Author Posts

August 16, 2017 at 3:04 pm

Question: If you are not able to distribute a module or validate a module will be present on an endpoint(I'm picking my fights as a newer employee here) but have a collection of scripts in a module that you want to use to keep things consistent/faster – what methods have others been using besides just copying/pasting the functions from the module into the script?

I'm considering a method for replacing the import-module line with the script block(s) of any commands used in the script from the current version of the installed module.

But that is why I am posting this here – was hoping to get some feedback on how others are approaching similar scenarios.

Thanks

August 17, 2017 at 1:13 pm

Well... the "right" approach would be to stand up a private NuGet repo and use Install-Module to grab the module you need. Failing that, you're in a pile of poo, and you're basically left with copying and pasting code. That's obviously going to create massive long-term maintenance and support problems. You might mention that to whomever says you can't do it the right way. "Look, we can do it the wrong way, but you're going to immediately begin incurring hella technical debt, and you're going to look bad and regret it someday."

Modules only keep things consistent/faster when you can use them correctly.

August 17, 2017 at 6:49 pm

Don,

Thanks for the response – 100% agreed – its a pile of poo that will not be maintainable long term. My end goal is to have a nuget repo where those endpoints can pull the latest module (what I was doing at my old job) but I know I'm a decent amount of time from that at this point.

I'm choosing my battles at this point especially since I've only been here for about a month. I'm fighting to keep powershell remoting enabled – the security vulnerability scans they ran this spring say to disable all powershell remoting so they started on that path right before I joined the company. I'm also working on changing with a few others the culture of things in the engineering teams and implementing things to help us with automation – git, nuget repo available to all IT teams, standards for script naming, actually reviewing downloaded scripts before they are run, etc. It's going to be a slow process – especially here where they like to do things at a snail pace. That's the main reason I was looking for some input from others who maybe have had to deal with a culture like this as well.

For now I wrote a small helper function in my module of script accelerators for here that takes the script file, looks for what commands from the module are used, and replaces the import-module command with a region of those functions from the module. It has it's limitations – (can't include non-exported helper functions for example – but this module has none of those, is so far only able to really work on one module at a time, only works on script modules) but for now is better than manually copying/pasting the module code each time.

Guess it's back to fighting for what I know is the correct way.

August 17, 2017 at 8:37 pm

By the way, can I ask what "security scan" gave that recommendation? Is this a product they ran, a consultancy they hired, something they did internally...? I'm trying to track down sources of that misguided particular piece of misinformation. Thanks!

August 18, 2017 at 2:07 pm

Its a product they ran – I'll get the name of it and report back.

August 21, 2017 at 2:28 pm

The product that gave them the recommendation to disable remoting is Tripwire.