SqlDatabaseObjectPermission: Add validation for single permission per DSC_DatabaseObjectPermission instance #2353
Conversation
|
Important Review skippedBot user detected. To trigger a single review, invoke the You can disable this status message by setting the WalkthroughRuntime validation was added to SqlDatabaseObjectPermission to enforce single permission-per-instance configuration. When multiple comma-separated permissions are detected, a descriptive localized error is raised. Documentation was updated to describe this constraint and provide correct usage examples. Unit tests validate both valid and invalid permission formats. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes
Pre-merge checks✅ Passed checks (5 passed)
Comment |
…ion instance Co-authored-by: johlju <[email protected]>
|
@copilot can we add logic to the MOF-based resource so that it check the Permission property of the CIM instance and if it Also update the MOF-based resource's README as this change would change what the error message will be. |
… instance Co-authored-by: johlju <[email protected]>
Added validation in commit 084afb9. The |
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (5)
CHANGELOG.md(1 hunks)source/DSCResources/DSC_SqlDatabaseObjectPermission/DSC_SqlDatabaseObjectPermission.psm1(1 hunks)source/DSCResources/DSC_SqlDatabaseObjectPermission/README.md(1 hunks)source/DSCResources/DSC_SqlDatabaseObjectPermission/en-US/DSC_SqlDatabaseObjectPermission.strings.psd1(1 hunks)tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1(1 hunks)
🧰 Additional context used
📓 Path-based instructions (12)
source/DSCResources/**/*.psm1
📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-mof-resources.instructions.md)
source/DSCResources/**/*.psm1: Every DSC resource must define the three required functions:Get-TargetResource,Set-TargetResource, andTest-TargetResource
Export functions using the*-TargetResourcepattern
Get-TargetResourcefunction must return a hashtable with all resource properties
Test-TargetResourcefunction must return a boolean value ($true or $false)
Set-TargetResourcefunction must not return anything (void)
Get-TargetResourceshould only include parameters needed to retrieve actual current state values
Get-TargetResourceshould remove non-mandatory parameters that are never used
Set-TargetResourceandTest-TargetResourcemust have identical parameters
Unused mandatory parameters inSet-TargetResourceandTest-TargetResourceshould include "Not used in <function_name>" in the help comment
Each DSC resource function must include at least oneWrite-Verbosestatement
Get-TargetResourceverbose messages must start with "Getting the current state of..."
Set-TargetResourceverbose messages must start with "Setting the desired state of..."
Test-TargetResourceverbose messages must start with "Determining the current state of..."
Use localized strings for all messages including Write-Verbose, Write-Error, and other messaging commands
Import localized strings usingGet-LocalizedDataat the module top level
Usetry/catchblocks to handle exceptions in MOF-based DSC resources
UseNew-InvalidDataExceptionfor invalid data errors instead ofthrowin MOF-based DSC resources
UseNew-ArgumentExceptionfor argument-related errors instead ofthrowin MOF-based DSC resources
UseNew-InvalidOperationExceptionfor invalid operation errors instead ofthrowin MOF-based DSC resources
UseNew-ObjectNotFoundExceptionfor object not found errors instead ofthrowin MOF-based DSC resources
UseNew-InvalidResultExceptionfor invalid result errors instead ofthrowin MOF-based DSC resources
UseNew-NotImplementedException...
Files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/DSC_SqlDatabaseObjectPermission.psm1
⚙️ CodeRabbit configuration file
source/DSCResources/**/*.psm1: # MOF-based Desired State Configuration (DSC) Resources GuidelinesRequired Functions
- Every DSC resource must define:
Get-TargetResource,Set-TargetResource,Test-TargetResource- Export using
*-TargetResourcepatternFunction Return Types
Get-TargetResource: Must return hashtable with all resource propertiesTest-TargetResource: Must return boolean ($true/$false)Set-TargetResource: Must not return anything (void)Parameter Guidelines
Get-TargetResource: Only include parameters needed to retrieve actual current state valuesGet-TargetResource: Remove non-mandatory parameters that are never usedSet-TargetResourceandTest-TargetResource: Must have identical parametersSet-TargetResourceandTest-TargetResource: Unused mandatory parameters: Add "Not used in <function_name>" to help commentRequired Elements
- Each function must include
Write-Verboseat least once
Get-TargetResource: Use verbose message starting with "Getting the current state of..."Set-TargetResource: Use verbose message starting with "Setting the desired state of..."Test-TargetResource: Use verbose message starting with "Determining the current state of..."- Use localized strings for all messages (Write-Verbose, Write-Error, etc.)
