SqlDatabaseObjectPermission: New resource (#1563)

- SqlServerDsc
  - Added new resource SqlDatabaseObjectPermission (issue #1119).
- SqlServerDsc.Common
  - The helper function `Compare-ResourcePropertyState` was improved to
    handle embedded instances by adding a parameter `CimInstanceKeyProperties`
    that can be used to identify the unique parameter for each embedded
    instance in a collection.
  - The helper function `Test-DscPropertyState` was improved to evaluate
    the properties in a single CIM instance or a collection of CIM instances
    by recursively call itself.
  - When the helper function `Test-DscPropertyState` evaluated an array
    the verbose messages was not very descriptive. Instead of outputting
    the side indicator from the compare it now outputs a descriptive
    message.

.vscode/analyzersettings.psd1

@@ -1,7 +1,7 @@
 @{
     CustomRulePath      = '.\output\RequiredModules\DscResource.AnalyzerRules'
     IncludeDefaultRules = $true
-    IncludeRules   = @(
+    IncludeRules        = @(
         # DSC Resource Kit style guideline rules.
         'PSAvoidDefaultValueForMandatoryParameter',
         'PSAvoidDefaultValueSwitchParameter',
@@ -38,7 +38,46 @@
         'PSUseDeclaredVarsMoreThanAssignments',
         'PSUsePSCredentialType',
 
+        # Additional rules
+        'PSUseConsistentWhitespace',
+        'UseCorrectCasing',
+        'PSPlaceOpenBrace',
+        'PSPlaceCloseBrace',
+        'AlignAssignmentStatement',
+
         'Measure-*'
     )
 
+    Rules               = @{
+        PSUseConsistentWhitespace  = @{
+            Enable                          = $true
+            CheckOpenBrace                  = $false
+            CheckInnerBrace                 = $true
+            CheckOpenParen                  = $true
+            CheckOperator                   = $false
+            CheckSeparator                  = $true
+            CheckPipe                       = $true
+            CheckPipeForRedundantWhitespace = $true
+            CheckParameter                  = $false
+        }
+
+        PSPlaceOpenBrace           = @{
+            Enable             = $true
+            OnSameLine         = $false
+            NewLineAfter       = $true
+            IgnoreOneLineBlock = $false
+        }
+
+        PSPlaceCloseBrace          = @{
+            Enable             = $true
+            NoEmptyLineBefore  = $true
+            IgnoreOneLineBlock = $false
+            NewLineAfter       = $true
+        }
+
+        PSAlignAssignmentStatement = @{
+            Enable         = $true
+            CheckHashtable = $true
+        }
+    }
 }

CHANGELOG.md

@@ -41,6 +41,7 @@ in a future release.
 - SqlServerDsc
   - Added new resource SqlProtocol ([issue #1377](https://github.com/dsccommunity/SqlServerDsc/issues/1377)).
   - Added new resource SqlProtocolTcpIp ([issue #1378](https://github.com/dsccommunity/SqlServerDsc/issues/1378)).
+  - Added new resource SqlDatabaseObjectPermission ([issue #1119](https://github.com/dsccommunity/SqlServerDsc/issues/1119)).
   - Fixing a problem with the latest ModuleBuild 1.7.0 that breaks the CI
     pipeline.
   - Prepare repository for auto-documentation by adding README.md to each
@@ -83,6 +84,17 @@ in a future release.
     names. Using this parameter the cluster group will only be taken
     offline and back online if the cluster group owner is one specified
     in this parameter.
+  - The helper function `Compare-ResourcePropertyState` was improved to
+    handle embedded instances by adding a parameter `CimInstanceKeyProperties`
+    that can be used to identify the unique parameter for each embedded
+    instance in a collection.
+  - The helper function `Test-DscPropertyState` was improved to evaluate
+    the properties in a single CIM instance or a collection of CIM instances
+    by recursively call itself.
+  - When the helper function `Test-DscPropertyState` evaluated an array
+    the verbose messages was not very descriptive. Instead of outputting
+    the side indicator from the compare it now outputs a descriptive
+    message.
 
 ### Changed
 
@@ -1985,7 +1997,7 @@ in a future release.
 
 ### Changed
 
- Improvements how tests are initiated in AppVeyor
+- Improvements how tests are initiated in AppVeyor
   - Removed previous workaround (issue #201) from unit tests.
   - Changes in appveyor.yml so that SQL modules are removed before common test is
     run.
@@ -2072,8 +2084,8 @@ in a future release.
 - Added common test (xSQLServerCommon.Tests) for xSQLServer module
   - Now all markdown files will be style checked when tests are running in AppVeyor
     after sending in a pull request.
-  - Now all [Examples](/source/Examples/Resources) will be tested by compiling to a .mof
-    file after sending in a pull request.
+  - Now all [Examples](/source/Examples/Resources) will be tested by compiling
+    to a .mof file after sending in a pull request.
 - Changes to xSQLServerDatabaseOwner
   - The example 'SetDatabaseOwner' can now compile, it wrongly had a `DependsOn`
     in the example.
@@ -2153,7 +2165,7 @@ in a future release.
   - Get-TargetResource now works with Get-DscConfiguration.
 - Fixes in xSQLServerRole
   - Updated Ensure parameter to 'Present' default value.
-  - Renamed helper functions *-SqlServerRole to *-SqlServerRoleMember.
+  - Renamed helper functions *-SqlServerRole* to *-SqlServerRoleMember*.
 - Changes to xSQLAlias
   - Add UseDynamicTcpPort parameter for option "Dynamically determine port".
   - Change Get-WmiObject to Get-CimInstance in Resource and associated pester file.

