Wait for bl encryption resource proposal

DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.psm1

@@ -0,0 +1,154 @@
+<#
+.SYNOPSIS
+   Resource that waits for a drive to get encrypted before proceeding. Follows the Wait-For pattern.
+.DESCRIPTION
+.NOTES
+#>
+
+function Get-TargetResource
+{
+    [CmdletBinding()]
+    [OutputType([System.Collections.Hashtable])]
+    param
+    (
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $MountPoint,
+
+        [Parameter()]
+        [System.UInt32]
+        $RetryIntervalSeconds = 60,
+
+        [Parameter()]
+        [System.UInt32]
+        $RetryCount = 30
+    )
+
+    # Load helper module
+    Import-Module "$((Get-Item -LiteralPath "$($PSScriptRoot)").Parent.Parent.FullName)\Misc\xBitlockerCommon.psm1" -Verbose:0
+
+    CheckForPreReqs
+
+    $status = Get-BitLockerVolume -MountPoint $MountPoint
+
+    if ($status -ne $null)
+    {
+        Write-Verbose "Status for drive available."
+        $returnValue = @{
+            Status = "$($MountPoint) drive ProtectionStatus is $($status.ProtectionStatus)."
+        }
+    }
+    else
+    {
+        Write-Verbose "Status for drive unavailable."
+        $returnValue = @{
+            Status = "No information could be retrieved for specified drive."
+        }
+    }
+
+    $returnValue
+}
+
+function Set-TargetResource
+{
+    [CmdletBinding()]
+    param
+    (
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $MountPoint,
+
+        [Parameter()]
+        [System.UInt32]
+        $RetryIntervalSeconds = 60,
+
+        [Parameter()]
+        [System.UInt32]
+        $RetryCount = 30
+    )
+
+    # Load helper module
+    Import-Module "$((Get-Item -LiteralPath "$($PSScriptRoot)").Parent.Parent.FullName)\Misc\xBitlockerCommon.psm1" -Verbose:0
+
+    CheckForPreReqs
+
+    $encrypted = Test-Status($MountPoint)
+
+    if (-not $encrypted)
+    {
+        Write-Verbose "Not yet fully encrypted. About to start waiting loop."
+        for($count = 0; $count -lt $RetryCount; $count++)
+        {
+            if (IsFully-Encrypted($MountPoint))
+            {
+                Write-Verbose "Drive encryption complete. Exiting."
+                break
+            }
+            else
+            {
+                Write-Verbose "Still encrypting..."
+                Start-Sleep $RetryIntervalSeconds
+            }
+        }
+    }
+}
+
+function Test-TargetResource
+{
+    [CmdletBinding()]
+    [OutputType([System.Boolean])]
+    param
+    (
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $MountPoint,
+
+        [Parameter()]
+        [System.UInt32]
+        $RetryIntervalSeconds = 60,
+
+        [Parameter()]
+        [System.UInt32]
+        $RetryCount = 30
+    )
+
+    # Load helper module
+    Import-Module "$((Get-Item -LiteralPath "$($PSScriptRoot)").Parent.Parent.FullName)\Misc\xBitlockerCommon.psm1" -Verbose:0
+
+    CheckForPreReqs
+
+    Write-Verbose "About to check the status for drive."
+    return Test-Status($MountPoint)
+}
+
+function Test-Status([Parameter()][string] $unit)
+{
+    $encrypted = $true
+
+    $status = Get-BitLockerVolume -MountPoint $unit
+
+    if ($status.EncryptionPercentage -ne 100)
+    {
+        $encrypted = $false
+    }
+    elseif ($status -eq $null)
+    {
+        throw "Unit $($unit) is not a logical drive."
+    }
+
+    return $encrypted
+}
+
+function IsFully-Encrypted([Parameter()][string]$unit)
+{
+    $status = Get-BitLockerVolume -MountPoint $unit
+
+    if ($status.EncryptionPercentage -eq 100)
+    {
+        return $true
+    }
+
+    return $false
+}
+
+Export-ModuleMember -Function *-TargetResource

