From 1c88fe2a09a9a69bbde3c23123628b1213c7b836 Mon Sep 17 00:00:00 2001
From: Lord Hepipud <contact@lordhepipud.de>
Date: Tue, 15 Feb 2022 13:39:10 +0100
Subject: [PATCH] Fixes parent connection not asking for ca.crt

---
 doc/100-General/10-Changelog.md               |  1 +
 .../menu/installation/AdvancedEntries.psm1    |  6 +++++-
 .../certificate/EnterIcingaCAFile.psm1        |  8 ++++++++
 .../certificate/SelectCertificate.psm1        | 11 ++++++++++
 .../installation/icinga/SelectConnection.psm1 | 20 +++++++++++++++++--
 5 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/doc/100-General/10-Changelog.md b/doc/100-General/10-Changelog.md
index 9d871a2..ee8974c 100644
--- a/doc/100-General/10-Changelog.md
+++ b/doc/100-General/10-Changelog.md
@@ -14,6 +14,7 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic
 ### Bugfixes
 
 * [#472](https://github.com/Icinga/icinga-powershell-framework/pull/472) Fixes random errors while dynamically compiling Add-Type code by now writing a DLL inside `cache/dll` for later usage
+* [#478](https://github.com/Icinga/icinga-powershell-framework/pull/478) Fixes connection option "Connecting from parent system" which is not asking for ca.crt location
 
 ### Enhancements
 
diff --git a/lib/core/installer/menu/installation/AdvancedEntries.psm1 b/lib/core/installer/menu/installation/AdvancedEntries.psm1
index 197e725..b1d9251 100644
--- a/lib/core/installer/menu/installation/AdvancedEntries.psm1
+++ b/lib/core/installer/menu/installation/AdvancedEntries.psm1
@@ -11,7 +11,11 @@ function Add-IcingaForWindowsInstallationAdvancedEntries()
 
     Show-IcingaForWindowsInstallationMenuEnterIcingaPort -Automated -Advanced;
     Show-IcingaForWindowsInstallerMenuSelectOpenWindowsFirewall -DefaultInput $OpenFirewall -Automated -Advanced;
-    Show-IcingaForWindowsInstallerMenuSelectCertificate -Automated -Advanced;
+    # Only apply the certificate menu in case it was not selected previously, if
+    # we choose IfW-Connection 1 for example, which tells the Parent to connect to Agent only
+    if ($null -eq (Get-IcingaForWindowsInstallerStepSelection -InstallerStep 'Show-IcingaForWindowsInstallerMenuSelectCertificate')) {
+        Show-IcingaForWindowsInstallerMenuSelectCertificate -Automated -Advanced;
+    }
     Show-IcingaForWindowsInstallerMenuSelectForceCertificateGeneration -Automated -Advanced;
     Show-IcingaForWindowsInstallerMenuSelectGlobalZones -Automated -Advanced;
     Show-IcingaForWindowsInstallationMenuEnterCustomGlobalZones -Automated -Advanced;
diff --git a/lib/core/installer/menu/installation/certificate/EnterIcingaCAFile.psm1 b/lib/core/installer/menu/installation/certificate/EnterIcingaCAFile.psm1
index 327964d..f40da60 100644
--- a/lib/core/installer/menu/installation/certificate/EnterIcingaCAFile.psm1
+++ b/lib/core/installer/menu/installation/certificate/EnterIcingaCAFile.psm1
@@ -27,6 +27,14 @@ function Show-IcingaForWindowsInstallerMenuEnterIcingaCAFile()
         -ConfigElement `
         -Automated:$Automated `
         -Advanced:$Advanced;
+
+    # By default, we are never prompt to enter the CA target path, unless we are connecting
+    # from Parent->Agent, which is option 1 von IfW-Connection
+    # In case we run this configuration, we are forwarded from that menu to here and require
+    # to enter the hostname in addition
+    if ((Test-IcingaForWindowsManagementConsoleContinue) -And $JumpToSummary -eq $FALSE) {
+        $global:Icinga.InstallWizard.NextCommand = 'Show-IcingaForWindowsInstallerMenuSelectHostname';
+    }
 }
 
