Skip to content

Commit

Permalink
SqlDatabaseObjectPermission: New resource (#1563)
Browse files Browse the repository at this point in the history
- SqlServerDsc
  - Added new resource SqlDatabaseObjectPermission (issue #1119).
- SqlServerDsc.Common
  - The helper function `Compare-ResourcePropertyState` was improved to
    handle embedded instances by adding a parameter `CimInstanceKeyProperties`
    that can be used to identify the unique parameter for each embedded
    instance in a collection.
  - The helper function `Test-DscPropertyState` was improved to evaluate
    the properties in a single CIM instance or a collection of CIM instances
    by recursively call itself.
  - When the helper function `Test-DscPropertyState` evaluated an array
    the verbose messages was not very descriptive. Instead of outputting
    the side indicator from the compare it now outputs a descriptive
    message.
  • Loading branch information
johlju authored Jun 12, 2020
1 parent 932cbea commit 6a468c2
Show file tree
Hide file tree
Showing 19 changed files with 4,797 additions and 51 deletions.
41 changes: 40 additions & 1 deletion .vscode/analyzersettings.psd1
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
@{
CustomRulePath = '.\output\RequiredModules\DscResource.AnalyzerRules'
IncludeDefaultRules = $true
IncludeRules = @(
IncludeRules = @(
# DSC Resource Kit style guideline rules.
'PSAvoidDefaultValueForMandatoryParameter',
'PSAvoidDefaultValueSwitchParameter',
Expand Down Expand Up @@ -38,7 +38,46 @@
'PSUseDeclaredVarsMoreThanAssignments',
'PSUsePSCredentialType',

# Additional rules
'PSUseConsistentWhitespace',
'UseCorrectCasing',
'PSPlaceOpenBrace',
'PSPlaceCloseBrace',
'AlignAssignmentStatement',

'Measure-*'
)

Rules = @{
PSUseConsistentWhitespace = @{
Enable = $true
CheckOpenBrace = $false
CheckInnerBrace = $true
CheckOpenParen = $true
CheckOperator = $false
CheckSeparator = $true
CheckPipe = $true
CheckPipeForRedundantWhitespace = $true
CheckParameter = $false
}

PSPlaceOpenBrace = @{
Enable = $true
OnSameLine = $false
NewLineAfter = $true
IgnoreOneLineBlock = $false
}

PSPlaceCloseBrace = @{
Enable = $true
NoEmptyLineBefore = $true
IgnoreOneLineBlock = $false
NewLineAfter = $true
}

PSAlignAssignmentStatement = @{
Enable = $true
CheckHashtable = $true
}
}
}
20 changes: 16 additions & 4 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ in a future release.
- SqlServerDsc
- Added new resource SqlProtocol ([issue #1377](https://github.com/dsccommunity/SqlServerDsc/issues/1377)).
- Added new resource SqlProtocolTcpIp ([issue #1378](https://github.com/dsccommunity/SqlServerDsc/issues/1378)).
- Added new resource SqlDatabaseObjectPermission ([issue #1119](https://github.com/dsccommunity/SqlServerDsc/issues/1119)).
- Fixing a problem with the latest ModuleBuild 1.7.0 that breaks the CI
pipeline.
- Prepare repository for auto-documentation by adding README.md to each
Expand Down Expand Up @@ -83,6 +84,17 @@ in a future release.
names. Using this parameter the cluster group will only be taken
offline and back online if the cluster group owner is one specified
in this parameter.
- The helper function `Compare-ResourcePropertyState` was improved to
handle embedded instances by adding a parameter `CimInstanceKeyProperties`
that can be used to identify the unique parameter for each embedded
instance in a collection.
- The helper function `Test-DscPropertyState` was improved to evaluate
the properties in a single CIM instance or a collection of CIM instances
by recursively call itself.
- When the helper function `Test-DscPropertyState` evaluated an array
the verbose messages was not very descriptive. Instead of outputting
the side indicator from the compare it now outputs a descriptive
message.

### Changed

Expand Down Expand Up @@ -1985,7 +1997,7 @@ in a future release.

### Changed

Improvements how tests are initiated in AppVeyor
- Improvements how tests are initiated in AppVeyor
- Removed previous workaround (issue #201) from unit tests.
- Changes in appveyor.yml so that SQL modules are removed before common test is
run.
Expand Down Expand Up @@ -2072,8 +2084,8 @@ in a future release.
- Added common test (xSQLServerCommon.Tests) for xSQLServer module
- Now all markdown files will be style checked when tests are running in AppVeyor
after sending in a pull request.
- Now all [Examples](/source/Examples/Resources) will be tested by compiling to a .mof
file after sending in a pull request.
- Now all [Examples](/source/Examples/Resources) will be tested by compiling
to a .mof file after sending in a pull request.
- Changes to xSQLServerDatabaseOwner
- The example 'SetDatabaseOwner' can now compile, it wrongly had a `DependsOn`
in the example.
Expand Down Expand Up @@ -2153,7 +2165,7 @@ in a future release.
- Get-TargetResource now works with Get-DscConfiguration.
- Fixes in xSQLServerRole
- Updated Ensure parameter to 'Present' default value.
- Renamed helper functions *-SqlServerRole to *-SqlServerRoleMember.
- Renamed helper functions *-SqlServerRole* to *-SqlServerRoleMember*.
- Changes to xSQLAlias
- Add UseDynamicTcpPort parameter for option "Dynamically determine port".
- Change Get-WmiObject to Get-CimInstance in Resource and associated pester file.
Expand Down
65 changes: 65 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,9 @@ in a future release.
is present or absent.
* [**SqlDatabaseDefaultLocation**](#sqldatabasedefaultlocation) resource
to manage default locations for Data, Logs, and Backups for SQL Server
* [**SqlDatabaseObjectPermission**](#sqldatabaseobjectpermission) resource
to manage the permissions of database objects in a database for a SQL
Server instance.
* [**SqlDatabasePermission**](#sqldatabasepermission) resource to
manage SQL database permissions.
* [**SqlDatabaseRole**](#sqldatabaserole) resource to manage SQL database roles.
Expand Down Expand Up @@ -667,6 +670,68 @@ more information about database default locations, please read the article

