Storage modules update + ANF option for FSlogix#764
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| "type": "string", | ||
| "defaultValue": "TLSv1_2", | ||
| "allowedValues": [ | ||
| "TLSv1_0", |
Check failure
Code scanning / devskim
An outdated SSL/TLS protocol version is specified.
| "type": "string", | ||
| "defaultValue": "TLSv1_2", | ||
| "allowedValues": [ | ||
| "TLSv1_0", |
Check failure
Code scanning / devskim
An Outdated or Banned SSL/TLS Protocol is Used
| "defaultValue": "TLSv1_2", | ||
| "allowedValues": [ | ||
| "TLSv1_0", | ||
| "TLSv1_1", |
Check failure
Code scanning / devskim
An outdated SSL/TLS protocol version is specified.
| "defaultValue": "TLSv1_2", | ||
| "allowedValues": [ | ||
| "TLSv1_0", | ||
| "TLSv1_1", |
Check failure
Code scanning / devskim
An Outdated or Banned SSL/TLS Protocol is Used
| } | ||
| # Create Domain credential | ||
| $DomainJoinUserName = $DomainJoinUserPrincipalName.Split('@')[0] | ||
| $DomainPassword = ConvertTo-SecureString -String $DomainJoinUserPwd -AsPlainText -Force |
Check failure
Code scanning / PSScriptAnalyzer
File 'Set-NtfsPermissions.ps1' uses ConvertTo-SecureString with plaintext. This will expose secure information. Encrypted standard strings should be used instead.
| # Create credential for accessing the storage account | ||
| Write-Log -message "Building Storage Key Credential" | ||
| $StorageUsername = 'Azure\' + $StorageAccountName | ||
| $StoragePassword = ConvertTo-SecureString -String "$($StorageKey)" -AsPlainText -Force |
Check failure
Code scanning / PSScriptAnalyzer
File 'Set-NtfsPermissions.ps1' uses ConvertTo-SecureString with plaintext. This will expose secure information. Encrypted standard strings should be used instead.
| } | ||
| # Creates a password for the Azure Storage Account in AD using the Kerberos key | ||
| Write-Log -message "Creating a password for the Azure Storage Account in AD using the Kerberos key" | ||
| $ComputerPassword = ConvertTo-SecureString -String $Key.Replace("'", "") -AsPlainText -Force |
Check failure
Code scanning / PSScriptAnalyzer
File 'Set-NtfsPermissions.ps1' uses ConvertTo-SecureString with plaintext. This will expose secure information. Encrypted standard strings should be used instead.
|
|
||
| # Update the password on the computer object with the new Kerberos key on the Storage Account | ||
| Write-Log -message "Updating the password on the computer object with the new Kerberos key (kerb1) on the Storage Account" | ||
| $NewPassword = ConvertTo-SecureString -String $Key -AsPlainText -Force |
Check failure
Code scanning / PSScriptAnalyzer
File 'Set-NtfsPermissions.ps1' uses ConvertTo-SecureString with plaintext. This will expose secure information. Encrypted standard strings should be used instead.
| Write-Log -message "Getting an access token for Azure resources" | ||
| $AzureManagementAccessToken = (Invoke-RestMethod ` | ||
| -Headers @{Metadata = "true" } ` | ||
| -Uri $('http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=' + $ResourceManagerUriFixed + '&client_id=' + $UserAssignedIdentityClientId)).access_token |
Check warning
Code scanning / devskim
An HTTP-based URL without TLS was detected.
| If ($FsLogixStorageAccountKey -ne '') { | ||
| $SAName = $FSLogixStorageFQDN.Split('.')[0] | ||
| Write-Log -Message "Adding Local Storage Account Key for '$FSLogixStorageFQDN' to Credential Manager" -Category 'Info' | ||
| $CMDKey = Start-Process -FilePath 'cmdkey.exe' -ArgumentList "/add:$FSLogixStorageFQDN /user:localhost\$SAName /pass:$FSLogixStorageAccountKey" -Wait -PassThru |
Check notice
Code scanning / devskim
Accessing localhost could indicate debug code, or could hinder scaling.
…into anf-fslogix
2 participants
Overview/Summary
Replace this with a brief description of what this Pull Request fixes, changes, etc.
This PR fixes/adds/changes/removes
Breaking Changes
Testing Evidence
Replace this with any testing evidence to show that your Pull Request works/fixes as described and planned (include screenshots, if appropriate).
As part of this Pull Request I have
.bicepfile/s I am adding/editing are using the latest API version possiblemainbranch