Add suggestion frm copilot to dsc resouces

Author: mimachniak

resources/windows_secretstore/test/windows_secretstore.config.tests.ps1

@@ -15,11 +15,11 @@ Describe 'Windows SecretStore config tests' -Skip:(!$IsWindows) {
                 return
             }
 
-            if (-not (Get-PackageProvider -Name NuGet -ListAvailable -ErrorAction SilentlyContinue)) {
-                Install-PackageProvider -Name NuGet -MinimumVersion '2.8.5.201' -Force -Scope CurrentUser | Out-Null
-            }
-
-            Install-Module -Name $Name -Repository PSGallery -Scope CurrentUser -Force -AllowClobber -Confirm:$false -ErrorAction Stop
+            $installPsResourceCommand = Get-Command -Name Install-PSResource -ErrorAction SilentlyContinue
+             if (-not $installPsResourceCommand) {
+                 throw "Install-PSResource is required to install test dependency module '$Name'."
+                Install-PSResource -Name $Name -Scope CurrentUser -TrustRepository -Quiet -ErrorAction Stop
+             }
         }
 
         foreach ($moduleName in @(

resources/windows_secretstore/windows_secretstore.dsc.resource.json

@@ -66,7 +66,7 @@
             "properties": {
                 "authentication": {
                     "title": "Authentication",
-                    "description": "Specifies whether the SecretStore vault requires a password for access. This DSC resource runs non-interactively and only supports 'None' for unattended automation.",
+                    "description": "Specifies the SecretStore authentication mode for vault access. Allowed values are 'None', 'Prompt', and 'Password'.",
                     "type": "string",
                     "enum": [
                         "None",
@@ -105,7 +105,8 @@
                         "null"
                     ],
                     "default": null
-                }
+                },
+                "additionalProperties": false
             }
         }
     }

resources/windows_secretstore/windows_secretstore.ps1

@@ -306,8 +306,24 @@ switch ($Operation) {
                         } else {
                             'SecretStore requires interactive input.'
                         }
+
+                        $allowDestructiveReset = $false
+                         if ($null -ne $env:DSC_SECRETSTORE_ALLOW_RESET) {
+                             $allowDestructiveReset = $env:DSC_SECRETSTORE_ALLOW_RESET -match '^(?i:true|1|yes)$'
+                         }
+                         if (-not $allowDestructiveReset) {
+                             $errorMessage = (
+                                 "$reason Reset-SecretStore was blocked because it is destructive and can remove existing secrets. " +
+                                 "To allow this fallback intentionally, set the environment variable " +
+                                 "'DSC_SECRETSTORE_ALLOW_RESET' to 'true' before applying the configuration."
+                             )
+                             Write-DscTrace -Level Error -Message $errorMessage
+                             throw $errorMessage
+                        }
+
                         Write-DscTrace -Level Warn -Message (
-                            "$reason Attempting Reset-SecretStore with desired settings to enable unattended DSC execution."
+                            "$reason Proceeding with Reset-SecretStore because explicit opt-in was provided via " +
+                             "DSC_SECRETSTORE_ALLOW_RESET. This operation is destructive and may remove existing secrets."
                         )
                         Reset-SecretStore @resetParams -ErrorAction Stop
                     }