foreach ($add in $distroCompare.Missing)
  {
  if (Get-CMDistributionPoint -Name $add)
@@ -170,7 +213,7 @@ function Set-TargetResource
  }
  else
  {
- $errorMsg += ($script:localizedData.ErrorGroup -f $add)
+ $errorMsg += ($script:localizedData.ErrorGroup -f $distro, $add)
  }
  }
  }
@@ -189,6 +232,47 @@ function Set-TargetResource
  }
  }
  }
+
+ if ($SecurityScopes -or $SecurityScopesToInclude -or $SecurityScopesToExclude)
+ {
+ $dgObject = Get-CMDistributionPointGroup -Name $DistributionGroup
+
+ $scopesArray = @{
+ Match = $SecurityScopes
+ Include = $SecurityScopesToInclude
+ Exclude = $SecurityScopesToExclude
+ CurrentState = $state.SecurityScopes
+ }
+
+ $scopesCompare = Compare-MultipleCompares @scopesArray
+
+ if ($scopesCompare.Missing)
+ {
+ $scopeError = 'Security Scope'
+
+ foreach ($add in $scopesCompare.Missing)
+ {
+ if (Get-CMSecurityScope -Name $add)
+ {
+ Write-Verbose -Message ($script:localizedData.AddScope -f $add, $DistributionGroup)
+ Add-CMObjectSecurityScope -Name $add -InputObject $dgObject
+ }
+ else
+ {
+ $errorMsg += ($script:localizedData.ErrorGroup -f $scopeError, $add)
+ }
+ }
+ }
+
+ if ($scopesCompare.Remove)
+ {
+ foreach ($remove in $scopesCompare.Remove)
+ {
+ Write-Verbose -Message ($script:localizedData.RemoveScope -f $remove, $DistributionGroup)
+ Remove-CMObjectSecurityScope -Name $remove -InputObject $dgObject
+ }
+ }
+ }
  }
  elseif ($state.Ensure -eq 'Present')
  {
@@ -230,6 +314,15 @@ function Set-TargetResource
  .PARAMETER DistributionPointsToExclude
  Specifies an array of Distribution Points to remove from the Distribution Group.
 
+ .PARAMETER SecurityScopes
+ Specifies an array of Security Scopes to match to the Distribution Group.
+
+ .PARAMETER SecurityScopesToInclude
+ Specifies an array of Security Scopes to add to the Distribution Group.
+
+ .PARAMETER SecurityScopesToExclude
+ Specifies an array of Security Scopes to remove from the Distribution Group.
+
  .PARAMETER Ensure
  Specifies if the Distribution Group is to be present or absent.
 #>
@@ -259,6 +352,18 @@ function Test-TargetResource
  [String[]]
  $DistributionPointsToExclude,
 
+ [Parameter()]
+ [String[]]
+ $SecurityScopes,
+
+ [Parameter()]
+ [String[]]
+ $SecurityScopesToInclude,
+
+ [Parameter()]
+ [String[]]
+ $SecurityScopesToExclude,
+
  [Parameter()]
  [ValidateSet('Present','Absent')]
  [String]
@@ -294,32 +399,81 @@ function Test-TargetResource
  }
  }
 
+ if ($PSBoundParameters.ContainsKey('SecurityScopes'))
+ {
+ if ($PSBoundParameters.ContainsKey('SecurityScopesToInclude') -or
+ $PSBoundParameters.ContainsKey('SecurityScopesToExclude'))
+ {
+ Write-Warning -Message $script:localizedData.ParamIgnoreScopes
+ }
+ }
+ elseif (-not $PSBoundParameters.ContainsKey('SecurityScopes') -and
+ $PSBoundParameters.ContainsKey('SecurityScopesToInclude') -and
+ $PSBoundParameters.ContainsKey('SecurityScopesToExclude'))
+ {
+ foreach ($item in $SecurityScopesToInclude)
+ {
+ if ($SecurityScopesToExclude -contains $item)
+ {
+ Write-Warning -Message ($script:localizedData.DistroInEx -f $item)
+ $result = $false
+ }
+ }
+ }
+
  if ($state.Ensure -eq 'Absent')
  {
  Write-Verbose -Message ($script:localizedData.GroupMissing -f $DistributionGroup)
  $result = $false
  }
- elseif ($DistributionPoints -or $DistributionPointsToInclude -or $DistributionPointsToExclude)
+ else
  {
- $distroArray = @{
- Match = $DistributionPoints
- Include = $DistributionPointsToInclude
- Exclude = $DistributionPointsToExclude
- CurrentState = $state.DistributionPoints
- }
+ if ($DistributionPoints -or $DistributionPointsToInclude -or $DistributionPointsToExclude)
+ {
+ $distroArray = @{
+ Match = $DistributionPoints
+ Include = $DistributionPointsToInclude
+ Exclude = $DistributionPointsToExclude
+ CurrentState = $state.DistributionPoints
+ }
 
- $distroCompare = Compare-MultipleCompares @distroArray
+  $distroCompare = Compare-MultipleCompares @distroArray
 
