Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SqlLogin: Get-TargetResource "thinks" login exists, when it doesn't. #792

Closed
arcotek-ltd opened this issue Sep 6, 2017 · 3 comments · Fixed by #1652
Closed

SqlLogin: Get-TargetResource "thinks" login exists, when it doesn't. #792

arcotek-ltd opened this issue Sep 6, 2017 · 3 comments · Fixed by #1652
Labels
bug The issue is a bug. good first issue The issue should be easier to fix and can be taken up by a beginner to learn to contribute on GitHub

Comments

@arcotek-ltd
Copy link

arcotek-ltd commented Sep 6, 2017
edited
Loading

Details of the scenario you tried and the problem that is occurring:
Using xSQLServerLogin thus:

xSQLServerLogin SomeUser
        {
            Name = "SomeUser" 
            LoginType = "WindowsUser"
            SQLServer = $env:ComputerName
            SQLInstanceName = $Node.SqlInstanceName
        }

DSC reports the user is present:

VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer MYAZURESERVER with user sid S-1-5-21-23454367-3675323-456572457-4353.
VERBOSE: [MYAZURESERVER]: LCM:  [ Start  Set      ]
VERBOSE: [MYAZURESERVER]: LCM:  [ Start  Resource ]  [[xSQLServerLogin]SomeUser::[hSqlConfig]MySqlDatabase]
VERBOSE: [MYAZURESERVER]: LCM:  [ Start  Test     ]  [[xSQLServerLogin]SomeUser::[hSqlConfig]MySqlDatabase]
VERBOSE: [MYAZURESERVER]:                            [[xSQLServerLogin]SomeUser::[hSqlConfig]MySqlDatabase] Connected to SQL instance 'MYAZURESERVER'.
VERBOSE: [MYAZURESERVER]:                            [[xSQLServerLogin]SomeUser::[hSqlConfig]MySqlDatabase] Getting SQL logins...
VERBOSE: [MYAZURESERVER]:                            [[xSQLServerLogin]SomeUser::[hSqlConfig]MySqlDatabase] 2017-09-06_10-01-02: Getting the login 'MyAdDomain\SomeUser' from 'MYAZURESERVER\MSSQLSERVER'
VERBOSE: [MYAZURESERVER]:                            [[xSQLServerLogin]SomeUser::[hSqlConfig]MySqlDatabase] login: [MyAdDomain\SomeUser].
VERBOSE: [MYAZURESERVER]:                            [[xSQLServerLogin]SomeUser::[hSqlConfig]MySqlDatabase] 2017-09-06_10-01-02: The login 'MyAdDomain\SomeUser' is Present from the 'MYAZURESERVER\MSSQLSERVE
R' instance.
VERBOSE: [MYAZURESERVER]: LCM:  [ End    Test     ]  [[xSQLServerLogin]SomeUser::[hSqlConfig]MySqlDatabase]  in 0.1640 seconds.
VERBOSE: [MYAZURESERVER]: LCM:  [ Skip   Set      ]  [[xSQLServerLogin]SomeUser::[hSqlConfig]MySqlDatabase]
VERBOSE: [MYAZURESERVER]: LCM:  [ End    Resource ]  [[xSQLServerLogin]SomeUser::[hSqlConfig]MySqlDatabase]
VERBOSE: [MYAZURESERVER]: LCM:  [ End    Set      ]
VERBOSE: [MYAZURESERVER]: LCM:  [ End    Set      ]    in  0.4620 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 0.518 seconds

But the user is not and if I run Get-TargetResource, it reports correctly that it is not present:

PS C:\Users\paul> $name
MyAdDomain\SomeUser

PS C:\Users\paul> $SqlServer
MYAZURESERVER

PS C:\Users\paul> $sqlinstancename
MSSQLSERVER

PS C:\Users\paul> Get-TargetResource -Name $name -SQLServer $SqlServer -SQLInstanceName $sqlinstancename
VERBOSE: 
VERBOSE: 2017-09-06_10-12-22: Getting the login 'MyAdDomain\SomeUser' from 'MYAZURESERVER\MSSQLSERVER'
VERBOSE: 2017-09-06_10-12-22: The login 'MyAdDomain\SomeUser' is Absent from the 'MYAZURESERVER\MSSQLSERVER' instance.

Name                           Value                                                                                                                                                                                            
----                           -----                                                                                                                                                                                            
Name                           MyAdDomain\SomeUser                                                                                                                                                                       
Ensure                         Absent                                                                                                                                                                                           
LoginType                                                                                                                                                                                                                       
SQLServer                      MYAZURESERVER                                                                                                                                                                                        
SQLInstanceName                MSSQLSERVER                                                                                                                                                                                      
Disabled

If I call your function Connect-SQL directly, you can see there are only two users:

PS C:\Users\paul> $a = Connect-SQL
VERBOSE: 

PS C:\Users\arw> $a.logins | Select Name

Name                  
----                  
Builtin\Administrators
sa

The same result if I run SELECT * from master.sys.server_principals from SSMS. (There are SERVER_ROLE types returned, but not "SomeUser").

