diff --git a/FileShares/README.md b/FileShares/README.md index f8098e2a0..d223a52e4 100644 --- a/FileShares/README.md +++ b/FileShares/README.md @@ -49,7 +49,6 @@ You can also delete files by clicking the "Delete file" button in the same row a > [!TIP] > The sample uses credentials different from those of your Windows user account. If you've opened the file share in Windows Explorer before running the sample, it fails because a file share can't be accessed by one user using multiple credentials. To recover, run `klist purge` to make Windows forget the connection from Windows Explorer. - ### Removing the local user account and file share > [!CAUTION] @@ -71,10 +70,16 @@ Before deploying the app, you must create an entry in CredHub to contain the cre ### Store credentials in CredHub +> [!NOTE] +> The [cf-create-service.ps1](scripts/cf-create-service.ps1) script requires PowerShell 7 or later. + 1. Run [cf-create-service.ps1](scripts/cf-create-service.ps1) to create a service instance in CredHub, using parameters to set the required values: - * `-NetworkAddress \\\\\\` - escaped UNC path of the fileshare - * `-UserName ` - the username for accessing the fileshare - * `-Password ` - the password for accessing the fileshare + * `-NetworkAddress \\\` - UNC path to the network share (required). For example: `\\localhost\steeltoe_network_share` + * `-UserName ` - the username for accessing the file share, can include domain (e.g., `DOMAIN\username`) (required) + * `-Password ` - the password for accessing the file share (required) + * `-ServiceName credhub` - the name of the service for storing credentials + * `-ServicePlan default` - the service plan to use + * `-ServiceInstanceName sampleNetworkShare` - the name of the service instance ### Deploy the app diff --git a/FileShares/scripts/add-user-and-share.ps1 b/FileShares/scripts/add-user-and-share.ps1 index 42d5cb765..08a3b679a 100644 --- a/FileShares/scripts/add-user-and-share.ps1 +++ b/FileShares/scripts/add-user-and-share.ps1 @@ -2,12 +2,13 @@ #Requires -Modules Microsoft.PowerShell.LocalAccounts, SmbShare Param( - [string]$ShareName = "steeltoe_network_share", - [string]$SharePath = "c:\steeltoe_network_share", - [string]$UserName = "shareWriteUser", - [string]$Password = "thisIs1Pass!" + [Parameter(Mandatory = $false, HelpMessage = "The name of the share")][string]$ShareName = "steeltoe_network_share", + [Parameter(Mandatory = $false, HelpMessage = "The path to the share. For example: 'c:\steeltoe_network_share'")][string]$SharePath = "c:\steeltoe_network_share", + [Parameter(Mandatory = $false, HelpMessage = "The name of the user")][string]$UserName = "shareWriteUser", + [Parameter(Mandatory = $false, HelpMessage = "The password for the user")][string]$Password = "thisIs1Pass!" ) $ErrorActionPreference = "Stop" + if ($PSVersionTable.PSVersion.Major -lt 6) { Write-Output "Running in Windows PowerShell (version < 6)" @@ -18,7 +19,7 @@ else Add-Type -AssemblyName System.Management.Automation Import-Module Microsoft.PowerShell.LocalAccounts -SkipEditionCheck } -$SecurePassword = ConvertTo-SecureString -String $Password -AsPlainText -Force +$securePassword = ConvertTo-SecureString -String $Password -AsPlainText -Force if (Get-LocalUser -Name $UserName -ErrorAction SilentlyContinue) { @@ -28,7 +29,7 @@ else { Write-Host "Creating local user $UserName..." New-LocalUser $UserName ` - -Password $SecurePassword ` + -Password $securePassword ` -FullName "SMB ReadWrite" ` -Description "For write access to $ShareName" | Out-Null Write-Host "Done creating user." diff --git a/FileShares/scripts/cf-create-service.ps1 b/FileShares/scripts/cf-create-service.ps1 index ab6a61825..1145fce45 100644 --- a/FileShares/scripts/cf-create-service.ps1 +++ b/FileShares/scripts/cf-create-service.ps1 @@ -1,15 +1,28 @@ +#Requires -Version 7.0 + Param( - [Parameter(Mandatory = $true, HelpMessage = "Escaped UNC path. For example, if the path is '\\localhost\steeltoe_network_share', use '\\\\localhost\\steeltoe_network_share'.")][string]$NetworkAddress, - [Parameter(Mandatory=$true)][string]$UserName, - [Parameter(Mandatory=$true)][string]$Password, - [string]$ServiceName = "credhub", - [string]$ServicePlan = "default", - [string]$ServiceInstanceName = "sampleNetworkShare" + [Parameter(Mandatory = $true, HelpMessage = "UNC path to the network share. For example: '\\localhost\steeltoe_network_share'")][string]$NetworkAddress, + [Parameter(Mandatory = $true, HelpMessage = "The username for accessing the file share, can include domain. For example: 'DOMAIN\username'")][string]$UserName, + [Parameter(Mandatory = $true, HelpMessage = "The password for accessing the file share.")][string]$Password, + [Parameter(Mandatory = $false, HelpMessage = "The name of the service for storing credentials")][string]$ServiceName = "credhub", + [Parameter(Mandatory = $false, HelpMessage = "The service plan to use")][string]$ServicePlan = "default", + [Parameter(Mandatory = $false, HelpMessage = "The name of the service instance")][string]$ServiceInstanceName = "sampleNetworkShare" ) $ErrorActionPreference = "Stop" -$ParamJSON = [string]::Format('{{\"location\":\"{0}\",\"username\":\"{1}\",\"password\":\"{2}\"}}', $NetworkAddress, $UserName, $Password) +# Build parameter object and convert to JSON using PowerShell's built-in JSON serialization +# This automatically handles escaping of special characters including backslashes, quotes, etc. +$params = @{ + location = $NetworkAddress + username = $UserName + password = $Password +} +$jsonParams = $params | ConvertTo-Json -Compress -Write-Host "cf create-service $ServiceName $ServicePlan $ServiceInstanceName -c $ParamJSON -t $ServiceInstanceName" +# Create a redacted copy of the parameters for logging so the password is not exposed +$redactedParams = $params.Clone() +$redactedParams['password'] = 'REDACTED' +$redactedJsonParams = $redactedParams | ConvertTo-Json -Compress -cf create-service $ServiceName $ServicePlan $ServiceInstanceName -c $ParamJSON -t $ServiceInstanceName +Write-Host "cf create-service $ServiceName $ServicePlan $ServiceInstanceName -c $redactedJsonParams -t $ServiceInstanceName" +cf create-service $ServiceName $ServicePlan $ServiceInstanceName -c $jsonParams -t $ServiceInstanceName diff --git a/FileShares/scripts/remove-user-and-share.ps1 b/FileShares/scripts/remove-user-and-share.ps1 index b725ccb99..8d5a0f420 100644 --- a/FileShares/scripts/remove-user-and-share.ps1 +++ b/FileShares/scripts/remove-user-and-share.ps1 @@ -2,11 +2,12 @@ #Requires -Modules Microsoft.PowerShell.LocalAccounts, SmbShare Param( - [string]$ShareName = "steeltoe_network_share", - [string]$SharePath = "c:\steeltoe_network_share", - [string]$UserName = "shareWriteUser" + [Parameter(Mandatory = $false, HelpMessage = "The name of the share")][string]$ShareName = "steeltoe_network_share", + [Parameter(Mandatory = $false, HelpMessage = "The path to the share. For example: 'c:\steeltoe_network_share'")][string]$SharePath = "c:\steeltoe_network_share", + [Parameter(Mandatory = $false, HelpMessage = "The name of the user")][string]$UserName = "shareWriteUser" ) $ErrorActionPreference = "Stop" + if ($PSVersionTable.PSVersion.Major -lt 6) { Write-Output "Running in Windows PowerShell (version < 6)" @@ -17,6 +18,7 @@ else Add-Type -AssemblyName System.Management.Automation Import-Module Microsoft.PowerShell.LocalAccounts -SkipEditionCheck } + if (Get-SmbShare $ShareName -ErrorAction SilentlyContinue) { Remove-SmbShare -Name $ShareName