diff --git a/CHANGELOG.md b/CHANGELOG.md index 87089f6e7..df4292beb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -37,8 +37,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Wiki - add introduction and links to DSC technology - SqlLogin - - BREAKING CHANGE: `LoginMustChangePassword`, `LoginPasswordExpirationEnabled` and `LoginPasswordPolicyEnforced` - parameters no longer enforce default values ([issue #1669](https://github.com/dsccommunity/SqlServerDsc/issues/1669)). + - BREAKING CHANGE: The parameters `LoginMustChangePassword`, `LoginPasswordExpirationEnabled`, + and `LoginPasswordPolicyEnforced` no longer have a default value of `$true`. + This means that when creating a new login, and not specifically setting + these parameters to `$true` in the configuration, the login that is created + will have these properties set to `$false`. + - BREAKING CHANGE: `LoginMustChangePassword`, `LoginPasswordExpirationEnabled`, + and `LoginPasswordPolicyEnforced` parameters no longer enforce default + values ([issue #1669](https://github.com/dsccommunity/SqlServerDsc/issues/1669)). - SqlServerDsc - All tests have been converted to run in Pester 5 (Pester 4 can no longer be supported) ([issue #1654](https://github.com/dsccommunity/SqlServerDsc/issues/1654)). diff --git a/source/DSCResources/DSC_SqlLogin/DSC_SqlLogin.psm1 b/source/DSCResources/DSC_SqlLogin/DSC_SqlLogin.psm1 index 93ce927a4..6380f9437 100644 --- a/source/DSCResources/DSC_SqlLogin/DSC_SqlLogin.psm1 +++ b/source/DSCResources/DSC_SqlLogin/DSC_SqlLogin.psm1 @@ -302,9 +302,14 @@ function Set-TargetResource New-InvalidOperationException -Message $errorMessage } - # `PasswordPolicyEnforced` and `PasswordExpirationEnabled` must be updated together. + <# + PasswordExpirationEnabled can only be set to $true if PasswordPolicyEnforced + is also set to $true. If not the SQL Server will throw the exception + "The CHECK_EXPIRATION option cannot be used when CHECK_POLICY is OFF". + #> $login.PasswordPolicyEnforced = $LoginPasswordPolicyEnforced $login.PasswordExpirationEnabled = $LoginPasswordExpirationEnabled + if ( $LoginMustChangePassword ) { $LoginCreateOptions = [Microsoft.SqlServer.Management.Smo.LoginCreateOptions]::MustChange diff --git a/tests/Integration/DSC_SqlLogin.Integration.Tests.ps1 b/tests/Integration/DSC_SqlLogin.Integration.Tests.ps1 index 48c8c6134..c6249b4da 100644 --- a/tests/Integration/DSC_SqlLogin.Integration.Tests.ps1 +++ b/tests/Integration/DSC_SqlLogin.Integration.Tests.ps1 @@ -639,7 +639,7 @@ Describe "$($script:dscResourceName)_Integration" -Tag @('Integration_SQL2016', } Context ('When using configuration <_>') -ForEach @( - "$($script:dscResourceName)_AddLoginDscUser5_Set_LoginPasswordExpirationEnabled_Config" + "$($script:dscResourceName)_AddLoginDscUser5_Set_LoginPasswordPolicyEnforced_Config" ) { BeforeAll { $configurationName = $_ @@ -742,6 +742,113 @@ Describe "$($script:dscResourceName)_Integration" -Tag @('Integration_SQL2016', } } + ### START - THIS SHOULD THROW AN ERROR ### + Context ('When using configuration <_>') -ForEach @( + "$($script:dscResourceName)_AddLoginDscUser5_Set_LoginPasswordExpirationEnabled_Config" + ) { + BeforeAll { + $configurationName = $_ + } + + AfterAll { + Wait-ForIdleLcm + } + + It 'Should compile and apply the MOF without throwing' { + { + $configurationParameters = @{ + OutputPath = $TestDrive + # The variable $ConfigurationData was dot-sourced above. + ConfigurationData = $ConfigurationData + } + + & $configurationName @configurationParameters + + $startDscConfigurationParameters = @{ + Path = $TestDrive + ComputerName = 'localhost' + Wait = $true + Verbose = $true + Force = $true + ErrorAction = 'Stop' + } + + Start-DscConfiguration @startDscConfigurationParameters + } | Should -Not -Throw + } + + It 'Should be able to call Get-DscConfiguration without throwing' { + { + $script:currentConfiguration = Get-DscConfiguration -Verbose -ErrorAction Stop + } | Should -Not -Throw + } + + It 'Should have set the resource and all the parameters should match' { + $resourceCurrentState = $script:currentConfiguration | Where-Object -FilterScript { + $_.ConfigurationName -eq $configurationName ` + -and $_.ResourceId -eq $resourceId + } + + $resourceCurrentState.Ensure | Should -Be 'Present' + $resourceCurrentState.Name | Should -Be $ConfigurationData.AllNodes.DscUser5Name + $resourceCurrentState.LoginType | Should -Be $ConfigurationData.AllNodes.DscUser5Type + $resourceCurrentState.Disabled | Should -Be $false + $resourceCurrentState.LoginMustChangePassword | Should -BeFalse + $resourceCurrentState.LoginPasswordExpirationEnabled | Should -BeTrue + $resourceCurrentState.LoginPasswordPolicyEnforced | Should -BeFalse + } + + It 'Should return $true when Test-DscConfiguration is run' { + Test-DscConfiguration -Verbose | Should -Be 'True' + } + } + + <# + Removing the user DscUser5 to be able to re add it with different configuration. + At the end of the test it will be removed again permanently, and with a + verification of properties from Get-TargetResource. + #> + Context ('When using configuration <_>') -ForEach @( + "$($script:dscResourceName)_RemoveLoginDscUser5_Config" + ) { + BeforeAll { + $configurationName = $_ + } + + AfterAll { + Wait-ForIdleLcm + } + + It 'Should compile and apply the MOF without