From 5285cf8a0d87709fe184d3bdd0b3d4a24548855a Mon Sep 17 00:00:00 2001 From: Peter Hsu Date: Mon, 25 Feb 2019 17:05:36 -0800 Subject: [PATCH] * Add admin owner group on upgrade * detailed logging (#231) --- scripts/publish/publish.ps1 | 11 ++++------- scripts/setup/config.ps1 | 26 +++++++++++++++++++------- scripts/setup/install.ps1 | 20 ++++++++++---------- scripts/setup/migrate.ps1 | 9 +++++---- scripts/setup/msi-setup.ps1 | 2 +- scripts/setup/sanitize-logs.ps1 | 1 + scripts/setup/security.ps1 | 3 ++- scripts/setup/setup.ps1 | 2 +- scripts/setup/uninstall.ps1 | 16 +++++++++++----- 9 files changed, 54 insertions(+), 36 deletions(-) diff --git a/scripts/publish/publish.ps1 b/scripts/publish/publish.ps1 index 79532b2d..1142ce3a 100644 --- a/scripts/publish/publish.ps1 +++ b/scripts/publish/publish.ps1 @@ -118,8 +118,7 @@ if (-not([string]::IsNullOrEmpty($SignType))) { } } catch { - Write-Warning $_.Exception.Message - throw "Could not find msbuild" + throw "Could not find msbuild: $($_.Exception.Message)" } if ([string]::IsNullOrEmpty($SigningIdentity)) { @@ -135,8 +134,7 @@ try { } } catch { - Write-Warning $_.Exception.Message - throw "Could not find dotnet tools" + throw "Could not find dotnet tools: $($_.Exception.Message)" } DeletePreExistingFiles $OutputPath @@ -171,8 +169,7 @@ try{ } } catch { - Write-Warning $_.Exception.Message - throw "Publish failed" + throw "Publish failed: $($_.Exception.Message)" } $outputConfigPath = Join-Path $applicationPath "config" @@ -218,7 +215,7 @@ try { } } catch { - throw "Could not build plugins for publishing" + throw "Could not build plugins for publishing: $($_.Exception.Message)" } # Copy setup diff --git a/scripts/setup/config.ps1 b/scripts/setup/config.ps1 index 99425c35..c7b0a714 100644 --- a/scripts/setup/config.ps1 +++ b/scripts/setup/config.ps1 @@ -115,6 +115,22 @@ function Remove($_path) { } } +## create "IIS Administration API Owners" group if it does not exist, and and the current user to the group if not already added +## Note that this method also includes a phase the indiciates the group is created by the installer so it can be removed if the application +## is uninistalled +function Ensure-IncludesIisAdminApiOwners($settings) { + $groupName = .\globals.ps1 'IIS_ADMIN_API_OWNERS' + $groupDescription = .\globals.ps1 'IIS_ADMIN_API_OWNERS_DESCRIPTION' + $currentAdUser = .\security.ps1 CurrentAdUser + .\security.ps1 EnsureLocalGroupMember -AdPath $currentAdUser -Name $groupName -Description $groupDescription + if (!$settings.security.users.administrators.Contains($groupName)) { + $settings.security.users.administrators += $groupName + } + if (!$settings.security.users.owners.Contains($groupName)) { + $settings.security.users.owners += $groupName + } +} + # Writes install time information into the appsettings.json file # AppSettingsPath: The full path to the appsettings.json file function Write-AppSettings($_appSettingsPath, $_port) { @@ -126,13 +142,7 @@ function Write-AppSettings($_appSettingsPath, $_port) { } $settings = .\json.ps1 Get-JsonContent -Path $_appSettingsPath - - $groupName = .\globals.ps1 'IIS_ADMIN_API_OWNERS' - $groupDescription = .\globals.ps1 'IIS_ADMIN_API_OWNERS_DESCRIPTION' - $currentAdUser = .\security.ps1 CurrentAdUser - .\security.ps1 EnsureLocalGroupMember -AdPath $currentAdUser -Name $groupName -Description $groupDescription - $settings.security.users.administrators += $groupName - $settings.security.users.owners += $groupName + Ensure-IncludesIisAdminApiOwners $settings if ($IncludeDefaultCors) { $settings.cors.rules += @{ "origin" = "https://manage.iis.net"; "allow" = $true } @@ -161,6 +171,7 @@ function Migrate-AppSettings($_source, $_destination) { if ($oldAppSettings.administrators -ne $null) { .\json.ps1 Remove-Property -JsonObject $oldAppSettings -Name "administrators" } + Ensure-IncludesIisAdminApiOwners $oldAppSettings .