Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SqlServerLogin: Error is thrown when SqlLogin is run in Integrated mode #1266

Merged
merged 2 commits into from
Jan 21, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,9 @@
- Changes to SqlServerLogin
- Fixed issue in Test-TargetResource to valid password on disabled accounts.
([issue #915](https://github.com/PowerShell/SqlServerDsc/issues/915)).
- Now when adding a login of type SqlLogin, and the SQL Server login mode
is set to `'Integrated'`, an error is correctly thrown
([issue #1179](https://github.com/PowerShell/SqlServerDsc/issues/1179)).
- Changes to SqlSetup
- Updated the integration test to stop the named instance while installing
the other instances to mitigate
Expand Down
4 changes: 2 additions & 2 deletions DSCResources/MSFT_SqlServerLogin/MSFT_SqlServerLogin.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -227,10 +227,10 @@ function Set-TargetResource

switch ($LoginType)
{
SqlLogin
'SqlLogin'
{
# Verify the instance is in Mixed authentication mode
if ( $serverObject.LoginMode -notmatch 'Mixed|Integrated' )
if ( $serverObject.LoginMode -notmatch 'Mixed|Normal' )
{
throw New-TerminatingError -ErrorType IncorrectLoginMode -FormatArgs $ServerName, $InstanceName, $serverObject.LoginMode -ErrorCategory NotImplemented
}
Expand Down
3 changes: 3 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -1123,6 +1123,9 @@ No description.

* Target machine must be running Windows Server 2008 R2 or later.
* Target machine must be running SQL Server Database Engine 2008 or later.
* When the `LoginType` `'SqlLogin'` is used, then the login authentication
mode must have been set to `Mixed` or `Normal`. If set to `Integrated`
and error will be thrown.

#### Parameters

Expand Down
101 changes: 70 additions & 31 deletions Tests/Unit/MSFT_SqlServerLogin.Tests.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -222,12 +222,43 @@ try
return $mock
}

$mockConnectSQL_LoginMode = {
return New-Object -TypeName Object |
Add-Member -MemberType ScriptProperty -Name Logins -Value {
return @{
'Windows\User1' = ( New-Object -TypeName Object |
Add-Member -MemberType NoteProperty -Name 'Name' -Value 'Windows\User1' -PassThru |
Add-Member -MemberType NoteProperty -Name 'LoginType' -Value 'WindowsUser' -PassThru |
Add-Member -MemberType ScriptMethod -Name Alter -Value {} -PassThru |
Add-Member -MemberType ScriptMethod -Name Drop -Value {} -PassThru -Force
)
'SqlLogin1' = ( New-Object -TypeName Object |
Add-Member -MemberType NoteProperty -Name 'Name' -Value 'SqlLogin1' -PassThru |
Add-Member -MemberType NoteProperty -Name 'LoginType' -Value 'SqlLogin' -PassThru |
Add-Member -MemberType NoteProperty -Name 'MustChangePassword' -Value $false -PassThru |
Add-Member -MemberType NoteProperty -Name 'PasswordExpirationEnabled' -Value $true -PassThru |
Add-Member -MemberType NoteProperty -Name 'PasswordPolicyEnforced' -Value $true -PassThru |
Add-Member -MemberType ScriptMethod -Name Alter -Value {} -PassThru |
Add-Member -MemberType ScriptMethod -Name Drop -Value {} -PassThru -Force
)
'Windows\Group1' = ( New-Object -TypeName Object |
Add-Member -MemberType NoteProperty -Name 'Name' -Value 'Windows\Group1' -PassThru |
Add-Member -MemberType NoteProperty -Name 'LoginType' -Value 'WindowsGroup' -PassThru |
Add-Member -MemberType ScriptMethod -Name Alter -Value {} -PassThru |
Add-Member -MemberType ScriptMethod -Name Drop -Value {} -PassThru -Force
)
}
} -PassThru |
Add-Member -MemberType NoteProperty -Name LoginMode -Value $mockLoginMode -PassThru -Force
}

$mockAccountDisabledException = New-Object System.Exception 'Account disabled'
$mockAccountDisabledException | Add-Member -Name 'Number' -Value 18470 -MemberType NoteProperty
$mockLoginFailedException = New-Object System.Exception 'Login failed'
$mockLoginFailedException | Add-Member -Name 'Number' -Value 18456 -MemberType NoteProperty
$mockException = New-Object System.Exception 'Something went wrong'
$mockException | Add-Member -Name 'Number' -Value 1 -MemberType NoteProperty

#endregion Pester Test Initialization

Describe 'MSFT_SqlServerLogin\Get-TargetResource' {
Expand Down Expand Up @@ -1014,38 +1045,10 @@ try
Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 1 -Exactly
}