throwing' { + { + $configurationParameters = @{ + OutputPath = $TestDrive + # The variable $ConfigurationData was dot-sourced above. + ConfigurationData = $ConfigurationData + } + + & $configurationName @configurationParameters + + $startDscConfigurationParameters = @{ + Path = $TestDrive + ComputerName = 'localhost' + Wait = $true + Verbose = $true + Force = $true + ErrorAction = 'Stop' + } + + Start-DscConfiguration @startDscConfigurationParameters + } | Should -Not -Throw + } + + It 'Should return $true when Test-DscConfiguration is run' { + Test-DscConfiguration -Verbose | Should -Be 'True' + } + } + + ### END - THIS SHOULD THROW AN ERROR ### + <# This adds the user DscUser5 with both LoginPasswordExpirationEnabled and LoginPasswordPolicyEnforced set to False. It will be used to test if the @@ -798,8 +905,8 @@ Describe "$($script:dscResourceName)_Integration" -Tag @('Integration_SQL2016', $resourceCurrentState.LoginType | Should -Be $ConfigurationData.AllNodes.DscUser5Type $resourceCurrentState.Disabled | Should -Be $false $resourceCurrentState.LoginMustChangePassword | Should -BeFalse - $resourceCurrentState.LoginPasswordExpirationEnabled | Should -BeFalse - $resourceCurrentState.LoginPasswordPolicyEnforced | Should -BeFalse + $resourceCurrentState.LoginPasswordExpirationEnabled | Should -BeTrue + $resourceCurrentState.LoginPasswordPolicyEnforced | Should -BeTrue } It 'Should return $true when Test-DscConfiguration is run' { @@ -808,7 +915,7 @@ Describe "$($script:dscResourceName)_Integration" -Tag @('Integration_SQL2016', } Context ('When using configuration <_>') -ForEach @( - "$($script:dscResourceName)_UpdateLoginDscUser5_Set_LoginPasswordPolicyEnforced_Config" + "$($script:dscResourceName)_UpdateLoginDscUser5_Set_LoginPasswordExpirationEnabled_Config" ) { BeforeAll { $configurationName = $_ @@ -859,6 +966,7 @@ Describe "$($script:dscResourceName)_Integration" -Tag @('Integration_SQL2016', $resourceCurrentState.Disabled | Should -Be $false $resourceCurrentState.LoginMustChangePassword | Should -BeFalse $resourceCurrentState.LoginPasswordExpirationEnabled | Should -BeFalse + # This was set to true by the previous test. $resourceCurrentState.LoginPasswordPolicyEnforced | Should -BeTrue } @@ -868,7 +976,7 @@ Describe "$($script:dscResourceName)_Integration" -Tag @('Integration_SQL2016', } Context ('When using configuration <_>') -ForEach @( - "$($script:dscResourceName)_UpdateLoginDscUser5_Set_LoginPasswordExpirationEnabled_Config" + "$($script:dscResourceName)_UpdateLoginDscUser5_Set_LoginPasswordPolicyEnforced_Config" ) { BeforeAll { $configurationName = $_ @@ -918,8 +1026,7 @@ Describe "$($script:dscResourceName)_Integration" -Tag @('Integration_SQL2016', $resourceCurrentState.LoginType | Should -Be $ConfigurationData.AllNodes.DscUser5Type $resourceCurrentState.Disabled | Should -Be $false $resourceCurrentState.LoginMustChangePassword | Should -BeFalse - $resourceCurrentState.LoginPasswordExpirationEnabled | Should -BeTrue - # This was set to true by the previous test. + $resourceCurrentState.LoginPasswordExpirationEnabled | Should -BeFalse $resourceCurrentState.LoginPasswordPolicyEnforced | Should -BeTrue } diff --git a/tests/Integration/DSC_SqlLogin.config.ps1 b/tests/Integration/DSC_SqlLogin.config.ps1 index 000f98692..814f96c1d 100644 --- a/tests/Integration/DSC_SqlLogin.config.ps1 +++ b/tests/Integration/DSC_SqlLogin.config.ps1 @@ -361,10 +361,10 @@ Configuration DSC_SqlLogin_AddLoginDscUser5_DefaultValues_Config <# .SYNOPSIS - Adds a second SQL login to test LoginPasswordExpirationEnabled set to False, and - LoginPasswordPolicyEnforced using default value. + Adds a second SQL login to test LoginPasswordPolicyEnforced set to True, and + LoginPasswordExpirationEnabled using default value. #> -Configuration DSC_SqlLogin_AddLoginDscUser5_Set_LoginPasswordExpirationEnabled_Config +Configuration DSC_SqlLogin_AddLoginDscUser5_Set_LoginPasswordPolicyEnforced_Config { Import-DscResource -ModuleName 'SqlServerDsc' @@ -376,7 +376,7 @@ Configuration DSC_SqlLogin_AddLoginDscUser5_Set_LoginPasswordExpirationEnabled_C Name = $Node.DscUser5Name LoginType = $Node.DscUser5Type LoginMustChangePassword = $false - LoginPasswordExpirationEnabled = $false + LoginPasswordPolicyEnforced = $true LoginCredential = New-Object ` -TypeName System.Management.Automation.PSCredential ` @@ -401,10 +401,10 @@ Configuration DSC_SqlLogin_AddLoginDscUser5_Set_LoginPasswordExpirationEnabled_C <# .SYNOPSIS - Adds a second SQL login to test both LoginPasswordExpirationEnabled and - LoginPasswordPolicyEnforced set to False. + Adds a second SQL login to test LoginPasswordExpirationEnabled set to True, and + LoginPasswordPolicyEnforced using default value. #> -Configuration DSC_SqlLogin_AddLoginDscUser5_Set_LoginPasswordExpirationEnabled_LoginPasswordPolicyEnforced_Config +Configuration DSC_SqlLogin_AddLoginDscUser5_Set_LoginPasswordExpirationEnabled_Config { Import-DscResource -ModuleName 'SqlServerDsc' @@ -416,8 +416,7 @@ Configuration DSC_SqlLogin_AddLoginDscUser5_Set_LoginPasswordExpirationEnabled_L Name = $Node.DscUser5Name LoginType = $Node.DscUser5Type LoginMustChangePassword = $false - LoginPasswordPolicyEnforced = $false - LoginPasswordExpirationEnabled = $false + LoginPasswordExpirationEnabled = $true LoginCredential = New-Object ` -TypeName