Add functions to enable and disable TLS for Reporting Services (#2387)

Author: johlju

CHANGELOG.md

@@ -7,6 +7,28 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+- Added public command `Get-SqlDscRSConfiguration` to retrieve the
+  `MSReportServer_ConfigurationSetting` CIM instance for SQL Server Reporting
+  Services or Power BI Report Server. Supports auto-detection of the Reporting
+  Services version or explicit version specification. The returned CIM instance
+  can be piped to `Enable-SqlDscRsSecureConnection` or `Disable-SqlDscRsSecureConnection`
+  ([issue #2022](https://github.com/dsccommunity/SqlServerDsc/issues/2022)).
+- Added public command `Enable-SqlDscRsSecureConnection` to enable secure
+  connection for SQL Server Reporting Services or Power BI Report Server by
+  setting the secure connection level to 1. Accepts the configuration CIM
+  instance from pipeline, supports `-WhatIf`/`-Confirm`, and `-PassThru` to
+  return the configuration object
+  ([issue #2022](https://github.com/dsccommunity/SqlServerDsc/issues/2022)).
+- Added public command `Disable-SqlDscRsSecureConnection` to disable secure
+  connection for SQL Server Reporting Services or Power BI Report Server by
+  setting the secure connection level to 0. Accepts the configuration CIM
+  instance from pipeline, supports `-WhatIf`/`-Confirm`, and `-PassThru` to
+  return the configuration object
+  ([issue #2023](https://github.com/dsccommunity/SqlServerDsc/issues/2023)).
+- Added private function `Invoke-RsCimMethod` to invoke CIM methods on Reporting
+  Services configuration instances with consistent error handling. This function
+  is used by `Enable-SqlDscRsSecureConnection`, `Disable-SqlDscRsSecureConnection`,
+  and the `SqlRS` resource.
 - `Invoke-ReportServerSetupAction`
   - Now uses `Format-Path` with `-ExpandEnvironmentVariable` to expand environment
     variables in all path parameters (`MediaPath`, `LogPath`, `InstallFolder`)
@@ -105,6 +127,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
+- `SqlRS`
+  - Refactored to use the public commands `Enable-SqlDscRsSecureConnection` and
+    `Disable-SqlDscRsSecureConnection` for setting the secure connection level
+    instead of calling the CIM method directly.
 - `Assert-SetupActionProperties`
   - Refactored to use the command `Get-FileVersion` from the DscResource.Common
     module instead of the private function `Get-FileVersionInformation`

azure-pipelines.yml

@@ -535,6 +535,10 @@ stages:
                   'tests/Integration/Commands/Get-SqlDscRSPackage.Integration.Tests.ps1'
                   'tests/Integration/Commands/Get-SqlDscRSSetupConfiguration.Integration.Tests.ps1'
                   'tests/Integration/Commands/Test-SqlDscRSInstalled.Integration.Tests.ps1'
+                  # Group 3
+                  'tests/Integration/Commands/Get-SqlDscRSConfiguration.Integration.Tests.ps1'
+                  'tests/Integration/Commands/Enable-SqlDscRsSecureConnection.Integration.Tests.ps1'
+                  'tests/Integration/Commands/Disable-SqlDscRsSecureConnection.Integration.Tests.ps1'
                   # Group 8
                   'tests/Integration/Commands/Repair-SqlDscReportingService.Integration.Tests.ps1'
                   # Group 9
@@ -601,6 +605,10 @@ stages:
                   'tests/Integration/Commands/Get-SqlDscRSPackage.Integration.Tests.ps1'
                   'tests/Integration/Commands/Get-SqlDscRSSetupConfiguration.Integration.Tests.ps1'
                   'tests/Integration/Commands/Test-SqlDscRSInstalled.Integration.Tests.ps1'
+                  # Group 3
+                  'tests/Integration/Commands/Get-SqlDscRSConfiguration.Integration.Tests.ps1'
+                  'tests/Integration/Commands/Enable-SqlDscRsSecureConnection.Integration.Tests.ps1'
+                  'tests/Integration/Commands/Disable-SqlDscRsSecureConnection.Integration.Tests.ps1'
                   # Group 8
                   'tests/Integration/Commands/Repair-SqlDscPowerBIReportServer.Integration.Tests.ps1'
                   # Group 9

source/DSCResources/DSC_SqlRS/DSC_SqlRS.psm1

@@ -604,15 +604,14 @@ function Set-TargetResource
 
                 $restartReportingService = $true
 
-                $invokeRsCimMethodParameters = @{
-                    CimInstance = $reportingServicesData.Configuration
-                    MethodName  = 'SetSecureConnectionLevel'
-                    Arguments   = @{
-                        Level = @(0, 1)[$UseSsl]
-                    }
+                if ($UseSsl)
+                {
+                    $reportingServicesData.Configuration | Enable-SqlDscRsSecureConnection -Force
+                }
+                else
+                {
+                    $reportingServicesData.Configuration | Disable-SqlDscRsSecureConnection -Force
                 }
-
-                Invoke-RsCimMethod @invokeRsCimMethodParameters
             }
         }
         else
@@ -825,15 +824,14 @@ function Set-TargetResource
 
