Refactor Get-SqlDscServerPermission to simplify role check logic

johlju · johlju · commit 125203e1826e · 2025-09-01T09:09:30.000+02:00
diff --git a/source/Public/Get-SqlDscServerPermission.ps1 b/source/Public/Get-SqlDscServerPermission.ps1
@@ -105,7 +105,7 @@ function Get-SqlDscServerPermission
             $false
         }
 
-        $isRole = if ($checkRole -and -not $isLogin)
+        $isRole = if ($checkRole)
         {
             Test-SqlDscIsRole @testSqlDscIsPrincipalParameters
         }
diff --git a/tests/Integration/Commands/Get-SqlDscServerPermission.Integration.Tests.ps1 b/tests/Integration/Commands/Get-SqlDscServerPermission.Integration.Tests.ps1
@@ -123,7 +123,7 @@ Describe 'Get-SqlDscServerPermission' -Tag @('Integration_SQL2016', 'Integration
         Context 'When getting permissions for invalid principals' {
             It 'Should throw error for non-existent login with ErrorAction Stop' {
                 { Get-SqlDscServerPermission -ServerObject $script:serverObject -Name 'NonExistentLogin123' -ErrorAction 'Stop' } |
-                    Should -Throw -ExpectedMessage "*does not exist*"
+                    Should -Throw -ExpectedMessage "*is not a login nor role*"
             }
 
             It 'Should return null for non-existent login with ErrorAction SilentlyContinue' {
@@ -134,7 +134,7 @@ Describe 'Get-SqlDscServerPermission' -Tag @('Integration_SQL2016', 'Integration
 
             It 'Should throw error for non-existent server role with ErrorAction Stop' {
                 { Get-SqlDscServerPermission -ServerObject $script:serverObject -Name 'NonExistentRole123' -ErrorAction 'Stop' } |
-                    Should -Throw -ExpectedMessage "*does not exist*"
+                    Should -Throw -ExpectedMessage "*is not a login nor role*"
             }
 
             It 'Should return null for non-existent server role with ErrorAction SilentlyContinue' {
@@ -192,12 +192,12 @@ Describe 'Get-SqlDscServerPermission' -Tag @('Integration_SQL2016', 'Integration
 
             It 'Should throw error when looking for login as role' {
                 { Get-SqlDscServerPermission -ServerObject $script:serverObject -Name 'sa' -PrincipalType 'Role' -ErrorAction 'Stop' } |
-                    Should -Throw -ExpectedMessage "*does not exist*"
+                    Should -Throw -ExpectedMessage "*is not a login nor role*"
             }
 
             It 'Should throw error when looking for role as login' {
                 { Get-SqlDscServerPermission -ServerObject $script:serverObject -Name 'sysadmin' -PrincipalType 'Login' -ErrorAction 'Stop' } |
-                    Should -Throw -ExpectedMessage "*does not exist*"
+                    Should -Throw -ExpectedMessage "*is not a login nor role*"
             }
 
             It 'Should return null when looking for login as role with SilentlyContinue' {
diff --git a/tests/Unit/Public/Get-SqlDscServerPermission.Tests.ps1 b/tests/Unit/Public/Get-SqlDscServerPermission.Tests.ps1
@@ -244,14 +244,16 @@ Describe 'Get-SqlDscServerPermission' -Tag 'Public' {
                 }
             }
 
-            It 'Should call Test-SqlDscIsLogin but not Test-SqlDscIsRole when login is found' {
+            It 'Should call both Test-SqlDscIsLogin and Test-SqlDscIsRole' {
                 $null = Get-SqlDscServerPermission -ServerObject $mockServerObject -Name 'TestPrincipal' -ErrorAction 'SilentlyContinue'
 
                 Should -Invoke -CommandName Test-SqlDscIsLogin -ParameterFilter {
                     $ServerObject.Equals($mockServerObject) -and $Name -eq 'TestPrincipal'
                 } -Exactly -Times 1
 
-                Should -Invoke -CommandName Test-SqlDscIsRole -Exactly -Times 0
+                Should -Invoke -CommandName Test-SqlDscIsRole -ParameterFilter {
+                    $ServerObject.Equals($mockServerObject) -and $Name -eq 'TestPrincipal'
+                } -Exactly -Times 1
             }
         }
 
@@ -266,7 +268,7 @@ Describe 'Get-SqlDscServerPermission' -Tag 'Public' {
                 }
             }
 
-            It 'Should call both Test-SqlDscIsLogin and Test-SqlDscIsRole when login is not found' {
+            It 'Should call both Test-SqlDscIsLogin and Test-SqlDscIsRole' {
                 $null = Get-SqlDscServerPermission -ServerObject $mockServerObject -Name 'TestPrincipal' -ErrorAction 'SilentlyContinue'
 
                 Should -Invoke -CommandName Test-SqlDscIsLogin -ParameterFilter {
@@ -334,14 +336,16 @@ Describe 'Get-SqlDscServerPermission' -Tag 'Public' {
                 }
             }
 
