-
-
Notifications
You must be signed in to change notification settings - Fork 810
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update-DbaBuildReference - Add Parameter Proxy #9174
base: development
Are you sure you want to change the base?
Conversation
Add optional parameters 'Proxy' and 'ProxyCredential'
@fm-knopfler doubtful it'll work till also https://github.com/dataplat/dbatools/blob/development/private/functions/Invoke-TlsWebRequest.ps1 will get the addition. Also, you may need to update tests (but lets get to them after the "code" part of the PR is ironed out) |
I don't belive any changes to Invoke-WebRequest @Args The parameterset is, as you assumed, designed to be able to accept a proxy URI without a credential, but not a credential without a proxy URI. [CmdletBinding(DefaultParameterSetName = 'Build')]
param (
[string]$LocalFile,
[switch]$EnableException,
[Parameter(ParameterSetName = 'Build')]
[Parameter(Mandatory, ParameterSetName = 'Proxy')]
[Parameter(ParameterSetName = 'ProxyDefaultCredential')]
[URI]$Proxy,
[Parameter(ParameterSetName = 'Proxy')]
[pscredential]$ProxyCredential,
[Parameter(ParameterSetName = 'ProxyDefaultCredential')]
[switch]$ProxyUseDefaultCredentials
) |
right, I forgot about the splat. I'd add -ProxyUseDefaultCredentials nonetheless then. |
For that, I assume, a change to Invoke-TlsWebRequest $url -Proxy:$Proxy -ProxyCredential:$ProxyCredential -ProxyUseDefaultCredentials:$ProxyUseDefaultCredentials -UseBasicParsing -ErrorAction Stop |
I'm trying to anticipate what will happen for sure: once we give out the possibility to use proxies, someone will come up asking for -ProxyUseDefaultCredentials ;-) . That being said, isn't @Args a proper hash (hence not positional) ? |
No, |
mmmhhh, it's i.e. instead of
doing this
|
|
Implemented Parameter ProxyUseDefaultCredentials
I have implemented |
so splatting has issues with switches. As long as Invoke-TlsWebRequest doesn't end up being an advanced function (cmdletbinding) am I missing something here ?
this seems to work, and UseBasicParsing should be the same "type" of -ProxyUseDefaultCredentials ... so switching the check on $PSBoundParameters should end up fine ? |
named parameter UseBasicParsing ensures mapping of unnamed parameters
@fm-knopfler : do you need some help polishing this PR ? |
Hi @niphlod , that would be very helpful, thanks a lot. Epecially the tests I am not familiar with. |
okay @fm-knopfler , I'll be available in some hours. I can fix the tests without your help later. |
I'm not sure I undestand this correctly. Do you intend to add every parameter of |
just the needed ones, and I guess those are the only needed at the moment.... unless I'm missing something. |
After some investigation, I found using positional parameters via function Invoke-TlsWebRequest {
Param (
[switch]$UseBasicParsing,
[switch]$ProxyUseDefaultCredentials
)
<#
Internal utility that mimics invoke-webrequest
but enables all tls available version
rather than the default, which on a lot
of standard installations is just TLS 1.0
#>
$currentVersionTls = [Net.ServicePointManager]::SecurityProtocol
$currentSupportableTls = [Math]::Max($currentVersionTls.value__, [Net.SecurityProtocolType]::Tls.value__)
$availableTls = [enum]::GetValues('Net.SecurityProtocolType') | Where-Object { $_ -gt $currentSupportableTls }
$availableTls | ForEach-Object {
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor $_
}
Invoke-WebRequest @Args -UseBasicParsing:$UseBasicParsing -ProxyUseDefaultCredentials:$ProxyUseDefaultCredentials
[Net.ServicePointManager]::SecurityProtocol = $currentVersionTls
}
# Function Call
$param = @{
"Uri" = "https://dataplat.github.io/assets/dbatools-buildref-index.json"
"Proxy" = "http://yourproxy:9000"
"UseBasicParsing" = $true
}
Invoke-TlsWebRequest @param |
if that works I'm not against it. it now needs to be wired correctly with update-dbabuildreference and then the "code" part should be okay.... and you should be able to use your proxy. |
soooo, few things to account for here ... sorry @fm-knopfler , it seems you triggered a long-standing bug in how we check for help parameters in dbatools. Be a little patient while we figure it out. Let's split "jobs"... 1. Code related@fm-knopfler , can you try the latest version I pushed which I refactored a bit to see if the code works with proxies ? 2. Tests relatedI posted the same in dbatools-dev, but I need a hand from @potatoqualitee , maybe @wsmelton too (but anyone that can chime in is welcome). For good measure, and since we'll soon discover New-DbaDbUser is probably in the need of an adjustment, @andreasjordan ^_^
Frankly, I think June's code is good, but I fail to see the error on New-DbaDbUser's param declaration.