All issues are not listed here, see [here for all open issues](https://github.com/dsccommunity/SqlServerDsc/issues?q=is%3Aissue+is%3Aopen+in%3Atitle+SqlDatabaseDefaultLocation).

### SqlDatabaseObjectPermission

This DSC resource is used to manage the permissions of database objects
in a database for a SQL Server instance.

For more information about permission names that can be managed, see the
property names of the [ObjectPermissionSet](https://docs.microsoft.com/en-us/dotnet/api/microsoft.sqlserver.management.smo.objectpermissionset#properties) class.

>**Note:** When revoking permission with PermissionState 'GrantWithGrant', both the
>grantee and _all the other users the grantee has granted the same permission to_,
>will also get their permission revoked.
#### Requirements

* Target machine must be running Windows Server 2012 or later.
* Target machine must be running SQL Server 2012 or later.
* Target machine must have access to the SQLPS PowerShell module or the
SqlServer PowerShell module.

#### Parameters

* **`[String]` InstanceName** _(Key)_: Specifies the name of the SQL instance
to be configured.
* **`[String]` DatabaseName** _(Key)_: Specifies the name of the database
where the object resides.
* **`[String]` SchemaName** _(Key)_: Specifies the name of the schema for
the database object.
* **`[String]` ObjectName** _(Key)_: Specifies the name of the database
object to set permission for. Can be an empty value when setting permission
for a schema.
* **`[String]` ObjectType** _(Key)_: Specifies the type of the database
object specified in parameter `ObjectName`. { Schema | Table | View |
StoredProcedure }.
* **`[String]` Name** _(Key)_: Specifies the name of the database user,
user-defined database role, or database application role that will have
the permission.
* **`[DSC_DatabaseObjectPermission[]]` Permission** _(Required)_: Specifies
the permissions as an array of embedded instances of the DSC_DatabaseObjectPermission
CIM class.
* **`[String]` ServerName** _(Write)_: Specifies the host name of the SQL
Server to be configured. Default value is `$env:COMPUTERNAME`.

##### Embedded instance DSC_DatabaseObjectPermission

* **`[String]` State** _(Key)_: Specifies the state of the permission.
Valid values are 'Grant', 'Deny' and 'GrantWithGrant'.
* **`[String[]]` Permission** _(Required)_: Specifies the set of permissions
for the database object for the principal assigned to 'Name'. Valid
permission names can be found in the article [ObjectPermissionSet Class properties](https://docs.microsoft.com/en-us/dotnet/api/microsoft.sqlserver.management.smo.objectpermissionset#properties).
* **`[String]` Ensure** _(Key)_: Specifies the desired state of the permission.
When set to 'Present', the permissions will be added. When set to 'Absent',
the permissions will be removed. Default value is 'Present'.

#### Examples

* [Add Database Permission](/source/Examples/Resources/SqlDatabaseObjectPermission/1-AddDatabaseObjectPermissions.ps1)
* [Remove Database Permission](/source/Examples/Resources/SqlDatabaseObjectPermission/2-RemoveDatabaseObjectPermissions.ps1)

#### Known issues

All issues are not listed here, see [here for all open issues](https://github.com/dsccommunity/SqlServerDsc/issues?q=is%3Aissue+is%3Aopen+in%3Atitle+SqlDatabaseObjectPermission).

### SqlDatabasePermission

This resource is used to grant, deny or revoke permissions for a user in a database.
Expand Down
2 changes: 2 additions & 0 deletions azure-pipelines.yml
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,7 @@ stages:
'tests/Integration/DSC_SqlProtocol.Integration.Tests.ps1'
# Group 6 (tests makes changes that could make SQL Server to loose connectivity)
'tests/Integration/DSC_SqlProtocolTcpIp.Integration.Tests.ps1'
'tests/Integration/DSC_SqlDatabaseObjectPermission.Integration.Tests.ps1'
)
name: test
displayName: 'Run Integration Test'
Expand Down Expand Up @@ -235,6 +236,7 @@ stages:
'tests/Integration/DSC_SqlProtocol.Integration.Tests.ps1'
# Group 6 (tests makes changes that could make SQL Server to loose connectivity)
'tests/Integration/DSC_SqlProtocolTcpIp.Integration.Tests.ps1'
'tests/Integration/DSC_SqlDatabaseObjectPermission.Integration.Tests.ps1'
)
name: test
displayName: 'Run Integration Test'
Expand Down
Loading

0 comments on commit 6a468c2

Please sign in to comment.