Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add-DbaDbRoleMember - Add support for adding roles to roles #9319

Merged
merged 5 commits into from
Apr 12, 2024
Merged

Add-DbaDbRoleMember - Add support for adding roles to roles #9319

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ccbb7fe
Add support for adding roles to roles (do Add-DbaDbRoleMember)
andreasjordan Apr 3, 2024
0257442
Return member roles
andreasjordan Apr 8, 2024
ac4a726
Fix test
andreasjordan Apr 8, 2024
829cf01
fix test (do DbaDbRoleMember)
andreasjordan Apr 8, 2024
2ea1dd5
rewording (do DbaDbRoleMember)
andreasjordan Apr 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 23 additions & 15 deletions public/Add-DbaDbRoleMember.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@ function Add-DbaDbRoleMember {
.PARAMETER Role
The role(s) to process.

.PARAMETER User
The user(s) to add to role(s) specified.
.PARAMETER Member
The user(s) or role(s) to add to role(s) specified.

.PARAMETER InputObject
Enables piped input from Get-DbaDbRole or Get-DbaDatabase
Expand Down Expand Up @@ -51,29 +51,29 @@ function Add-DbaDbRoleMember {
https://dbatools.io/Add-DbaDbRoleMember

.EXAMPLE
PS C:\> Add-DbaDbRoleMember -SqlInstance localhost -Database mydb -Role db_owner -User user1
PS C:\> Add-DbaDbRoleMember -SqlInstance localhost -Database mydb -Role db_owner -Member user1

Adds user1 to the role db_owner in the database mydb on the local default SQL Server instance

.EXAMPLE
PS C:\> Add-DbaDbRoleMember -SqlInstance localhost, sql2016 -Role SqlAgentOperatorRole -User user1 -Database msdb
PS C:\> Add-DbaDbRoleMember -SqlInstance localhost, sql2016 -Role SqlAgentOperatorRole -Member user1 -Database msdb

Adds user1 in servers localhost and sql2016 in the msdb database to the SqlAgentOperatorRole

.EXAMPLE
PS C:\> $servers = Get-Content C:\servers.txt
PS C:\> $servers | Add-DbaDbRoleMember -Role SqlAgentOperatorRole -User user1 -Database msdb
PS C:\> $servers | Add-DbaDbRoleMember -Role SqlAgentOperatorRole -Member user1 -Database msdb

Adds user1 to the SqlAgentOperatorROle in the msdb database in every server in C:\servers.txt

.EXAMPLE
PS C:\> Add-DbaDbRoleMember -SqlInstance localhost -Role "db_datareader","db_datawriter" -User user1 -Database DEMODB
PS C:\> Add-DbaDbRoleMember -SqlInstance localhost -Role "db_datareader","db_datawriter" -Member user1 -Database DEMODB

Adds user1 in the database DEMODB on the server localhost to the roles db_datareader and db_datawriter

.EXAMPLE
PS C:\> $roles = Get-DbaDbRole -SqlInstance localhost -Role "db_datareader","db_datawriter" -Database DEMODB
PS C:\> $roles | Add-DbaDbRoleMember -User user1
PS C:\> $roles | Add-DbaDbRoleMember -Member user1

Adds user1 in the database DEMODB on the server localhost to the roles db_datareader and db_datawriter

Expand All @@ -86,7 +86,8 @@ function Add-DbaDbRoleMember {
[string[]]$Database,
[string[]]$Role,
[parameter(Mandatory)]
[string[]]$User,
[Alias("User")]
[string[]]$Member,
[parameter(ValueFromPipeline)]
[object[]]$InputObject,
[switch]$EnableException
Expand Down Expand Up @@ -139,16 +140,23 @@ function Add-DbaDbRoleMember {

$members = $dbRole.EnumMembers()

foreach ($username in $User) {
if ($db.Users.Name -contains $username) {
if ($members -notcontains $username) {
if ($PSCmdlet.ShouldProcess($instance, "Adding User $username to role: $dbRole in database $db")) {
Write-Message -Level 'Verbose' -Message "Adding User $username to role: $dbRole in database $db on $instance"
$dbRole.AddMember($username)
foreach ($newMember in $Member) {
if ($db.Users.Name -contains $newMember) {
if ($members -notcontains $newMember) {
if ($PSCmdlet.ShouldProcess($instance, "Adding user $newMember to role: $dbRole in database $db")) {
Write-Message -Level 'Verbose' -Message "Adding user $newMember to role: $dbRole in database $db on $instance"
$dbRole.AddMember($newMember)
}
}
} elseif ($db.Roles.Name -contains $newMember) {
if ($members -notcontains $newMember) {
if ($PSCmdlet.ShouldProcess($instance, "Adding role $newMember to role: $dbRole in database $db")) {
Write-Message -Level 'Verbose' -Message "Adding role $newMember to role: $dbRole in database $db on $instance"
$dbRole.AddMember($newMember)
}
}
} else {
Write-Message -Level 'Warning' -Message "User $username does not exist in $db on $instance"
Write-Message -Level 'Warning' -Message "User or role $newMember does not exist in $db on $instance"
}
}
}
Expand Down
41 changes: 29 additions & 12 deletions public/Get-DbaDbRoleMember.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,23 +160,40 @@ function Get-DbaDbRoleMember {

