From 81d259f345e2194c03735db3e7d977309972e517 Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 12 Oct 2025 13:32:41 +0200 Subject: [PATCH 01/11] Add integration tests for SSL certificate setup --- CHANGELOG.md | 13 ++ azure-pipelines.yml | 1 + ...SqlDscDatabaseEngine.Integration.Tests.ps1 | 37 +++ ...Install-SqlDscServer.Integration.Tests.ps1 | 2 +- .../Invoke-SqlDscQuery.Integration.Tests.ps1 | 3 +- ...llationConfiguration.Integration.Tests.ps1 | 212 ++++++++++++++++++ tests/Integration/Commands/README.md | 1 + 7 files changed, 266 insertions(+), 3 deletions(-) create mode 100644 tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index b7221dd799..2e708d25f6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added +- Added post-installation configuration integration test to configure SSL certificate + support for SQL Server instance DSCSQLTEST in CI environment, enabling testing + of encryption-related functionality. The new `PostInstallationConfiguration` + integration test includes: + - Self-signed SSL certificate creation and installation + - Certificate configuration for SQL Server Database Engine + - Service account permissions for certificate private key access + - Certificate trust chain configuration + - Verification that encryption is properly configured + - Enabled previously skipped encryption tests in `Invoke-SqlDscQuery` + - Added integration tests for `Connect-SqlDscDatabaseEngine` command to verify + the `-Encrypt` parameter functionality + [issue #2290](https://github.com/dsccommunity/SqlServerDsc/issues/2290). - Added integration tests for `Get-SqlDscDatabasePermission` command to ensure database permission retrieval functions correctly in real environments [issue #2221](https://github.com/dsccommunity/SqlServerDsc/issues/2221). diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 91846b3f63..0eafe52a2d 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -290,6 +290,7 @@ stages: 'tests/Integration/Commands/Import-SqlDscPreferredModule.Integration.Tests.ps1' # Group 1 'tests/Integration/Commands/Install-SqlDscServer.Integration.Tests.ps1' + 'tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1' 'tests/Integration/Commands/Connect-SqlDscDatabaseEngine.Integration.Tests.ps1' 'tests/Integration/Commands/Disconnect-SqlDscDatabaseEngine.Integration.Tests.ps1' # Group 2 diff --git a/tests/Integration/Commands/Connect-SqlDscDatabaseEngine.Integration.Tests.ps1 b/tests/Integration/Commands/Connect-SqlDscDatabaseEngine.Integration.Tests.ps1 index cbc56489cc..d7810f2ece 100644 --- a/tests/Integration/Commands/Connect-SqlDscDatabaseEngine.Integration.Tests.ps1 +++ b/tests/Integration/Commands/Connect-SqlDscDatabaseEngine.Integration.Tests.ps1 @@ -130,5 +130,42 @@ Describe 'Connect-SqlDscDatabaseEngine' -Tag @('Integration_SQL2017', 'Integrati } | Should -Not -Throw } } + + Context 'When using Encrypt parameter' { + It 'Should enable EncryptConnection property on the ConnectionContext' { + $sqlAdministratorUserName = 'SqlAdmin' # Using computer name as NetBIOS name throw exception. + $sqlAdministratorPassword = ConvertTo-SecureString -String 'P@ssw0rd1' -AsPlainText -Force + + $connectSqlDscDatabaseEngineParameters = @{ + InstanceName = 'DSCSQLTEST' + Credential = [System.Management.Automation.PSCredential]::new($sqlAdministratorUserName, $sqlAdministratorPassword) + Encrypt = $true + Verbose = $true + ErrorAction = 'Stop' + } + + $sqlServerObject = Connect-SqlDscDatabaseEngine @connectSqlDscDatabaseEngineParameters + + $sqlServerObject.Status.ToString() | Should -Match '^Online$' + $sqlServerObject.ConnectionContext.EncryptConnection | Should -BeTrue + } + + It 'Should not enable EncryptConnection property when Encrypt parameter is not used' { + $sqlAdministratorUserName = 'SqlAdmin' # Using computer name as NetBIOS name throw exception. + $sqlAdministratorPassword = ConvertTo-SecureString -String 'P@ssw0rd1' -AsPlainText -Force + + $connectSqlDscDatabaseEngineParameters = @{ + InstanceName = 'DSCSQLTEST' + Credential = [System.Management.Automation.PSCredential]::new($sqlAdministratorUserName, $sqlAdministratorPassword) + Verbose = $true + ErrorAction = 'Stop' + } + + $sqlServerObject = Connect-SqlDscDatabaseEngine @connectSqlDscDatabaseEngineParameters + + $sqlServerObject.Status.ToString() | Should -Match '^Online$' + $sqlServerObject.ConnectionContext.EncryptConnection | Should -BeFalse + } + } } } diff --git a/tests/Integration/Commands/Install-SqlDscServer.Integration.Tests.ps1 b/tests/Integration/Commands/Install-SqlDscServer.Integration.Tests.ps1 index c12ac317c8..90f3b52224 100644 --- a/tests/Integration/Commands/Install-SqlDscServer.Integration.Tests.ps1 +++ b/tests/Integration/Commands/Install-SqlDscServer.Integration.Tests.ps1 @@ -308,7 +308,7 @@ Describe 'Install-SqlDscServer' -Tag @('Integration_SQL2017', 'Integration_SQL20 $sqlServerService = Get-Service -Name 'MSSQL$DSCSQLTEST' -ErrorAction 'Stop' $sqlServerService.Status | Should -Be 'Running' - + Write-Verbose -Message 'MSSQL$DSCSQLTEST service left running for subsequent integration tests to improve performance' -Verbose } } diff --git a/tests/Integration/Commands/Invoke-SqlDscQuery.Integration.Tests.ps1 b/tests/Integration/Commands/Invoke-SqlDscQuery.Integration.Tests.ps1 index a4f46ff582..51287a0e09 100644 --- a/tests/Integration/Commands/Invoke-SqlDscQuery.Integration.Tests.ps1 +++ b/tests/Integration/Commands/Invoke-SqlDscQuery.Integration.Tests.ps1 @@ -155,8 +155,7 @@ INSERT INTO TestTable (Name, Value) VALUES ('Test1', 100), ('Test2', 200), ('Tes } Context 'When using optional parameters