-
Notifications
You must be signed in to change notification settings - Fork 57
(AB-118300) Draft Anatomy of a command-based DSC Resource #101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
SteveL-MSFT
merged 1 commit into
PowerShell:main
from
michaeltlombardi:ab-118300/main/command-based-resource-anatomy
Aug 4, 2023
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,137 @@ | ||
| --- | ||
| author: michaeltlombardi | ||
| title: Anatomy of a command-based DSC Resource | ||
| description: >- | ||
| Describes the components of a command-based DSC Resource, how DSC uses them, and what's required | ||
| of them. | ||
| ms.author: mlombardi | ||
| ms.topic: concept-article | ||
| ms.date: 2023-07-13 | ||
| --- | ||
|
|
||
| # Anatomy of a command-based DSC Resource | ||
|
|
||
| DSC Resources provide a standardized interface for managing the settings of a system. A resource | ||
| defines properties you can manage and implements the code needed to get an instance of the | ||
| resource. | ||
|
|
||
| Command-based DSC Resources are defined with at least two files: | ||
|
|
||
| 1. A DSC Resource manifest that tells DSC how to interact with the resource. | ||
| 1. One or more executable files and their dependencies to manage instances of the resource. | ||
|
|
||
| ## DSC Resource manifests | ||
|
|
||
| DSC Resource manifests are defined as JSON files. For DSC to recognize a JSON file as a manifest, | ||
| the file must meet the following criteria: | ||
|
|
||
| 1. The file must be discoverable in the `PATH` environment variable. | ||
| 1. The filename must end with `.dsc.resource.json`. | ||
|
|
||
| When DSC searches the local system for available command-based DSC Resources, it searches every | ||
| folder in the `PATH` for files that use the DSC Resource manifest naming convention. DSC then | ||
| parses each of those discovered files and validates them against the | ||
| [DSC Resource Manifest JSON schema][01]. | ||
|
|
||
| If the JSON file validates against the schema, DSC can use the DSC Resource. | ||
|
|
||
| At a minimum, the manifest must define: | ||
|
|
||
| - The version of the DSC Resource Manifest JSON schema it's compatible with. | ||
| - The fully qualified name of the resource, like `Microsoft.Windows/Registry`. The fully qualified | ||
| name syntax is `<owner>[.<group>][.<area>]/<name>`. The group and area components of the fully | ||
| qualified name enable organizing resources into namespaces. | ||
| - How DSC can call the command to get the current state of a resource instance. | ||
| - A way to validate an instance. This can be one of the following: | ||
| - A JSON schema that describes an instance | ||
| - A command DSC must call to get the schema at runtime | ||
| - A command to validate nested DSC Resources. This last option only applies to DSC Group | ||
| Resources and DSC Provider Resources. | ||
|
|
||
| The manifest may optionally define: | ||
|
|
||
| - How DSC can call the command to test whether an instance is in the desired | ||
| state. | ||
| - How DSC can call the command to set an instance to the desired state. | ||
| - The meaning of the non-zero exit codes returned by the command. | ||
| - How DSC can call the command to manage other DSC Resources, when the resource is a DSC Group | ||
| Resource or a DSC Provider Resource. | ||
| - Metadata about the resource, like its author and a short description. | ||
|
|
||
| If the manifest doesn't define how to test an instance of the resource, DSC performs a synthetic | ||
| test for resource instances. DSC's synthetic test always gets the actual state of an instance and | ||
| does a strict case-sensitive comparison of the instance's properties to the desired state. The | ||
| synthetic test ignores any properties prefixed with an underscore (`_`) or dollar sign (`$`). If | ||
| any of the properties aren't exactly the same as the defined desired state, DSC reports the | ||
| instance as being non-compliant. | ||
|
|
||
| If the manifest doesn't define how to set an instance of the DSC Resource, DSC can't use the | ||
| resource to enforce desired state. | ||
|
|
||
| The manifest doesn't need to specify the same executable file for every operation. The definition | ||
| for each operation is independent. | ||
|
|
||
| For more information on authoring DSC Resource manifests, see | ||
| [Authoring a DSC Resource Manifest][02]. | ||
|
|
||
| ## DSC Resource executables | ||
|
|
||
| Command-based DSC Resources always require an executable file for DSC to run. The DSC Resource | ||
| Manifest doesn't need to be bundled with the executable. The executable can be any executable file, | ||
| such as a binary application or a shell script. A resource may use different executables for | ||
| different operations. | ||
|
|
||
| For DSC to use an executable, it must be discoverable in the `PATH` environment variable. DSC calls | ||
| the executable once per operation, using the exit code returned by the executable to determine if | ||
| the command was successful. DSC treats exit code `0` as a success and all other exit codes as an | ||
| error. For more information about error handling, see | ||
| [Handling errors in a command-based DSC Resource][03]. | ||
|
|
||
| ### Inputs | ||
|
|
||
| DSC sends input to command-based DSC Resources as either a JSON data blob over stdin or as a set of | ||
| argument flags and values. Input handling is defined per-operation in the DSC Resource Manifest. | ||
|
|
||
| When DSC sends the input as JSON over stdin, the data blob is the JSON representation of an | ||
| instance's desired state. This is the most robust option for a resource, as it enables the resource | ||
| to support complex properties with nested objects. | ||
|
|
||
| When DSC sends the input as arguments, it generates a pair of arguments for each of the specified | ||
| properties. The first argument is the name of the property prefixed with `--`, such as | ||
| `--duration`. The second argument is the property's value. The ordering of the argument pairs isn't | ||
| guaranteed. This input method doesn't support complex properties. | ||
|
|
||
| ### Outputs | ||
|
|
||
| The executable for a command-based DSC Resource must return JSON data to stdout when called by DSC. | ||
| The output encoding must be UTF-8. When the resource returns the state of an instance, DSC | ||
| validates the JSON data against the resource's instance schema. | ||
|
|
||
| For DSC Provider Resources, DSC expects the executable to pass through the instance states for the | ||
| resources it manages as either a single JSON array or as a series of [JSON Lines][04]. | ||
|
|
||
| Command-based DSC Resources can report logging information to DSC by emitting JSON Lines to stderr. | ||
| Each log entry must be a JSON object that includes two keys: | ||
|
|
||
| 1. The `message` key defines the human-readable string for the log entry. | ||
| 1. The `level` key defines whether the message represents an `Error`, a `Warning`, or `Information`. | ||
|
|
||
| DSC collects messages from resources and displays them in the results for a configuration | ||
| operation. When DSC invokes a resource directly outside of a configuration, it doesn't collect the | ||
| messages. Instead, they're just emitted to stderr. | ||
|
|
||
| For more information about logging from command-based DSC Resources, see | ||
| [Logging messages from a command-based DSC Resource][05]. | ||
|
|
||
| ## Related Content | ||
|
|
||
| - [Authoring a DSC Resource Manifest][02] | ||
| - [Write a command-based DSC Resource][06] | ||
| - [DSC Resource Manifest schema reference][01] | ||
|
|
||
| [01]: ../../reference/schemas/resource/manifest/root.md | ||
| [02]: authoring-a-manifest.md | ||
| [03]: handling-errors.md | ||
| [04]: https://jsonlines.org/ | ||
| [05]: logging-messages.md | ||
| [06]: write-a-command-based-resource.md | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.