\json.ps1 Set-JsonContent -Path $(Join-Path $Destination $userFiles["appsettings.json"]) -JsonObject $oldAppSettings } @@ -238,6 +249,7 @@ function Write-Config($obj, $_path) { $port = [int]::parse($sPort) } catch { + Write-Warning $_.Exception.Message throw "Misconfigured 'urls' in appsettings: $($appsettings.urls)." } } diff --git a/scripts/setup/install.ps1 b/scripts/setup/install.ps1 index 5d2b7855..f2f369bb 100644 --- a/scripts/setup/install.ps1 +++ b/scripts/setup/install.ps1 @@ -144,7 +144,7 @@ function rollback() { Stop-Service $rollbackStore.createdService -ErrorAction SilentlyContinue } catch { - Write-Warning "Could not stop newly created service" + Write-Warning "Could not stop newly created service: $($_.Exception.Message)" } sc.exe delete "$($rollbackStore.createdService)" | Out-Null @@ -172,7 +172,7 @@ function rollback() { New-Service -BinaryPathName $binaryPath -StartupType $startType -DisplayName $name -Name $name -ErrorAction Stop | Out-Null } catch { - Write-Warning "Could not restore the $($name) service." + Write-Warning "Could not restore the $($name) service: $($_.Exception.Message)" } } @@ -185,7 +185,7 @@ function rollback() { .\net.ps1 DeleteSslBinding -Port $rollbackStore.newBoundCertPort } catch { - Write-Warning "Could not roll back SSL binding on port $($rollbackStore.newBoundCertPort)" + Write-Warning "Could not roll back SSL binding on port $($rollbackStore.newBoundCertPort): $($_.Exception.Message)" } } @@ -199,7 +199,7 @@ function rollback() { .\net.ps1 BindCert -Hash $($info.CertificateHash) -AppId $($info.AppId) -Port $($info.IpEndpoint.Port) } catch { - Write-Warning "Could not restore previous SSL binding" + Write-Warning "Could not restore previous SSL binding: $($_.Exception.Message)" } } @@ -213,7 +213,7 @@ function rollback() { .\config.ps1 Remove -Path $configPath } catch { - Write-Warning "Could not remove setup config" + Write-Warning "Could not remove setup config: $($_.Exception.Message)" } } @@ -230,7 +230,7 @@ function rollback() { } } catch { - write-warning "Could not delete certificate that was created during installation." + write-warning "Could not delete certificate that was created during installation: $($_.Exception.Message)" } } @@ -243,7 +243,7 @@ function rollback() { Start-Service $rollbackStore.stoppedOldService } catch { - write-warning "Could not restart service $($rollbackStore.stoppedOldService)." + write-warning "Could not restart service $($rollbackStore.stoppedOldService): $($_.Exception.Message)" } } @@ -257,7 +257,7 @@ function rollback() { .\files.ps1 Remove-ItemForced -Path $logsPath } catch { - write-warning "Could not delete logs folder $logsPath." + write-warning "Could not delete logs folder ${logsPath}: $($_.Exception.Message)" } } @@ -271,7 +271,7 @@ function rollback() { .\files.ps1 Remove-ItemForced -Path $adminRoot } catch { - write-warning "Could not delete installation folder $adminRoot." + write-warning "Could not delete installation folder ${adminRoot}: $($_.Exception.Message)" } } @@ -458,7 +458,7 @@ function Install Start-Service "$ServiceName" -ErrorAction Stop } catch { - throw "Could not start service" + throw "Could not start service: $($_.Exception.Message)" } $svc = Get-Service "$ServiceName" -ErrorAction SilentlyContinue diff --git a/scripts/setup/migrate.ps1 b/scripts/setup/migrate.ps1 index 4de9bc50..f20d788a 100644 --- a/scripts/setup/migrate.ps1 +++ b/scripts/setup/migrate.ps1 @@ -24,7 +24,7 @@ function Rollback { Stop-Service $migrateRollback.startedNewService -ErrorAction Stop } catch { - Write-Warning "Could not stop newly created service $($migrateRollback.startedNewService)" + Write-Warning "Could not stop newly created service $($migrateRollback.startedNewService): $($_.Exception.Message)" } } @@ -37,7 +37,7 @@ function Rollback { sc.exe delete "$($migrateRollback.createdNewService)" | Out-Null } catch { - Write-Warning "Could not remove newly created service '$($migrateRollback.createdNewService)'" + Write-Warning "Could not remove newly created service '$($migrateRollback.createdNewService)': $($_.Exception.Message)" } } @@ -55,7 +55,7 @@ function Rollback { New-Service -BinaryPathName $binaryPath -StartupType $startType -DisplayName $name -Name $name -ErrorAction Stop | Out-Null } catch { - Write-Warning "Could not restore the $($name) service." + Write-Warning "Could not restore the $($name) service: $($_.Exception.Message)" } } @@ -68,7 +68,7 @@ function Rollback { Start-Service $migrateRollback.stoppedSourceService -ErrorAction Stop } catch { - Write-Warning "Could not restart source service" + Write-Warning "Could not restart source service: $($_.Exception.Message)" } } } @@ -116,6 +116,7 @@ function Migrate { .