- Import localized strings using
Get-LocalizedDataat module topError Handling
- Do not use
throwfor terminating errors- Use
try/catchblocks to handle exceptions- Throw localized exceptions using the appropriate
New-*Exceptioncmdlet:
New‑InvalidDataExceptionNew-ArgumentExceptionNew-InvalidOperationException- [
New-ObjectNotFoundException](https:/...
Files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/DSC_SqlDatabaseObjectPermission.psm1
**/*.{ps1,psm1,psd1}
📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-powershell.instructions.md)
**/*.{ps1,psm1,psd1}: Use descriptive names with 3+ characters and no abbreviations for functions, variables, and identifiers
Functions: Use PascalCase with Verb-Noun format using approved verbs
Parameters: Use PascalCase
Variables: Use camelCase
Keywords: Use lower-case
Classes: Use PascalCase
Include scope for script/global/environment variables:$script:,$global:,$env:
Use 4 spaces for indentation (no tabs)
Use one space around operators:$a = 1 + 2
Use one space between type and variable:[String] $name
Use one space between keyword and parenthesis:if ($condition)
No spaces on empty lines
Try to limit lines to 120 characters
Newline before opening brace (except variable assignments)
One newline after opening brace
Two newlines after closing brace (one if followed by another brace or continuation)
Use single quotes unless variable expansion is needed:'text'vs"text $variable"
Single-line arrays:@('one', 'two', 'three'); multi-line: each element on separate line with proper indentation
Do not use the unary comma operator (,) in return statements to force an array
Empty hashtables:@{}; each property on separate line with proper indentation; use PascalCase for properties
Single-line comments:# Comment(capitalized, on own line); multi-line:<# Comment #>format with opening/closing brackets on own line
Do not include commented-out code
Always add comment-based help to all functions and scripts with SYNOPSIS, DESCRIPTION (40+ chars), PARAMETER, and EXAMPLE sections
Comment-based help indentation: keywords 4 spaces, text 8 spaces
Include examples in comment-based help for all parameter sets and combinations
INPUTS section in comment-based help: list each pipeline-accepted type (one per line) with 1-line description, repeat keyword for each input type
OUTPUTS section in comment-based help: list each return type (one per line) with 1-line description, repeat keyword for each output type; must match both[OutputType()]and actual ret...
Files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/DSC_SqlDatabaseObjectPermission.psm1source/DSCResources/DSC_SqlDatabaseObjectPermission/en-US/DSC_SqlDatabaseObjectPermission.strings.psd1tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
**
⚙️ CodeRabbit configuration file
**: # DSC Community GuidelinesTerminology
- Command: Public command
- Function: Private function
- Resource: DSC class-based resource
Build & Test Workflow Requirements
- Run PowerShell script files from repository root
- Setup build and test environment (once per
pwshsession):./build.ps1 -Tasks noop- Build project before running tests:
./build.ps1 -Tasks build- Always run tests in new
pwshsession:Invoke-Pester -Path @({test paths}) -Output DetailedFile Organization
- Public commands:
source/Public/{CommandName}.ps1- Private functions:
source/Private/{FunctionName}.ps1- Classes:
source/Classes/{DependencyGroupNumber}.{ClassName}.ps1- Enums:
source/Enum/{DependencyGroupNumber}.{EnumName}.ps1- Unit tests:
tests/Unit/{Classes|Public|Private}/{Name}.Tests.ps1- Integration tests:
tests/Integration/Commands/{CommandName}.Integration.Tests.ps1Requirements
- Follow instructions over existing code patterns
- Follow PowerShell style and test guideline instructions strictly
- Always update CHANGELOG.md Unreleased section
- Localize all strings using string keys; remove any orphaned string keys
- Check DscResource.Common before creating private functions
- Separate reusable logic into private functions
- DSC resources should always be created as class-based resources
- Add unit tests for all commands/functions/resources
- Add integration tests for all public commands and resources
Files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/DSC_SqlDatabaseObjectPermission.psm1source/DSCResources/DSC_SqlDatabaseObjectPermission/README.mdsource/DSCResources/DSC_SqlDatabaseObjectPermission/en-US/DSC_SqlDatabaseObjectPermission.strings.psd1tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1CHANGELOG.md
