dsccommunity
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 23 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 23 deletions
diff --git a/‎azure-pipelines.yml‎
Lines changed: 4 additions & 0 deletions b/‎azure-pipelines.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎source/Public/Get-SqlDscRole.ps1‎
Lines changed: 103 additions & 0 deletions b/‎source/Public/Get-SqlDscRole.ps1‎
Lines changed: 103 additions & 0 deletions
diff --git a/‎source/Public/New-SqlDscRole.ps1‎
Lines changed: 120 additions & 0 deletions b/‎source/Public/New-SqlDscRole.ps1‎
Lines changed: 120 additions & 0 deletions
@@ -27,29 +27,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
     exists as a login, throwing a terminating error if it doesn't exist.
   - Supports pipeline input and provides detailed error messages with localization.
   - Uses `Test-SqlDscIsLogin` command for login validation following module patterns.
-- `Get-SqlDscLogin`
-  - Added new public command to get a SQL Server login from a Database Engine instance.
-  - Returns a `Microsoft.SqlServer.Management.Smo.Login` object that represents
-    the login.
-  - Supports getting a specific login by name or all logins if no name is specified.
-  - Includes a `-Refresh` parameter to refresh the server's login collection
-    before retrieval.
-- `Remove-SqlDscLogin`
-  - Added new public command to remove a SQL Server login from a Database
-    Engine instance.
-  - Supports removing a login by specifying a `ServerObject` and `Name`, or by
-    passing a `LoginObject` through the pipeline.
-  - Includes confirmation prompts with `-Force` parameter to bypass confirmation.
-  - Includes a `-Refresh` parameter to refresh the server's login collection
-    before attempting removal.
-  - Provides detailed error messages with localization support.
-- `New-SqlDscLogin`
-  - Added new public command to create a new login on a SQL Server Database
-    Engine instance.
-  - Supports creating SQL Server logins, Windows user logins, Windows group
-    logins, certificate-based logins, and asymmetric key-based logins.
-  - Implements proper parameter sets to prevent combining hashed passwords
-    with password policy options, following SQL Server restrictions.
+- Added `Get-SqlDscLogin`, `Get-SqlDscRole`, `New-SqlDscLogin`, `New-SqlDscRole`, `Remove-SqlDscRole`, and `Remove-SqlDscLogin` commands for retrieving and managing SQL Server logins and roles with support for refresh, pipeline input, and ShouldProcess.
 
 ### Changed
 
 
@@ -294,7 +294,11 @@ stages:
                   'tests/Integration/Commands/Assert-SqlDscLogin.Integration.Tests.ps1'
                   'tests/Integration/Commands/New-SqlDscLogin.Integration.Tests.ps1'
                   'tests/Integration/Commands/Get-SqlDscLogin.Integration.Tests.ps1'
+                  'tests/Integration/Commands/New-SqlDscRole.Integration.Tests.ps1'
+                  'tests/Integration/Commands/Get-SqlDscRole.Integration.Tests.ps1'
+                  'tests/Integration/Commands/Remove-SqlDscRole.Integration.Tests.ps1'
                   'tests/Integration/Commands/Remove-SqlDscLogin.Integration.Tests.ps1'
+
                   # Group 9
                   'tests/Integration/Commands/Uninstall-SqlDscServer.Integration.Tests.ps1'
               )
 