System.Management.Automation.PSCredential ` @@ -442,15 +441,10 @@ Configuration DSC_SqlLogin_AddLoginDscUser5_Set_LoginPasswordExpirationEnabled_L <# .SYNOPSIS - Updates the second SQL login to test LoginPasswordPolicyEnforced set to True, and - LoginPasswordExpirationEnabled using the previous set value. - - .NOTES - This test must run before the test that sets LoginPasswordExpirationEnabled - to False below; - "DSC_SqlLogin_UpdateLoginDscUser5_Set_LoginPasswordExpirationEnabled_Config". + Adds a second SQL login to test both LoginPasswordExpirationEnabled and + LoginPasswordPolicyEnforced set to False. #> -Configuration DSC_SqlLogin_UpdateLoginDscUser5_Set_LoginPasswordPolicyEnforced_Config +Configuration DSC_SqlLogin_AddLoginDscUser5_Set_LoginPasswordExpirationEnabled_LoginPasswordPolicyEnforced_Config { Import-DscResource -ModuleName 'SqlServerDsc' @@ -463,6 +457,7 @@ Configuration DSC_SqlLogin_UpdateLoginDscUser5_Set_LoginPasswordPolicyEnforced_C LoginType = $Node.DscUser5Type LoginMustChangePassword = $false LoginPasswordPolicyEnforced = $true + LoginPasswordExpirationEnabled = $true LoginCredential = New-Object ` -TypeName System.Management.Automation.PSCredential ` @@ -487,7 +482,7 @@ Configuration DSC_SqlLogin_UpdateLoginDscUser5_Set_LoginPasswordPolicyEnforced_C <# .SYNOPSIS - Updates the second SQL login to test LoginPasswordExpirationEnabled set to True, and + Updates the second SQL login to test LoginPasswordExpirationEnabled set to False, and LoginPasswordPolicyEnforced using the previous set value. #> Configuration DSC_SqlLogin_UpdateLoginDscUser5_Set_LoginPasswordExpirationEnabled_Config @@ -502,7 +497,7 @@ Configuration DSC_SqlLogin_UpdateLoginDscUser5_Set_LoginPasswordExpirationEnable Name = $Node.DscUser5Name LoginType = $Node.DscUser5Type LoginMustChangePassword = $false - LoginPasswordExpirationEnabled = $true + LoginPasswordExpirationEnabled = $false LoginCredential = New-Object ` -TypeName System.Management.Automation.PSCredential ` @@ -527,9 +522,15 @@ Configuration DSC_SqlLogin_UpdateLoginDscUser5_Set_LoginPasswordExpirationEnable <# .SYNOPSIS - Updates the second SQL login to test LoginPasswordPolicyEnforced + Updates the second SQL login to test LoginPasswordPolicyEnforced set to True, and + LoginPasswordExpirationEnabled using the previous set value. + + .NOTES + This test must run after the test that sets LoginPasswordExpirationEnabled + to False above; + "DSC_SqlLogin_UpdateLoginDscUser5_Set_LoginPasswordExpirationEnabled_Config". #> -Configuration DSC_SqlLogin_AddLoginDscUser5_Config +Configuration DSC_SqlLogin_UpdateLoginDscUser5_Set_LoginPasswordPolicyEnforced_Config { Import-DscResource -ModuleName 'SqlServerDsc' @@ -541,6 +542,7 @@ Configuration DSC_SqlLogin_AddLoginDscUser5_Config Name = $Node.DscUser5Name LoginType = $Node.DscUser5Type LoginMustChangePassword = $false + LoginPasswordPolicyEnforced = $false LoginCredential = New-Object ` -TypeName System.Management.Automation.PSCredential ` @@ -548,8 +550,8 @@ Configuration DSC_SqlLogin_AddLoginDscUser5_Config <# Must use a database that is available on the server, - otherwise the password check will fail since it cannot - connect to the database. + and to which the login has access, otherwise the password + check will fail since it cannot connect to the database. #> DefaultDatabase = 'master' @@ -563,7 +565,6 @@ Configuration DSC_SqlLogin_AddLoginDscUser5_Config } } - <# .SYNOPSIS Adds a Windows Group login. diff --git a/tests/Unit/DSC_SqlLogin.Tests.ps1 b/tests/Unit/DSC_SqlLogin.Tests.ps1 index 03a38ea87..a5f3c1cc0 100644 --- a/tests/Unit/DSC_SqlLogin.Tests.ps1 +++ b/tests/Unit/DSC_SqlLogin.Tests.ps1 @@ -832,6 +832,7 @@ Describe 'SqlLogin\Set-TargetResource' -Tag 'Set' { $mockSetTargetResourceParameters.Name = 'SqlLogin1' $mockSetTargetResourceParameters.LoginType = 'SqlLogin' + $mockSetTargetResourceParameters.LoginMustChangePassword = $true $mockSetTargetResourceParameters.LoginCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList @($mockTestTargetResourceParameters.Name, $mockPassword) { Set-TargetResource @mockSetTargetResourceParameters } | Should -Not -Throw @@ -1495,672 +1496,6 @@ Describe 'SqlLogin\Set-TargetResource' -Tag 'Set' { } } -# try -# { -# InModuleScope $script:dscResourceName { -# # Create PSCredential object for SQL Logins -# $mockSqlLoginUser = 'dba' -# $mockSqlLoginPassword = 'P@ssw0rd-12P@ssw0rd-12' | ConvertTo-SecureString -AsPlainText -Force -# $mockSqlLoginCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList @($mockSqlLoginUser, $mockSqlLoginPassword) - -# $mockSqlLoginBadPassword = 'pw' | ConvertTo-SecureString -AsPlainText -Force -# $mockSqlLoginCredentialBadPassword = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList @($mockSqlLoginUser, $mockSqlLoginBadPassword) - -# $mockSqlLoginReusedPassword = 'reused' | ConvertTo-SecureString -AsPlainText -Force -# $mockSqlLoginCredentialReusedPassword = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList @($mockSqlLoginUser, $mockSqlLoginReusedPassword) - -# $mockSqlLoginOtherPassword = 'other' | ConvertTo-SecureString -AsPlainText -Force -# $mockSqlLoginCredentialOtherPassword = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ($mockSqlLoginUser, $mockSqlLoginOtherPassword) - -# $instanceParameters = @{ -# InstanceName = 