Merge branch 'main' into fix/get-sqldscserverpermission

Author: johlju

.github/instructions/dsc-community-style-guidelines-pester.instructions.md

@@ -14,6 +14,13 @@ applyTo: "**/*.[Tt]ests.ps1"
 - Never test verbose messages, debug messages or parameter binding behavior
 - Pass all mandatory parameters to avoid prompts
 
+## Requirements
+- Inside `It` blocks, assign unused return objects to `$null` (unless part of pipeline)
+- Tested entity must be called from within the `It` blocks
+- Keep results and assertions in same `It` block
+- Avoid try-catch-finally for cleanup, use `AfterAll` or `AfterEach`
+- Avoid unnecessary remove/recreate cycles
+
 ## Naming
 - One `Describe` block per file matching the tested entity name
 - `Context` descriptions start with 'When'
@@ -51,10 +58,6 @@ applyTo: "**/*.[Tt]ests.ps1"
 - Keep scope close to usage context
 
 ## Best Practices
-- Inside `It` blocks, assign unused return objects to `$null` (unless part of pipeline)
-- Tested entity must be called from within the `It` blocks
-- Keep results and assertions in same `It` block
 - Cover all scenarios and code paths
 - Use `BeforeEach` and `AfterEach` sparingly
-- Avoid try-catch-finally for cleanup, use `AfterAll` or `AfterEach`
-- Avoid unnecessary remove/recreate cycles
+- Use `$PSDefaultParameterValues` only for Pester commands (`Describe`, `Context`, `It`, `Mock`, `Should`, `InModuleScope`)

.github/instructions/dsc-community-style-guidelines-powershell.instructions.md

@@ -80,6 +80,7 @@ applyTo: "**/*.ps?(m|d)1"
   - Place ShouldProcess check immediately before each state-change
   - `$PSCmdlet.ShouldProcess` must use required pattern
 - Never use backtick as line continuation in production code.
+- Set `$ErrorActionPreference = 'Stop'` before commands using `-ErrorAction 'Stop'`; restore after
 
 ## Output streams
 
@@ -181,6 +182,7 @@ function Get-Something
 - Limit piping to one pipe per line
 - Assign function results to variables rather than inline calls
 - Return a single, consistent object type per function
+  - return `$null` for no objects/non-terminating errors
 
 ### Security & Safety
 

CHANGELOG.md

@@ -12,9 +12,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Fixed Azure DevOps pipeline conditions that were preventing DSC resource
   integration tests from running when they should by removing incorrect quotes
   around boolean values.
+- Refactored error handling by removing global `$ErrorActionPreference = 'Stop'`
+  from 64 PowerShell files and implementing targeted error control for specific
+  command calls that use `-ErrorAction 'Stop'`.
 - `SqlAgentAlert`
   - Minor fix in `source/Classes/020.SqlAgentAlert.ps1` to correct `ExcludeDscProperties`
     formatting (added missing delimiter).
+- `SqlRSSetup`
+  - Re-added `ReportServerEdition` enum and updated class to use enum instead of
+    ValidateSet for the Edition property.
+- Fixed commands continuing execution after `Assert-ElevatedUser` elevation
+  errors by setting `$ErrorActionPreference = 'Stop'` [issue #2070](https://github.com/dsccommunity/SqlServerDsc/issues/2070)
 
 ### Added
 
@@ -27,6 +35,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Enhanced workflow with proper environment variable configuration and DSCv3 verification.
   - Fixed environment variable persistence by using $GITHUB_ENV instead of
     job-level env declaration.
+- `Grant-SqlDscServerPermission`
+  - Added new public command to grant server permissions to a principal (Login or ServerRole) on a SQL Server Database Engine instance.
+- `Deny-SqlDscServerPermission`
+  - Added new public command to deny server permissions to a principal (Login or ServerRole).
+- `Revoke-SqlDscServerPermission`
+  - Added new public command to revoke server permissions from a principal (Login or ServerRole).
+- `Test-SqlDscServerPermission`
+  - Added new public command with Grant/Deny parameter sets (and `-WithGrant`) to test server permissions for a principal.
 - `Assert-SqlDscLogin`
   - Added new public command to validate that a specified SQL Server principal
     is a login.