{**/*.ps1,**/*.psm1,**/*.psd1}
⚙️ CodeRabbit configuration file
{**/*.ps1,**/*.psm1,**/*.psd1}: # PowerShell GuidelinesNaming
- Use descriptive names (3+ characters, no abbreviations)
- Functions: PascalCase with Verb-Noun format using approved verbs
- Parameters: PascalCase
- Variables: camelCase
- Keywords: lower-case
- Classes: PascalCase
- Include scope for script/global/environment variables:
$script:,$global:,$env:File naming
- Class files:
###.ClassName.ps1format (e.g.001.SqlReason.ps1,004.StartupParameters.ps1)Formatting
Indentation & Spacing
- Use 4 spaces (no tabs)
- One space around operators:
$a = 1 + 2- One space between type and variable:
[String] $name- One space between keyword and parenthesis:
if ($condition)- No spaces on empty lines
- Try to limit lines to 120 characters
Braces
- Newline before opening brace (except variable assignments)
- One newline after opening brace
- Two newlines after closing brace (one if followed by another brace or continuation)
Quotes
- Use single quotes unless variable expansion is needed:
'text'vs"text $variable"Arrays
- Single line:
@('one', 'two', 'three')- Multi-line: each element on separate line with proper indentation
- Do not use the unary comma operator (
,) in return statements to force
an arrayHashtables
- Empty:
@{}- Each property on separate line with proper indentation
- Properties: Use PascalCase
Comments
- Single line:
# Comment(capitalized, on own line)- Multi-line:
<# Comment #>format (opening and closing brackets on own line), and indent text- No commented-out code
Comment-based help
- Always add comment-based help to all functions and scripts
- Comment-based help: SYNOPSIS, DESCRIPTION (40+ chars), PARAMETER, EXAMPLE sections before function/class
- Comment-based help indentation: keywords 4 spaces, text 8 spaces
- Include examples for all parameter sets and combinations
- INPUTS: List each pipeline‑accepted type (one per line) with a 1‑line description...
Files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/DSC_SqlDatabaseObjectPermission.psm1source/DSCResources/DSC_SqlDatabaseObjectPermission/en-US/DSC_SqlDatabaseObjectPermission.strings.psd1tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
**/*.md
📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-markdown.instructions.md)
**/*.md: Wrap lines at word boundaries when over 80 characters (except tables/code blocks)
Use 2 spaces for indentation in Markdown files
Use '1.' for all items in ordered lists (1/1/1 numbering style)
DisableMD013rule by adding a comment for tables/code blocks exceeding 80 characters
Empty lines required before/after code blocks and headings (except before line 1)
Escape backslashes in file paths only (not in code blocks)
Code blocks must specify language identifiers
Format parameters using bold in Markdown documentation
Format values and literals usinginline codein Markdown documentation
Format resource/module/product names using italic in Markdown documentation
Format commands/files/paths usinginline codein Markdown documentation
Files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/README.mdCHANGELOG.md
⚙️ CodeRabbit configuration file
**/*.md: # Markdown Style Guidelines
- Wrap lines at word boundaries when over 80 characters (except tables/code blocks)
- Use 2 spaces for indentation
- Use '1.' for all items in ordered lists (1/1/1 numbering style)
- Disable
MD013rule by adding a comment for tables/code blocks exceeding 80 characters- Empty lines required before/after code blocks and headings (except before line 1)
- Escape backslashes in file paths only (not in code blocks)
- Code blocks must specify language identifiers
Text Formatting
- Parameters: bold
- Values/literals:
inline code- Resource/module/product names: italic
- Commands/files/paths:
inline code
Files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/README.mdCHANGELOG.md
source/DSCResources/**/en-US/DSC_*.strings.psd1
📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-mof-resources.instructions.md)
source/DSCResources/**/en-US/DSC_*.strings.psd1: Name localized strings file asDSC_<ResourceName>.strings.psd1in theen-USfolder
In.strings.psd1files, use underscores as word separators in localized string key names for multi-word keys
Files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/en-US/DSC_SqlDatabaseObjectPermission.strings.psd1