Of course we can always use InModule.Help.Exceptions.ps1 but I'd like to cross it out and figure who's wrong ^_^ |
I'm very busy the next days, but I can try to have a look at the weekend. |
using namend parameters and pass these to Invoke-WebRequest
In this commit, I declared the parameters in |
@fm-knopfler : were there issues with the previous implementation or not ? |
Yes, you can reproduce it by calling the function like this. $params = @{
"UseBasiParsing" = $true
"Proxy" = "http://yourproxy:9000"
"Uri" = "https://dataplat.github.io/assets/dbatools-buildref-index.json"
}
Invoke-TlsWebRequest @params By using Invoke-TlsWebRequest:
Line |
7 | Invoke-TlsWebRequest @params
| ~~~~~~~
| Cannot process argument transformation on parameter 'ProxyUseDefaultCredentials'. Cannot convert value "System.String" to type "System.Management.Automation.SwitchParameter". Boolean parameters
accept only Boolean values and numbers, such as $True, $False, 1 or 0. |
this works without issues ....
what am I not getting ? |
You haven't declared the proxy parameter, this way, it works for me too. To test, use some random URI as proxy, as $params = @{
"UseBasicParsing" = $true
"Uri" = "https://dataplat.github.io/assets/dbatools-buildref-index.json"
"Proxy" = "http://proxyurl:9000"
}
Invoke-TlsWebRequest @params |
owwww shush, I was aiming at keeping it simple but .... okay. |
Maybe someone knows a more concise way to make this work, but I wasn't able to find one. |
yeah, no worries and thanks for your patience. |
hey everyone, sorry for being an absent maintainer. I'll be back next year. I think we could use |
My $0.02USD here... So, I've only skimmed over the extremely long conversation on this PR; would be better served to convert that discussion to an issue for better tracking of what is going on...just an FYI. I believe it would be better served by having the proxy for web access stored inside of a configuration item. Then simply have the wrapper function pass that value to |
@wsmelton, @potatoqualitee : I'm up for rewriting a summary of what's happening . Issue 1:Users in the need of using a proxy can either:
Going with 2. means simplifying this PR, potentially just adding onto Update-DbaBuildReference (and later on to all invoking cmdlets) a warning in case of failures that remembers what config "key" to use to supply proxy and credentials. Wrappers then may remain simpler and use the config to know if a proxy (and credentials) are needed . Issue 2:If we don't go for a global config, problem here is that we had a simple wrapper to enable TLS1.2 for older PS versions that hit a limit. Either we remove the wrapper or we "complicate it" doing what @fm-knopfler did to make it work. Issue 3 (somewhat unrelated, but still valid):Solution 1 (having proxy and credential parameters on the cmdlet itself) create a 100% good parameterset, that is wrongly "marked as failed" by our unittests. This is due to what I consider a bug, and I found a fix, although fixing the logic shows that New-DbaDbUser has an incorrect definition of parameters. |
Yes, I believe this can be simplified with using dbatools' config in lieu of updating a single command plus internal commands. That way, setting the proxy can help all other commands. |
You mean adding an option to dbatools global config and referencing it in this (and possibly other) function? |
yep! then set the proxy within the internal command. |
Are there already predfined names for proxy and proxycredentials? Set-dbatoolsconfig -FullName network.proxy -Value $proxyUrl
Set-dbatoolsconfig -FullName network.proxycredential -Value $proxyCred |
Just looked and this is indeed a new category. Your proposal works! If you have issues with the credential, you can also store the username and SecureString then build up the $Cred in Invoke-TlsWebRequest like: $username = Get-DbatoolsConfigValue -FullName network.proxy.username $credential = New-Object System.Management.Automation.PSCredential ($username, $securePassword) To set that securepassword, i usually do like (Get-Credential).Password |
I got a version of it working, please have a look. |
okay this is great progress. but i think, and what do you say @niphlod, this should be in Invoke-TlsWebRequest itself. that way, if someone sets a proxy, then it works across the board and not just for one command. i also added the initialization scripts 😊 |
@@ -0,0 +1,3 @@ | |||
Set-DbatoolsConfig -FullName network.proxy.url -Value $null -Initialize -Validation string -Description "The URL of the network proxy." | |||
Set-DbatoolsConfig -FullName network.proxy.username -Value $null -Initialize -Validation string -Description "The username for the network proxy." | |||
Set-DbatoolsConfig -FullName network.proxy.securepassword -Value $null -Initialize -Validation securestring -Description "The secure password for the network proxy." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure I've ever tried but is there any reason we couldn't just squash these two into a config that holds the credential object itself?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@wsmelton i believe this is a limitation of the securestring type. fred said it was very complicated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, moving the content into one command is best starting point for us so we don't have to replicate this code around.