The DSC configuration that is using the resource (as detailed as possible):
I've reduced it down to just the above and I'm still seeing the same result.

The whole configuration. Can't get any more simple:

Configuration TestSQLLogin
{
    Import-DscResource -ModuleName xSqlServer

    Node "MYAZURESERVE"
    {
        xSQLServerLogin SomeUser
        {
            Name = "myaddomain\SomeUser" 
            LoginType = "WindowsUser"
            SQLServer = "MYAZURESERVER" 
            SQLInstanceName = "MSSQLSERVER"
        }
    }
}

TestSQLLogin -OutputPath "C:\Configurations\TestSQLLogin" -Verbose

Start-DscConfiguration -Path "C:\Configurations\TestSQLLogin" -Wait -Force -Verbose -ComputerName "localhost"

Version of the Operating System, SQL Server and PowerShell the DSC Target Node is running:
Windows Server 2012 R2, SQL Server 2016,

PS C:\Users\paul> $PSVersionTable.PSVersion

Major  Minor  Build  Revision
-----  -----  -----  --------
5      1      14409  1005

What module (SqlServer or SQLPS) and which version of the module the DSC Target Node is running:

PS C:\Users\paul> Get-Module -ListAvailable -Name SQLPS

    Directory: C:\Program Files (x86)\Microsoft SQL Server\130\Tools\PowerShell\Modules

ModuleType Version    Name                                ExportedCommands                                                                                                                                                      
---------- -------    ----                                ----------------                                                                                                                                                      
Manifest   1.0        SQLPS                               {Backup-SqlDatabase, Save-SqlMigrationReport, Add-SqlAvailabilityDatabase, Add-SqlAvailabilityGroupListenerStaticIp...}     


PS C:\Users\paul> Get-Module -ListAvailable -Name SQLASCMDLETS

    Directory: C:\Program Files (x86)\Microsoft SQL Server\130\Tools\PowerShell\Modules

ModuleType Version    Name                                ExportedCommands                                                                                                                                                      
---------- -------    ----                                ----------------                                                                                                                                                      
Manifest   2.0        SQLASCMDLETS                        {Add-RoleMember, Backup-ASDatabase, Invoke-ASCmd, Invoke-ProcessCube...}

No SqlServer module on this server.

Version of the DSC module you're using, or 'dev' if you're using current dev branch:
8.1.0.0 Master, except I removed all the resources with very long names so it works!

Happy to demo this issue to any MS employee.
@johlju johlju added bug The issue is a bug. help wanted The issue is up for grabs for anyone in the community. labels Sep 7, 2017
@johlju
Copy link
Member

johlju commented Sep 7, 2017

Thanks for reporting this and thanks for the detailed error report! I see the logic is flawed in the function Test-TargetResource.

It never sets $testPassed to $false if Get-TargetResource does not return anything. Seems the unit tests didn't catch this one either.

https://github.com/PowerShell/xSQLServer/blob/63c2b526dacf41e3eac092cab8a88b57c2e0d36e/DSCResources/MSFT_xSQLServerLogin/MSFT_xSQLServerLogin.psm1#L367-L376

If nobody beats me to it I will look into fixing this issue.

@johlju johlju added the easy fix label Sep 7, 2017
@johlju johlju added the good first issue The issue should be easier to fix and can be taken up by a beginner to learn to contribute on GitHub label Oct 12, 2017
@johlju johlju changed the title xSQLServerLogin: Get-TargetResource "thinks" login exists, when it doesn't. SqlServerLogin: Get-TargetResource "thinks" login exists, when it doesn't. Dec 24, 2017
@johlju johlju removed the easy fix label Apr 29, 2018
@johlju johlju changed the title SqlServerLogin: Get-TargetResource "thinks" login exists, when it doesn't. SqlLogin: Get-TargetResource "thinks" login exists, when it doesn't. Jul 10, 2020
@SphenicPaul SphenicPaul mentioned this issue Dec 14, 2020
Merged
9 tasks
SphenicPaul added a commit to SphenicPaul/SqlServerDsc that referenced this issue Dec 14, 2020
@SphenicPaul
Updated changelog to include 'SqlLogin` fixes for dsccommunity#792
30ed056
@SphenicPaul
Copy link
Contributor

This issue is also in respect of the old, xSqlServer module (rather than the SqlServerDsc module) so might also be less relevant/applicable now.

Additionally, as per comments in PR #1652, the Get-TargetResource should always return a value (a hashtable) and there are number of existing, integration tests (and more being added as part of the PR) that confirm SQL Logins are being added to (and updated on) a SQL instance as expected.

Can this issue be closed?

@johlju
Copy link
Member

johlju commented Jan 11, 2021

Closing this, if this is still an issue please reopen or comment and we reopen.

@johlju johlju closed this as completed Jan 11, 2021
@johlju johlju removed the help wanted The issue is up for grabs for anyone in the community. label Jan 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug The issue is a bug. good first issue The issue should be easier to fix and can be taken up by a beginner to learn to contribute on GitHub
Projects
None yet
Milestone
No milestone
2 participants
@johlju @SphenicPaul