Feedback request - embed module commands in script

This topic contains 5 replies, has 2 voices, and was last updated by  Paul DeArment Jr 3 months, 3 weeks ago.

  • Author
    Posts
  • #77394

    Paul DeArment Jr
    Participant

    Question: If you are not able to distribute a module or validate a module will be present on an endpoint(I'm picking my fights as a newer employee here) but have a collection of scripts in a module that you want to use to keep things consistent/faster – what methods have others been using besides just copying/pasting the functions from the module into the script?

    I'm considering a method for replacing the import-module line with the script block(s) of any commands used in the script from the current version of the installed module.

    But that is why I am posting this here – was hoping to get some feedback on how others are approaching similar scenarios.

    Thanks

  • #77466

    Don Jones
    Keymaster

    Well... the "right" approach would be to stand up a private NuGet repo and use Install-Module to grab the module you need. Failing that, you're in a pile of poo, and you're basically left with copying and pasting code. That's obviously going to create massive long-term maintenance and support problems. You might mention that to whomever says you can't do it the right way. "Look, we can do it the wrong way, but you're going to immediately begin incurring hella technical debt, and you're going to look bad and regret it someday."

    Modules only keep things consistent/faster when you can use them correctly.

    • #77497

      Paul DeArment Jr
      Participant

      Don,

      Thanks for the response – 100% agreed – its a pile of poo that will not be maintainable long term. My end goal is to have a nuget repo where those endpoints can pull the latest module (what I was doing at my old job) but I know I'm a decent amount of time from that at this point.

      I'm choosing my battles at this point especially since I've only been here for about a month. I'm fighting to keep powershell remoting enabled – the security vulnerability scans they ran this spring say to disable all powershell remoting so they started on that path right before I joined the company. I'm also working on changing with a few others the culture of things in the engineering teams and implementing things to help us with automation – git, nuget repo available to all IT teams, standards for script naming, actually reviewing downloaded scripts before they are run, etc. It's going to be a slow process – especially here where they like to do things at a snail pace. That's the main reason I was looking for some input from others who maybe have had to deal with a culture like this as well.

      For now I wrote a small helper function in my module of script accelerators for here that takes the script file, looks for what commands from the module are used, and replaces the import-module command with a region of those functions from the module. It has it's limitations – (can't include non-exported helper functions for example – but this module has none of those, is so far only able to really work on one module at a time, only works on script modules) but for now is better than manually copying/pasting the module code each time.

      Guess it's back to fighting for what I know is the correct way.

  • #77532

    Don Jones
    Keymaster

    By the way, can I ask what "security scan" gave that recommendation? Is this a product they ran, a consultancy they hired, something they did internally...? I'm trying to track down sources of that misguided particular piece of misinformation. Thanks!

    • #77574

      Paul DeArment Jr
      Participant

      Its a product they ran – I'll get the name of it and report back.

    • #77740

      Paul DeArment Jr
      Participant

      The product that gave them the recommendation to disable remoting is Tripwire.

You must be logged in to reply to this topic.