                 $restartReportingService = $true
 
-                $invokeRsCimMethodParameters = @{
-                    CimInstance = $reportingServicesData.Configuration
-                    MethodName  = 'SetSecureConnectionLevel'
-                    Arguments   = @{
-                        Level = @(0, 1)[$UseSsl]
-                    }
+                if ($UseSsl)
+                {
+                    $reportingServicesData.Configuration | Enable-SqlDscRsSecureConnection -Force
+                }
+                else
+                {
+                    $reportingServicesData.Configuration | Disable-SqlDscRsSecureConnection -Force
                 }
-
-                Invoke-RsCimMethod @invokeRsCimMethodParameters
             }
         }
 

source/Private/Invoke-RsCimMethod.ps1

@@ -0,0 +1,97 @@
+<#
+    .SYNOPSIS
+        Invokes a CIM method on a Reporting Services configuration instance.
+
+    .DESCRIPTION
+        A helper function that wraps Invoke-CimMethod to provide consistent
+        error handling for Reporting Services CIM method calls. This function
+        handles both ExtendedErrors and Error properties that can be returned
+        by the CIM method.
+
+    .PARAMETER CimInstance
+        The CIM instance object that contains the method to call.
+
+    .PARAMETER MethodName
+        The name of the method to invoke on the CIM instance.
+
+    .PARAMETER Arguments
+        A hashtable of arguments to pass to the method.
+
+    .OUTPUTS
+        Microsoft.Management.Infrastructure.CimMethodResult
+
+        Returns the result of the CIM method call.
+
+    .EXAMPLE
+        $config = Get-SqlDscRSConfiguration -InstanceName 'SSRS'
+        Invoke-RsCimMethod -CimInstance $config -MethodName 'ListReservedUrls'
+
+        Invokes the ListReservedUrls method on the configuration CIM instance.
+
+    .EXAMPLE
+        $config = Get-SqlDscRSConfiguration -InstanceName 'SSRS'
+        Invoke-RsCimMethod -CimInstance $config -MethodName 'SetSecureConnectionLevel' -Arguments @{ Level = 1 }
+
+        Invokes the SetSecureConnectionLevel method with the Level argument.
+#>
+function Invoke-RsCimMethod
+{
+    [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('AvoidThrowOutsideOfTry', '', Justification = 'Because the code throws based on an prior expression')]
+    [CmdletBinding()]
+    [OutputType([Microsoft.Management.Infrastructure.CimMethodResult])]
+    param
+    (
+        [Parameter(Mandatory = $true)]
+        [System.Object]
+        $CimInstance,
+
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $MethodName,
+
+        [Parameter()]
+        [System.Collections.Hashtable]
+        $Arguments
+    )
+
+    $invokeCimMethodParameters = @{
+        MethodName  = $MethodName
+        ErrorAction = 'Stop'
+    }
+
+    if ($PSBoundParameters.ContainsKey('Arguments'))
+    {
+        $invokeCimMethodParameters['Arguments'] = $Arguments
+    }
+
+    $invokeCimMethodResult = $CimInstance | Invoke-CimMethod @invokeCimMethodParameters
+
+    <#
+        Successfully calling the method returns $invokeCimMethodResult.HRESULT -eq 0.
+        If a general error occurs in the Invoke-CimMethod, like calling a method
+        that does not exist, returns $null in $invokeCimMethodResult.
+
+        cSpell: ignore HRESULT
+    #>
+    if ($invokeCimMethodResult -and $invokeCimMethodResult.HRESULT -ne 0)
+    {
+        if ($invokeCimMethodResult | Get-Member -Name 'ExtendedErrors')
+        {
+            <#
+                The returned object property ExtendedErrors is an array
+                so that needs to be concatenated.
+            #>
+            $errorMessage = $invokeCimMethodResult.ExtendedErrors -join ';'
+        }
+        else
+        {
+            $errorMessage = $invokeCimMethodResult.Error
+        }
+
+        $errorMessage = $script:localizedData.Invoke_RsCimMethod_FailedToInvokeMethod -f $MethodName, $errorMessage, $invokeCimMethodResult.HRESULT
+
+        throw $errorMessage
+    }
+
+    return $invokeCimMethodResult
+}

