Search code examples
powershellpowershell-4.0dsc

DSC Script Resource's TestScript failing to return boolean

Trying to push DSC I'm hitting the following error:

Failure to get a valid result from the execution of TestScript. The Test script should return True or False.

Here's the TestScript:

return (Test-Path -Path "FullPath:\To\File")

A couple things I've tried:

  1. The Script resource has a (unmanaged) service account's credentials specified in the Credential parameter. Thinking it might not have permissions to the directory, causing Test-Path to error, I launched powershell as the user on the target machine and ran the cmdlet. It returned False (as expected). I've since made sure that the configuration gives the account permissions to the folder anyways.
  2. Thinking it might be some weird idiosyncrasy with returning the cmdlet, I tried assigning the cmdlet to a variable and returning that. No dice.

Any ideas would be appreciated.

Edit: Here's the full resource, for those curious. It's basically just a couple quick lines to pull a script out of source control and place it locally so that I can create a scheduled task to run said script. Casting the result to a bool didn't work (same error). I'm wondering if it's even getting inside the TestScript at this point...checking get-executionpolicy shows it as undefined for the account but at the userpolicy, machinepolicy and localmachine level they're all bypass.

Script NameOfScript {
    DependsOn = "[cNtfsPermissionEntry]DirectoryPermissions"
    Credential = $serviceAccountPSCredentialObject
    SetScript = {
        Import-Module -Name Subversion
        New-SvnWorkingCopy -Url "https://svnrepourl/script.ps1" -Path "E:\Scripts\"
    }
    TestScript = {
        [bool]$result
        $result = Test-Path -Path "E:\Scripts\script.ps1" -ErrorAction Stop
        return $result
    }
    GetScript = { }
}
Solution

  • Figured it out, with the help of this forum post. Initially I didn't think it'd be much help since I shouldn't be experiencing double-hop issues, but I'll explain why it's germane below. @TravisEz13 made the comment that the Credential parameter isn't used, but that is incorrect.

    If you look at the Script resource, when you specify credentials this is how it runs the script blocks:

    $scriptExecutionResult = Invoke-Command -ScriptBlock $ScriptBlock -ComputerName . -Credential $Credential

    The service account in question doesn't have remote access to the machine. So when I launch powershell locally as that user and run the Test-Path cmdlet, it works, but when I try to run the above Invoke-Command with that account's creds, it returns an access denied error.

    My solution was to write a module/resource for subversion checkout. Not just to get around this, but also because the subversion powershell module I was using above doesn't provide a means to pass credentials to the svn binary.