diff --git a/CHANGELOG.md b/CHANGELOG.md index 44fc2fce5..678c9b56e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -40,6 +40,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - New method ToString() for making verbose output better. - SqlAgDatabase - Remove unused help file ([issue #1745](https://github.com/dsccommunity/SqlServerDsc/issues/1745)). +- SqlDatabaseObjectPermission + - Added `foreach` loop in `Get-TargetResource` to fix issues with `INSERT` + permissions when it's not the only permission on the table ([issue [#2006](https://github.com/dsccommunity/SqlServerDsc/issues/2006)]). - `Install-SqlDscServer` - No longer throws with duplicate parameter error if the parameter `ErrorAction` is passed to the command. diff --git a/source/DSCResources/DSC_SqlDatabaseObjectPermission/DSC_SqlDatabaseObjectPermission.psm1 b/source/DSCResources/DSC_SqlDatabaseObjectPermission/DSC_SqlDatabaseObjectPermission.psm1 index d7b1921bc..093bb62e5 100644 --- a/source/DSCResources/DSC_SqlDatabaseObjectPermission/DSC_SqlDatabaseObjectPermission.psm1 +++ b/source/DSCResources/DSC_SqlDatabaseObjectPermission/DSC_SqlDatabaseObjectPermission.psm1 @@ -150,9 +150,12 @@ function Get-TargetResource # Loop through each property to see if it is set to $true foreach ($currentPermissionProperty in $permissionProperties) { - if ($true -in $currentObjectPermissions.PermissionType.$currentPermissionProperty) + foreach ($objectPermission in $currentObjectPermissions) { - $currentObjectPermissionNames += $currentPermissionProperty + if ($true -in $objectPermission.PermissionType[0].$currentPermissionProperty) + { + $currentObjectPermissionNames += $currentPermissionProperty + } } } diff --git a/tests/Integration/Resources/DSC_SqlDatabaseObjectPermission.Integration.Tests.ps1 b/tests/Integration/Resources/DSC_SqlDatabaseObjectPermission.Integration.Tests.ps1 index 37f046c98..04c54d5c7 100644 --- a/tests/Integration/Resources/DSC_SqlDatabaseObjectPermission.Integration.Tests.ps1 +++ b/tests/Integration/Resources/DSC_SqlDatabaseObjectPermission.Integration.Tests.ps1 @@ -432,16 +432,19 @@ Describe "$($script:dscResourceName)_Integration" -Tag @('Integration_SQL2016', $resourceCurrentState.ObjectType | Should -Be 'Table' $resourceCurrentState.Name | Should -Be $ConfigurationData.AllNodes.User1_Name - $resourceCurrentState.Permission | Should -HaveCount 3 + $resourceCurrentState.Permission | Should -HaveCount 4 $resourceCurrentState.Permission[0] | Should -BeOfType 'CimInstance' $resourceCurrentState.Permission[1] | Should -BeOfType 'CimInstance' $resourceCurrentState.Permission[2] | Should -BeOfType 'CimInstance' + $resourceCurrentState.Permission[2] | Should -BeOfType 'CimInstance' $grantPermission = $resourceCurrentState.Permission.Where( { $_.State -eq 'Grant' }) $grantPermission | Should -Not -BeNullOrEmpty - $grantPermission.Ensure | Should -Be 'Present' - $grantPermission.Permission | Should -HaveCount 1 + $grantPermission.Ensure[0] | Should -Be 'Present' + $grantPermission.Ensure[1] | Should -Be 'Present' + $grantPermission.Permission | Should -HaveCount 2 $grantPermission.Permission | Should -Contain @('Select') + $grantPermission.Permission | Should -Contain @('Insert') $grantPermission = $resourceCurrentState.Permission.Where( { $_.State -eq 'Deny' }) $grantPermission | Should -Not -BeNullOrEmpty diff --git a/tests/Integration/Resources/DSC_SqlDatabaseObjectPermission.config.ps1 b/tests/Integration/Resources/DSC_SqlDatabaseObjectPermission.config.ps1 index