SqlServerDsc/tests/Integration/Commands/ConvertTo-SqlDscDatabasePermission.Integration.Tests.ps1 at aa49742c034026e7f1f8e3547caf5fbc3d3bb690 · johlju/SqlServerDsc · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
[System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '', Justification = 'Suppressing this rule because Script Analyzer does not understand Pester syntax.')]
param ()

BeforeDiscovery {
    try
    {
        if (-not (Get-Module -Name 'DscResource.Test'))
        {
            # Assumes dependencies have been resolved, so if this module is not available, run 'noop' task.
            if (-not (Get-Module -Name 'DscResource.Test' -ListAvailable))
            {
                # Redirect all streams to $null, except the error stream (stream 2)
                & "$PSScriptRoot/../../../build.ps1" -Tasks 'noop' 3>&1 4>&1 5>&1 6>&1 > $null
            }

            # If the dependencies have not been resolved, this will throw an error.
            Import-Module -Name 'DscResource.Test' -Force -ErrorAction 'Stop'
        }
    }
    catch [System.IO.FileNotFoundException]
    {
        throw 'DscResource.Test module dependency not found. Please run ".\build.ps1 -ResolveDependency -Tasks noop" first.'
    }
}

BeforeAll {
    $script:moduleName = 'SqlServerDsc'

    # Do not use -Force. Doing so, or unloading the module in AfterAll, causes
    # PowerShell class types to get new identities, breaking type comparisons.
    Import-Module -Name $script:moduleName -ErrorAction 'Stop'
}

Describe 'ConvertTo-SqlDscDatabasePermission' -Tag @('Integration_SQL2017', 'Integration_SQL2019', 'Integration_SQL2022', 'Integration_SQL2025') {
    BeforeAll {
        $script:mockInstanceName = 'DSCSQLTEST'

        $mockSqlAdministratorUserName = 'SqlAdmin'
        $mockSqlAdministratorPassword = ConvertTo-SecureString -String 'P@ssw0rd1' -AsPlainText -Force

        $script:mockSqlAdminCredential = [System.Management.Automation.PSCredential]::new($mockSqlAdministratorUserName, $mockSqlAdministratorPassword)

        $script:serverObject = Connect-SqlDscDatabaseEngine -InstanceName $script:mockInstanceName -Credential $script:mockSqlAdminCredential
    }

    AfterAll {
        Disconnect-SqlDscDatabaseEngine -ServerObject $script:serverObject
    }
    Context 'When converting empty collection of DatabasePermissionInfo' {
        It 'Should return empty array for empty DatabasePermissionInfo collection' {
            $emptyCollection = [Microsoft.SqlServer.Management.Smo.DatabasePermissionInfo[]] @()

            $result = ConvertTo-SqlDscDatabasePermission -DatabasePermissionInfo $emptyCollection

            $result | Should -BeNullOrEmpty
        }

        It 'Should accept empty collection through pipeline' {
            $emptyCollection = [Microsoft.SqlServer.Management.Smo.DatabasePermissionInfo[]] @()

            $result = $emptyCollection | ConvertTo-SqlDscDatabasePermission

            $result | Should -BeNullOrEmpty
        }
    }

    Context 'When converting DatabasePermissionInfo from system database' {
        It 'Should convert DatabasePermissionInfo to DatabasePermission objects for dbo principal' {
            # Get permissions for the dbo user from master database
            $databasePermissionInfo = Get-SqlDscDatabasePermission -ServerObject $script:serverObject -DatabaseName 'master' -Name 'dbo' -ErrorAction 'Stop'

            # Only proceed if we have permission data to work with
            if ($databasePermissionInfo) {
                $result = ConvertTo-SqlDscDatabasePermission -DatabasePermissionInfo $databasePermissionInfo

                # Validate the result structure
                $result | Should -Not -BeNullOrEmpty

                # Each result should have State and Permission properties
                foreach ($permission in $result) {
                    $permission.State | Should -Not -BeNullOrEmpty
                    $permission.Permission | Should -Not -BeNullOrEmpty

                    # Validate that permission state is one of the expected values
                    $permission.State | Should -BeIn @('Grant', 'Deny', 'GrantWithGrant')
                }
            }
        }

        It 'Should accept DatabasePermissionInfo through pipeline' {
            # Get permissions for the dbo user from master database
            $databasePermissionInfo = Get-SqlDscDatabasePermission -ServerObject $script:serverObject -DatabaseName 'master' -Name 'dbo' -ErrorAction 'Stop'

            # Only proceed if we have permission data to work with
            if ($databasePermissionInfo) {
                $result = $databasePermissionInfo | ConvertTo-SqlDscDatabasePermission

                # Validate the result structure
                $result | Should -Not -BeNullOrEmpty

                # Each result should have State and Permission properties
                foreach ($permission in $result) {
                    $permission.State | Should -Not -BeNullOrEmpty
                    $permission.Permission | Should -Not -BeNullOrEmpty

                    # Validate that permission state is one of the expected values
                    $permission.State | Should -BeIn @('Grant', 'Deny', 'GrantWithGrant')
                }
            }
        }
    }

    Context 'When converting DatabasePermissionInfo for guest user' {
        It 'Should handle guest user permissions correctly' {
            # Get permissions for the guest user from master database (guest should have Connect permission)
            $databasePermissionInfo = Get-SqlDscDatabasePermission -ServerObject $script:serverObject -DatabaseName 'master' -Name 'guest' -ErrorAction 'SilentlyContinue'

            # Only proceed if we have permission data to work with
            if ($databasePermissionInfo) {
                $result = ConvertTo-SqlDscDatabasePermission -DatabasePermissionInfo $databasePermissionInfo

                # Validate the result structure
                $result | Should -Not -BeNullOrEmpty

                # Each result should have State and Permission properties
                foreach ($permission in $result) {
                    $permission.State | Should -Not -BeNullOrEmpty
                    $permission.Permission | Should -Not -BeNullOrEmpty

                    # Validate that permission state is one of the expected values
                    $permission.State | Should -BeIn @('Grant', 'Deny', 'GrantWithGrant')
                }
            }
        }
    }

    Context 'When testing conversion functionality with multiple permission states' {
        It 'Should group permissions by state correctly' {
            # Try to get permissions from system databases where we might have various permission states
            $databasePermissionInfo = Get-SqlDscDatabasePermission -ServerObject $script:serverObject -DatabaseName 'msdb' -Name 'dbo' -ErrorAction 'SilentlyContinue'

            # Only proceed if we have permission data to work with
            if ($databasePermissionInfo) {
                $result = ConvertTo-SqlDscDatabasePermission -DatabasePermissionInfo $databasePermissionInfo

                if ($result) {
                    # Validate that permissions are properly grouped by state
                    $uniqueStates = $result.State | Sort-Object -Unique

                    foreach ($state in $uniqueStates) {
                        $permissionsForState = $result | Where-Object { $_.State -eq $state }
                        $permissionsForState | Should -HaveCount 1
                        $permissionsForState[0].Permission | Should -Not -BeNullOrEmpty
                    }
                }
            }
        }
    }
}