**/*.psd1
📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-powershell.instructions.md)
Don't use
NestedModulesfor shared commands withoutRootModulein module manifest
Files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/en-US/DSC_SqlDatabaseObjectPermission.strings.psd1
**/*.ps1
📄 CodeRabbit inference engine (.github/instructions/SqlServerDsc-guidelines.instructions.md)
**/*.ps1: Format public commands as{Verb}-SqlDsc{Noun}following PowerShell naming conventions
Format private functions as{Verb}-{Noun}following PowerShell naming conventions
Files:
tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
**/*.[Tt]ests.ps1
📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-pester.instructions.md)
**/*.[Tt]ests.ps1: All public commands, private functions and classes must have unit tests
All public commands and class-based resources must have integration tests
Use Pester v5 syntax only
Test code only insideDescribeblocks
Assertions only inItblocks
Never test verbose messages, debug messages or parameter binding behavior
Pass all mandatory parameters to avoid prompts
InsideItblocks, assign unused return objects to$null(unless part of pipeline)
Tested entity must be called from within theItblocks
Keep results and assertions in sameItblock
Avoid try-catch-finally for cleanup, useAfterAllorAfterEach
Avoid unnecessary remove/recreate cycles
OneDescribeblock per file matching the tested entity name
Contextdescriptions start with 'When'
Itdescriptions start with 'Should', must not contain 'when'
Mock variables prefix: 'mock'
Public commands: Never useInModuleScope(unless retrieving localized strings or creating an object using an internal class)
Private functions/class resources: Always useInModuleScope
Each class method = separateContextblock
Each scenario = separateContextblock
Use nestedContextblocks for complex scenarios
Mocking inBeforeAll(BeforeEachonly when required)
Setup/teardown inBeforeAll,BeforeEach/AfterAll,AfterEachclose to usage
Spacing between blocks, arrange, act, and assert for readability
PascalCase:Describe,Context,It,Should,BeforeAll,BeforeEach,AfterAll,AfterEach
Use-BeTrue/-BeFalsenever-Be $true/-Be $false
Never useAssert-MockCalled, useShould -Invokeinstead
NoShould -Not -Throw- invoke commands directly
Never add an empty-MockWithblock
Omit-MockWithwhen returning$null
Set$PSDefaultParameterValuesforMock:ModuleName,Should:ModuleName,InModuleScope:ModuleName
Omit-ModuleNameparameter on Pester commands
Never useMockinsideInModuleScope-block
Never useparam()inside-MockWithscriptblock...
Files:
tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
⚙️ CodeRabbit configuration file
**/*.[Tt]ests.ps1: # Tests GuidelinesCore Requirements
- All public commands, private functions and classes must have unit tests
- All public commands and class-based resources must have integration tests
- Use Pester v5 syntax only
- Test code only inside
Describeblocks- Assertions only in
Itblocks- Never test verbose messages, debug messages or parameter binding behavior
- Pass all mandatory parameters to avoid prompts
Requirements
- Inside
Itblocks, assign unused return objects to$null(unless part of pipeline)- Tested entity must be called from within the
Itblocks- Keep results and assertions in same
Itblock- Avoid try-catch-finally for cleanup, use
AfterAllorAfterEach- Avoid unnecessary remove/recreate cycles
Naming
- One
Describeblock per file matching the tested entity nameContextdescriptions start with 'When'Itdescriptions start with 'Should', must not contain 'when'- Mock variables prefix: 'mock'
Structure & Scope
- Public commands: Never use
InModuleScope(unless retrieving localized strings or creating an object using an internal class)- Private functions/class resources: Always use
InModuleScope- Each class method = separate
Contextblock- Each scenario = separate
Contextblock- Use nested
Contextblocks for complex scenarios- Mocking in
BeforeAll(BeforeEachonly when required)- Setup/teardown in
BeforeAll,BeforeEach/AfterAll,AfterEachclose to usage- Spacing between blocks, arrange, act, and assert for readability
Syntax Rules
- PascalCase:
Describe,Context,It,Should,BeforeAll,BeforeEach,AfterAll,AfterEach- Use
-BeTrue/-BeFalsenever-Be $true/-Be $false- Never use
Assert-MockCalled, useShould -Invokeinstead- No
Should -Not -Throw- invoke commands directly- Never add an empty
-MockWithblock- Omit
-MockWithwhen returning$null- Set
$PSDefaultParameterValuesforMock:ModuleName,Should:ModuleName, `...