\sanitize-logs.ps1 -Source $source } catch { + Write-Warning "Error sanitizing logs: $($_.Exception.Message)" # Never fail } diff --git a/scripts/setup/msi-setup.ps1 b/scripts/setup/msi-setup.ps1 index 36c38465..581d98f7 100644 --- a/scripts/setup/msi-setup.ps1 +++ b/scripts/setup/msi-setup.ps1 @@ -89,7 +89,7 @@ function Upgrade() { $installed = $true .\migrate.ps1 -Source $latest -Destination $(Join-Path $adminRoot $Version) try { - .\uninstall.ps1 -Path $latest -KeepFiles + .\uninstall.ps1 -Path $latest -KeepFiles -KeepGroups } catch { # Uninstall must not throw diff --git a/scripts/setup/sanitize-logs.ps1 b/scripts/setup/sanitize-logs.ps1 index 108f69c0..6f733449 100644 --- a/scripts/setup/sanitize-logs.ps1 +++ b/scripts/setup/sanitize-logs.ps1 @@ -112,6 +112,7 @@ function Clear-CcsAuditPasswords($IisAdministrationPath) { Clear-CcsAuditPasswordsFromFile -filePath $file.FullName } catch { + Write-Warning "Error clearing ccs audit password from $($file.FullName): $($_.Exception.Message)" #If one file fails, do not block the remaining files } } diff --git a/scripts/setup/security.ps1 b/scripts/setup/security.ps1 index 141caca5..c2979da6 100644 --- a/scripts/setup/security.ps1 +++ b/scripts/setup/security.ps1 @@ -93,6 +93,7 @@ function GetLocalGroup($groupName) { $group = $localAd.Children.Find($groupName, 'group') } catch { + Write-Warning $_.Exception.Message #COM Exception if group doesn't exit } } @@ -376,7 +377,7 @@ function _Set-AclForced($_path, $_acl, $_recurse) { } catch { # Fail state: owner will be the Administrators group - Write-Warning "Could not restore owner for $($item.fullname)" + Write-Warning "Could not restore owner for $($item.fullname): $($_.Exception.Message)" } # Revert any token privileges adjusted diff --git a/scripts/setup/setup.ps1 b/scripts/setup/setup.ps1 index 2b51ddda..bd0ff5e2 100644 --- a/scripts/setup/setup.ps1 +++ b/scripts/setup/setup.ps1 @@ -139,7 +139,7 @@ function Upgrade() { throw $_ } - .\uninstall.ps1 -Path $latest + .\uninstall.ps1 -Path $latest -KeepGroups } function Uninstall() { diff --git a/scripts/setup/uninstall.ps1 b/scripts/setup/uninstall.ps1 index d39c78e2..a654c351 100644 --- a/scripts/setup/uninstall.ps1 +++ b/scripts/setup/uninstall.ps1 @@ -17,7 +17,11 @@ Param( [parameter()] [switch] - $KeepFiles + $KeepFiles, + + [parameter()] + [switch] + $KeepGroups ) .\require.ps1 Is-Administrator @@ -83,7 +87,7 @@ function Uninstall($_path) .\security.ps1 Add-FullControl -Path $InstallationDirectory.FullName -Identity $system -Recurse } catch { - Write-Warning "Unable to obtain full control of installation directory" + Write-Warning "Unable to obtain full control of installation directory: $($_.Exception.Message)" } } @@ -117,7 +121,7 @@ function Uninstall($_path) .\files.ps1 Remove-ItemForced -Path $setupConfig -ErrorAction Stop } catch { - Write-Warning "Could not remove installation configuration file" + Write-Warning "Could not remove installation configuration file: $($_.Exception.Message)" } } } @@ -125,8 +129,10 @@ function Uninstall($_path) $groupName = .\globals.ps1 'IIS_ADMIN_API_OWNERS' $group = .\security.ps1 GetLocalGroup -Name $groupName $installerFlag = .\globals.ps1 'INSTALLER_FLAG' - if ($group -and $group.Description.Contains($installerFlag)) { - .\security.ps1 RemoveLocalGroup -Name $groupName + if (!$KeepGroups) { + if ($group -and $group.Description.Contains($installerFlag)) { + .\security.ps1 RemoveLocalGroup -Name $groupName + } } exit 0