Fixes dsccommunity#552

oliveirt · Feb 3, 2020 · 640f243 · 640f243
1 parent 5ea5a13
commit 640f243
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,6 +17,8 @@ For older change log history see the [historic changelog](HISTORIC_CHANGELOG.md)
 
 - ADForestProperties
   - Fixed ability to clear `ServicePrincipalNameSuffix` and `UserPrincipalNameSuffix` ([issue #548](https://github.com/PowerShell/ActiveDirectoryDsc/issues/548)).
+- ADObjectPermissionEntry
+    - Fixed issue where Get-DscConfiguration / Test-DscConfiguration throw an exception when target object path does not yet exist ([issue #552](https://github.com/dsccommunity/ActiveDirectoryDsc/issues/552))
 
 ### Changed
 

diff --git a/Tests/Unit/MSFT_ADObjectPermissionEntry.Tests.ps1 b/Tests/Unit/MSFT_ADObjectPermissionEntry.Tests.ps1
@@ -153,6 +153,26 @@ try
                     $targetResource.InheritedObjectType | Should -Be $testDefaultParameters.InheritedObjectType
                 }
             }
+            Context 'When the desired AD object path is absent' {
+
+                Mock -CommandName 'Get-Acl' -MockWith { throw New-Object System.Management.Automation.ItemNotFoundException }
+
+                It 'Should return a valid result if the AD object path is absent and not throw an exception' {
+                    # Act / Assert
+                    $targetResource = Get-TargetResource @testDefaultParameters
+                    $targetResource.Ensure | Should -Be 'Absent'
+                }
+            }
+            Context 'When an unknown error occurs' {
+
+                $error = 'Unknown Error'
+                Mock -CommandName 'Get-Acl' -MockWith { throw $error }
+
+                It 'Should throw an exception if an unknown error occurs calling Get-Acl' {
+                    # Act / Assert
+                    { Get-TargetResource @testDefaultParameters } | Should -Throw
+                }
+            }
         }
         #endregion
 

diff --git a/source/DSCResources/MSFT_ADObjectPermissionEntry/MSFT_ADObjectPermissionEntry.psm1 b/source/DSCResources/MSFT_ADObjectPermissionEntry/MSFT_ADObjectPermissionEntry.psm1
@@ -78,8 +78,19 @@ function Get-TargetResource
         InheritedObjectType                = $InheritedObjectType
     }
 
-    # Get the current acl
-    $acl = Get-Acl -Path "AD:$Path"
+    try
+    {
+        # Get the current acl
+        $acl = Get-Acl -Path "AD:$Path" -ErrorAction Stop
+    }
+    catch [System.Management.Automation.ItemNotFoundException]
+    {
+        Write-Verbose -Message ($script:localizedData.ObjectPathIsAbsent -f $Path)
+    }
+    catch
+    {
+        throw $_
+    }
 
     foreach ($access in $acl.Access)
     {

diff --git a/...DSCResources/MSFT_ADObjectPermissionEntry/en-US/MSFT_ADObjectPermissionEntry.strings.psd1 b/...DSCResources/MSFT_ADObjectPermissionEntry/en-US/MSFT_ADObjectPermissionEntry.strings.psd1
@@ -7,4 +7,5 @@ ConvertFrom-StringData @'
     RemovingObjectPermissionEntry          = Removing object permission entry from object '{0}'. (OPE0004)
     ObjectPermissionEntryInDesiredState    = Object permission entry on object '{0}' is in the desired state. (OPE0005)
     ObjectPermissionEntryNotInDesiredState = Object permission entry on object '{0}' is not in the desired state. (OPE0006)
+    ObjectPathIsAbsent                     = Object Path '{0}' is absent from Active Directory. (OPE0007)
 '@