win_psDscAdapter and psDscAdapter PScredentials fix for passing username and password

adapters/powershell/Tests/class_ps_resources_secret.dsc.yaml

@@ -0,0 +1,29 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+$schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
+parameters:
+  showSecrets:
+    type: bool
+    defaultValue: true
+  cred:
+    type: secureObject
+metadata:
+  Microsoft.DSC:
+    requiredSecurityContext: elevated # this is the default and just used as an example indicating this config works for admins and non-admins
+resources:
+- name: Working with classic DSC resources
+  type: Microsoft.DSC/PowerShell
+  properties:
+    resources:
+    - name: Class-resource Info
+      type: TestClassResource/TestClassResource
+      properties:
+        Name: TestClassResource1
+        Prop1: ValueForProp1
+        Credential: "[parameters('cred')]"
+- name: SecureObject
+  type: Microsoft.DSC.Debug/Echo
+  properties:
+    output: "[parameters('cred')]"
+    showSecrets: "[parameters('showSecrets')]"

adapters/powershell/Tests/class_ps_resources_secret.parameters.yaml

@@ -0,0 +1,4 @@
+parameters:
+  cred:
+    username: admin
+    password: {To be Ovveride}

adapters/powershell/Tests/powershellgroup.config.tests.ps1

@@ -286,19 +286,28 @@ Describe 'PowerShell adapter resource tests' {
   It 'Config works with credential object' {
     $yaml = @"
         `$schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
+        parameters:
+          Credential:
+            type: secureObject
+            defaultValue:
+              username: User
+              password: Password
         resources:
-        - name: Class-resource Info
-          type: TestClassResource/TestClassResource
+        - name: Working with classic DSC resources
+          type: Microsoft.DSC/PowerShell
           properties:
-            Name: 'TestClassResource'
-            Credential:
-              UserName: 'User'
-              Password: 'Password'
+            resources:
+            - name: Class-resource Info
+              type: TestClassResource/TestClassResource
+              properties:
+                Name: TestClassResource1
+                Prop1: ValueForProp1
+                Credential: "[parameters('Credential')]"
 "@
     $out = dsc config get -i $yaml | ConvertFrom-Json
     $LASTEXITCODE | Should -Be 0
-    $out.results.result.actualstate.Credential.UserName | Should -Be 'User'
-    $out.results.result.actualState.result.Credential.Password.Length | Should -Not -BeNullOrEmpty
+    $out.results.result.actualstate.result.properties.Credential.UserName | Should -Be 'User'
+    $out.results.result.actualState.result.properties.Credential.Password.Length | Should -Not -BeNullOrEmpty
   }
 
   It 'Config does not work when credential properties are missing required fields' {

adapters/powershell/Tests/win_powershellgroup.tests.ps1

@@ -167,14 +167,18 @@ resources:
   It 'Config works with credential object' {
     $yaml = @'
     $schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
+    parameters:
+      Credential:
+      type: secureObject
+      defaultValue:
+        username: MyUser
+        password: MyPassword
     resources:
       - name: Cred test
         type: PSClassResource/PSClassResource
         properties:
           Name: Test
-          Credential:
-            UserName: 'MyUser'
-            Password: 'MyPassword'
+          Credential: "[parameters('Credential')]"
 '@
 
     $out = dsc -l debug config set -i $yaml 2> "$testdrive/error.log" | ConvertFrom-Json

adapters/powershell/psDscAdapter/psDscAdapter.psm1

@@ -467,7 +467,9 @@ function Invoke-DscOperation {
                                         "Credential object '$($_.Name)' requires both 'username' and 'password' properties" | Write-DscTrace -Operation Error
                                         exit 1
                                     }
-                                    $dscResourceInstance.$($_.Name) = [System.Management.Automation.PSCredential]::new($_.Value.Username, (ConvertTo-SecureString -AsPlainText $_.Value.Password -Force))
+                                    $username = $_.Value.secureObject.username
+                                    $password = $_.Value.secureObject.password | ConvertTo-SecureString -AsPlainText -Force
+                                    $dscResourceInstance.$($_.Name) = [System.Management.Automation.PSCredential]::new($username, $password)
                                 }
                                 else {
                                     $dscResourceInstance.$($_.Name) = $_.Value.psobject.properties | ForEach-Object -Begin { $propertyHash = @{} } -Process { $propertyHash[$_.Name] = $_.Value } -End { $propertyHash }

adapters/powershell/psDscAdapter/win_psDscAdapter.psm1

@@ -298,6 +298,7 @@ function Get-DscResourceObject {
     return $desiredState
 }
 
+
 # Get the actual state using DSC Get method from any type of DSC resource
 function Invoke-DscOperation {
     param(
@@ -368,7 +369,11 @@ function Invoke-DscOperation {
                                 "Credential object '$($_.Name)' requires both 'username' and 'password' properties" | Write-DscTrace -Operation Error
                                 exit 1
                             }
-                            $property.$($_.Name) = [System.Management.Automation.PSCredential]::new($_.Value.Username, (ConvertTo-SecureString -AsPlainText $_.Value.Password -Force))
+
+                            $username = $_.Value.Username.secureString
+                            $password = $_.Value.Password | ConvertTo-SecureString -AsPlainText -Force
+                            $property.$($_.Name) = [System.Management.Automation.PSCredential]::new($username, $password)
+
                         } else {
                             $property.$($_.Name) = $_.Value.psobject.properties | ForEach-Object -Begin { $propertyHash = @{} } -Process { $propertyHash[$_.Name] = $_.Value } -End { $propertyHash }
                         }
@@ -418,11 +423,15 @@ function Invoke-DscOperation {
                                 $validateProperty = $cachedDscResourceInfo.Properties | Where-Object -Property Name -EQ $_.Name
                                 Write-DscTrace -Operation Debug -Message "Property type: $($validateProperty.PropertyType)"
                                 if ($validateProperty.PropertyType -eq 'PSCredential') {
-                                    if (-not $_.Value.Username -or -not $_.Value.Password) {
+                                    if (-not $_.Value.secureObject.Username -or -not $_.Value.secureObject.Password) {
                                         "Credential object '$($_.Name)' requires both 'username' and 'password' properties" | Write-DscTrace -Operation Error
                                         exit 1
                                     }
-                                    $dscResourceInstance.$($_.Name) = [System.Management.Automation.PSCredential]::new($_.Value.Username, (ConvertTo-SecureString -AsPlainText $_.Value.Password -Force))
+
+                                    $username = $_.Value.secureObject.username
+                                    $password = $_.Value.secureObject.password | ConvertTo-SecureString -AsPlainText -Force
+
+                                    $dscResourceInstance.$($_.Name) = [System.Management.Automation.PSCredential]::new($username, $password)
                                 } else {
                                     $dscResourceInstance.$($_.Name) = $_.Value.psobject.properties | ForEach-Object -Begin { $propertyHash = @{} } -Process { $propertyHash[$_.Name] = $_.Value } -End { $propertyHash }
                                 }