with ByServerName parameter set' { - # Using Encrypt in the CI is not possible until we add the required support (certificate) in the CI. - It 'Should execute query with Encrypt parameter' -Skip { + It 'Should execute query with Encrypt parameter' { { Invoke-SqlDscQuery -ServerName $script:mockComputerName -InstanceName $script:mockInstanceName -Credential $script:mockSqlAdminCredential -DatabaseName $script:testDatabaseName -Query 'SELECT 1 as TestValue' -Encrypt -PassThru -Force -ErrorAction 'Stop' } | Should -Not -Throw diff --git a/tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1 b/tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1 new file mode 100644 index 0000000000..797b8831f3 --- /dev/null +++ b/tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1 @@ -0,0 +1,212 @@ +[System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '', Justification = 'Suppressing this rule because Script Analyzer does not understand Pester syntax.')] +param () + +BeforeDiscovery { + try + { + if (-not (Get-Module -Name 'DscResource.Test')) + { + # Assumes dependencies have been resolved, so if this module is not available, run 'noop' task. + if (-not (Get-Module -Name 'DscResource.Test' -ListAvailable)) + { + # Redirect all streams to $null, except the error stream (stream 2) + & "$PSScriptRoot/../../../build.ps1" -Tasks 'noop' 3>&1 4>&1 5>&1 6>&1 > $null + } + + # If the dependencies have not been resolved, this will throw an error. + Import-Module -Name 'DscResource.Test' -Force -ErrorAction 'Stop' + } + } + catch [System.IO.FileNotFoundException] + { + throw 'DscResource.Test module dependency not found. Please run ".\build.ps1 -ResolveDependency -Tasks noop" first.' + } +} + +BeforeAll { + $script:moduleName = 'SqlServerDsc' + + Import-Module -Name $script:moduleName -Force -ErrorAction 'Stop' +} + +# cSpell: ignore DSCSQLTEST +Describe 'PostInstallationConfiguration' -Tag @('Integration_SQL2017', 'Integration_SQL2019', 'Integration_SQL2022') { + Context 'When configuring SSL certificate for encryption support on DSCSQLTEST instance' { + BeforeAll { + $script:instanceName = 'DSCSQLTEST' + $script:computerName = $env:COMPUTERNAME + $script:serviceAccountName = 'svc-SqlPrimary' + } + + It 'Should verify the SQL Server instance is running with the expected service account' { + $serviceName = "MSSQL`$$script:instanceName" + $service = Get-CimInstance -ClassName 'Win32_Service' -Filter "Name='$serviceName'" -ErrorAction 'Stop' + + $service | Should -Not -BeNullOrEmpty + $service.State | Should -Be 'Running' + $service.StartName | Should -BeLike "*\$script:serviceAccountName" + } + + It 'Should create a self-signed certificate for SQL Server encryption' { + # Create self-signed certificate with proper configuration for SQL Server + $certificateParams = @{ + Type = 'SSLServerAuthentication' + Subject = "CN=$script:computerName" + DnsName = @( + $script:computerName + $([System.Net.Dns]::GetHostEntry('').HostName) + 'localhost' + ) + KeyAlgorithm = 'RSA' + KeyLength = 2048 + HashAlgorithm = 'SHA256' + TextExtension = '2.5.29.37={text}1.3.6.1.5.5.7.3.1' + NotAfter = (Get-Date).AddYears(3) + KeySpec = 'KeyExchange' + Provider = 'Microsoft RSA SChannel Cryptographic Provider' + CertStoreLocation = 'cert:\LocalMachine\My' + } + + $script:certificate = New-SelfSignedCertificate @certificateParams + + $script:certificate | Should -Not -BeNullOrEmpty + $script:certificate.Thumbprint | Should -Not -BeNullOrEmpty + $script:certificateThumbprint = $script:certificate.Thumbprint + } + + It 'Should export the certificate to file' { + $script:certificatePath = Join-Path -Path $env:TEMP -ChildPath 'SqlServerEncryption.cer' + + Export-Certificate -Cert $script:certificate -FilePath $script:certificatePath -ErrorAction 'Stop' + + Test-Path -Path $script:certificatePath | Should -BeTrue + } + + It 'Should import certificate to Trusted Root Certification Authorities' { + # Import to trusted root for self-signed certificates + Import-Certificate -FilePath $script:certificatePath -CertStoreLocation 'Cert:\LocalMachine\Root' -ErrorAction 'Stop' + + # Verify certificate is in trusted root + $trustedCert = Get-ChildItem -Path 'Cert:\LocalMachine\Root' | Where-Object -FilterScript { $_.Thumbprint -eq $script:certificateThumbprint } + $trustedCert | Should -Not -BeNullOrEmpty + } + + It 'Should grant SQL Server service account permission to certificate private key' { + # Get the certificate from the Personal store + $cert = Get-ChildItem -Path "Cert:\LocalMachine\My\$script:certificateThumbprint" + + # Get the private key + $rsaCert = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($cert) + $privateKeyPath = $rsaCert.Key.UniqueName + + # Build the full path to the private key file + $privateKeyFile = Join-Path -Path "$env:ALLUSERSPROFILE\Microsoft\Crypto\RSA\MachineKeys" -ChildPath $privateKeyPath + + # Verify the private key file exists + Test-Path -Path $privateKeyFile | Should -BeTrue + + # Grant read permission to the SQL Server service account + $acl = Get-Acl -Path $privateKeyFile + $accessRule = New-Object -TypeName 'System.Security.AccessControl.FileSystemAccessRule' -ArgumentList @( + $script:serviceAccountName, + 'Read', + 'Allow' + ) + $acl.AddAccessRule($accessRule) + Set-Acl -Path $privateKeyFile -AclObject $acl + + # Verify permission was granted + $updatedAcl = Get-Acl -Path $privateKeyFile + $serviceAccountAccess = $updatedAcl.Access | Where-Object -FilterScript { + $_.IdentityReference -like "*$script:serviceAccountName*" -and $_.FileSystemRights -match 'Read' + } + $serviceAccountAccess | Should -Not -BeNullOrEmpty + } + + It 'Should configure SQL Server instance to use the certificate' { + # Get the SQL Server instance registry key path + # For named instance DSCSQLTEST, the registry path includes the instance name + $registryPath = "HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL*.