-            It 'Should call Test-SqlDscIsLogin but not Test-SqlDscIsRole when login is found' {
+            It 'Should call both Test-SqlDscIsLogin and Test-SqlDscIsRole when both types are specified' {
                 $null = Get-SqlDscServerPermission -ServerObject $mockServerObject -Name 'TestPrincipal' -PrincipalType 'Login', 'Role' -ErrorAction 'SilentlyContinue'
 
                 Should -Invoke -CommandName Test-SqlDscIsLogin -ParameterFilter {
                     $ServerObject.Equals($mockServerObject) -and $Name -eq 'TestPrincipal'
                 } -Exactly -Times 1
 
-                Should -Invoke -CommandName Test-SqlDscIsRole -Exactly -Times 0
+                Should -Invoke -CommandName Test-SqlDscIsRole -ParameterFilter {
+                    $ServerObject.Equals($mockServerObject) -and $Name -eq 'TestPrincipal'
+                } -Exactly -Times 1
             }
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -105,7 +105,7 @@ function Get-SqlDscServerPermission`
`105`	`105`	`$false`
`106`	`106`	`}`
`107`	`107`
`108`		`- $isRole = if ($checkRole -and -not $isLogin)`
	`108`	`+ $isRole = if ($checkRole)`
`109`	`109`	`{`
`110`	`110`	`Test-SqlDscIsRole @testSqlDscIsPrincipalParameters`
`111`	`111`	`}`
Original file line number	Diff line number	Diff line change
`@@ -244,14 +244,16 @@ Describe 'Get-SqlDscServerPermission' -Tag 'Public' {`
`244`	`244`	`}`
`245`	`245`	`}`
`246`	`246`
`247`		`- It 'Should call Test-SqlDscIsLogin but not Test-SqlDscIsRole when login is found' {`
	`247`	`+ It 'Should call both Test-SqlDscIsLogin and Test-SqlDscIsRole' {`
`248`	`248`	`$null = Get-SqlDscServerPermission -ServerObject $mockServerObject -Name 'TestPrincipal' -ErrorAction 'SilentlyContinue'`
`249`	`249`
`250`	`250`	`Should -Invoke -CommandName Test-SqlDscIsLogin -ParameterFilter {`
`251`	`251`	`$ServerObject.Equals($mockServerObject) -and $Name -eq 'TestPrincipal'`
`252`	`252`	`} -Exactly -Times 1`
`253`	`253`
`254`		`- Should -Invoke -CommandName Test-SqlDscIsRole -Exactly -Times 0`
	`254`	`+ Should -Invoke -CommandName Test-SqlDscIsRole -ParameterFilter {`
	`255`	`+ $ServerObject.Equals($mockServerObject) -and $Name -eq 'TestPrincipal'`
	`256`	`+ } -Exactly -Times 1`
`255`	`257`	`}`
`256`	`258`	`}`
`257`	`259`
`@@ -266,7 +268,7 @@ Describe 'Get-SqlDscServerPermission' -Tag 'Public' {`
`266`	`268`	`}`
`267`	`269`	`}`
`268`	`270`
`269`		`- It 'Should call both Test-SqlDscIsLogin and Test-SqlDscIsRole when login is not found' {`
	`271`	`+ It 'Should call both Test-SqlDscIsLogin and Test-SqlDscIsRole' {`
`270`	`272`	`$null = Get-SqlDscServerPermission -ServerObject $mockServerObject -Name 'TestPrincipal' -ErrorAction 'SilentlyContinue'`
`271`	`273`
`272`	`274`	`Should -Invoke -CommandName Test-SqlDscIsLogin -ParameterFilter {`
`@@ -334,14 +336,16 @@ Describe 'Get-SqlDscServerPermission' -Tag 'Public' {`
`334`	`336`	`}`
`335`	`337`	`}`
`336`	`338`
`337`		`- It 'Should call Test-SqlDscIsLogin but not Test-SqlDscIsRole when login is found' {`
	`339`	`+ It 'Should call both Test-SqlDscIsLogin and Test-SqlDscIsRole when both types are specified' {`
`338`	`340`	`$null = Get-SqlDscServerPermission -ServerObject $mockServerObject -Name 'TestPrincipal' -PrincipalType 'Login', 'Role' -ErrorAction 'SilentlyContinue'`
`339`	`341`
`340`	`342`	`Should -Invoke -CommandName Test-SqlDscIsLogin -ParameterFilter {`
`341`	`343`	`$ServerObject.Equals($mockServerObject) -and $Name -eq 'TestPrincipal'`
`342`	`344`	`} -Exactly -Times 1`
`343`	`345`
`344`		`- Should -Invoke -CommandName Test-SqlDscIsRole -Exactly -Times 0`
	`346`	`+ Should -Invoke -CommandName Test-SqlDscIsRole -ParameterFilter {`
	`347`	`+ $ServerObject.Equals($mockServerObject) -and $Name -eq 'TestPrincipal'`
	`348`	`+ } -Exactly -Times 1`
`345`	`349`	`}`
`346`	`350`	`}`
`347`	`351`	`}`