'MSSQLSERVER' -# ServerName = 'Server1' -# } - -# $getTargetResource_UnknownSqlLogin = $instanceParameters.Clone() -# $getTargetResource_UnknownSqlLogin[ 'Name' ] = 'UnknownSqlLogin' - -# $getTargetResource_UnknownWindows = $instanceParameters.Clone() -# $getTargetResource_UnknownWindows[ 'Name' ] = 'Windows\UserOrGroup' - -# $getTargetResource_KnownSqlLogin = $instanceParameters.Clone() -# $getTargetResource_KnownSqlLogin[ 'Name' ] = 'SqlLogin1' - -# $getTargetResource_KnownWindowsUser = $instanceParameters.Clone() -# $getTargetResource_KnownWindowsUser[ 'Name' ] = 'Windows\User1' - -# $getTargetResource_KnownWindowsGroup = $instanceParameters.Clone() -# $getTargetResource_KnownWindowsGroup[ 'Name' ] = 'Windows\Group1' - -# $testTargetResource_WindowsUserAbsent = $instanceParameters.Clone() -# $testTargetResource_WindowsUserAbsent[ 'Name' ] = 'Windows\UserAbsent' -# $testTargetResource_WindowsUserAbsent[ 'LoginType' ] = 'WindowsUser' - -# $testTargetResource_WindowsGroupAbsent = $instanceParameters.Clone() -# $testTargetResource_WindowsGroupAbsent[ 'Name' ] = 'Windows\GroupAbsent' -# $testTargetResource_WindowsGroupAbsent[ 'LoginType' ] = 'WindowsGroup' - -# $testTargetResource_SqlLoginAbsent = $instanceParameters.Clone() -# $testTargetResource_SqlLoginAbsent[ 'Name' ] = 'SqlLoginAbsent' -# $testTargetResource_SqlLoginAbsent[ 'LoginType' ] = 'SqlLogin' - -# $testTargetResource_WindowsUserPresent = $instanceParameters.Clone() -# $testTargetResource_WindowsUserPresent[ 'Name' ] = 'Windows\User1' -# $testTargetResource_WindowsUserPresent[ 'LoginType' ] = 'WindowsUser' - -# $testTargetResource_WindowsGroupPresent = $instanceParameters.Clone() -# $testTargetResource_WindowsGroupPresent[ 'Name' ] = 'Windows\Group1' -# $testTargetResource_WindowsGroupPresent[ 'LoginType' ] = 'WindowsGroup' - -# $testTargetResource_SqlLoginPresentWithDefaultValues = $instanceParameters.Clone() -# $testTargetResource_SqlLoginPresentWithDefaultValues[ 'Name' ] = 'SqlLogin1' -# $testTargetResource_SqlLoginPresentWithDefaultValues[ 'LoginType' ] = 'SqlLogin' - -# $setTargetResource_CertificateAbsent = $instanceParameters.Clone() -# $setTargetResource_CertificateAbsent[ 'Name' ] = 'Certificate' -# $setTargetResource_CertificateAbsent[ 'LoginType' ] = 'Certificate' - -# $setTargetResource_WindowsUserAbsent = $instanceParameters.Clone() -# $setTargetResource_WindowsUserAbsent[ 'Name' ] = 'Windows\UserAbsent' -# $setTargetResource_WindowsUserAbsent[ 'LoginType' ] = 'WindowsUser' - -# $setTargetResource_WindowsGroupAbsent = $instanceParameters.Clone() -# $setTargetResource_WindowsGroupAbsent[ 'Name' ] = 'Windows\GroupAbsent' -# $setTargetResource_WindowsGroupAbsent[ 'LoginType' ] = 'WindowsGroup' - -# $setTargetResource_SqlLoginAbsent = $instanceParameters.Clone() -# $setTargetResource_SqlLoginAbsent[ 'Name' ] = 'SqlLoginAbsent' -# $setTargetResource_SqlLoginAbsent[ 'LoginType' ] = 'SqlLogin' - -# $setTargetResource_SqlLoginAbsentExisting = $instanceParameters.Clone() -# $setTargetResource_SqlLoginAbsentExisting[ 'Name' ] = 'Existing' -# $setTargetResource_SqlLoginAbsentExisting[ 'LoginType' ] = 'SqlLogin' - -# $setTargetResource_SqlLoginAbsentUnknown = $instanceParameters.Clone() -# $setTargetResource_SqlLoginAbsentUnknown[ 'Name' ] = 'Unknown' -# $setTargetResource_SqlLoginAbsentUnknown[ 'LoginType' ] = 'SqlLogin' - -# $setTargetResource_WindowsUserPresent = $instanceParameters.Clone() -# $setTargetResource_WindowsUserPresent[ 'Name' ] = 'Windows\User1' -# $setTargetResource_WindowsUserPresent[ 'LoginType' ] = 'WindowsUser' - -# $setTargetResource_CertificateAbsent = $instanceParameters.Clone() -# $setTargetResource_CertificateAbsent[ 'Name' ] = 'Certificate' -# $setTargetResource_CertificateAbsent[ 'LoginType' ] = 'Certificate' - -# $setTargetResource_WindowsUserAbsent = $instanceParameters.Clone() -# $setTargetResource_WindowsUserAbsent[ 'Name' ] = 'Windows\UserAbsent' -# $setTargetResource_WindowsUserAbsent[ 'LoginType' ] = 'WindowsUser' - -# $setTargetResource_WindowsGroupAbsent = $instanceParameters.Clone() -# $setTargetResource_WindowsGroupAbsent[ 'Name' ] = 'Windows\GroupAbsent' -# $setTargetResource_WindowsGroupAbsent[ 'LoginType' ] = 'WindowsGroup' - -# $setTargetResource_SqlLoginAbsent = $instanceParameters.Clone() -# $setTargetResource_SqlLoginAbsent[ 'Name' ] = 'SqlLoginAbsent' -# $setTargetResource_SqlLoginAbsent[ 'LoginType' ] = 'SqlLogin' - -# $setTargetResource_SqlLoginAbsentExisting = $instanceParameters.Clone() -# $setTargetResource_SqlLoginAbsentExisting[ 'Name' ] = 'Existing' -# $setTargetResource_SqlLoginAbsentExisting[ 'LoginType' ] = 'SqlLogin' - -# $setTargetResource_SqlLoginAbsentUnknown = $instanceParameters.Clone() -# $setTargetResource_SqlLoginAbsentUnknown[ 'Name' ] = 'Unknown' -# $setTargetResource_SqlLoginAbsentUnknown[ 'LoginType' ] = 'SqlLogin' - -# $setTargetResource_WindowsUserPresent = $instanceParameters.Clone() -# $setTargetResource_WindowsUserPresent[ 'Name' ] = 'Windows\User1' -# $setTargetResource_WindowsUserPresent[ 'LoginType' ] = 'WindowsUser' - -# $setTargetResource_WindowsGroupPresent = $instanceParameters.Clone() -# $setTargetResource_WindowsGroupPresent[ 'Name' ] = 'Windows\Group1' -# $setTargetResource_WindowsGroupPresent[ 'LoginType' ] = 'WindowsGroup' - -# $setTargetResource_SqlLoginPresent = $instanceParameters.Clone() -# $setTargetResource_SqlLoginPresent[ 'Name' ] = 'SqlLogin1' -# $setTargetResource_SqlLoginPresent[ 'LoginType' ] = 'SqlLogin' - -# <# -# These are set when the mocked methods Enable() and Disabled() are called. -# Can be used to verify that the method was actually called or not called. -# #> -# $script:mockWasLoginClassMethodEnableCalled = $false -# $script:mockWasLoginClassMethodDisabledCalled = $false - -# $mockConnectSQL = { -# $windowsUser = New-Object -TypeName 'Microsoft.SqlServer.Management.Smo.Login' -ArgumentList @('Server', 'Windows\User1') -# $windowsUser.LoginType = 'WindowsUser' -# $windowsUser = $windowsUser | Add-Member -Name 'Disable' -MemberType ScriptMethod -Value { -# $script:mockWasLoginClassMethodDisabledCalled = $true -# } -PassThru -Force -# $windowsUser.DefaultDatabase = 'master' - -# $windowsGroup = New-Object -TypeName 'Microsoft.SqlServer.Management.Smo.Login' -ArgumentList ('Server', 'Windows\Group1') -# $windowsGroup.LoginType = 'windowsGroup' -# $windowsGroup.DefaultDatabase = 'master' - -# $sqlLogin = New-Object -TypeName 'Microsoft.SqlServer.Management.Smo.Login' -ArgumentList @('Server', 'SqlLogin1') -# $sqlLogin.LoginType = 'SqlLogin' -# $sqlLogin.MustChangePassword = $false -# $sqlLogin.DefaultDatabase = 'master' -# $sqlLogin.PasswordPolicyEnforced = $true -# $sqlLogin.PasswordExpirationEnabled = $true - -# $sqlLoginDisabled = New-Object -TypeName 'Microsoft.SqlServer.Management.Smo.Login' -ArgumentList @('Server', 'Windows\UserDisabled') -# $sqlLoginDisabled.LoginType = 'WindowsUser' -# $sqlLoginDisabled.DefaultDatabase = 'master' -# $sqlLoginDisabled.IsDisabled = $true -# $sqlLoginDisabled = $sqlLoginDisabled | Add-Member -Name 'Enable' -MemberType ScriptMethod -Value { -# $script:mockWasLoginClassMethodEnableCalled = $true -# } -PassThru -Force - -# $mock = New-Object -TypeName PSObject -Property @{ -# LoginMode = 'Mixed' -# Logins = @{ -# $windowsUser.Name = $windowsUser -# $windowsGroup.Name = $windowsGroup -# $sqlLogin.Name = $sqlLogin -# $sqlLoginDisabled.Name = $sqlLoginDisabled -# } -# } - -# return $mock -# } - -# $mockConnectSQL_LoginMode = { -# return New-Object -TypeName Object | -# Add-Member -MemberType ScriptProperty -Name 'Logins' -Value { -# return @{ -# 'Windows\User1' = ( New-Object -TypeName Object | -# Add-Member -MemberType NoteProperty -Name 'Name' -Value 'Windows\User1' -PassThru | -# Add-Member -MemberType NoteProperty -Name 'LoginType' -Value 'WindowsUser' -PassThru | -# Add-Member -MemberType NoteProperty -Name 'DefaultDatabase' -Value 'master' -PassThru | -# Add-Member -MemberType ScriptMethod -Name Alter -Value {} -PassThru | -# Add-Member -MemberType ScriptMethod -Name Drop -Value {} -PassThru -Force -# ) -# 'SqlLogin1' = ( New-Object -TypeName Object | -# Add-Member -MemberType NoteProperty -Name 'Name' -Value 'SqlLogin1' -PassThru | -# Add-Member -MemberType NoteProperty -Name 'LoginType' -Value 'SqlLogin' -PassThru | -# Add-Member -MemberType NoteProperty -Name 'DefaultDatabase' -Value 'master' -PassThru | -# Add-Member -MemberType NoteProperty -Name 'MustChangePassword' -Value $false -PassThru | -# Add-Member -MemberType NoteProperty -Name 'PasswordExpirationEnabled' -Value $true -PassThru | -# Add-Member -MemberType NoteProperty -Name 'PasswordPolicyEnforced' -Value $true -PassThru | -# Add-Member -MemberType ScriptMethod -Name Alter -Value {} -PassThru | -# Add-Member -MemberType ScriptMethod -Name Drop -Value {} -PassThru -Force -# ) -# 'Windows\Group1' = ( New-Object -TypeName Object | -# Add-Member -MemberType NoteProperty -Name 'Name' -Value 'Windows\Group1' -PassThru | -# Add-Member -MemberType NoteProperty -Name 'LoginType' -Value 'WindowsGroup' -PassThru | -# Add-Member -MemberType NoteProperty -Name 'DefaultDatabase' -Value 'master' -PassThru | -# Add-Member -MemberType ScriptMethod -Name Alter -Value {} -PassThru | -# Add-Member -MemberType ScriptMethod -Name Drop -Value {} -PassThru -Force -# ) -# } -# } -PassThru | -# Add-Member -MemberType NoteProperty -Name LoginMode -Value $mockLoginMode -PassThru -Force -# } - - - - -# #endregion Pester Test Initialization - - - - -# Describe 'DSC_SqlLogin\Set-TargetResource' { -# Mock -CommandName Update-SQLServerLogin -ModuleName $script:dscResourceName -# Mock -CommandName New-SQLServerLogin -ModuleName $script:dscResourceName -# Mock -CommandName Remove-SQLServerLogin -ModuleName $script:dscResourceName -# Mock -CommandName Set-SQLServerLoginPassword -ModuleName $script:dscResourceName - -# Context 'When the desired state is Absent' { -# BeforeEach { -# $script:mockWasLoginClassMethodEnableCalled = $false -# $script:mockWasLoginClassMethodDisabledCalled = $false -# } - -# It 'Should drop the specified Windows User when it is Present' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL -Verifiable - -# $setTargetResource_WindowsUserPresent_EnsureAbsent = $setTargetResource_WindowsUserPresent.Clone() -# $setTargetResource_WindowsUserPresent_EnsureAbsent[ 'Ensure' ] = 'Absent' - -# Set-TargetResource @setTargetResource_WindowsUserPresent_EnsureAbsent - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } - -# It 'Should enable the specified Windows User when it is disabled' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL -Verifiable - -# $mockSetTargetResourceParameters = $instanceParameters.Clone() -# $mockSetTargetResourceParameters[ 'Ensure' ] = 'Present' -# $mockSetTargetResourceParameters[ 'Name' ] = 'Windows\UserDisabled' -# $mockSetTargetResourceParameters[ 'Disabled' ] = $false - -# Set-TargetResource @mockSetTargetResourceParameters -# $script:mockWasLoginClassMethodEnableCalled | Should -Be $true -# $script:mockWasLoginClassMethodDisabledCalled | Should -Be $false - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } - -# It 'Should disable the specified Windows User when it is enabled' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL -Verifiable - -# $mockSetTargetResourceParameters = $instanceParameters.Clone() -# $mockSetTargetResourceParameters[ 'Ensure' ] = 'Present' -# $mockSetTargetResourceParameters[ 'Name' ] = 'Windows\User1' -# $mockSetTargetResourceParameters[ 'Disabled' ] = $true - -# Set-TargetResource @mockSetTargetResourceParameters -# $script:mockWasLoginClassMethodEnableCalled | Should -Be $false -# $script:mockWasLoginClassMethodDisabledCalled | Should -Be $true - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } - -# It 'Should drop the specified Windows Group when it is Present' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL -Verifiable - -# $setTargetResource_WindowsGroupPresent_EnsureAbsent = $setTargetResource_WindowsGroupPresent.Clone() -# $setTargetResource_WindowsGroupPresent_EnsureAbsent[ 'Ensure' ] = 'Absent' - -# Set-TargetResource @setTargetResource_WindowsGroupPresent_EnsureAbsent - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } - -# It 'Should drop the specified SQL Login when it is Present' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL -Verifiable - -# $setTargetResource_SqlLoginPresent_EnsureAbsent = $setTargetResource_SqlLoginPresent.Clone() -# $setTargetResource_SqlLoginPresent_EnsureAbsent[ 'Ensure' ] = 'Absent' - -# Set-TargetResource @setTargetResource_SqlLoginPresent_EnsureAbsent - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } - -# It 'Should do nothing when the specified Windows User is Absent' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL -Verifiable - -# $setTargetResource_WindowsUserAbsent_EnsureAbsent = $setTargetResource_WindowsUserAbsent.Clone() -# $setTargetResource_WindowsUserAbsent_EnsureAbsent[ 'Ensure' ] = 'Absent' - -# Set-TargetResource @setTargetResource_WindowsUserAbsent_EnsureAbsent - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } - -# It 'Should do nothing when the specified Windows Group is Absent' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL -Verifiable - -# $setTargetResource_WindowsGroupAbsent_EnsureAbsent = $setTargetResource_WindowsGroupAbsent.Clone() -# $setTargetResource_WindowsGroupAbsent_EnsureAbsent[ 'Ensure' ] = 'Absent' - -# Set-TargetResource @setTargetResource_WindowsGroupAbsent_EnsureAbsent - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } - -# It 'Should do nothing when the specified SQL Login is Absent' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL -Verifiable - -# $setTargetResource_SqlLoginAbsent_EnsureAbsent = $setTargetResource_SqlLoginAbsent.Clone() -# $setTargetResource_SqlLoginAbsent_EnsureAbsent[ 'Ensure' ] = 'Absent' - -# Set-TargetResource @setTargetResource_SqlLoginAbsent_EnsureAbsent - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } -# } - -# Context 'When the desired state is Present' { -# BeforeEach { -# $script:mockWasLoginClassMethodEnableCalled = $false -# $script:mockWasLoginClassMethodDisabledCalled = $false -# } - -# It 'Should add the specified Windows User when it is Absent' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL -Verifiable - -# $setTargetResource_WindowsUserAbsent_EnsurePresent = $setTargetResource_WindowsUserAbsent.Clone() -# $setTargetResource_WindowsUserAbsent_EnsurePresent[ 'Ensure' ] = 'Present' - -# Set-TargetResource @setTargetResource_WindowsUserAbsent_EnsurePresent - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } - -# It 'Should add the specified Windows User as disabled when it is Absent' { -# Mock -CommandName Connect-SQL -MockWith { -# return New-Object -TypeName PSObject -Property @{ -# Logins = @{} -# } -# }-Verifiable - -# Mock -CommandName New-Object -MockWith { -# $windowsUser = New-Object -TypeName 'Microsoft.SqlServer.Management.Smo.Login' -ArgumentList @('Server', 'Windows\User1') -# $windowsUser = $windowsUser | Add-Member -Name 'Disable' -MemberType ScriptMethod -Value { -# $script:mockWasLoginClassMethodDisabledCalled = $true -# } -PassThru -Force - -# return $windowsUser -# } -ParameterFilter { -# $TypeName -eq 'Microsoft.SqlServer.Management.Smo.Login' -and $ArgumentList[1] -eq 'Windows\UserAbsent' -# }-Verifiable - -# $mockSetTargetResourceParameters = $instanceParameters.Clone() -# $mockSetTargetResourceParameters[ 'Ensure' ] = 'Present' -# $mockSetTargetResourceParameters[ 'Name' ] = 'Windows\UserAbsent' -# $mockSetTargetResourceParameters[ 'Disabled' ] = $true - -# Set-TargetResource @mockSetTargetResourceParameters -# $script:mockWasLoginClassMethodDisabledCalled | Should -Be $true - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } - -# It 'Should add the specified Windows Group when it is Absent' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL -Verifiable - -# $setTargetResource_WindowsGroupAbsent_EnsurePresent = $setTargetResource_WindowsGroupAbsent.Clone() -# $setTargetResource_WindowsGroupAbsent_EnsurePresent[ 'Ensure' ] = 'Present' - -# Set-TargetResource @setTargetResource_WindowsGroupAbsent_EnsurePresent - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } - -# It 'Should add the specified SQL Login when it is Absent' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL -Verifiable - -# $setTargetResource_SqlLoginAbsent_EnsurePresent = $setTargetResource_SqlLoginAbsent.Clone() -# $setTargetResource_SqlLoginAbsent_EnsurePresent[ 'Ensure' ] = 'Present' -# $setTargetResource_SqlLoginAbsent_EnsurePresent[ 'LoginCredential' ] = $mockSqlLoginCredential - -# Set-TargetResource @setTargetResource_SqlLoginAbsent_EnsurePresent - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } - -# It 'Should add the specified SQL Login when it is Absent and MustChangePassword is $false' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL -Verifiable - -# $setTargetResource_SqlLoginAbsent_EnsurePresent = $setTargetResource_SqlLoginAbsent.Clone() -# $setTargetResource_SqlLoginAbsent_EnsurePresent[ 'Ensure' ] = 'Present' -# $setTargetResource_SqlLoginAbsent_EnsurePresent[ 'LoginCredential' ] = $mockSqlLoginCredential -# $setTargetResource_SqlLoginAbsent_EnsurePresent[ 'LoginMustChangePassword' ] = $false - -# Set-TargetResource @setTargetResource_SqlLoginAbsent_EnsurePresent - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } - -# It 'Should throw the correct error when adding an unsupported login type' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL -Verifiable - -# $setTargetResource_CertificateAbsent_EnsurePresent = $setTargetResource_CertificateAbsent.Clone() -# $setTargetResource_CertificateAbsent_EnsurePresent[ 'Ensure' ] = 'Present' - -# $errorMessage = $script:localizedData.LoginTypeNotImplemented -f $setTargetResource_CertificateAbsent_EnsurePresent.LoginType -# { Set-TargetResource @setTargetResource_CertificateAbsent_EnsurePresent } | Should -Throw $errorMessage - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } - -# It 'Should throw the correct error when adding the specified SQL Login when it is Absent and is missing the LoginCredential parameter' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL -Verifiable - -# $setTargetResource_SqlLoginAbsent_EnsurePresent_NoCred = $setTargetResource_SqlLoginAbsent.Clone() -# $setTargetResource_SqlLoginAbsent_EnsurePresent_NoCred[ 'Ensure' ] = 'Present' - -# $errorMessage = $script:localizedData.LoginCredentialNotFound -f $setTargetResource_SqlLoginAbsent_EnsurePresent_NoCred.Name -# { Set-TargetResource @setTargetResource_SqlLoginAbsent_EnsurePresent_NoCred } | Should -Throw $errorMessage - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } - -# It 'Should do nothing if the specified Windows User is Present' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL -Verifiable - -# $setTargetResource_WindowsUserPresent_EnsurePresent = $setTargetResource_WindowsUserPresent.Clone() -# $setTargetResource_WindowsUserPresent_EnsurePresent[ 'Ensure' ] = 'Present' - -# Set-TargetResource @setTargetResource_WindowsUserPresent_EnsurePresent - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } - -# It 'Should do nothing if the specified Windows Group is Present' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL -Verifiable - -# $setTargetResource_WindowsGroupPresent_EnsurePresent = $setTargetResource_WindowsGroupPresent.Clone() -# $setTargetResource_WindowsGroupPresent_EnsurePresent[ 'Ensure' ] = 'Present' - -# Set-TargetResource @setTargetResource_WindowsGroupPresent_EnsurePresent - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } - -# It 'Should update the password of the specified SQL Login if it is Present and all parameters match' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL -Verifiable - -# $setTargetResource_SqlLoginPresent_EnsurePresent = $setTargetResource_SqlLoginPresent.Clone() -# $setTargetResource_SqlLoginPresent_EnsurePresent[ 'Ensure' ] = 'Present' -# $setTargetResource_SqlLoginPresent_EnsurePresent[ 'LoginCredential' ] = $mockSqlLoginCredential -# $setTargetResource_SqlLoginPresent_EnsurePresent[ 'LoginMustChangePassword' ] = $false # Stays the same - -# Set-TargetResource @setTargetResource_SqlLoginPresent_EnsurePresent - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 1 -Exactly -# } - -# It 'Should set DefaultDatabase on the specified SQL Login if it does not match the DefaultDatabase parameter' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL -Verifiable - -# $setTargetResource_SqlLoginPresent_EnsurePresent_LoginDefaultDatabase = $setTargetResource_SqlLoginPresent.Clone() -# $setTargetResource_SqlLoginPresent_EnsurePresent_LoginDefaultDatabase[ 'Ensure' ] = 'Present' -# $setTargetResource_SqlLoginPresent_EnsurePresent_LoginDefaultDatabase[ 'LoginCredential' ] = $mockSqlLoginCredential -# $setTargetResource_SqlLoginPresent_EnsurePresent_LoginDefaultDatabase[ 'LoginMustChangePassword' ] = $false # Stays the same -# $setTargetResource_SqlLoginPresent_EnsurePresent_LoginDefaultDatabase[ 'DefaultDatabase' ] = 'notmaster' - -# Set-TargetResource @setTargetResource_SqlLoginPresent_EnsurePresent_LoginDefaultDatabase - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 1 -Exactly -# } - -# It 'Should set PasswordExpirationEnabled