Not sure if it would be possible to actually have it do the secondary attempts as well, i.e. what the try/catch in this command does
if ($proxyUsername) { | ||
$proxyCredential = New-Object System.Management.Automation.PSCredential ($proxyUsername, $proxySecurePassword) | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I'm more for this being embedded into Invoke-TlsWebRequest
instead of having to copy this everywhere
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Review:
The updated version of the script for Update-DbaBuildReference introduces several improvements and new functionalities, enhancing its flexibility and robustness. Here are the key changes and improvements:
- New Parameters:
o Proxy (-Proxy): Allows specifying a URI for a proxy server to be used during the web request. This is useful for environments where direct internet access is restricted.
o ProxyCredential (-ProxyCredential): Provides credentials for the proxy server if authentication is required. This enhances security and access control when using a proxy. - Enhanced Parameter Handling:
o Parameters are now categorized into different parameter sets (Build and CustomProxy), making the script more modular and allowing different combinations of parameters to be used without ambiguity. - Error Handling and Exception Management:
o The script maintains its user-friendly error handling (-EnableException), ensuring that errors are managed gracefully without overwhelming users with verbose error messages. - Improved Documentation:
o Updated examples (EXAMPLE sections) demonstrate how to use the new parameters (-Proxy and -ProxyCredential) effectively. This improves usability and helps users understand the script's capabilities. - Code Refactoring:
o The function Get-DbaBuildReferenceIndexOnline has been refactored to accommodate the new parameters (Proxy and ProxyCredential). It now handles proxy configurations seamlessly and retries with default settings if necessary.
Suggestions for Further Improvement: - Validation and Error Messaging:
o Consider adding input validation for parameters like Proxy and ProxyCredential to ensure correct usage and provide appropriate error messages if inputs are invalid. - Logging and Verbose Output:
o Implement more detailed logging or verbose output (Write-Verbose) within the function to aid troubleshooting and monitoring during script execution. - Performance Optimization:
o Depending on the typical size of newContent retrieved from Get-DbaBuildReferenceIndexOnline, consider optimizing file operations (Out-File) for better performance, especially in scenarios with large data sets. - Security Considerations:
o Ensure that sensitive information, such as proxy credentials, is handled securely and according to best practices, such as using secure strings or secure storage mechanisms.
Overall, the updates significantly enhance the script's functionality, making it more versatile and easier to use in varied network environments. With additional validation and optimizations, it can further improve reliability and performance.
Add optional parameters 'Proxy' and 'ProxyCredential'
Please read -- recent changes to our repo
On November 10, 2022, we removed some bloat from our repository (for the second and final time). This change requires that all contributors reclone or refork their repo.
PRs from repos that have not been recently reforked or recloned will be closed and @potatoqualitee will cherry-pick your commits and open a new PR with your changes.
Type of Change
.\tests\manual.pester.ps1
)Purpose
Allows supplying a proxy as parameter for
Update-DbaBuildReference
Approach
Parameters "Proxy" and "ProxyCredential" are passed to function
Get-DbaBuildReferenceIndexOnline
, which callsInvoke-TlsWebRequest
that in turn forwards the parameters toInvoke-WebRequest
.Commands to test
Learning