Files:
tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
tests/[Uu]nit/**/*.[Tt]ests.ps1
📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-unit-tests.instructions.md)
tests/[Uu]nit/**/*.[Tt]ests.ps1: Test with localized strings usingInModuleScope -ScriptBlock { $script:localizedData.Key }
Mock files using the$TestDrivevariable (path to the test drive)
All public commands require parameter set validation tests
Use the exact setup block with BeforeDiscovery, BeforeAll, and AfterAll blocks including DscResource.Test module import and PSDefaultParameterValues configuration
Parameter set validation tests should use Get-Command with Where-Object filtering and Should assertions to verify ParameterSetName and ParameterListAsString
Parameter property tests should verify mandatory parameter attributes using Get-Command Parameters and Should -BeTrue assertions
Files:
tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
⚙️ CodeRabbit configuration file
tests/[Uu]nit/**/*.[Tt]ests.ps1: # Unit Tests Guidelines
- Test with localized strings: Use
InModuleScope -ScriptBlock { $script:localizedData.Key }- Mock files: Use
$TestDrivevariable (path to the test drive)- All public commands require parameter set validation tests
- After modifying classes, always run tests in new session (for changes to take effect)
Test Setup Requirements
Use this exact setup block before
Describe:[System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '', Justification = 'Suppressing this rule because Script Analyzer does not understand Pester syntax.')] param () BeforeDiscovery { try { if (-not (Get-Module -Name 'DscResource.Test')) { # Assumes dependencies have been resolved, so if this module is not available, run 'noop' task. if (-not (Get-Module -Name 'DscResource.Test' -ListAvailable)) { # Redirect all streams to $null, except the error stream (stream 2) & "$PSScriptRoot/../../../build.ps1" -Tasks 'noop' 3>&1 4>&1 5>&1 6>&1 > $null } # If the dependencies have not been resolved, this will throw an error. Import-Module -Name 'DscResource.Test' -Force -ErrorAction 'Stop' } } catch [System.IO.FileNotFoundException] { throw 'DscResource.Test module dependency not found. Please run ".\build.ps1 -ResolveDependency -Tasks noop" first.' } } BeforeAll { $script:moduleName = '{MyModuleName}' Import-Module -Name $script:moduleName -Force -ErrorAction 'Stop' $PSDefaultParameterValues['InModuleScope:ModuleName'] = $script:moduleName $PSDefaultParameterValues['Mock:ModuleName'] = $script:moduleName $PSDefaultParameterValues['Should:ModuleName'] = $script:moduleName } AfterAll { $PSDefaultParameterValues.Remove('InModuleScope:ModuleName') $PSDefaultParameterValues.Remove('Mock:ModuleNam...
Files:
tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
tests/Unit/**/*.Tests.ps1
📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines.instructions.md)
Unit tests should be located in
tests/Unit/{Classes|Public|Private}/{Name}.Tests.ps1
Files:
tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
CHANGELOG.md
📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-changelog.instructions.md)
CHANGELOG.md: Always update the Unreleased section in CHANGELOG.md
Use Keep a Changelog format in CHANGELOG.md
Describe notable changes briefly in CHANGELOG.md, ≤2 items per change type
Reference issues using format issue #<issue_number> in CHANGELOG.md
No empty lines between list items in same section of CHANGELOG.md
Skip adding entry if same change already exists in Unreleased section of CHANGELOG.md
No duplicate sections or items in Unreleased section of CHANGELOG.mdAlways update CHANGELOG.md Unreleased section
Files:
CHANGELOG.md
⚙️ CodeRabbit configuration file
CHANGELOG.md: # Changelog Guidelines
- Always update the Unreleased section in CHANGELOG.md
- Use Keep a Changelog format
- Describe notable changes briefly, ≤2 items per change type
- Reference issues using format issue #<issue_number>
- No empty lines between list items in same section
- Skip adding entry if same change already exists in Unreleased section
- No duplicate sections or items in Unreleased section
Files:
CHANGELOG.md
🧠 Learnings (30)
📚 Learning: 2025-08-28T17:10:34.765Z
Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2150
File: source/Classes/020.SqlAgentAlert.ps1:198-217
Timestamp: 2025-08-28T17:10:34.765Z
Learning: DSC properties with default values (e.g., `$Ensure = 'Present'`) are always present in the properties hashtable passed to validation methods, even when not explicitly specified by the user.
Applied to files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/DSC_SqlDatabaseObjectPermission.psm1
📚 Learning: 2025-11-27T17:58:20.390Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-class-resource.instructions.md:0-0
Timestamp: 2025-11-27T17:58:20.390Z
Learning: Applies to source/[cC]lasses/**/*.ps1 : DSC class-based resources may optionally implement methods: `AssertProperties()` and `NormalizeProperties()` following the specified pattern
Applied to files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/DSC_SqlDatabaseObjectPermission.psm1tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
📚 Learning: 2025-08-16T13:22:15.230Z
Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2134
File: tests/Unit/Public/Get-SqlDscLogin.Tests.ps1:78-93
Timestamp: 2025-08-16T13:22:15.230Z
Learning: In PowerShell unit tests for parameter validation in SqlServerDsc, accessing parameter attributes directly like `$cmd.Parameters['ParameterName'].Attributes.Mandatory` works correctly because PowerShell automatically iterates through the array and returns the property values. Additional filtering to ParameterAttribute is not necessary when the parameter structure is known and controlled.
Applied to files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/DSC_SqlDatabaseObjectPermission.psm1tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
📚 Learning: 2025-08-28T15:42:41.195Z
Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2150
File: source/Classes/020.SqlAgentAlert.ps1:0-0
Timestamp: 2025-08-28T15:42:41.195Z
Learning: Assert-BoundParameter now supports AtLeastOneList parameter (resolved in commit 809953f367ee903969a43e44a5b78e902ef46948) which can be used alongside MutuallyExclusiveList to enforce "exactly one required" validation in DSC resources.
