Skip to content

Commit

Permalink
BREAKING CHANGE: SqlDatabaseObjectPermission: Fix compile issue when …
Browse files Browse the repository at this point in the history
…granting permissions for different object types (#1728)

- SqlDatabaseObjectPermission
  - Fix for issue ([issue #1724](#1724)).
    - BREAKING CHANGE: Updated class DSC_DatabaseObjectPermission.
      - Changed Permission from an array to a string.
      - Updated Permission to a key property.
      - Updated Integration Tests to test permission grants on multiple objects.
  • Loading branch information
DataBeardAdmin authored Oct 26, 2021
1 parent 053de94 commit ee18d10
Show file tree
Hide file tree
Showing 8 changed files with 448 additions and 100 deletions.
9 changes: 9 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
_and [**SqlProtocolTcpIp**](https://github.com/dsccommunity/SqlServerDsc/wiki/sqlprotocoltcpip))_
([issue #1725](https://github.com/dsccommunity/SqlServerDsc/issues/1725)).

### Fixed

- SqlDatabaseObjectPermission
- Fix for issue ([issue #1724](https://github.com/dsccommunity/SqlServerDsc/issues/1724)).
- BREAKING CHANGE: Updated class DSC_DatabaseObjectPermission.
- Changed Permission from an array to a string.
- Updated Permission to a key property.
- Updated Integration Tests to test permission grants on multiple objects.

## [15.2.0] - 2021-09-01

### Changed
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -727,7 +727,7 @@ function Compare-TargetResourceState
the values to compare against in the current state.
#>
CimInstanceKeyProperties = @{
Permission = 'State'
Permission = @('Permission', 'State')
}
}

Expand Down Expand Up @@ -832,8 +832,15 @@ function Get-DatabaseObject
.SYNOPSIS
Converts permission names to DSC_DatabaseObjectPermission CIM class.
.PARAMETER PermissionName
Specifies array of permission names.
.PARAMETER Permission
This represents a SQL Server database object permission.
.PARAMETER PermissionState
This is the state of permission set. Valid values are 'Grant', 'Deny', or 'GrantWithGrant'.
.PARAMETER Ensure
Ensure if the permission should be granted (Present) or revoked (Absent).
Default value is 'Present'.
#>
function ConvertTo-CimDatabaseObjectPermission
{
Expand All @@ -844,7 +851,7 @@ function ConvertTo-CimDatabaseObjectPermission
[Parameter(Mandatory = $true)]
[AllowEmptyCollection()]
[AllowNull()]
[System.String[]]
[System.String]
$Permission,

[Parameter(Mandatory = $true)]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,6 @@ class DSC_SqlDatabaseObjectPermission : OMI_BaseResource
class DSC_DatabaseObjectPermission
{
[Key, Description("Specifies the state of the permission."), ValueMap{"Grant","Deny","GrantWithGrant"}, Values{"Grant","Deny","GrantWithGrant"}] String State;
[Required, Description("Specifies a set of permissions. Valid permission names can be found in the article [ObjectPermissionSet Class properties](https://docs.microsoft.com/en-us/dotnet/api/microsoft.sqlserver.management.smo.objectpermissionset#properties).")] String Permission[];
[Key, Description("Specifies a set of permissions. Valid permission names can be found in the article [ObjectPermissionSet Class properties](https://docs.microsoft.com/en-us/dotnet/api/microsoft.sqlserver.management.smo.objectpermissionset#properties).")] String Permission;
[Write, Description("Specifies the desired state of the permission. When set to `'Present'` the permissions will be added. When set to `'Absent'` the permissions will be removed. Default value is `'Present'`."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
};
Original file line number Diff line number Diff line change
Expand Up @@ -29,19 +29,25 @@ Configuration Example
DSC_DatabaseObjectPermission
{
State = 'GrantWithGrant'
Permission = @('Select')
Permission = 'Select'
}

DSC_DatabaseObjectPermission
{
State = 'Grant'
Permission = @('Update')
Permission = 'Update'
}

DSC_DatabaseObjectPermission
{
State = 'Deny'
Permission = @('Delete', 'Alter')
Permission = 'Delete'
}

DSC_DatabaseObjectPermission
{
State = 'Deny'
Permission = 'Alter'
}
)

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,21 +29,28 @@ Configuration Example
DSC_DatabaseObjectPermission
{
State = 'GrantWithGrant'
Permission = @('Select')
Permission = 'Select'
Ensure = 'Absent'
}

DSC_DatabaseObjectPermission
{
State = 'Grant'
Permission = @('Update')
Permission = 'Update'
Ensure = 'Absent'
}

DSC_DatabaseObjectPermission
{
State = 'Deny'
Permission = @('Delete', 'Alter')
Permission = 'Delete'
Ensure = 'Absent'
}

