From c9f657a413b8e4ac5043a1dfc83cb876a002babd Mon Sep 17 00:00:00 2001
From: Lord Hepipud <contact@lordhepipud.de>
Date: Tue, 4 May 2021 10:38:54 +0200
Subject: [PATCH] Adds feature to hide SecureString in Director

---
 doc/30-upgrading-framework.md                    | 8 ++++++++
 doc/31-Changelog.md                              | 1 +
 lib/core/tools/Get-IcingaCheckCommandConfig.psm1 | 8 +++++++-
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/doc/30-upgrading-framework.md b/doc/30-upgrading-framework.md
index 364141a..23b4e06 100644
--- a/doc/30-upgrading-framework.md
+++ b/doc/30-upgrading-framework.md
@@ -4,6 +4,14 @@ Upgrading Icinga PowerShell Framework is usually quite straightforward.
 
 Specific version upgrades are described below. Please note that version updates are incremental.
 
+## Upgrading to v1.5.0 (pending)
+
+### `SecureString` and Icinga Director Baskets
+
+We have updated the configuration baskets generator to set arguments defined as `SecureString` (for passwords) to `hidden` within the Icinga Director. This will prevent users from simply gaining access to a password while having access to the Director.
+
+Please update manually all your CustomFields under `Icinga Director` -> `Define Data Fields` -> Search for `*_Securestring_*` -> Field `Visibility` to `Hidden` before importing new configuration baskets. Otherwise you will have two data fields stored within your Icinga Director and have to enter all passwords again for your service checks.
+
 ## Upgrading to v1.4.0 (2021-03-02)
 
 The pre-compiled configurations for each module and the result of `Get-IcingaCheckCommandConfig` have been changed. In order to use the new CheckCommand definitions for Icinga 2 you will **require** to update your entire environment to Icinga for Windows v1.4.0 **before** using the new configuration files!
diff --git a/doc/31-Changelog.md b/doc/31-Changelog.md
index a14b002..2af753d 100644
--- a/doc/31-Changelog.md
+++ b/doc/31-Changelog.md
@@ -13,6 +13,7 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic
 
 ### Enhancements
 
+* [#229](https://github.com/Icinga/icinga-powershell-framework/pull/229) CustomFields defined as `SecureString` are now set to `hidden` within the Icinga Director configuration basket - please read the [upgrading docs](30-upgrading-framework.md) carefully
 * [#234](https://github.com/Icinga/icinga-powershell-framework/pull/234) Adds support to allow custom exception lists for Icinga Exceptions, making it easier for different modules to ship their own exception messages
 * [#235](https://github.com/Icinga/icinga-powershell-framework/pull/235) Adds new Cmdlet `Show-IcingaEventLogAnalysis` to get a better overview on how many log entries are present within the EventLog based on hour, minute and day average/maximum for allowing a more dynamic configuration for `Invoke-IcingaCheckEventLog`
 
diff --git a/lib/core/tools/Get-IcingaCheckCommandConfig.psm1 b/lib/core/tools/Get-IcingaCheckCommandConfig.psm1
index 31326cc..8fcb669 100644
--- a/lib/core/tools/Get-IcingaCheckCommandConfig.psm1
+++ b/lib/core/tools/Get-IcingaCheckCommandConfig.psm1
@@ -288,9 +288,15 @@ function Get-IcingaCheckCommandConfig()
                         }
                     );
                 } else {
+                    $CustomVarVisibility = 'visible';
+
+                    if ($parameter.type.name -eq 'SecureString') {
+                        $CustomVarVisibility = 'hidden';
+                    }
+
                     $Basket.Datafield[[string]$FieldID].Add(
                         'settings', @{
-                            'visbility' = 'visible';
+                            'visibility' = $CustomVarVisibility;
                         }
                     );
                 }