 Set-Alias -Name 'IfW-CAFile' -Value 'Show-IcingaForWindowsInstallerMenuEnterIcingaCAFile';
diff --git a/lib/core/installer/menu/installation/certificate/SelectCertificate.psm1 b/lib/core/installer/menu/installation/certificate/SelectCertificate.psm1
index 4bfd18b..bf45ef7 100644
--- a/lib/core/installer/menu/installation/certificate/SelectCertificate.psm1
+++ b/lib/core/installer/menu/installation/certificate/SelectCertificate.psm1
@@ -49,6 +49,17 @@ function Show-IcingaForWindowsInstallerMenuSelectCertificate()
             break;
         };
     }
+
+    # By Default, we are not jumping to the Summary on this menu but will require this in case
+    # we choose CAFile selection and are on the summary page, as then we do not want to be prompted
+    # for the Hostname again and require to tell the CA menu, that we should directly move to the
+    # summary page again
+    $LastInput = Get-IcingaForWindowsManagementConsoleLastInput;
+
+    if ($LastInput -eq '2' -And $JumpToSummary) {
+        $global:Icinga.InstallWizard.NextCommand   = 'Show-IcingaForWindowsInstallerMenuEnterIcingaCAFile';
+        $global:Icinga.InstallWizard.NextArguments = @{ 'JumpToSummary' = $TRUE; };
+    }
 }
 
 Set-Alias -Name 'IfW-Certificate' -Value 'Show-IcingaForWindowsInstallerMenuSelectCertificate';
diff --git a/lib/core/installer/menu/installation/icinga/SelectConnection.psm1 b/lib/core/installer/menu/installation/icinga/SelectConnection.psm1
index e0c3be7..626ad40 100644
--- a/lib/core/installer/menu/installation/icinga/SelectConnection.psm1
+++ b/lib/core/installer/menu/installation/icinga/SelectConnection.psm1
@@ -20,8 +20,8 @@ function Show-IcingaForWindowsInstallerMenuSelectConnection()
             },
             @{
                 'Caption' = 'Connecting from parent system';
-                'Command' = 'Show-IcingaForWindowsInstallerMenuSelectHostname';
-                'Help'    = 'Choose this option if the Icinga Agent should not or cannot connect to a parent Icinga node and only connections from a Master/Satellite are possible. This will open the Windows firewall for the chosen Icinga protocol port (default 5665). Certificate generation might require additional steps.';
+                'Command' = 'Show-IcingaForWindowsInstallerMenuEnterIcingaCAFile';
+                'Help'    = 'Choose this option if the Icinga Agent should not or cannot connect to a parent Icinga node and only connections from a Master/Satellite are possible. This will open the Windows firewall for the chosen Icinga protocol port (default 5665). Certificate generation requires to specify the location of the Icinga ca.crt, which is required to complete the setup process.';
             },
             @{
                 'Caption' = 'Connecting from both systems';
@@ -39,6 +39,22 @@ function Show-IcingaForWindowsInstallerMenuSelectConnection()
         -ConfigElement `
         -Automated:$Automated `
         -Advanced:$Advanced;
+
+    # If we choose option 1 "Connecting from parent system", we require to ask the user for the
+    # location of the ca.crt, as otherwise the api feature will not be enabled. This section will
+    # ensure we are forwarded to the proper menu later on and certain options are defined for our
+    # certificate handling
+    $LastInput = Get-IcingaForWindowsManagementConsoleLastInput;
+
+    if ([string]::IsNullOrEmpty($LastInput) -eq $FALSE -and $LastInput -ne '1') {
+        # Remove the set hostname in case we choose a different option
+        Add-IcingaForWindowsInstallerConfigEntry -Selection '0' -OverwriteMenu 'Show-IcingaForWindowsInstallerMenuSelectCertificate' -Advanced;
+        Remove-IcingaForWindowsInstallerConfigEntry -Menu 'Show-IcingaForWindowsInstallerMenuEnterIcingaCAFile';
+    } elseif ($LastInput -eq '1') {
+        Add-IcingaForWindowsInstallerConfigEntry -Selection '2' -OverwriteMenu 'Show-IcingaForWindowsInstallerMenuSelectCertificate' -Advanced;
+        $global:Icinga.InstallWizard.NextCommand   = 'Show-IcingaForWindowsInstallerMenuEnterIcingaCAFile';
+        $global:Icinga.InstallWizard.NextArguments = @{ 'JumpToSummary' = $JumpToSummary; };
+    }
 }
 
 Set-Alias -Name 'IfW-Connection' -Value 'Show-IcingaForWindowsInstallerMenuSelectConnection';