$members = $dbRole.EnumMembers()
foreach ($member in $members) {
$user = $db.Users | Where-Object { $_.Name -eq $member }
$memberUser = $db.Users | Where-Object { $_.Name -eq $member }
$memberRole = $db.Roles | Where-Object { $_.Name -eq $member }

if (Test-Bound -Not -ParameterName 'IncludeSystemUser') {
$user = $user | Where-Object { $_.IsSystemObject -eq $false }
$memberUser = $memberUser | Where-Object { $_.IsSystemObject -eq $false }
}

if ($user) {
if ($memberUser) {
[PSCustomObject]@{
ComputerName = $server.ComputerName
InstanceName = $server.ServiceName
SqlInstance = $server.DomainInstanceName
Database = $db.Name
Role = $dbRole.Name
UserName = $user.Name
Login = $user.Login
SmoRole = $dbRole
SmoUser = $user
ComputerName = $server.ComputerName
InstanceName = $server.ServiceName
SqlInstance = $server.DomainInstanceName
Database = $db.Name
Role = $dbRole.Name
UserName = $memberUser.Name
Login = $memberUser.Login
MemberRole = $null
SmoRole = $dbRole
SmoUser = $memberUser
SmoMemberRole = $null
}
} elseif ($memberRole) {
[PSCustomObject]@{
ComputerName = $server.ComputerName
InstanceName = $server.ServiceName
SqlInstance = $server.DomainInstanceName
Database = $db.Name
Role = $dbRole.Name
UserName = $null
Login = $memberUser.Login
MemberRole = $memberRole.Name
SmoRole = $dbRole
SmoUser = $null
SmoMemberRole = $memberRole
}
}
}
Expand Down
15 changes: 11 additions & 4 deletions tests/Add-DbaDbRoleMember.Tests.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ Write-Host -Object "Running $PSCommandpath" -ForegroundColor Cyan
Describe "$CommandName Unit Tests" -Tags "UnitTests" {
Context "Validate parameters" {
[object[]]$params = (Get-Command $CommandName).Parameters.Keys | Where-Object {$_ -notin ('whatif', 'confirm')}
[object[]]$knownParameters = 'SqlInstance', 'SqlCredential', 'Database', 'Role', 'User', 'InputObject', 'EnableException'
[object[]]$knownParameters = 'SqlInstance', 'SqlCredential', 'Database', 'Role', 'Member', 'InputObject', 'EnableException'
$knownParameters += [System.Management.Automation.PSCmdlet]::CommonParameters
It "Should only contain our specific parameters" {
(@(Compare-Object -ReferenceObject ($knownParameters | Where-Object {$_}) -DifferenceObject $params).Count ) | Should Be 0
Expand Down Expand Up @@ -39,7 +39,7 @@ Describe "$CommandName Integration Tests" -Tags "IntegrationTests" {

Context "Functionality" {
It 'Adds User to Role' {
Add-DbaDbRoleMember -SqlInstance $script:instance2 -Role $role -User $user1 -Database $dbname -confirm:$false
Add-DbaDbRoleMember -SqlInstance $script:instance2 -Role $role -Member $user1 -Database $dbname -confirm:$false
$roleDBAfter = Get-DbaDbRoleMember -SqlInstance $server -Database $dbname -Role $role

$roleDBAfter.Role | Should Be $role
Expand All @@ -49,7 +49,7 @@ Describe "$CommandName Integration Tests" -Tags "IntegrationTests" {

It 'Adds User to Multiple Roles' {
$roleDB = Get-DbaDbRoleMember -SqlInstance $server -Database msdb -Role db_datareader, SQLAgentReaderRole
Add-DbaDbRoleMember -SqlInstance $script:instance2 -Role db_datareader, SQLAgentReaderRole -User $user1 -Database msdb -confirm:$false
Add-DbaDbRoleMember -SqlInstance $script:instance2 -Role db_datareader, SQLAgentReaderRole -Member $user1 -Database msdb -confirm:$false

$roleDBAfter = Get-DbaDbRoleMember -SqlInstance $server -Database msdb -Role db_datareader, SQLAgentReaderRole
$roleDBAfter.Count | Should BeGreaterThan $roleDB.Count
Expand All @@ -69,10 +69,17 @@ Describe "$CommandName Integration Tests" -Tags "IntegrationTests" {
}

It 'Skip adding user to role if already a member' {
$messages = Add-DbaDbRoleMember -SqlInstance $script:instance2 -Role $role -User $user1 -Database $dbname -confirm:$false -Verbose 4>&1
$messages = Add-DbaDbRoleMember -SqlInstance $script:instance2 -Role $role -Member $user1 -Database $dbname -confirm:$false -Verbose 4>&1
$messageCount = ($messages -match 'Adding user').Count

$messageCount | Should Be 0
}

It 'Adds Role to Role' {
Add-DbaDbRoleMember -SqlInstance $script:instance2 -Role db_datawriter -Member $role -Database $dbname -confirm:$false
$roleDBAfter = Get-DbaDbRoleMember -SqlInstance $server -Database $dbname -Role db_datawriter

$roleDBAfter.MemberRole | Should Contain $role
}
}
}
Loading