- if ($distroCompare.Missing)
- {
- Write-Verbose -Message ($script:localizedData.DistroMissing -f ($distroCompare.Missing | Out-String))
- $result = $false
+ if ($distroCompare.Missing)
+ {
+ Write-Verbose -Message ($script:localizedData.DistroMissing -f ($distroCompare.Missing | Out-String))
+ $result = $false
+ }
+
+ if ($distroCompare.Remove)
+ {
+ Write-Verbose -Message ($script:localizedData.DistroRemove -f ($distroCompare.Remove | Out-String))
+ $result = $false
+ }
  }
 
- if ($distroCompare.Remove)
+ if ($SecurityScopes -or $SecurityScopesToInclude -or $SecurityScopesToExclude)
  {
- Write-Verbose -Message ($script:localizedData.DistroRemove -f ($distroCompare.Remove | Out-String))
- $result = $false
+ $scopeArray = @{
+ Match = $SecurityScopes
+ Include = $SecurityScopesToInclude
+ Exclude = $SecurityScopesToExclude
+ CurrentState = $state.SecurityScopes
+ }
+
+ $scopeCompare = Compare-MultipleCompares @scopeArray
+
+ if ($scopeCompare.Missing)
+ {
+ Write-Verbose -Message ($script:localizedData.ScopeMissing -f ($scopeCompare.Missing | Out-String))
+ $result = $false
+ }
+
+ if ($scopeCompare.Remove)
+ {
+ Write-Verbose -Message ($script:localizedData.ScopeRemove -f ($scopeCompare.Remove | Out-String))
+ $result = $false
+ }
  }
  }
  }

source/DSCResources/DSC_CMDistributionGroup/DSC_CMDistributionGroup.schema.mof

@@ -6,5 +6,8 @@ class DSC_CMDistributionGroup : OMI_BaseResource
  [Write, Description("Specifies an array of Distribution Points to match to the Distribution Group.")] String DistributionPoints[];
  [Write, Description("Specifies an array of Distribution Points to add to the Distribution Group.")] String DistributionPointsToInclude[];
  [Write, Description("Specifies an array of Distribution Points to remove from the Distribution Group.")] String DistributionPointsToExclude[];
+ [Write, Description("Specifies an array of Security Scopes to match to the Distribution Group.")] String SecurityScopes[];
+ [Write, Description("Specifies an array of Security Scopes to add to the Distribution Group.")] String SecurityScopesToInclude[];
+ [Write, Description("Specifies an array of Security Scopes to remove from the Distribution Group.")] String SecurityScopesToExclude[];
  [Write, Description("Specifies whether the Distribution Group is present or absent."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
 };

source/DSCResources/DSC_CMDistributionGroup/en-US/DSC_CMDistributionGroup.strings.psd1

@@ -3,13 +3,19 @@ ConvertFrom-StringData @'
  GroupMissing = NOTMATCH: {0} Distribution Group is absent expected present.
  DistroMissing = NOTMATCH: Distribution Group is missing the following Distribution Point: {0}.
  DistroRemove = NOTMATCH: Distribution Group expected the following Distribution Point to be absent: {0}.
+ ScopeMissing = NOTMatch: Distribution Group expected the following Scopes: {0}.
+ ScopeRemove = NOTMATCH: Distribution Group expected the following Scopes to be absent: {0}.
  ParamIgnore = DistributionPoints was specifed, ignoring DistributionPointsToInclude and DistributionPointsToExclude.
+ ParamIgnoreScopes = SecurityScopes was specifed, ignoring SecurityScopesToInclude and SecurityScopesToExclude.
  DistroGroupPresent = NOTMATCH: Distribution Group is present expected absent.
  TestState = Test-TargetResource compliance check returned: {0}.
  AddGroup = Adding {0} Distribution Group.
  AddDistro = Adding {0} Distribution Point to Distribution Group {1}.
  RemoveDistro = Removing {0} Distribution Point from Distribution Group {1}.
+ AddScope = Adding {0} Security Scope to Distribution Group {1}.
+ RemoveScope = Removing {0} Security Scope from Distribution Group {1}.
  RemoveGroup = Removing {0} Distribution Group.
- ErrorGroup = Distribution Point: {0} does not exist.
+ ErrorGroup = {0}: {1} does not exist.
  DistroInEx = DistributionPointsToInclude and DistributionPointsToExclude contain to same entry {0}, remove from one of the arrays.
+ ScopeInEx = SecurityScopesToInclude and SecurityScopesToExclude contain to same entry {0}, remove from one of the arrays.
 '@

source/Examples/Resources/CMDistributionGroup/CMDistributionGroup_Present.ps1

@@ -20,6 +20,7 @@ Configuration Example
  SiteCode = 'Lab'
  DistributionGroup = 'DistroGroup2'
  DistributionPoints = 'DP01.contoso.com','DP02.contoso.com'
+ SecurityScopes = 'Scope1','Scope2'
  Ensure = 'Present'
  }
 
@@ -28,6 +29,7 @@ Configuration Example
  SiteCode = 'Lab'
  DistributionGroup = 'DistroGroup3'
  DistributionPointsToInclude = 'DP01.contoso.com','DP02.contoso.com'
+ SecurityScopesToInclude = 'Scope1','Scope2'
  Ensure = 'Present'
  }
 
@@ -36,6 +38,7 @@ Configuration Example
  SiteCode = 'Lab'
  DistributionGroup = 'DistroGroup4'
  DistributionPointsToExclude = 'DP01.contoso.com'
+ SecurityScopesToExclude = 'Scope1'
  Ensure = 'Present'
  }
  }