ca386b2b9..5c1865483 100644 --- a/tests/Integration/Resources/DSC_SqlDatabaseObjectPermission.config.ps1 +++ b/tests/Integration/Resources/DSC_SqlDatabaseObjectPermission.config.ps1 @@ -354,6 +354,12 @@ Configuration DSC_SqlDatabaseObjectPermission_Multiple_Grant_Config Permission = 'Select' } + DSC_DatabaseObjectPermission + { + State = 'Grant' + Permission = 'Insert' + } + DSC_DatabaseObjectPermission { State = 'Deny' diff --git a/tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1 b/tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1 index eda951803..6a85b692b 100644 --- a/tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1 +++ b/tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1 @@ -183,7 +183,7 @@ Describe 'SqlDatabaseObjectPermission\Get-TargetResource' -Tag 'Get' { Add-Member -MemberType NoteProperty -Name 'Delete' -Value $false -PassThru | Add-Member -MemberType NoteProperty -Name 'Execute' -Value $false -PassThru | Add-Member -MemberType NoteProperty -Name 'Impersonate' -Value $false -PassThru | - Add-Member -MemberType NoteProperty -Name 'Insert' -Value $false -PassThru | + Add-Member -MemberType NoteProperty -Name 'Insert' -Value $true -PassThru | Add-Member -MemberType NoteProperty -Name 'Receive' -Value $false -PassThru | Add-Member -MemberType NoteProperty -Name 'References' -Value $false -PassThru | Add-Member -MemberType NoteProperty -Name 'Select' -Value $true -PassThru | @@ -224,6 +224,16 @@ Describe 'SqlDatabaseObjectPermission\Get-TargetResource' -Tag 'Get' { } ` -ClientOnly + $cimInstancePermissionCollection += New-CimInstance ` + -ClassName 'DSC_DatabaseObjectPermission' ` + -Namespace 'root/microsoft/Windows/DesiredStateConfiguration' ` + -Property @{ + State = 'Grant' + Permission = 'Insert' + Ensure = '' # Must be empty string to hit a line in the code. + } ` + -ClientOnly + $script:mockGetTargetResourceParameters = @{ InstanceName = 'DSCTEST' DatabaseName = 'AdventureWorks' @@ -258,17 +268,20 @@ Describe 'SqlDatabaseObjectPermission\Get-TargetResource' -Tag 'Get' { $getTargetResourceResult = Get-TargetResource @mockGetTargetResourceParameters - $getTargetResourceResult.Permission | Should -HaveCount 2 + $getTargetResourceResult.Permission | Should -HaveCount 3 $getTargetResourceResult.Permission[0] | Should -BeOfType 'CimInstance' $getTargetResourceResult.Permission[1] | Should -BeOfType 'CimInstance' + $getTargetResourceResult.Permission[2] | Should -BeOfType 'CimInstance' $grantPermission = $getTargetResourceResult.Permission | Where-Object -FilterScript { $_.State -eq 'Grant' } $grantPermission | Should -Not -BeNullOrEmpty $grantPermission.Ensure[0] | Should -Be 'Present' $grantPermission.Ensure[1] | Should -Be 'Present' - $grantPermission.Permission | Should -HaveCount 2 + $grantPermission.Ensure[2] | Should -Be 'Present' + $grantPermission.Permission | Should -HaveCount 3 $grantPermission.Permission | Should -Contain @('Select') $grantPermission.Permission | Should -Contain @('Update') + $grantPermission.Permission | Should -Contain @('Insert') } } } @@ -596,6 +609,12 @@ Describe 'SqlDatabaseObjectPermission\Test-TargetResource' -Tag 'Test' { -PermissionState 'Grant' ` -Ensure 'Present' + # Checking that Insert comes back as expected + $cimInstancePermissionCollection += ConvertTo-CimDatabaseObjectPermission ` + -Permission 'Insert' ` + -PermissionState 'Grant' ` + -Ensure 'Present' + $script:mockTestTargetResourceParameters = @{ InstanceName = 'sql2014' DatabaseName = 'AdventureWorks'