CODEWITHSUNDEEP
powershellazure-resource-managerazure-bicepdsc
Adrian
Adrian

Reputation: 25

Passing secure parameter to PowerShell DSC script from Bicep template

I am using a Bicep template to deploy a virtual machine with a PowerShell DSC script that adds a Log Analytics workspace to the Log Analytics agent. The script uses a secure parameter (workspaceKey1) which is defined in the template and pulled from a key vault. When running the script, I'm getting the following error:

" Performing the operation "Set-TargetResource" on target "Executing the SetScript with the user supplied credential"."}, PowerShell DSC resource MSFT_ScriptResource failed to execute Set-TargetResource functionality with error message: Value does not fall within the expected range."

A simplified version of the script is below.

Configuration MmaMultihoming

{

    Param ( 
        [string] $workspaceId1,
        [System.Management.Automation.PSCredential] $workspaceKey1,
    )

    Import-DscResource -ModuleName PSDesiredStateConfiguration;
    Import-DscResource -ModuleName xPSDesiredStateConfiguration;

    [System.Management.Automation.PSCredential]$workspaceKey1 = New-Object System.Management.Automation.PSCredential ($workspaceKey1.userName, $workspaceKey1.password)

    Node localhost {
     
        Script ConfigureWorkspace
        {
            SetScript =
            {
                $workspaceId = $Using:workspaceId1;
                $workspaceKey = $Using:workspaceKey1;
                $mma = New-Object -ComObject 'AgentConfigManager.MgmtSvcCfg';
                $mma.AddCloudWorkspace($workspaceId, $workspaceKey); 
                $mma.ReloadConfiguration();
            }

            TestScript = { Test-Path "HKLM:\SYSTEM\ControlSet001\Services\HealthService\Parameters\Service Connector Services\Log Analytics - $($Using:workspaceId)"}
            GetScript = { @{ Result = (Get-ChildItem "HKLM:\SYSTEM\ControlSet001\Services\HealthService\Parameters\Service Connector Services")} }
        }
    }
}

The Bicep code is below:


param keyvaultName string = 'keyvault'
param kvResourceGroup string = 'keyvault-rg'
param workspaceId1 string
@secure()
param workspaceKey1 string = kv.getSecret('workspaceKey1')

resource kv 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
  name: keyvaultName
  scope: resourceGroup(kvResourceGroup )
}

resource DSC_LogAnalytics 'Microsoft.Compute/virtualMachines/extensions@2022-08-01' = {
  parent: vm1
  name: 'Microsoft.Powershell.DSC'
  location: location
  properties: {
    publisher: 'Microsoft.PowerShell'
    type: 'DSC'
    typeHandlerVersion: '2.77'
    autoUpgradeMinorVersion: true
    settings: {
      wmfVersion: 'latest'
      configuration: {
        url: dscScript
        script: 'dsc.ps1'
        function: 'MmaMultihoming'
      }
      configurationArguments: {
        workspaceId1: workspaceId1
      }
      privacy: {
        datacollection: 'enable'
      }
      advancedOptions: {
        forcePullAndApply: false

      }
    }
    protectedSettings: {
      configurationArguments: {
        workspaceKey1: {
          userName: 'donotuse'
          password: workspaceKey1
        }

    }
    configurationUrlSasToken: SaaStoken
    }

  }

}

I am really quite stuck so would appreciate any ideas people can give.

Thanks!

Upvotes: 0

Views: 468

Answers (0)

Related Questions