$script:instanceName\MSSQLServer\SuperSocketNetLib" + + # Find the actual registry path (version number varies) + $actualRegistryPath = Get-Item -Path $registryPath -ErrorAction 'Stop' | Select-Object -First 1 -ExpandProperty Name + $actualRegistryPath = "Registry::$actualRegistryPath" + + # Set the certificate thumbprint (without spaces) + $thumbprintValue = $script:certificateThumbprint -replace '\s', '' + Set-ItemProperty -Path $actualRegistryPath -Name 'Certificate' -Value $thumbprintValue -ErrorAction 'Stop' + + # Verify the certificate was set + $setCertificate = Get-ItemProperty -Path $actualRegistryPath -Name 'Certificate' -ErrorAction 'Stop' + $setCertificate.Certificate | Should -Be $thumbprintValue + } + + It 'Should restart SQL Server service to apply certificate changes' { + $serviceName = "MSSQL`$$script:instanceName" + + # Restart the SQL Server service + Restart-Service -Name $serviceName -Force -ErrorAction 'Stop' + + # Wait for service to be running + $maxRetries = 30 + $retryCount = 0 + do { + Start-Sleep -Seconds 2 + $service = Get-Service -Name $serviceName -ErrorAction 'Stop' + $retryCount++ + } while ($service.Status -ne 'Running' -and $retryCount -lt $maxRetries) + + $service.Status | Should -Be 'Running' + + Write-Verbose -Message "SQL Server instance $script:instanceName restarted with SSL certificate configuration" -Verbose + } + + It 'Should verify SQL Server is online without using the certificate for encryption' { + # Connect to SQL Server and verify encryption is available + $sqlAdministratorUserName = 'SqlAdmin' + $sqlAdministratorPassword = ConvertTo-SecureString -String 'P@ssw0rd1' -AsPlainText -Force + $credential = [System.Management.Automation.PSCredential]::new($sqlAdministratorUserName, $sqlAdministratorPassword) + + $serverObject = Connect-SqlDscDatabaseEngine -InstanceName $script:instanceName -Credential $credential -ErrorAction 'Stop' + + # The server should be online + $serverObject.Status.ToString() | Should -Match '^Online$' + + # Clean up + Disconnect-SqlDscDatabaseEngine -ServerObject $serverObject + } + + It 'Should verify the connection is using encryption via DMV query' { + # Connect to SQL Server with encryption enabled + $sqlAdministratorUserName = 'SqlAdmin' + $sqlAdministratorPassword = ConvertTo-SecureString -String 'P@ssw0rd1' -AsPlainText -Force + $credential = [System.Management.Automation.PSCredential]::new($sqlAdministratorUserName, $sqlAdministratorPassword) + + $serverObject = Connect-SqlDscDatabaseEngine -InstanceName $script:instanceName -Credential $credential -Encrypt -ErrorAction 'Stop' + + # Query sys.dm_exec_connections to verify encryption is being used + # See: https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-sql-server-encryption?view=sql-server-ver17#verify-network-encryption + $encryptionQuery = @" +SELECT + session_id, + encrypt_option, + net_transport +FROM sys.dm_exec_connections +WHERE session_id = @@SPID +"@ + + $result = Invoke-SqlDscQuery -ServerObject $serverObject -DatabaseName 'master' -Query $encryptionQuery -PassThru -Force -ErrorAction 'Stop' + + # Verify the connection is encrypted + $result | Should -Not -BeNullOrEmpty + $result.Tables[0].Rows.Count | Should -Be 1 + $result.Tables[0].Rows[0]['encrypt_option'] | Should -Be 'TRUE' + + # Clean up + Disconnect-SqlDscDatabaseEngine -ServerObject $serverObject + + Write-Verbose -Message "Verified encrypted connection using sys.dm_exec_connections DMV" -Verbose + Write-Verbose -Message "SSL certificate successfully configured for SQL Server instance $script:instanceName" -Verbose + } + } +} diff --git a/tests/Integration/Commands/README.md b/tests/Integration/Commands/README.md index e16db43c2e..cdd8ad5b3c 100644 --- a/tests/Integration/Commands/README.md +++ b/tests/Integration/Commands/README.md @@ -46,6 +46,7 @@ Save-SqlDscSqlServerMediaFile | 0 | - | - | Downloads SQL Server media files ConvertTo-SqlDscEditionName | 0 | - | - | - Import-SqlDscPreferredModule | 0 | - | - | - Install-SqlDscServer | 1 | 0 (Prerequisites) | - | DSCSQLTEST instance +PostInstallationConfiguration | 1 | 1 (Install-SqlDscServer) | DSCSQLTEST | SSL certificate configuration Connect-SqlDscDatabaseEngine | 1 | 0 (Prerequisites) | DSCSQLTEST | - Disconnect-SqlDscDatabaseEngine | 1 | 0 (Prerequisites) | DSCSQLTEST | - Assert-SqlDscLogin | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - From 8fc69c98b6b9556e39bba8a5261a0239d7a67c63 Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 12 Oct 2025 13:40:43 +0200 Subject: [PATCH 02/11] Add cleanup step to disconnect from SQL Server after tests --- .../Connect-SqlDscDatabaseEngine.Integration.Tests.ps1 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/Integration/Commands/Connect-SqlDscDatabaseEngine.Integration.Tests.ps1 b/tests/Integration/Commands/Connect-SqlDscDatabaseEngine.Integration.Tests.ps1 index 9568b1c04f..a1cc7f4f51 100644 --- a/tests/Integration/Commands/Connect-SqlDscDatabaseEngine.Integration.Tests.ps1 +++ b/tests/Integration/Commands/Connect-SqlDscDatabaseEngine.Integration.Tests.ps1 @@ -142,6 +142,8 @@ Describe 'Connect-SqlDscDatabaseEngine' -Tag @('Integration_SQL2017', 'Integrati $sqlServerObject.Status.ToString() | Should -Match '^Online$' $sqlServerObject.ConnectionContext.EncryptConnection | Should -BeTrue + + Disconnect-SqlDscDatabaseEngine -ServerObject $sqlServerObject } It 'Should not enable EncryptConnection property when Encrypt parameter is not used' { @@ -159,6 +161,8 @@ Describe 'Connect-SqlDscDatabaseEngine' -Tag @('Integration_SQL2017', 'Integrati $sqlServerObject.Status.ToString() | Should -Match '^Online$' $sqlServerObject.ConnectionContext.EncryptConnection | Should -BeFalse + + Disconnect-SqlDscDatabaseEngine -ServerObject $sqlServerObject } } } From e7280366253612151c59d8667a4fdf5b400dda5d Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 12 Oct 2025 13:54:28 +0200 Subject: [PATCH 03/11] Update SSL certificate configuration to use fully qualified domain name for computer name --- .../PostInstallationConfiguration.Integration.Tests.ps1 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1 b/tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1 index 797b8831f3..21928ede8d 100644 --- a/tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1 +++ b/tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1 @@ -34,7 +34,8 @@ Describe 'PostInstallationConfiguration' -Tag @('Integration_SQL2017', 'Integrat Context 'When configuring SSL certificate for encryption support on DSCSQLTEST instance' { BeforeAll { $script:instanceName = 'DSCSQLTEST' - $script:computerName = $env:COMPUTERNAME + $script:computerName = Get-ComputerName + $script:computerNameFqdn = Get-ComputerName -FullyQualifiedDomainName $script:serviceAccountName = 'svc-SqlPrimary' } @@ -54,7 +55,7 @@ Describe 'PostInstallationConfiguration' -Tag @('Integration_SQL2017', 'Integrat Subject = "CN=$script:computerName" DnsName = @( $script:computerName - $([System.Net.Dns]::GetHostEntry('').HostName) + $script:computerNameFqdn 'localhost' ) KeyAlgorithm = 'RSA' From bbff4c41118b96bca227a918df07535160075a69 Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 12 Oct 2025 13:54:33 +0200 Subject: [PATCH 04/11] Refactor integration test command groups in README and update pipeline test scripts --- azure-pipelines.yml | 6 +- tests/Integration/Commands/README.md | 130 +++++++++++++-------------- 2 files changed, 69 insertions(+), 67 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 0eafe52a2d..8f1dca0e23 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -290,10 +290,13 @@ stages: 'tests/Integration/Commands/Import-SqlDscPreferredModule.Integration.Tests.ps1' # Group 1 'tests/Integration/Commands/Install-SqlDscServer.Integration.Tests.ps1' + # Group 2 'tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1' + # Group 3 'tests/Integration/Commands/Connect-SqlDscDatabaseEngine.Integration.Tests.ps1' 'tests/Integration/Commands/Disconnect-SqlDscDatabaseEngine.Integration.Tests.ps1' - # Group 2 + 'tests/Integration/Commands/Invoke-SqlDscQuery.Integration.Tests.ps1' + # Group 4 'tests/Integration/Commands/Assert-SqlDscLogin.Integration.Tests.ps1' 'tests/Integration/Commands/New-SqlDscLogin.Integration.Tests.ps1' 'tests/Integration/Commands/Get-SqlDscLogin.Integration.Tests.ps1' @@ -333,7 +336,6 @@ stages: 'tests/Integration/Commands/Set-SqlDscDatabase.Integration.Tests.ps1' 'tests/Integration/Commands/Test-SqlDscDatabase.Integration.Tests.ps1' 'tests/Integration/Commands/Get-SqlDscDatabasePermission.Integration.Tests.ps1' - 'tests/Integration/Commands/Invoke-SqlDscQuery.Integration.Tests.ps1' 'tests/Integration/Commands/Set-SqlDscDatabasePermission.Integration.Tests.ps1' 'tests/Integration/Commands/ConvertTo-SqlDscDatabasePermission.Integration.Tests.ps1' 'tests/Integration/Commands/Get-SqlDscAgentAlert.Integration.Tests.ps1' diff --git a/tests/Integration/Commands/README.md b/tests/Integration/Commands/README.md index cdd8ad5b3c..64f59569cf 100644 --- a/tests/Integration/Commands/README.md +++ b/tests/Integration/Commands/README.md @@ -46,73 +46,73 @@ Save-SqlDscSqlServerMediaFile | 0 | - | - | Downloads SQL Server media files ConvertTo-SqlDscEditionName | 0 | - | - | - Import-SqlDscPreferredModule | 0 | - | - | - Install-SqlDscServer | 1 | 0 (Prerequisites) | - | DSCSQLTEST instance -PostInstallationConfiguration | 1 | 1 (Install-SqlDscServer) | DSCSQLTEST | SSL certificate configuration -Connect-SqlDscDatabaseEngine | 1 | 0 (Prerequisites) | DSCSQLTEST | - -Disconnect-SqlDscDatabaseEngine | 1 | 0 (Prerequisites) | DSCSQLTEST | - -Assert-SqlDscLogin | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -New-SqlDscLogin | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | IntegrationTestSqlLogin, SqlIntegrationTestGroup login -Get-SqlDscLogin | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Get-SqlDscConfigurationOption | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Test-SqlDscConfigurationOption | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Test-SqlDscIsSupportedFeature | 2 | 0 (Prerequisites) | - | - -Get-SqlDscManagedComputer | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Get-SqlDscManagedComputerInstance | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Get-SqlDscManagedComputerService | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Get-SqlDscServerProtocolName | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Get-SqlDscServerProtocol | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Get-SqlDscTraceFlag | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Set-SqlDscConfigurationOption | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Set-SqlDscStartupParameter | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Set-SqlDscTraceFlag | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Disable-SqlDscLogin | 2 | 2 