source/Public/Disable-SqlDscRsSecureConnection.ps1

@@ -0,0 +1,137 @@
+<#
+    .SYNOPSIS
+        Disables secure connection for SQL Server Reporting Services.
+
+    .DESCRIPTION
+        Disables secure connection (TLS/SSL) for SQL Server Reporting Services
+        or Power BI Report Server by setting the secure connection level to 0.
+
+        This command calls the `SetSecureConnectionLevel` method on the
+        `MSReportServer_ConfigurationSetting` CIM instance with a level value
+        of 0, which disables the secure connection requirement for connections
+        to the Reporting Services web service and portal.
+
+        The configuration CIM instance can be obtained using the
+        `Get-SqlDscRSConfiguration` command and passed via the pipeline.
+
+    .PARAMETER Configuration
+        Specifies the `MSReportServer_ConfigurationSetting` CIM instance for
+        the Reporting Services instance. This can be obtained using the
+        `Get-SqlDscRSConfiguration` command. This parameter accepts pipeline
+        input.
+
+    .PARAMETER PassThru
+        If specified, returns the configuration CIM instance after disabling
+        secure connection.
+
+    .PARAMETER Force
+        If specified, suppresses the confirmation prompt.
+
+    .EXAMPLE
+        Get-SqlDscRSConfiguration -InstanceName 'SSRS' | Disable-SqlDscRsSecureConnection
+
+        Disables secure connection for the SSRS instance by piping the configuration
+        from `Get-SqlDscRSConfiguration`.
+
+    .EXAMPLE
+        $config = Get-SqlDscRSConfiguration -InstanceName 'SSRS'
+        Disable-SqlDscRsSecureConnection -Configuration $config
+
+        Disables secure connection for the SSRS instance by passing the
+        configuration as a parameter.
+
+    .EXAMPLE
+        Get-SqlDscRSConfiguration -InstanceName 'SSRS' | Disable-SqlDscRsSecureConnection -PassThru
+
+        Disables secure connection for the SSRS instance and returns the
+        configuration CIM instance.
+
+    .INPUTS
+        `Microsoft.Management.Infrastructure.CimInstance`
+
+        Accepts MSReportServer_ConfigurationSetting CIM instance via pipeline.
+
+    .OUTPUTS
+        None. By default, this command does not generate any output.
+
+    .OUTPUTS
+        `Microsoft.Management.Infrastructure.CimInstance`
+
+        When PassThru is specified, returns the MSReportServer_ConfigurationSetting
+        CIM instance.
+
+    .NOTES
+        The Reporting Services service may need to be restarted for the change
+        to take effect.
+
+    .LINK
+        https://docs.microsoft.com/en-us/sql/reporting-services/wmi-provider-library-reference/configurationsetting-method-setsecureconnectionlevel
+#>
+function Disable-SqlDscRsSecureConnection
+{
+    # cSpell: ignore PBIRS
+    [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('UseSyntacticallyCorrectExamples', '', Justification = 'Because the examples use pipeline input the rule cannot validate.')]
+    [CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'Medium')]
+    [Alias('Disable-SqlDscRSTls')]
+    [OutputType()]
+    [OutputType([System.Object])]
+    param
+    (
+        [Parameter(Mandatory = $true, ValueFromPipeline = $true)]
+        [System.Object]
+        $Configuration,
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        $PassThru,
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        $Force
+    )
+
+    process
+    {
+        if ($Force.IsPresent -and -not $Confirm)
+        {
+            $ConfirmPreference = 'None'
+        }
+
+        $instanceName = $Configuration.InstanceName
+
+        Write-Verbose -Message ($script:localizedData.Disable_SqlDscRsSecureConnection_Disabling -f $instanceName)
+
+        $descriptionMessage = $script:localizedData.Disable_SqlDscRsSecureConnection_ShouldProcessDescription -f $instanceName
+        $confirmationMessage = $script:localizedData.Disable_SqlDscRsSecureConnection_ShouldProcessConfirmation -f $instanceName
+        $captionMessage = $script:localizedData.Disable_SqlDscRsSecureConnection_ShouldProcessCaption
+
+        if ($PSCmdlet.ShouldProcess($descriptionMessage, $confirmationMessage, $captionMessage))
+        {
+            $invokeRsCimMethodParameters = @{
+                CimInstance = $Configuration
+                MethodName  = 'SetSecureConnectionLevel'
+                Arguments   = @{
+                    Level = 0
+                }
+            }
+
+            try
+            {
+                $null = Invoke-RsCimMethod @invokeRsCimMethodParameters
+            }
+            catch
+            {
+                $errorMessage = $script:localizedData.Disable_SqlDscRsSecureConnection_FailedToDisable -f $instanceName, $_.Exception.Message
+
+                $errorRecord = New-ErrorRecord -Exception (New-InvalidOperationException -Message $errorMessage -PassThru) -ErrorId 'DSRSSC0001' -ErrorCategory 'InvalidOperation' -TargetObject $Configuration
+
+                $PSCmdlet.ThrowTerminatingError($errorRecord)
+            }
+        }
+
+        if ($PassThru.IsPresent)
+        {
+            return $Configuration
+        }
+    }
+}