on the specified SQL Login if it does not match the LoginPasswordExpirationEnabled parameter' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL -Verifiable - -# $setTargetResource_SqlLoginPresent_EnsurePresent_LoginPasswordExpirationEnabled = $setTargetResource_SqlLoginPresent.Clone() -# $setTargetResource_SqlLoginPresent_EnsurePresent_LoginPasswordExpirationEnabled[ 'Ensure' ] = 'Present' -# $setTargetResource_SqlLoginPresent_EnsurePresent_LoginPasswordExpirationEnabled[ 'LoginCredential' ] = $mockSqlLoginCredential -# $setTargetResource_SqlLoginPresent_EnsurePresent_LoginPasswordExpirationEnabled[ 'LoginMustChangePassword' ] = $false # Stays the same -# $setTargetResource_SqlLoginPresent_EnsurePresent_LoginPasswordExpirationEnabled[ 'LoginPasswordExpirationEnabled' ] = $false - -# Set-TargetResource @setTargetResource_SqlLoginPresent_EnsurePresent_LoginPasswordExpirationEnabled - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 1 -Exactly -# } - -# It 'Should set PasswordPolicyEnforced on the specified SQL Login if it does not match the LoginPasswordPolicyEnforced parameter' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL -Verifiable - -# $setTargetResource_SqlLoginPresent_EnsurePresent_LoginPasswordPolicyEnforced = $setTargetResource_SqlLoginPresent.Clone() -# $setTargetResource_SqlLoginPresent_EnsurePresent_LoginPasswordPolicyEnforced[ 'Ensure' ] = 'Present' -# $setTargetResource_SqlLoginPresent_EnsurePresent_LoginPasswordPolicyEnforced[ 'LoginCredential' ] = $mockSqlLoginCredential -# $setTargetResource_SqlLoginPresent_EnsurePresent_LoginPasswordPolicyEnforced[ 'LoginMustChangePassword' ] = $false # Stays the same -# $setTargetResource_SqlLoginPresent_EnsurePresent_LoginPasswordPolicyEnforced[ 'LoginPasswordPolicyEnforced' ] = $false - -# Set-TargetResource @setTargetResource_SqlLoginPresent_EnsurePresent_LoginPasswordPolicyEnforced - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 1 -Exactly -# } - -# It 'Should throw the correct error when creating a SQL Login if the LoginMode is ''Integrated''' { -# $mockLoginMode = 'Integrated' - -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL_LoginMode -Verifiable - -# $setTargetResource_SqlLoginAbsent_EnsurePresent = $setTargetResource_SqlLoginAbsent.Clone() -# $setTargetResource_SqlLoginAbsent_EnsurePresent[ 'Ensure' ] = 'Present' -# $setTargetResource_SqlLoginAbsent_EnsurePresent[ 'LoginCredential' ] = $mockSqlLoginCredential - -# $errorMessage = $script:localizedData.IncorrectLoginMode -f -# $setTargetResource_SqlLoginAbsent_EnsurePresent.ServerName, -# $setTargetResource_SqlLoginAbsent_EnsurePresent.InstanceName, -# $mockLoginMode - -# { Set-TargetResource @setTargetResource_SqlLoginAbsent_EnsurePresent } | Should -Throw $errorMessage - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } - -# It 'Should throw the correct error when updating a SQL Login if MustChangePassword is different' { -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL_LoginMode -Verifiable - -# $setTargetResource_SqlLoginPresent_EnsurePresent = $setTargetResource_SqlLoginPresent.Clone() -# $setTargetResource_SqlLoginPresent_EnsurePresent[ 'Ensure' ] = 'Present' -# $setTargetResource_SqlLoginPresent_EnsurePresent[ 'LoginCredential' ] = $mockSqlLoginCredential -# $setTargetResource_SqlLoginPresent_EnsurePresent[ 'LoginMustChangePassword' ] = $true - -# $errorMessage = $script:localizedData.MustChangePasswordCannotBeChanged - -# { Set-TargetResource @setTargetResource_SqlLoginPresent_EnsurePresent } | Should -Throw $errorMessage - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } -# } - -# It 'Should not throw an error when creating a SQL Login and the LoginMode is set to ''Normal''' { -# $mockLoginMode = 'Normal' - -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL_LoginMode -Verifiable - -# $setTargetResource_SqlLoginAbsent_EnsurePresent = $setTargetResource_SqlLoginAbsent.Clone() -# $setTargetResource_SqlLoginAbsent_EnsurePresent[ 'Ensure' ] = 'Present' -# $setTargetResource_SqlLoginAbsent_EnsurePresent[ 'LoginCredential' ] = $mockSqlLoginCredential - -# { Set-TargetResource @setTargetResource_SqlLoginAbsent_EnsurePresent } | Should -Not -Throw - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } - -# It 'Should not throw an error when creating a SQL Login and the LoginMode is set to ''Mixed''' { -# $mockLoginMode = 'Mixed' - -# Mock -CommandName Connect-SQL -MockWith $mockConnectSQL_LoginMode -Verifiable - -# $setTargetResource_SqlLoginAbsent_EnsurePresent = $setTargetResource_SqlLoginAbsent.Clone() -# $setTargetResource_SqlLoginAbsent_EnsurePresent[ 'Ensure' ] = 'Present' -# $setTargetResource_SqlLoginAbsent_EnsurePresent[ 'LoginCredential' ] = $mockSqlLoginCredential - -# { Set-TargetResource @setTargetResource_SqlLoginAbsent_EnsurePresent } | Should -Not -Throw - -# Assert-MockCalled -CommandName Connect-SQL -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Update-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName New-SQLServerLogin -Scope It -Times 1 -Exactly -# Assert-MockCalled -CommandName Remove-SQLServerLogin -Scope It -Times 0 -Exactly -# Assert-MockCalled -CommandName Set-SQLServerLoginPassword -Scope It -Times 0 -Exactly -# } -# } - Describe 'SqlLogin\Update-SQLServerLogin' { Context 'When the Login is altered' { BeforeEach {