azure-pipelines.yml

@@ -299,19 +299,24 @@ stages:
                   'tests/Integration/Commands/Test-SqlDscIsLoginEnabled.Integration.Tests.ps1'
                   'tests/Integration/Commands/New-SqlDscRole.Integration.Tests.ps1'
                   'tests/Integration/Commands/Get-SqlDscRole.Integration.Tests.ps1'
-                  'tests/Integration/Commands/Remove-SqlDscRole.Integration.Tests.ps1'
-                  'tests/Integration/Commands/Remove-SqlDscLogin.Integration.Tests.ps1'
+                  'tests/Integration/Commands/Grant-SqlDscServerPermission.Integration.Tests.ps1'
                   'tests/Integration/Commands/Get-SqlDscServerPermission.Integration.Tests.ps1'
+                  'tests/Integration/Commands/Test-SqlDscServerPermission.Integration.Tests.ps1'
+                  'tests/Integration/Commands/Deny-SqlDscServerPermission.Integration.Tests.ps1'
+                  'tests/Integration/Commands/Revoke-SqlDscServerPermission.Integration.Tests.ps1'
                   'tests/Integration/Commands/Get-SqlDscDatabase.Integration.Tests.ps1'
                   'tests/Integration/Commands/New-SqlDscDatabase.Integration.Tests.ps1'
                   'tests/Integration/Commands/Set-SqlDscDatabase.Integration.Tests.ps1'
                   'tests/Integration/Commands/Test-SqlDscDatabase.Integration.Tests.ps1'
-                  'tests/Integration/Commands/Remove-SqlDscDatabase.Integration.Tests.ps1'
                   'tests/Integration/Commands/Get-SqlDscAgentAlert.Integration.Tests.ps1'
                   'tests/Integration/Commands/New-SqlDscAgentAlert.Integration.Tests.ps1'
                   'tests/Integration/Commands/Set-SqlDscAgentAlert.Integration.Tests.ps1'
                   'tests/Integration/Commands/Test-SqlDscAgentAlert.Integration.Tests.ps1'
+                  # Group 8
                   'tests/Integration/Commands/Remove-SqlDscAgentAlert.Integration.Tests.ps1'
+                  'tests/Integration/Commands/Remove-SqlDscDatabase.Integration.Tests.ps1'
+                  'tests/Integration/Commands/Remove-SqlDscRole.Integration.Tests.ps1'
+                  'tests/Integration/Commands/Remove-SqlDscLogin.Integration.Tests.ps1'
                   # Group 9
                   'tests/Integration/Commands/Uninstall-SqlDscServer.Integration.Tests.ps1'
               )

source/Classes/020.SqlRSSetup.ps1

@@ -187,8 +187,7 @@ class SqlRSSetup : ResourceBase
     $EditionUpgrade
 
     [DscProperty()]
-    [ValidateSet('Developer', 'Evaluation', 'ExpressAdvanced')]
-    [System.String]
+    [ReportServerEdition]
     $Edition
 
     [DscProperty()]
@@ -402,8 +401,9 @@ class SqlRSSetup : ResourceBase
     hidden [void] Modify([System.Collections.Hashtable] $properties)
     {
         $getDscPropertyParameters = @{
-            HasValue    = $true
-            Attribute   = @(
+            HasValue             = $true
+            IgnoreZeroEnumValue  = $true
+            Attribute            = @(
                 'Optional'
                 'Mandatory'
             )

source/Enum/001.ReportServerEdition.ps1

@@ -0,0 +1,12 @@
+<#
+    .SYNOPSIS
+        The possible states for the commands and DSC resources that handles
+        SQL Server Reporting Services or Power BI Report Server and uses the
+        parameter Edition.
+#>
+enum ReportServerEdition
+{
+    Developer = 1
+    Evaluation
+    ExpressAdvanced
+}