Applied to files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/DSC_SqlDatabaseObjectPermission.psm1
📚 Learning: 2025-11-27T18:00:11.915Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-powershell.instructions.md:0-0
Timestamp: 2025-11-27T18:00:11.915Z
Learning: Applies to **/*.{ps1,psm1,psd1} : `$PSCmdlet.ShouldProcess` must use required pattern: localized messages for description, confirmation, and caption
Applied to files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/DSC_SqlDatabaseObjectPermission.psm1
📚 Learning: 2025-11-22T17:36:09.703Z
Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2343
File: source/Classes/004.DatabaseFileGroupSpec.ps1:5-34
Timestamp: 2025-11-22T17:36:09.703Z
Learning: The comment-based help requirements for ## Requirements and ## Known issues sections only apply to class-based DSC resources (classes decorated with [DscResource(...)]) in source/Classes/**/*.ps1, not to regular helper classes, DTO classes, or specification classes in the same directory.
Applied to files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/README.md
📚 Learning: 2025-11-27T17:58:02.401Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.401Z
Learning: Applies to **/resources/**/*.ps1 : Add `InstanceName`, `ServerName`, and `Credential` to `$this.ExcludeDscProperties` in Database Engine resources
Applied to files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/README.md
📚 Learning: 2025-09-28T13:49:31.541Z
Learnt from: dan-hughes
Repo: dsccommunity/DhcpServerDsc PR: 96
File: source/Modules/DhcpServerDsc.Common/Public/Get-ValidTimeSpan.ps1:36-39
Timestamp: 2025-09-28T13:49:31.541Z
Learning: In DSC Community guidelines, ErrorId parameters in New-TerminatingError calls are identifier strings that do not need localization - only the ErrorMessage parameter should use localized strings from $script:localizedData.
Applied to files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/en-US/DSC_SqlDatabaseObjectPermission.strings.psd1
📚 Learning: 2025-08-17T10:48:15.384Z
Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2136
File: source/suffix.ps1:24-24
Timestamp: 2025-08-17T10:48:15.384Z
Learning: In source/suffix.ps1, the Write-Verbose message in the catch block for Import-SqlDscPreferredModule does not need localization because the exception message from Import-SqlDscPreferredModule is already localized by that command, making it an edge case exception to the localization guidelines.
Applied to files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/en-US/DSC_SqlDatabaseObjectPermission.strings.psd1
📚 Learning: 2025-11-27T17:59:01.498Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-mof-resources.instructions.md:0-0
Timestamp: 2025-11-27T17:59:01.498Z
Learning: Applies to source/DSCResources/**/*.psm1 : Use localized strings for all messages including Write-Verbose, Write-Error, and other messaging commands
Applied to files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/en-US/DSC_SqlDatabaseObjectPermission.strings.psd1
📚 Learning: 2025-10-04T21:33:23.022Z
Learnt from: dan-hughes
Repo: dsccommunity/UpdateServicesDsc PR: 85
File: source/en-US/UpdateServicesDsc.strings.psd1:1-2
Timestamp: 2025-10-04T21:33:23.022Z
Learning: In UpdateServicesDsc (and similar DSC modules), the module-level localization file (source/en-US/<ModuleName>.strings.psd1) can be empty when DSC resources have their own localization files in source/DSCResources/<ResourceName>/en-US/DSC_<ResourceName>.strings.psd1. Automated tests verify localization completeness for resources. Don't flag empty module-level localization files as issues when resources have separate localization.