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Enable-SqlDscLogin | 2 | 2 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Enable-SqlDscAudit | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Test-SqlDscIsLogin | 2 | 2 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Test-SqlDscIsLoginEnabled | 2 | 2 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -New-SqlDscRole | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | SqlDscIntegrationTestRole_Persistent role -Get-SqlDscRole | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Get-SqlDscStartupParameter | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Test-SqlDscIsRole | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Test-SqlDscIsDatabasePrincipal | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | Test database and database principals -Grant-SqlDscServerPermission | 2 | 2 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | Grants CreateEndpoint permission to role -Get-SqlDscServerPermission | 2 | 2 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Set-SqlDscServerPermission | 2 | 2 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -ConvertFrom-SqlDscServerPermission | 2 | 0 (Prerequisites) | - | - -Test-SqlDscServerPermission | 2 | 2 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Deny-SqlDscServerPermission | 2 | 2 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | Denies AlterTrace permission to login (persistent) -Revoke-SqlDscServerPermission | 2 | 2 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Get-SqlDscDatabase | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -ConvertFrom-SqlDscDatabasePermission | 2 | 0 (Prerequisites) | - | - -New-SqlDscDatabase | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | Test databases -Set-SqlDscDatabase | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Test-SqlDscDatabase | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Get-SqlDscDatabasePermission | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | Test database, Test user -Invoke-SqlDscQuery | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | Test database and table -ConvertTo-SqlDscDatabasePermission | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Set-SqlDscDatabasePermission | 2 | 2 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Get-SqlDscAgentAlert | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -New-SqlDscAgentAlert | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | Test alerts -New-SqlDscAudit | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | Test audits -Set-SqlDscAgentAlert | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Test-SqlDscAgentAlertProperty | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Test-SqlDscIsAgentAlert | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Get-SqlDscAgentOperator | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -New-SqlDscAgentOperator | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | SqlDscIntegrationTestOperator_Persistent operator -Set-SqlDscAgentOperator | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Test-SqlDscIsAgentOperator | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Assert-SqlDscAgentOperator | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Enable-SqlDscAgentOperator | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Disable-SqlDscAgentOperator | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Get-SqlDscAudit | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Disable-SqlDscAudit | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Add-SqlDscTraceFlag | 2 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - -Remove-SqlDscAgentAlert | 8 | 2 (New-SqlDscAgentAlert) | DSCSQLTEST | - -Remove-SqlDscAgentOperator | 8 | 2 (New-SqlDscAgentOperator) | DSCSQLTEST | - +PostInstallationConfiguration | 2 | 1 (Install-SqlDscServer) | DSCSQLTEST | SSL certificate configuration +Connect-SqlDscDatabaseEngine | 3 | 2 (PostInstallationConfiguration), 0 (Prerequisites) | DSCSQLTEST | - +Disconnect-SqlDscDatabaseEngine | 3 | 2 (PostInstallationConfiguration), 0 (Prerequisites) | DSCSQLTEST | - +Invoke-SqlDscQuery | 3 | 2 (PostInstallationConfiguration), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | Test database and table +Assert-SqlDscLogin | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +New-SqlDscLogin | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | IntegrationTestSqlLogin, SqlIntegrationTestGroup login +Get-SqlDscLogin | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Get-SqlDscConfigurationOption | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Test-SqlDscConfigurationOption | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Test-SqlDscIsSupportedFeature | 4 | 0 (Prerequisites) | - | - +Get-SqlDscManagedComputer | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Get-SqlDscManagedComputerInstance | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Get-SqlDscManagedComputerService | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Get-SqlDscServerProtocolName | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Get-SqlDscServerProtocol | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Get-SqlDscTraceFlag | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Set-SqlDscConfigurationOption | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Set-SqlDscStartupParameter | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Set-SqlDscTraceFlag | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Disable-SqlDscLogin | 4 | 4 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Enable-SqlDscLogin | 4 | 4 