Generated file. Do not edit by hand. Source: tools/Generate-IdleStepReference.ps1
- Step Type:
IdLE.Step.EnsureAttributes - Module:
IdLE.Steps.Common - Implementation:
Invoke-IdleStepEnsureAttributes - Idempotent:
Yes
Ensures that multiple identity attributes match their desired values.
This is a provider-agnostic step that can ensure multiple attributes in a single step. The host must supply a provider instance via Context.Providers[<ProviderAlias>].
Provider interaction strategy:
-
If the provider implements EnsureAttributes(IdentityKey, AttributesHashtable), it is called once (fast path).
-
Otherwise, the step falls back to calling EnsureAttribute(IdentityKey, Name, Value) for each attribute.
The step is idempotent by design: it converges state to the desired values.
Authentication:
-
If With.AuthSessionName is present, the step acquires an auth session via Context.AcquireAuthSession(Name, Options) and passes it to the provider method if the provider supports an AuthSession parameter.
-
With.AuthSessionOptions (optional, hashtable) is passed to the broker for session selection (e.g., @{ Role = 'Tier0' }).
-
ScriptBlocks in AuthSessionOptions are rejected (security boundary).
The following keys are required in the step's With configuration:
| Key | Required | Description |
|---|---|---|
Attributes |
Yes | Hashtable of attributes to set |
IdentityKey |
Yes | Unique identifier for the identity |
@{
Name = 'IdLE.Step.EnsureAttributes Example'
Type = 'IdLE.Step.EnsureAttributes'
With = @{
Attributes = @{ GivenName = 'First'; Surname = 'Last' }
IdentityKey = 'user.name'
}
}- Capabilities Reference - Overview of IdLE capabilities
- Providers - Available provider implementations