Applied to files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/en-US/DSC_SqlDatabaseObjectPermission.strings.psd1
📚 Learning: 2025-11-27T17:59:01.498Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-mof-resources.instructions.md:0-0
Timestamp: 2025-11-27T17:59:01.498Z
Learning: Applies to source/DSCResources/**/*.psm1 : Use `New-InvalidDataException` for invalid data errors instead of `throw` in MOF-based DSC resources
Applied to files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/en-US/DSC_SqlDatabaseObjectPermission.strings.psd1
📚 Learning: 2025-11-27T17:59:01.498Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-mof-resources.instructions.md:0-0
Timestamp: 2025-11-27T17:59:01.498Z
Learning: Applies to source/DSCResources/**/*.psm1 : Use `New-InvalidOperationException` for invalid operation errors instead of `throw` in MOF-based DSC resources
Applied to files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/en-US/DSC_SqlDatabaseObjectPermission.strings.psd1
📚 Learning: 2025-11-27T17:58:42.320Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-localization.instructions.md:0-0
Timestamp: 2025-11-27T17:58:42.320Z
Learning: Applies to source/en-US/*.strings.psd1 : Use Key Naming Pattern format: Verb_FunctionName_Action with underscore separators (e.g., Get_Database_ConnectingToDatabase)
Applied to files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/en-US/DSC_SqlDatabaseObjectPermission.strings.psd1
📚 Learning: 2025-11-27T17:58:42.320Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-localization.instructions.md:0-0
Timestamp: 2025-11-27T17:58:42.320Z
Learning: Applies to source/**/*.ps1 : Use localized string keys from $script:localizedData, not hardcoded strings, in diagnostic messages
Applied to files:
source/DSCResources/DSC_SqlDatabaseObjectPermission/en-US/DSC_SqlDatabaseObjectPermission.strings.psd1
📚 Learning: 2025-11-27T17:58:02.402Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.402Z
Learning: Applies to **/tests/Integration/**/*.ps1 : Integration tests: use `Connect-SqlDscDatabaseEngine` for SQL Server DB session with correct CI credentials, and always follow with `Disconnect-SqlDscDatabaseEngine`
Applied to files:
tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
📚 Learning: 2025-11-27T17:59:27.192Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.192Z
Learning: Applies to **/*.[Tt]ests.ps1 : PascalCase: `Describe`, `Context`, `It`, `Should`, `BeforeAll`, `BeforeEach`, `AfterAll`, `AfterEach`
Applied to files:
tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
📚 Learning: 2025-11-27T17:58:02.402Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.402Z
Learning: Applies to **/tests/**/*.tests.ps1 : Add `$env:SqlServerDscCI = $true` in `BeforeAll` block and remove in `AfterAll` block of unit tests
Applied to files:
tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
📚 Learning: 2025-11-27T18:00:20.925Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-unit-tests.instructions.md:0-0
Timestamp: 2025-11-27T18:00:20.925Z
Learning: Applies to tests/[Uu]nit/**/*.[Tt]ests.ps1 : Parameter set validation tests should use Get-Command with Where-Object filtering and Should assertions to verify ParameterSetName and ParameterListAsString
Applied to files:
tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
📚 Learning: 2025-11-27T18:00:20.925Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-unit-tests.instructions.md:0-0
Timestamp: 2025-11-27T18:00:20.925Z
Learning: Applies to tests/[Uu]nit/**/*.[Tt]ests.ps1 : Parameter property tests should verify mandatory parameter attributes using Get-Command Parameters and Should -BeTrue assertions
Applied to files:
tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
📚 Learning: 2025-11-27T18:00:20.925Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-unit-tests.instructions.md:0-0
Timestamp: 2025-11-27T18:00:20.925Z
Learning: Applies to tests/[Uu]nit/**/*.[Tt]ests.ps1 : All public commands require parameter set validation tests
Applied to files:
tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
📚 Learning: 2025-11-27T17:59:27.192Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.192Z
Learning: Applies to **/*.[Tt]ests.ps1 : One `Describe` block per file matching the tested entity name
Applied to files:
tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
📚 Learning: 2025-11-27T17:58:02.402Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.402Z
Learning: Applies to **/tests/**/*.tests.ps1 : When unit tests test classes or commands containing SMO types like `[Microsoft.SqlServer.Management.Smo.*]`, ensure they are properly stubbed in SMO.cs
Applied to files:
tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
📚 Learning: 2025-11-27T17:59:27.192Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.192Z
Learning: Applies to **/*.[Tt]ests.ps1 : Test code only inside `Describe` blocks
Applied to files:
tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
📚 Learning: 2025-08-17T10:15:48.194Z
Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2136
File: tests/Unit/Public/Remove-SqlDscLogin.Tests.ps1:36-39
Timestamp: 2025-08-17T10:15:48.194Z
Learning: Public command unit tests guideline: Never use InModuleScope unless accessing localized strings from $script:localizedData. PSDefaultParameterValues for InModuleScope should be kept in public command tests to support localized string retrieval when necessary.