source/Enum/002.ServerPermission.ps1

@@ -0,0 +1,63 @@
+<#
+    .SYNOPSIS
+        The possible server permissions that can be granted, denied, or revoked.
+
+    .NOTES
+        The available permissions can be seen in the ServerPermission Class documentation:
+        https://learn.microsoft.com/en-us/dotnet/api/microsoft.sqlserver.management.smo.serverpermission
+#>
+enum SqlServerPermission
+{
+    # cSpell:ignore securables
+    AdministerBulkOperations = 1
+    AlterAnyAvailabilityGroup
+    AlterAnyConnection
+    AlterAnyCredential
+    AlterAnyDatabase
+    AlterAnyEndpoint
+    AlterAnyEventNotification
+    AlterAnyEventSession
+    AlterAnyEventSessionAddEvent
+    AlterAnyEventSessionAddTarget
+    AlterAnyEventSessionDisable
+    AlterAnyEventSessionDropEvent
+    AlterAnyEventSessionDropTarget
+    AlterAnyEventSessionEnable
+    AlterAnyEventSessionOption
+    AlterAnyLinkedServer
+    AlterAnyLogin
+    AlterAnyServerAudit
+    AlterAnyServerRole
+    AlterResources
+    AlterServerState
+    AlterSettings
+    AlterTrace
+    AuthenticateServer
+    ConnectAnyDatabase
+    ConnectSql
+    ControlServer
+    CreateAnyDatabase
+    CreateAnyEventSession
+    CreateAvailabilityGroup
+    CreateDdlEventNotification
+    CreateEndpoint
+    CreateLogin
+    CreateServerRole
+    CreateTraceEventNotification
+    DropAnyEventSession
+    ExternalAccessAssembly
+    ImpersonateAnyLogin
+    SelectAllUserSecurables
+    Shutdown
+    UnsafeAssembly
+    ViewAnyCryptographicallySecuredDefinition
+    ViewAnyDatabase
+    ViewAnyDefinition
+    ViewAnyErrorLog
+    ViewAnyPerformanceDefinition
+    ViewAnySecurityDefinition
+    ViewServerPerformanceState
+    ViewServerSecurityAudit
+    ViewServerSecurityState
+    ViewServerState
+}

source/Private/Get-FileVersionInformation.ps1

@@ -34,8 +34,14 @@ function Get-FileVersionInformation
 
     process
     {
+        $originalErrorActionPreference = $ErrorActionPreference
+
+        $ErrorActionPreference = 'Stop'
+
         $file = Get-Item -Path $FilePath -ErrorAction 'Stop'
 
+        $ErrorActionPreference = $originalErrorActionPreference
+
         if ($file.PSIsContainer)
         {
             $PSCmdlet.ThrowTerminatingError(

source/Private/Invoke-ReportServerSetupAction.ps1

@@ -196,13 +196,23 @@ function Invoke-ReportServerSetupAction
         $PassThru
     )
 
+    $previousErrorActionPreference = $ErrorActionPreference
+
+    $ErrorActionPreference = 'Stop'
+
     if ($Force.IsPresent -and -not $Confirm)
     {
         $ConfirmPreference = 'None'
     }
 
+    $originalErrorActionPreference = $ErrorActionPreference
+
+    $ErrorActionPreference = 'Stop'
+
     Assert-ElevatedUser -ErrorAction 'Stop'
 
+    $ErrorActionPreference = $originalErrorActionPreference
+
     $assertBoundParameters = @{
         BoundParameterList     = $PSBoundParameters
         MutuallyExclusiveList1 = @(
@@ -226,6 +236,8 @@ function Invoke-ReportServerSetupAction
 
     Assert-BoundParameter @assertBoundParameters
 
+    $ErrorActionPreference = $previousErrorActionPreference
+
     # Sensitive values.
     $sensitiveValue = @()
 

source/Private/Invoke-SetupAction.ps1

@@ -1372,6 +1372,10 @@ function Invoke-SetupAction
         $Force
     )
 
+    $originalErrorActionPreference = $ErrorActionPreference
+
+    $ErrorActionPreference = 'Stop'
+
     if ($Force.IsPresent -and -not $Confirm)
     {
         $ConfirmPreference = 'None'
@@ -1411,6 +1415,8 @@ function Invoke-SetupAction
 
     Assert-SetupActionProperties -Property $PSBoundParameters -SetupAction $setupAction -ErrorAction 'Stop'
 
+    $ErrorActionPreference = $originalErrorActionPreference
+
     $setupArgument = '/QUIET /ACTION={0}' -f $setupAction
 
     if ($DebugPreference -in @('Continue', 'Inquire'))