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Enable-SqlDscAudit | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Test-SqlDscIsLogin | 4 | 4 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Test-SqlDscIsLoginEnabled | 4 | 4 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +New-SqlDscRole | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | SqlDscIntegrationTestRole_Persistent role +Get-SqlDscRole | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Get-SqlDscStartupParameter | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Test-SqlDscIsRole | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Test-SqlDscIsDatabasePrincipal | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | Test database and database principals +Grant-SqlDscServerPermission | 4 | 4 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | Grants CreateEndpoint permission to role +Get-SqlDscServerPermission | 4 | 4 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Set-SqlDscServerPermission | 4 | 4 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +ConvertFrom-SqlDscServerPermission | 4 | 0 (Prerequisites) | - | - +Test-SqlDscServerPermission | 4 | 4 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Deny-SqlDscServerPermission | 4 | 4 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | Denies AlterTrace permission to login (persistent) +Revoke-SqlDscServerPermission | 4 | 4 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Get-SqlDscDatabase | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +ConvertFrom-SqlDscDatabasePermission | 4 | 0 (Prerequisites) | - | - +New-SqlDscDatabase | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | Test databases +Set-SqlDscDatabase | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Test-SqlDscDatabase | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Get-SqlDscDatabasePermission | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | Test database, Test user +ConvertTo-SqlDscDatabasePermission | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Set-SqlDscDatabasePermission | 4 | 4 (New-SqlDscLogin), 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Get-SqlDscAgentAlert | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +New-SqlDscAgentAlert | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | Test alerts +New-SqlDscAudit | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | Test audits +Set-SqlDscAgentAlert | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Test-SqlDscAgentAlertProperty | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Test-SqlDscIsAgentAlert | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Get-SqlDscAgentOperator | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +New-SqlDscAgentOperator | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | SqlDscIntegrationTestOperator_Persistent operator +Set-SqlDscAgentOperator | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Test-SqlDscIsAgentOperator | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Assert-SqlDscAgentOperator | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Enable-SqlDscAgentOperator | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Disable-SqlDscAgentOperator | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Get-SqlDscAudit | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Disable-SqlDscAudit | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Add-SqlDscTraceFlag | 4 | 1 (Install-SqlDscServer), 0 (Prerequisites) | DSCSQLTEST | - +Remove-SqlDscAgentAlert | 8 | 4 (New-SqlDscAgentAlert) | DSCSQLTEST | - +Remove-SqlDscAgentOperator | 8 | 4 (New-SqlDscAgentOperator) | DSCSQLTEST | - Remove-SqlDscAudit | 8 | - | DSCSQLTEST | - Set-SqlDscAudit | 8 | - | DSCSQLTEST | - -Remove-SqlDscDatabase | 8 | 2 (New-SqlDscDatabase) | DSCSQLTEST | - -Remove-SqlDscRole | 8 | 2 (New-SqlDscRole) | DSCSQLTEST | - -Remove-SqlDscLogin | 8 | 2 (New-SqlDscLogin) | DSCSQLTEST | - +Remove-SqlDscDatabase | 8 | 4 (New-SqlDscDatabase) | DSCSQLTEST | - +Remove-SqlDscRole | 8 | 4 (New-SqlDscRole) | DSCSQLTEST | - +Remove-SqlDscLogin | 8 | 4 (New-SqlDscLogin) | DSCSQLTEST | - Remove-SqlDscTraceFlag | 8 | 1 (Install-SqlDscServer) | DSCSQLTEST | - Uninstall-SqlDscServer | 9 | 8 (Remove commands) | - | - Install-SqlDscReportingService | 1 | 0 (Prerequisites) | - | SSRS instance From a76c7f9f089298c31a20eaee20654d27a00e9a85 Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 12 Oct 2025 13:55:59 +0200 Subject: [PATCH 05/11] Refactor integration tests for Connect-SqlDscDatabaseEngine to improve readability and add cleanup step for disconnecting from SQL Server --- .../Connect-SqlDscDatabaseEngine.Integration.Tests.ps1 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/Integration/Commands/Connect-SqlDscDatabaseEngine.Integration.Tests.ps1 b/tests/Integration/Commands/Connect-SqlDscDatabaseEngine.Integration.Tests.ps1 index a1cc7f4f51..78da1f7685 100644 --- a/tests/Integration/Commands/Connect-SqlDscDatabaseEngine.Integration.Tests.ps1 +++ b/tests/Integration/Commands/Connect-SqlDscDatabaseEngine.Integration.Tests.ps1 @@ -77,6 +77,8 @@ Describe 'Connect-SqlDscDatabaseEngine' -Tag @('Integration_SQL2017', 'Integrati $sqlServerObject = Connect-SqlDscDatabaseEngine @connectSqlDscDatabaseEngineParameters $sqlServerObject.Status.ToString() | Should -Match '^Online$' + + Disconnect-SqlDscDatabaseEngine -ServerObject $sqlServerObject } } } @@ -103,6 +105,8 @@ Describe 'Connect-SqlDscDatabaseEngine' -Tag @('Integration_SQL2017', 'Integrati $sqlServerObject = Connect-SqlDscDatabaseEngine @connectSqlDscDatabaseEngineParameters $sqlServerObject.Status.ToString() | Should -Match '^Online$' + + Disconnect-SqlDscDatabaseEngine -ServerObject $sqlServerObject } } @@ -122,6 +126,8 @@ Describe 'Connect-SqlDscDatabaseEngine' -Tag @('Integration_SQL2017', 'Integrati $sqlServerObject = Connect-SqlDscDatabaseEngine @connectSqlDscDatabaseEngineParameters $sqlServerObject.Status.ToString() | Should -Match '^Online$' + + Disconnect-SqlDscDatabaseEngine -ServerObject $sqlServerObject } } From adc0f4390307aafdc6d3d422caf028608dbd01ad Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 12 Oct 2025 15:20:53 +0200 Subject: [PATCH 06/11] Add logic to set and restore 'Agent XPs' configuration option in integration tests --- ...lDscConfigurationOption.Integration.Tests.ps1 | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/Integration/Commands/Get-SqlDscConfigurationOption.Integration.Tests.ps1 b/tests/Integration/Commands/Get-SqlDscConfigurationOption.Integration.Tests.ps1 index 36f9ed4845..5eaccbd671 100644 --- a/tests/Integration/Commands/Get-SqlDscConfigurationOption.Integration.Tests.ps1 +++ b/tests/Integration/Commands/Get-SqlDscConfigurationOption.Integration.Tests.ps1 @@ -39,9 +39,25 @@ Describe 'Get-SqlDscConfigurationOption' -Tag @('Integration_SQL2017', 'Integrat $script:mockSqlAdminCredential = [System.Management.Automation.PSCredential]::new($mockSqlAdministratorUserName, $mockSqlAdministratorPassword) $script:serverObject = Connect-SqlDscDatabaseEngine -InstanceName $script:mockInstanceName -Credential $script:mockSqlAdminCredential + + # Get the original value of 'Agent XPs' to restore later + $agentXPsOption = Get-SqlDscConfigurationOption -ServerObject $script:serverObject -Name 'Agent XPs' + $script:originalAgentXPsValue = $agentXPsOption.ConfigValue + + # Set Agent XPs to 1 if it's not already set + if ($script:originalAgentXPsValue -ne 1) + { + Set-SqlDscConfigurationOption -ServerObject $script:serverObject -Name 'Agent XPs' -Value 1 + } } AfterAll { + # Restore the original value of 'Agent XPs' if it was not 1 + if ($script:originalAgentXPsValue -ne 1) + { + Set-SqlDscConfigurationOption -ServerObject $script:serverObject -Name 'Agent XPs' -Value $script:originalAgentXPsValue + } + Disconnect-SqlDscDatabaseEngine -ServerObject $script:serverObject } From 1b01cd7653f68adcb0923d3a8721440f48a53c70 Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 12 Oct 2025 16:33:23 +0200 Subject: [PATCH 07/11] Add -Force parameter to Set-SqlDscConfigurationOption for 'Agent XPs' in integration tests --- .../Get-SqlDscConfigurationOption.Integration.Tests.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/Integration/Commands/Get-SqlDscConfigurationOption.Integration.Tests.ps1 b/tests/Integration/Commands/Get-SqlDscConfigurationOption.Integration.Tests.ps1 index 5eaccbd671..7dc385bf32 100644 --- a/tests/Integration/Commands/Get-SqlDscConfigurationOption.Integration.Tests.ps1 +++ b/tests/Integration/Commands/Get-SqlDscConfigurationOption.Integration.Tests.ps1 @@ -47,7 +47,7 @@ Describe 'Get-SqlDscConfigurationOption' -Tag @('Integration_SQL2017', 'Integrat # Set Agent XPs to 1 if it's not already set if ($script:originalAgentXPsValue -ne 1) { - Set-SqlDscConfigurationOption -ServerObject $script:serverObject -Name 'Agent XPs' -Value 1 + Set-SqlDscConfigurationOption -ServerObject $script:serverObject -Name 'Agent XPs' -Value 1 -Force } } @@ -55,7 +55,7 @@ Describe 'Get-SqlDscConfigurationOption' -Tag @('Integration_SQL2017', 'Integrat # Restore the original value of 'Agent XPs' if it was not 1 if ($script:originalAgentXPsValue -ne 1) { - Set-SqlDscConfigurationOption -ServerObject $script:serverObject -Name 'Agent XPs' -Value $script:originalAgentXPsValue + Set-SqlDscConfigurationOption -ServerObject $script:serverObject -Name 'Agent XPs' -Value $script:originalAgentXPsValue -Force } Disconnect-SqlDscDatabaseEngine -ServerObject $script:serverObject From a79a56365a38378fe021547d44c03abd55b0d01f Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 12 Oct 2025 17:46:05 +0200 Subject: [PATCH 08/11] Add -ErrorAction 'Stop' to Get-SqlDscConfigurationOption and Set-SqlDscConfigurationOption calls in integration tests --- .../Get-SqlDscConfigurationOption.Integration.Tests.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/Integration/Commands/Get-SqlDscConfigurationOption.Integration.Tests.ps1 b/tests/Integration/Commands/Get-SqlDscConfigurationOption.Integration.Tests.ps1 index 7dc385bf32..d6e54833fc 100644 --- a/tests/Integration/Commands/Get-SqlDscConfigurationOption.Integration.Tests.ps1 +++ b/tests/Integration/Commands/Get-SqlDscConfigurationOption.Integration.Tests.ps1 @@ -41,13 +41,13 @@ Describe 'Get-SqlDscConfigurationOption' -Tag @('Integration_SQL2017', 'Integrat $script:serverObject = Connect-SqlDscDatabaseEngine -InstanceName $script:mockInstanceName -Credential $script:mockSqlAdminCredential # Get the original value of 'Agent XPs' to restore later - $agentXPsOption = Get-SqlDscConfigurationOption -ServerObject $script:serverObject -Name 'Agent XPs' + $agentXPsOption = Get-SqlDscConfigurationOption -ServerObject $script:serverObject -Name 'Agent XPs' -ErrorAction 'Stop' $script:originalAgentXPsValue = $agentXPsOption.ConfigValue # Set Agent XPs to 1 if it's not already set if ($script:originalAgentXPsValue -ne 1) { - Set-SqlDscConfigurationOption -ServerObject $script:serverObject -Name 'Agent XPs' -Value 1 -Force + Set-SqlDscConfigurationOption -ServerObject $script:serverObject -Name 'Agent XPs' -Value 1 -Force -ErrorAction 'Stop' } } @@ -55,7 +55,7 @@ Describe 'Get-SqlDscConfigurationOption' -Tag @('Integration_SQL2017', 'Integrat # Restore the original value of 'Agent XPs' if it was not 1 if ($script:originalAgentXPsValue -ne 1) { - Set-SqlDscConfigurationOption -ServerObject $script:serverObject -Name 'Agent XPs' -Value $script:originalAgentXPsValue -Force + Set-SqlDscConfigurationOption -ServerObject $script:serverObject -Name 'Agent XPs' -Value $script:originalAgentXPsValue -Force -ErrorAction 'Stop' } Disconnect-SqlDscDatabaseEngine -ServerObject $script:serverObject From e111b0422e40fbdc022ae0f5a0bb956b414bcd41 Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 12 Oct 2025 17:46:10 +0200 Subject: [PATCH 09/11] Refactor access rule creation for private key file to use static method for improved clarity --- .../PostInstallationConfiguration.Integration.Tests.