Applied to files:
tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
📚 Learning: 2025-11-27T17:59:27.192Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.192Z
Learning: Applies to **/*.[Tt]ests.ps1 : Assertions only in `It` blocks
Applied to files:
tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
📚 Learning: 2025-11-27T18:00:35.054Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T18:00:35.054Z
Learning: Follow PowerShell style and test guideline instructions strictly
Applied to files:
tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
📚 Learning: 2025-11-27T17:59:27.192Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.192Z
Learning: Applies to **/*.[Tt]ests.ps1 : Never use `Assert-MockCalled`, use `Should -Invoke` instead
Applied to files:
tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
📚 Learning: 2025-11-27T17:59:27.192Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.192Z
Learning: Applies to **/*.[Tt]ests.ps1 : Each scenario = separate `Context` block
Applied to files:
tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1
📚 Learning: 2025-11-27T17:58:08.875Z
Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-changelog.instructions.md:0-0
Timestamp: 2025-11-27T17:58:08.875Z
Learning: Applies to CHANGELOG.md : Describe notable changes briefly in CHANGELOG.md, ≤2 items per change type
Applied to files:
CHANGELOG.md
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
- GitHub Check: PSScriptAnalyzer
- GitHub Check: PSScriptAnalyzer
- GitHub Check: PSScriptAnalyzer
- GitHub Check: dsccommunity.SqlServerDsc (Build Package Module)
🔇 Additional comments (4)
source/DSCResources/DSC_SqlDatabaseObjectPermission/en-US/DSC_SqlDatabaseObjectPermission.strings.psd1 (1)
15-15: Localized error string matches behavior and documentation
InvalidPermissionValueis well‑phrased, consistent with existing keys, and matches the README and expected validation behavior. No changes needed.source/DSCResources/DSC_SqlDatabaseObjectPermission/README.md (1)
23-68: Known-issues documentation and examples are clear and consistentThe new “Only one permission per
DSC_DatabaseObjectPermissioninstance” section accurately documents the limitation, shows concrete incorrect/correct examples, and aligns with the localized error message and planned validation. Reads well and follows the markdown guidelines.source/DSCResources/DSC_SqlDatabaseObjectPermission/DSC_SqlDatabaseObjectPermission.psm1 (1)
911-917: LGTM! Validation correctly enforces single permission per instance.The regex pattern
^\w+$properly rejects comma-separated and space-separated permission values, and the error handling follows MOF resource guidelines by usingNew-ArgumentExceptionwith a localized message.tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1 (1)
2795-2856: LGTM! Comprehensive test coverage for validation logic.The test suite correctly covers both valid and invalid permission formats using proper Pester v5 syntax and InModuleScope for testing the private function. The tests validate that:
- Single permission names pass validation
- Comma-separated permissions are rejected
- Space-separated permissions are rejected
The error message assertions using
-ExpectedMessagewith wildcards appropriately verify that the invalid permission value appears in the error.
|
@copilot In CHANGELOG.md around lines 179 to 183, the bullet for |
Co-authored-by: johlju <[email protected]>
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #2353 +/- ##
====================================
Coverage 94% 94%
====================================
Files 164 164
Lines 9560 9563 +3
====================================
+ Hits 9067 9070 +3
Misses 493 493
🚀 New features to boost your workflow:
|
johlju
left a comment
johlju
left a comment
There was a problem hiding this comment.
@johlju reviewed 3 of 5 files at r1, 2 of 2 files at r2, all commit messages.
Reviewable status:complete! all files reviewed, all discussions resolved (waiting on @copilot)
Pull Request (PR) description
Adds validation to ensure each
DSC_DatabaseObjectPermissioninstance only contains a single permission name. Previously, passing comma-separated permissions (e.g.,'DELETE,INSERT,SELECT') caused a confusingReferenceObject is nullerror duringTest-TargetResource. Now, a clear and descriptive error message is thrown.Changes:
Assert-PermissionEnsurePropertyfunction to check if permission value matches^\w+$patternNew error message:
Incorrect usage:
DSC_DatabaseObjectPermission { State = 'Grant' Permission = 'DELETE,INSERT,SELECT' # Fails with descriptive error }Correct usage:
DSC_DatabaseObjectPermission { State = 'Grant' Permission = 'DELETE' } DSC_DatabaseObjectPermission { State = 'Grant' Permission = 'INSERT' }This Pull Request (PR) fixes the following issues
Task list
file CHANGELOG.md. Entry should say what was changed and how that
affects users (if applicable), and reference the issue being resolved
(if applicable).
Original prompt
This section details on the original issue you should resolve
<issue_title>SqlDatabaseObjectPermission - ReferenceObject is null</issue_title>
<issue_description>### Problem description
The SqlDatabaseObjectPermission Resource is throwing an error during the Test-TargetResource functionality if the DSC_DatabaseObjectPermission block contains a set of Permissions in it.
For example:
instance of DSC_DatabaseObjectPermission as $DSC_DatabaseObjectPermission10ref
{
State = "Grant";
Permission = "DELETE,INSERT,REFERENCES,SELECT,UPDATE";
};
Verbose logs
DSC configuration
Suggested solution
To resolve this issue, it is required to create a separate DSC_DatabaseObjectPermission block per permission. This should be added to the documentation and there should be a check to not allow such a configuration.
SQL Server edition and version
SQL Server PowerShell modules
Operating system
PowerShell version
SqlServerDsc version