README.md

@@ -100,6 +100,9 @@ in a future release.
   is present or absent.
 * [**SqlDatabaseDefaultLocation**](#sqldatabasedefaultlocation) resource
   to manage default locations for Data, Logs, and Backups for SQL Server
+* [**SqlDatabaseObjectPermission**](#sqldatabaseobjectpermission) resource
+  to manage the permissions of database objects in a database for a SQL
+  Server instance.
 * [**SqlDatabasePermission**](#sqldatabasepermission) resource to
   manage SQL database permissions.
 * [**SqlDatabaseRole**](#sqldatabaserole) resource to manage SQL database roles.
@@ -667,6 +670,68 @@ more information about database default locations, please read the article
 
 All issues are not listed here, see [here for all open issues](https://github.com/dsccommunity/SqlServerDsc/issues?q=is%3Aissue+is%3Aopen+in%3Atitle+SqlDatabaseDefaultLocation).
 
+### SqlDatabaseObjectPermission
+
+This DSC resource is used to manage the permissions of database objects
+in a database for a SQL Server instance.
+
+For more information about permission names that can be managed, see the
+property names of the [ObjectPermissionSet](https://docs.microsoft.com/en-us/dotnet/api/microsoft.sqlserver.management.smo.objectpermissionset#properties) class.
+
+>**Note:** When revoking permission with PermissionState 'GrantWithGrant', both the
+>grantee and _all the other users the grantee has granted the same permission to_,
+>will also get their permission revoked.
+
+#### Requirements
+
+* Target machine must be running Windows Server 2012 or later.
+* Target machine must be running SQL Server 2012 or later.
+* Target machine must have access to the SQLPS PowerShell module or the
+  SqlServer PowerShell module.
+
+#### Parameters
+
+* **`[String]` InstanceName** _(Key)_: Specifies the name of the SQL instance
+  to be configured.
+* **`[String]` DatabaseName** _(Key)_: Specifies the name of the database
+  where the object resides.
+* **`[String]` SchemaName** _(Key)_: Specifies the name of the schema for
+  the database object.
+* **`[String]` ObjectName** _(Key)_: Specifies the name of the database
+  object to set permission for. Can be an empty value when setting permission
+  for a schema.
+* **`[String]` ObjectType** _(Key)_: Specifies the type of the database
+  object specified in parameter `ObjectName`. { Schema | Table | View |
+  StoredProcedure }.
+* **`[String]` Name** _(Key)_: Specifies the name of the database user,
+  user-defined database role, or database application role that will have
+  the permission.
+* **`[DSC_DatabaseObjectPermission[]]` Permission** _(Required)_: Specifies
+  the permissions as an array of embedded instances of the DSC_DatabaseObjectPermission
+  CIM class.
+* **`[String]` ServerName** _(Write)_: Specifies the host name of the SQL
+  Server to be configured. Default value is `$env:COMPUTERNAME`.
+
+##### Embedded instance DSC_DatabaseObjectPermission
+
+* **`[String]` State** _(Key)_: Specifies the state of the permission.
+  Valid values are 'Grant', 'Deny' and 'GrantWithGrant'.
+* **`[String[]]` Permission** _(Required)_: Specifies the set of permissions
+  for the database object for the principal assigned to 'Name'. Valid
+  permission names can be found in the article [ObjectPermissionSet Class properties](https://docs.microsoft.com/en-us/dotnet/api/microsoft.sqlserver.management.smo.objectpermissionset#properties).
+* **`[String]` Ensure** _(Key)_: Specifies the desired state of the permission.
+  When set to 'Present', the permissions will be added. When set to 'Absent',
+  the permissions will be removed. Default value is 'Present'.
+
+#### Examples
+
+* [Add Database Permission](/source/Examples/Resources/SqlDatabaseObjectPermission/1-AddDatabaseObjectPermissions.ps1)
+* [Remove Database Permission](/source/Examples/Resources/SqlDatabaseObjectPermission/2-RemoveDatabaseObjectPermissions.ps1)
+
+#### Known issues
+
+All issues are not listed here, see [here for all open issues](https://github.com/dsccommunity/SqlServerDsc/issues?q=is%3Aissue+is%3Aopen+in%3Atitle+SqlDatabaseObjectPermission).
+
 ### SqlDatabasePermission
 
 This resource is used to grant, deny or revoke permissions for a user in a database.

azure-pipelines.yml

@@ -168,6 +168,7 @@ stages:
                   'tests/Integration/DSC_SqlProtocol.Integration.Tests.ps1'
                   # Group 6 (tests makes changes that could make SQL Server to loose connectivity)
                   'tests/Integration/DSC_SqlProtocolTcpIp.Integration.Tests.ps1'
+                  'tests/Integration/DSC_SqlDatabaseObjectPermission.Integration.Tests.ps1'
               )
             name: test
             displayName: 'Run Integration Test'
@@ -235,6 +236,7 @@ stages:
                   'tests/Integration/DSC_SqlProtocol.Integration.Tests.ps1'
                   # Group 6 (tests makes changes that could make SQL Server to loose connectivity)
                   'tests/Integration/DSC_SqlProtocolTcpIp.Integration.Tests.ps1'
+                  'tests/Integration/DSC_SqlDatabaseObjectPermission.Integration.Tests.ps1'
               )
             name: test
             displayName: 'Run Integration Test'