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1 b/tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1 index 21928ede8d..959e40e6c3 100644 --- a/tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1 +++ b/tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1 @@ -108,10 +108,10 @@ Describe 'PostInstallationConfiguration' -Tag @('Integration_SQL2017', 'Integrat # Grant read permission to the SQL Server service account $acl = Get-Acl -Path $privateKeyFile - $accessRule = New-Object -TypeName 'System.Security.AccessControl.FileSystemAccessRule' -ArgumentList @( + $accessRule = [System.Security.AccessControl.FileSystemAccessRule]::new( $script:serviceAccountName, - 'Read', - 'Allow' + [System.Security.AccessControl.FileSystemRights]::Read, + [System.Security.AccessControl.AccessControlType]::Allow ) $acl.AddAccessRule($accessRule) Set-Acl -Path $privateKeyFile -AclObject $acl From 3b69a91db9485127123f59d5efdea979c4392fad Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 12 Oct 2025 18:04:43 +0200 Subject: [PATCH 10/11] Add -ErrorAction 'Stop' to various commands in PostInstallationConfiguration integration tests for improved error handling --- ...stInstallationConfiguration.Integration.Tests.ps1 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1 b/tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1 index 959e40e6c3..b2923bc4be 100644 --- a/tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1 +++ b/tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1 @@ -68,7 +68,7 @@ Describe 'PostInstallationConfiguration' -Tag @('Integration_SQL2017', 'Integrat CertStoreLocation = 'cert:\LocalMachine\My' } - $script:certificate = New-SelfSignedCertificate @certificateParams + $script:certificate = New-SelfSignedCertificate @certificateParams -ErrorAction 'Stop' $script:certificate | Should -Not -BeNullOrEmpty $script:certificate.Thumbprint | Should -Not -BeNullOrEmpty @@ -107,17 +107,17 @@ Describe 'PostInstallationConfiguration' -Tag @('Integration_SQL2017', 'Integrat Test-Path -Path $privateKeyFile | Should -BeTrue # Grant read permission to the SQL Server service account - $acl = Get-Acl -Path $privateKeyFile + $acl = Get-Acl -Path $privateKeyFile -ErrorAction 'Stop' $accessRule = [System.Security.AccessControl.FileSystemAccessRule]::new( $script:serviceAccountName, [System.Security.AccessControl.FileSystemRights]::Read, [System.Security.AccessControl.AccessControlType]::Allow ) $acl.AddAccessRule($accessRule) - Set-Acl -Path $privateKeyFile -AclObject $acl + Set-Acl -Path $privateKeyFile -AclObject $acl -ErrorAction 'Stop' # Verify permission was granted - $updatedAcl = Get-Acl -Path $privateKeyFile + $updatedAcl = Get-Acl -Path $privateKeyFile -ErrorAction 'Stop' $serviceAccountAccess = $updatedAcl.Access | Where-Object -FilterScript { $_.IdentityReference -like "*$script:serviceAccountName*" -and $_.FileSystemRights -match 'Read' } @@ -174,7 +174,7 @@ Describe 'PostInstallationConfiguration' -Tag @('Integration_SQL2017', 'Integrat $serverObject.Status.ToString() | Should -Match '^Online$' # Clean up - Disconnect-SqlDscDatabaseEngine -ServerObject $serverObject + Disconnect-SqlDscDatabaseEngine -ServerObject $serverObject -ErrorAction 'Stop' } It 'Should verify the connection is using encryption via DMV query' { @@ -204,7 +204,7 @@ WHERE session_id = @@SPID $result.Tables[0].Rows[0]['encrypt_option'] | Should -Be 'TRUE' # Clean up - Disconnect-SqlDscDatabaseEngine -ServerObject $serverObject + Disconnect-SqlDscDatabaseEngine -ServerObject $serverObject -ErrorAction 'Stop' Write-Verbose -Message "Verified encrypted connection using sys.dm_exec_connections DMV" -Verbose Write-Verbose -Message "SSL certificate successfully configured for SQL Server instance $script:instanceName" -Verbose From 41ab95d623a17f71c5077fa1e60812ed65e25868 Mon Sep 17 00:00:00 2001 From: Johan Ljunggren Date: Sun, 12 Oct 2025 18:06:09 +0200 Subject: [PATCH 11/11] Add -ErrorAction 'Stop' to Get-ChildItem for certificate retrieval in integration tests --- .../PostInstallationConfiguration.Integration.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1 b/tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1 index b2923bc4be..765fc26565 100644 --- a/tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1 +++ b/tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1 @@ -94,7 +94,7 @@ Describe 'PostInstallationConfiguration' -Tag @('Integration_SQL2017', 'Integrat It 'Should grant SQL Server service account permission to certificate private key' { # Get the certificate from the Personal store - $cert = Get-ChildItem -Path "Cert:\LocalMachine\My\$script:certificateThumbprint" + $cert = Get-ChildItem -Path "Cert:\LocalMachine\My\$script:certificateThumbprint" -ErrorAction 'Stop' # Get the private key $rsaCert = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($cert)