DSCResources/MSFT_xWaitForBLEncryption/MSFT_xWaitForBLEncryption.schema.mof

@@ -0,0 +1,7 @@
+[ClassVersion("1.0.0.0"), FriendlyName("xWaitForBLEncryption")]
+class MSFT_xWaitForBLEncryption : OMI_BaseResource
+{
+    [Key, Description("Drive letter to be checked for Encryption status and completeness")] String MountPoint;
+    [Write, Description("Indicates seconds to wait before checking back")] UInt32 RetryIntervalSeconds;
+    [Write, Description("Indicates how many times should retry before giving up")] UInt32 RetryCount;
+};

README.md

@@ -1,7 +1,7 @@
 # xBitlocker
 
 The **xBitlocker** module is a part of the Windows PowerShell Desired State Configuration (DSC) Resource Kit, which is a collection of DSC Resources produced by the PowerShell Team.
-This module contains the **xBLAutoBitlocker, xBLBitlocker, xBLTpm** resources.
+This module contains the **xBLAutoBitlocker, xBLBitlocker, xBLTpm, xWaitForBLEncryption** resources.
 This DSC Module allows you to configure Bitlocker on a single disk, configure a TPM chip, or automatically enable Bitlocker on multiple disks.
 
 This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
@@ -38,7 +38,7 @@ To install **xBitlocker** module
 
 To confirm installation:
 
-* Run **Get-DSCResource** to see that **xBLAutoBitlocker, xBLBitlocker, xBLTpm** are among the DSC Resources listed
+* Run **Get-DSCResource** to see that **xBLAutoBitlocker, xBLBitlocker, xBLTpm, xWaitForBLEncryption** are among the DSC Resources listed
 
 ## Requirements
 
@@ -117,6 +117,14 @@ Defaults to false.
 
 *   AllowImmediateReboot:Whether the computer can rebooted immediately after initializing the TPM
 
+**xWaitForBLEncryption** adds the ability to wait for a unit to get fully encrypted. This allow you to
+make sure a full encryption happened before (depending on) going down the road on you DSC script.
+**xWaitForBLEncryption** has the following properties.
+
+*   *MountPoint:Drive letter to be checked for Encryption status and completeness.
+*   RetryIntervalSeconds:Indicates seconds to wait before checking back. Defaults to 60.
+*   RetryCount:Indicates how many times should retry before giving up. Defaults to 30.
+
 ## Versions
 
 ### Unreleased

Test/Test-xBitlocker.ps1

@@ -93,6 +93,22 @@ $blParams9 = @{
     UsedSpaceOnly             = $true
 }
 
+$waitForBLEParams1 = @{
+    MountPoint                = 'C:'
+}
+
+$waitForBLEParams2 = @{
+    MountPoint  = 'C:'
+    RetryIntervalSeconds = 20
+    RetryCount = 20
+}
+
+$waitForBLEParams3 = @{
+    MountPoint  = 'C:'
+    RetryIntervalSeconds = 30
+    RetryCount = 30
+}
+
 $autoBlParams1 = @{
     DriveType = "Fixed"
     MinDiskCapacityGB = 20
@@ -190,6 +206,9 @@ function RunTests
         RunTest -TestName "TestBitlocker7" -ModulesToImport "MSFT_xBLBitlocker" -Parameters $blParams7
         RunTest -TestName "TestBitlocker8" -ModulesToImport "MSFT_xBLBitlocker" -Parameters $blParams8
         RunTest -TestName "TestBitlocker9" -ModulesToImport "MSFT_xBLBitlocker" -Parameters $blParams9
+        RunTest -TestName "TestWaitFor" -ModulesToImport "MSFT_xWaitForBLEncryption" -Parameters $waitForBLEParams1
+        RunTest -TestName "TestWaitFor" -ModulesToImport "MSFT_xWaitForBLEncryption" -Parameters $waitForBLEParams2
+        RunTest -TestName "TestWaitFor" -ModulesToImport "MSFT_xWaitForBLEncryption" -Parameters $waitForBLEParams3
     }
 
     if ("TestAutoBitlocker" -like $Filter)