From 0df4bd934b4f993d8a3c4f9b128d647fc0c93377 Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Fri, 11 Jan 2019 15:24:40 +0100 Subject: [PATCH 1/2] Changes to SqlServerLogin - Now when adding a login of type SqlLogin, and the SQL Server login mode is set to `'Integrated'`, an error is correctly thrown (issue #1179). --- CHANGELOG.md | 3 + .../MSFT_SqlServerLogin.psm1 | 4 +- Tests/Unit/MSFT_SqlServerLogin.Tests.ps1 | 101 ++++++++++++------ 3 files changed, 75 insertions(+), 33 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f9b9210dd..64844af0e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,9 @@ - Changes to SqlServerLogin - Fixed issue in Test-TargetResource to valid password on disabled accounts. ([issue #915](https://github.com/PowerShell/SqlServerDsc/issues/915)). + - Now when adding a login of type SqlLogin, and the SQL Server login mode + is set to `'Integrated'`, an error is correctly thrown + ([issue #1179](https://github.com/PowerShell/SqlServerDsc/issues/1179)). - Changes to SqlSetup - Updated the integration test to stop the named instance while installing the other instances to mitigate diff --git a/DSCResources/MSFT_SqlServerLogin/MSFT_SqlServerLogin.psm1 b/DSCResources/MSFT_SqlServerLogin/MSFT_SqlServerLogin.psm1 index 094c47da1..5d041fa33 100644 --- a/DSCResources/MSFT_SqlServerLogin/MSFT_SqlServerLogin.psm1 +++ b/DSCResources/MSFT_SqlServerLogin/MSFT_SqlServerLogin.psm1 @@ -227,10 +227,10 @@ function Set-TargetResource switch ($LoginType) { - SqlLogin + 'SqlLogin' { # Verify the instance is in Mixed authentication mode - if ( $serverObject.LoginMode -notmatch 'Mixed|Integrated' ) + if ( $serverObject.LoginMode -notmatch 'Mixed|Normal' ) { throw New-TerminatingError -ErrorType IncorrectLoginMode -FormatArgs $ServerName, $InstanceName, $serverObject.LoginMode -ErrorCategory NotImplemented } diff --git a/Tests/Unit/MSFT_SqlServerLogin.Tests.ps1 b/Tests/Unit/MSFT_SqlServerLogin.Tests.ps1 index ba18141b5..6ab247b9f 100644 --- a/Tests/Unit/MSFT_SqlServerLogin.Tests.ps1 +++ b/Tests/Unit/MSFT_SqlServerLogin.Tests.ps1 @@ -222,12 +222,43 @@ try return $mock } + $mockConnectSQL_LoginMode = { + return New-Object -TypeName Object | + Add-Member -MemberType ScriptProperty -Name Logins -Value { + return @{ + 'Windows\User1' = ( New-Object -TypeName Object | + Add-Member -MemberType NoteProperty -Name 'Name' -Value 'Windows\User1' -PassThru | + Add-Member -MemberType NoteProperty -Name 'LoginType' -Value 'WindowsUser' -PassThru | + Add-Member -MemberType ScriptMethod -Name Alter -Value {} -PassThru | + Add-Member -MemberType ScriptMethod -Name Drop -Value {} -PassThru -Force + ) + 'SqlLogin1' = ( New-Object -TypeName Object | + Add-Member -MemberType NoteProperty -Name 'Name' -Value 'SqlLogin1' -PassThru | + Add-Member -MemberType NoteProperty -Name 'LoginType' -Value 'SqlLogin' -PassThru | + Add-Member -MemberType NoteProperty -Name 'MustChangePassword' -Value $false -PassThru | + Add-Member -MemberType NoteProperty -Name 'PasswordExpirationEnabled' -Value $true -PassThru | + Add-Member -MemberType NoteProperty -Name 'PasswordPolicyEnforced' -Value $true -PassThru | + Add-Member -MemberType ScriptMethod -Name Alter -Value {} -PassThru | + Add-Member -MemberType ScriptMethod -Name Drop -Value {} -PassThru -Force + ) + 'Windows\Group1' = ( New-Object -TypeName Object | + Add-Member -MemberType NoteProperty -Name 'Name' -Value 'Windows\Group1' -PassThru | + Add-Member -MemberType NoteProperty -Name 'LoginType' -Value 'WindowsGroup' -PassThru | + Add-Member -MemberType ScriptMethod -Name Alter -Value {} -PassThru | + Add-Member -MemberType ScriptMethod -Name Drop -Value {} -PassThru -Force + ) + } + } -PassThru | + Add-Member -MemberType NoteProperty -Name LoginMode -Value $mockLoginMode -PassThru -Force + } + $mockAccountDisabledException = New-Object System.Exception 'Account disabled' $mockAccountDisabledException | Add-Member -Name 'Number' -Value 18470 -MemberType NoteProperty $mockLoginFailedException = New-Object System.Exception 'Login failed' $mockLoginFailedException | Add-Member -Name 'Number' -Value 18456 -MemberType NoteProperty $mockException = New-Object System.Exception 'Something went wrong' $mockException | Add-Member -Name 'Number' -Value 1 -MemberType NoteProperty + #endregion Pester Test Initialization Describe 'MSFT_SqlServerLogin\Get-TargetResource' { @@ -1014,38 +1045,10 @@ try Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 1 -Exactly } - It 'Should throw the correct error when creating a SQL Login if the LoginMode is not Mixed' { - $mockConnectSQL_LoginModeNormal = { - return New-Object -TypeName Object | - Add-Member -MemberType ScriptProperty -Name Logins -Value { - return @{ - 'Windows\User1' = ( New-Object -TypeName Object | - Add-Member -MemberType NoteProperty -Name 'Name' -Value 'Windows\User1' -PassThru | - Add-Member -MemberType NoteProperty -Name 'LoginType' -Value 'WindowsUser' -PassThru | - Add-Member -MemberType ScriptMethod -Name Alter -Value {} -PassThru | - Add-Member -MemberType ScriptMethod -Name Drop -Value {} -PassThru -Force - ) - 'SqlLogin1' = ( New-Object -TypeName Object | - Add-Member -MemberType NoteProperty -Name 'Name' -Value 'SqlLogin1' -PassThru | - Add-Member -MemberType NoteProperty -Name 'LoginType' -Value 'SqlLogin' -PassThru | - Add-Member -MemberType NoteProperty -Name 'MustChangePassword' -Value $false -PassThru | - Add-Member -MemberType NoteProperty -Name 'PasswordExpirationEnabled' -Value $true -PassThru | - Add-Member -MemberType NoteProperty -Name 'PasswordPolicyEnforced' -Value $true -PassThru | - Add-Member -MemberType ScriptMethod -Name Alter -Value {} -PassThru | - Add-Member -MemberType ScriptMethod -Name Drop -Value {} -PassThru -Force - ) - 'Windows\Group1' = ( New-Object -TypeName Object | - Add-Member -MemberType NoteProperty -Name 'Name' -Value 'Windows\Group1' -PassThru | - Add-Member -MemberType NoteProperty -Name 'LoginType' -Value 'WindowsGroup' -PassThru | - Add-Member -MemberType ScriptMethod -Name Alter -Value {} -PassThru | - Add-Member -MemberType ScriptMethod -Name Drop -Value {} -PassThru -Force - ) - } - } -PassThru | - Add-Member -MemberType NoteProperty -Name LoginMode -Value 'Normal' -PassThru -Force - } + It 'Should throw the correct error when creating a SQL Login if the LoginMode is ''Integrated''' { + $mockLoginMode = 'Integrated' - Mock -CommandName Connect-SQL -MockWith $mockConnectSQL_LoginModeNormal -Verifiable + Mock -CommandName Connect-SQL -MockWith $mockConnectSQL_LoginMode -Verifiable $setTargetResource_SqlLoginAbsent_EnsurePresent = $setTargetResource_SqlLoginAbsent.Clone() $setTargetResource_SqlLoginAbsent_EnsurePresent.Add( 'Ensure', 'Present' ) @@ -1060,6 +1063,42 @@ try Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly } } + + It 'Should not throw an error when creating a SQL Login and the LoginMode is set to ''Normal''' { + $mockLoginMode = 'Normal' + + Mock -CommandName Connect-SQL -MockWith $mockConnectSQL_LoginMode -Verifiable + + $setTargetResource_SqlLoginAbsent_EnsurePresent = $setTargetResource_SqlLoginAbsent.Clone() + $setTargetResource_SqlLoginAbsent_EnsurePresent.Add( 'Ensure', 'Present' ) + $setTargetResource_SqlLoginAbsent_EnsurePresent.Add( 'LoginCredential', $mockSqlLoginCredential ) + + { Set-TargetResource @setTargetResource_SqlLoginAbsent_EnsurePresent } | Should -Not -Throw 'IncorrectLoginMode' + + Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly + Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly + Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 1 -Exactly + Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly + Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly + } + + It 'Should not throw an error when creating a SQL Login and the LoginMode is set to ''Mixed''' { + $mockLoginMode = 'Mixed' + + Mock -CommandName Connect-SQL -MockWith $mockConnectSQL_LoginMode -Verifiable + + $setTargetResource_SqlLoginAbsent_EnsurePresent = $setTargetResource_SqlLoginAbsent.Clone() + $setTargetResource_SqlLoginAbsent_EnsurePresent.Add( 'Ensure', 'Present' ) + $setTargetResource_SqlLoginAbsent_EnsurePresent.Add( 'LoginCredential', $mockSqlLoginCredential ) + + { Set-TargetResource @setTargetResource_SqlLoginAbsent_EnsurePresent } | Should -Not -Throw 'IncorrectLoginMode' + + Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly + Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly + Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 1 -Exactly + Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly + Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly + } } Describe 'MSFT_SqlServerLogin\Update-SQLServerLogin' { From 345a5ec0915f93dd1e965d6ccdf4715123b8ccf8 Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Fri, 11 Jan 2019 15:30:04 +0100 Subject: [PATCH 2/2] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 6249e99b0..4c417e0ff 100644 --- a/README.md +++ b/README.md @@ -1123,6 +1123,9 @@ No description. * Target machine must be running Windows Server 2008 R2 or later. * Target machine must be running SQL Server Database Engine 2008 or later. +* When the `LoginType` `'SqlLogin'` is used, then the login authentication + mode must have been set to `Mixed` or `Normal`. If set to `Integrated` + and error will be thrown. #### Parameters