It 'Should throw the correct error when creating a SQL Login if the LoginMode is not Mixed' {
$mockConnectSQL_LoginModeNormal = {
return New-Object -TypeName Object |
Add-Member -MemberType ScriptProperty -Name Logins -Value {
return @{
'Windows\User1' = ( New-Object -TypeName Object |
Add-Member -MemberType NoteProperty -Name 'Name' -Value 'Windows\User1' -PassThru |
Add-Member -MemberType NoteProperty -Name 'LoginType' -Value 'WindowsUser' -PassThru |
Add-Member -MemberType ScriptMethod -Name Alter -Value {} -PassThru |
Add-Member -MemberType ScriptMethod -Name Drop -Value {} -PassThru -Force
)
'SqlLogin1' = ( New-Object -TypeName Object |
Add-Member -MemberType NoteProperty -Name 'Name' -Value 'SqlLogin1' -PassThru |
Add-Member -MemberType NoteProperty -Name 'LoginType' -Value 'SqlLogin' -PassThru |
Add-Member -MemberType NoteProperty -Name 'MustChangePassword' -Value $false -PassThru |
Add-Member -MemberType NoteProperty -Name 'PasswordExpirationEnabled' -Value $true -PassThru |
Add-Member -MemberType NoteProperty -Name 'PasswordPolicyEnforced' -Value $true -PassThru |
Add-Member -MemberType ScriptMethod -Name Alter -Value {} -PassThru |
Add-Member -MemberType ScriptMethod -Name Drop -Value {} -PassThru -Force
)
'Windows\Group1' = ( New-Object -TypeName Object |
Add-Member -MemberType NoteProperty -Name 'Name' -Value 'Windows\Group1' -PassThru |
Add-Member -MemberType NoteProperty -Name 'LoginType' -Value 'WindowsGroup' -PassThru |
Add-Member -MemberType ScriptMethod -Name Alter -Value {} -PassThru |
Add-Member -MemberType ScriptMethod -Name Drop -Value {} -PassThru -Force
)
}
} -PassThru |
Add-Member -MemberType NoteProperty -Name LoginMode -Value 'Normal' -PassThru -Force
}
It 'Should throw the correct error when creating a SQL Login if the LoginMode is ''Integrated''' {
$mockLoginMode = 'Integrated'

Mock -CommandName Connect-SQL -MockWith $mockConnectSQL_LoginModeNormal -Verifiable
Mock -CommandName Connect-SQL -MockWith $mockConnectSQL_LoginMode -Verifiable

$setTargetResource_SqlLoginAbsent_EnsurePresent = $setTargetResource_SqlLoginAbsent.Clone()
$setTargetResource_SqlLoginAbsent_EnsurePresent.Add( 'Ensure', 'Present' )
Expand All @@ -1060,6 +1063,42 @@ try
Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly
}
}

It 'Should not throw an error when creating a SQL Login and the LoginMode is set to ''Normal''' {
$mockLoginMode = 'Normal'

Mock -CommandName Connect-SQL -MockWith $mockConnectSQL_LoginMode -Verifiable

$setTargetResource_SqlLoginAbsent_EnsurePresent = $setTargetResource_SqlLoginAbsent.Clone()
$setTargetResource_SqlLoginAbsent_EnsurePresent.Add( 'Ensure', 'Present' )
$setTargetResource_SqlLoginAbsent_EnsurePresent.Add( 'LoginCredential', $mockSqlLoginCredential )

{ Set-TargetResource @setTargetResource_SqlLoginAbsent_EnsurePresent } | Should -Not -Throw 'IncorrectLoginMode'

Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly
Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly
Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 1 -Exactly
Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly
Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly
}

It 'Should not throw an error when creating a SQL Login and the LoginMode is set to ''Mixed''' {
$mockLoginMode = 'Mixed'

Mock -CommandName Connect-SQL -MockWith $mockConnectSQL_LoginMode -Verifiable

$setTargetResource_SqlLoginAbsent_EnsurePresent = $setTargetResource_SqlLoginAbsent.Clone()
$setTargetResource_SqlLoginAbsent_EnsurePresent.Add( 'Ensure', 'Present' )
$setTargetResource_SqlLoginAbsent_EnsurePresent.Add( 'LoginCredential', $mockSqlLoginCredential )

{ Set-TargetResource @setTargetResource_SqlLoginAbsent_EnsurePresent } | Should -Not -Throw 'IncorrectLoginMode'

Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly
Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly
Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 1 -Exactly
Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly
Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly
}
}

Describe 'MSFT_SqlServerLogin\Update-SQLServerLogin' {
Expand Down