DSC_DatabaseObjectPermission
{
State = 'Deny'
Permission = 'Alter'
Ensure = 'Absent'
}
)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,61 @@ try
$resourceId = "[$($script:dscResourceFriendlyName)]Integration_Test"
}

$configurationName = "$($script:dscResourceName)_Prerequisites_Config"
$configurationName = "$($script:dscResourceName)_Prerequisites_Table1_Config"

Context ('When using configuration {0}' -f $configurationName) {
It 'Should compile and apply the MOF without throwing' {
{
$configurationParameters = @{
OutputPath = $TestDrive
# The variable $ConfigurationData was dot-sourced above.
ConfigurationData = $ConfigurationData
}

& $configurationName @configurationParameters

$startDscConfigurationParameters = @{
Path = $TestDrive
ComputerName = 'localhost'
Wait = $true
Verbose = $true
Force = $true
ErrorAction = 'Stop'
}

Start-DscConfiguration @startDscConfigurationParameters
} | Should -Not -Throw
}
}

$configurationName = "$($script:dscResourceName)_Prerequisites_Procedure1_Config"

Context ('When using configuration {0}' -f $configurationName) {
It 'Should compile and apply the MOF without throwing' {
{
$configurationParameters = @{
OutputPath = $TestDrive
# The variable $ConfigurationData was dot-sourced above.
ConfigurationData = $ConfigurationData
}

& $configurationName @configurationParameters

$startDscConfigurationParameters = @{
Path = $TestDrive
ComputerName = 'localhost'
Wait = $true
Verbose = $true
Force = $true
ErrorAction = 'Stop'
}

Start-DscConfiguration @startDscConfigurationParameters
} | Should -Not -Throw
}
}

$configurationName = "$($script:dscResourceName)_Prerequisites_Procedure2_Config"

Context ('When using configuration {0}' -f $configurationName) {
It 'Should compile and apply the MOF without throwing' {
Expand Down Expand Up @@ -301,9 +355,10 @@ try
$resourceCurrentState.ObjectType | Should -Be 'Table'
$resourceCurrentState.Name | Should -Be $ConfigurationData.AllNodes.User1_Name

$resourceCurrentState.Permission | Should -HaveCount 2
$resourceCurrentState.Permission | Should -HaveCount 3
$resourceCurrentState.Permission[0] | Should -BeOfType 'CimInstance'
$resourceCurrentState.Permission[1] | Should -BeOfType 'CimInstance'
$resourceCurrentState.Permission[2] | Should -BeOfType 'CimInstance'

$grantPermission = $resourceCurrentState.Permission.Where( { $_.State -eq 'Grant' })
$grantPermission | Should -Not -BeNullOrEmpty
Expand All @@ -313,7 +368,8 @@ try

$grantPermission = $resourceCurrentState.Permission.Where( { $_.State -eq 'Deny' })
$grantPermission | Should -Not -BeNullOrEmpty
$grantPermission.Ensure | Should -Be 'Present'
$grantPermission.Ensure[0] | Should -Be 'Present'
$grantPermission.Ensure[1] | Should -Be 'Present'
$grantPermission.Permission | Should -HaveCount 2
$grantPermission.Permission | Should -Contain @('Delete')
$grantPermission.Permission | Should -Contain @('Alter')
Expand Down Expand Up @@ -370,9 +426,10 @@ try
$resourceCurrentState.ObjectType | Should -Be 'Table'
$resourceCurrentState.Name | Should -Be $ConfigurationData.AllNodes.User1_Name

$resourceCurrentState.Permission | Should -HaveCount 2
$resourceCurrentState.Permission | Should -HaveCount 3
$resourceCurrentState.Permission[0] | Should -BeOfType 'CimInstance'
$resourceCurrentState.Permission[1] | Should -BeOfType 'CimInstance'
$resourceCurrentState.Permission[2] | Should -BeOfType 'CimInstance'

$grantPermission = $resourceCurrentState.Permission.Where( { $_.State -eq 'Grant' })
$grantPermission | Should -Not -BeNullOrEmpty
Expand All @@ -382,7 +439,8 @@ try

$grantPermission = $resourceCurrentState.Permission.Where( { $_.State -eq 'Deny' })
$grantPermission | Should -Not -BeNullOrEmpty
$grantPermission.Ensure | Should -Be 'Absent'
$grantPermission.Ensure[0] | Should -Be 'Absent'
$grantPermission.Ensure[1] | Should -Be 'Absent'
$grantPermission.Permission | Should -HaveCount 2
$grantPermission.Permission | Should -Contain @('Delete')
$grantPermission.Permission | Should -Contain @('Alter')
Expand Down
Loading

0 comments on commit ee18d10

Please sign in to comment.