@@ -0,0 +1,103 @@
+<#
+    .SYNOPSIS
+        Get server roles from a SQL Server Database Engine instance.
+
+    .DESCRIPTION
+        This command gets one or more server roles from a SQL Server Database Engine instance.
+        If no name is specified, all server roles are returned.
+
+    .PARAMETER ServerObject
+        Specifies current server connection object.
+
+    .PARAMETER Name
+        Specifies the name of the server role to get. If not specified, all
+        server roles are returned.
+
+    .PARAMETER Refresh
+        Specifies that the **ServerObject**'s roles should be refreshed before
+        trying to get the role object. This is helpful when roles could have been
+        modified outside of the **ServerObject**, for example through T-SQL. But
+        on instances with a large amount of roles it might be better to make
+        sure the **ServerObject** is recent enough.
+
+    .EXAMPLE
+        $serverObject = Connect-SqlDscDatabaseEngine -InstanceName 'MyInstance'
+        $serverObject | Get-SqlDscRole
+
+        Get all server roles from the instance.
+
+    .EXAMPLE
+        $serverObject = Connect-SqlDscDatabaseEngine -InstanceName 'MyInstance'
+        $serverObject | Get-SqlDscRole -Name 'MyCustomRole'
+
+        Get the server role named **MyCustomRole**.
+
+    .OUTPUTS
+        `[Microsoft.SqlServer.Management.Smo.ServerRole[]]`
+#>
+function Get-SqlDscRole
+{
+    [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('UseSyntacticallyCorrectExamples', '', Justification = 'Because the rule does not yet support parsing the code when a parameter type is not available. The ScriptAnalyzer rule UseSyntacticallyCorrectExamples will always error in the editor due to https://github.com/indented-automation/Indented.ScriptAnalyzerRules/issues/8.')]
+    [OutputType([Microsoft.SqlServer.Management.Smo.ServerRole[]])]
+    [CmdletBinding()]
+    param
+    (
+        [Parameter(Mandatory = $true, ValueFromPipeline = $true)]
+        [Microsoft.SqlServer.Management.Smo.Server]
+        $ServerObject,
+
+        [Parameter()]
+        [System.String]
+        $Name,
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        $Refresh
+    )
+
+    process
+    {
+        if ($Refresh.IsPresent)
+        {
+            # Refresh the server object's roles collection
+            $ServerObject.Roles.Refresh()
+        }
+
+        Write-Verbose -Message ($script:localizedData.Role_Get -f $ServerObject.InstanceName)
+
+        $roleObject = @()
+
+        if ($PSBoundParameters.ContainsKey('Name'))
+        {
+            $roleObject = $ServerObject.Roles[$Name]
+
+            if (-not $roleObject)
+            {
+                Write-Verbose -Message ($script:localizedData.Role_NotFound -f $Name)
+
+                $missingRoleMessage = $script:localizedData.Role_NotFound -f $Name
+
+                $writeErrorParameters = @{
+                    Message      = $missingRoleMessage
+                    Category     = 'ObjectNotFound'
+                    ErrorId      = 'GSDR0001' # cspell: disable-line
+                    TargetObject = $Name
+                }
+
+                Write-Error @writeErrorParameters
+            }
+            else
+            {
+                Write-Verbose -Message ($script:localizedData.Role_Found -f $Name)
+            }
+        }
+        else
+        {
+            Write-Verbose -Message ($script:localizedData.Role_GetAll)
+
+            $roleObject = $ServerObject.Roles
+        }
+
+        return [Microsoft.SqlServer.Management.Smo.ServerRole[]] $roleObject
+    }
+}
@@ -0,0 +1,120 @@
+<#
+    .SYNOPSIS
+        Creates a new server role in a SQL Server Database Engine instance.
+
+    .DESCRIPTION
+        This command creates a new server role in a SQL Server Database Engine instance.
+
+    .PARAMETER ServerObject
+        Specifies current server connection object.
+
+    .PARAMETER Name
+        Specifies the name of the server role to be created.
+
+    .PARAMETER Owner
+        Specifies the owner of the server role. If not specified, the role
+        will be owned by the login that creates it.
+
+    .PARAMETER Force
+        Specifies that the role should be created without any confirmation.
+
+    .PARAMETER Refresh
+        Specifies that the **ServerObject**'s roles should be refreshed before
+        creating the role object. This is helpful when roles could have been
+        modified outside of the **ServerObject**, for example through T-SQL. But
+        on instances with a large amount of roles it might be better to make
+        sure the **ServerObject** is recent enough.
+
+    .EXAMPLE
+        $serverObject = Connect-SqlDscDatabaseEngine -InstanceName 'MyInstance'
+        $serverObject | New-SqlDscRole -Name 'MyCustomRole'
+
+        Creates a new server role named **MyCustomRole**.
+
+    .EXAMPLE
+        $serverObject = Connect-SqlDscDatabaseEngine -InstanceName 'MyInstance'
+        $serverObject | New-SqlDscRole -Name 'MyCustomRole' -Owner 'MyOwner' -Force
+
+        Creates a new server role named **MyCustomRole** with the specified owner
+        without prompting for confirmation.
+
+    .OUTPUTS
+        `[Microsoft.SqlServer.Management.Smo.ServerRole]`
+#>
+function New-SqlDscRole
+{
+    [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('UseSyntacticallyCorrectExamples', '', Justification = 'Because the rule does not yet support parsing the code when a parameter type is not available. The ScriptAnalyzer rule UseSyntacticallyCorrectExamples will always error in the editor due to https://github.com/indented-automation/Indented.ScriptAnalyzerRules/issues/8.')]
+    [OutputType([Microsoft.SqlServer.Management.Smo.ServerRole])]
+    [CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'Medium')]
+    param
+    (
+        [Parameter(Mandatory = $true, ValueFromPipeline = $true)]
+        [Microsoft.SqlServer.Management.Smo.Server]
+        $ServerObject,
+
+        [Parameter(Mandatory = $true)]
+        [ValidateNotNullOrEmpty()]
+        [System.String]
+        $Name,
+
+        [Parameter()]
+        [System.String]
+        $Owner,
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        $Force,
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        $Refresh
+    )
+
+    process
+    {
+        if ($Refresh.IsPresent)
+        {
+            # Refresh the server object's roles collection
+            $ServerObject.Roles.Refresh()
+        }
+
+        Write-Verbose -Message ($script:localizedData.Role_Create -f $Name, $ServerObject.InstanceName)
+
+        # Check if the role already exists
+        if ($ServerObject.Roles[$Name])
+        {
+            $errorMessage = $script:localizedData.Role_AlreadyExists -f $Name, $ServerObject.InstanceName
+            New-InvalidOperationException -Message $errorMessage
+        }
+
+        $verboseDescriptionMessage = $script:localizedData.Role_Create_ShouldProcessVerboseDescription -f $Name, $ServerObject.InstanceName
+        $verboseWarningMessage = $script:localizedData.Role_Create_ShouldProcessVerboseWarning -f $Name
+        $captionMessage = $script:localizedData.Role_Create_ShouldProcessCaption
+
+        if ($Force.IsPresent -or $PSCmdlet.ShouldProcess($verboseDescriptionMessage, $verboseWarningMessage, $captionMessage))
+        {
+            try
+            {
+                $serverRole = New-Object -TypeName Microsoft.SqlServer.Management.Smo.ServerRole -ArgumentList $ServerObject, $Name
+
+                if ($PSBoundParameters.ContainsKey('Owner'))
+                {
+                    $serverRole.Owner = $Owner
+                }
+
+                Write-Verbose -Message ($script:localizedData.Role_Creating -f $Name)
+
+                $serverRole.Create()
+
+                Write-Verbose -Message ($script:localizedData.Role_Created -f $Name)
+
+                return $serverRole
+            }
+            catch
+            {
+                $errorMessage = $script:localizedData.Role_CreateFailed -f $Name, $ServerObject.InstanceName
+                New-InvalidOperationException -Message $errorMessage -ErrorRecord $_
+            }
+        }
+    }
+}