Get-SqlDscLogin: function to retrieve SQL Server logins

johlju · johlju · commit ea5256523067 · 2025-08-14T23:36:12.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,6 +15,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
     exists as a login, throwing a terminating error if it doesn't exist.
   - Supports pipeline input and provides detailed error messages with localization.
   - Uses `Test-SqlDscIsLogin` command for login validation following module patterns.
+- `Get-SqlDscLogin`
+  - Added new public command to get a SQL Server login from a Database Engine instance.
+  - Returns a `Microsoft.SqlServer.Management.Smo.Login` object that represents
+    the login.
+  - Supports getting a specific login by name or all logins if no name is specified.
+  - Includes a `-Refresh` parameter to refresh the server's login collection
+    before retrieval.
 
 ### Changed
 
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -249,6 +249,7 @@ stages:
                   'tests/Integration/Commands/Connect-SqlDscDatabaseEngine.Integration.Tests.ps1'
                   # Group 2
                   'tests/Integration/Commands/Assert-SqlDscLogin.Integration.Tests.ps1'
+                  'tests/Integration/Commands/Get-SqlDscLogin.Integration.Tests.ps1'
                   # Group 9
                   'tests/Integration/Commands/Uninstall-SqlDscServer.Integration.Tests.ps1'
               )
diff --git a/source/Public/Get-SqlDscLogin.ps1 b/source/Public/Get-SqlDscLogin.ps1
@@ -0,0 +1,86 @@
+<#
+    .SYNOPSIS
+        Get server login.
+
+    .DESCRIPTION
+        This command gets a server login from a SQL Server Database Engine instance.
+
+    .PARAMETER ServerObject
+        Specifies current server connection object.
+
+    .PARAMETER Name
+        Specifies the name of the server login to get.
+
+    .PARAMETER Refresh
+        Specifies that the **ServerObject**'s logins should be refreshed before
+        trying get the login object. This is helpful when logins could have been
+        modified outside of the **ServerObject**, for example through T-SQL. But
+        on instances with a large amount of logins it might be better to make
+        sure the **ServerObject** is recent enough, or pass in **LoginObject**.
+
+    .EXAMPLE
+        $serverObject = Connect-SqlDscDatabaseEngine -InstanceName 'MyInstance'
+        $serverObject | Get-SqlDscLogin -Name 'MyLogin'
+
+        Get the login named **MyLogin**.
+
+    .OUTPUTS
+        `[Microsoft.SqlServer.Management.Smo.Login]`
+#>
+function Get-SqlDscLogin
+{
+    [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseOutputTypeCorrectly', '', Justification = 'Because the rule does not understands that the command returns [System.String[]] when using , (comma) in the return statement')]
+    [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('UseSyntacticallyCorrectExamples', '', Justification = 'Because the rule does not yet support parsing the code when a parameter type is not available. The ScriptAnalyzer rule UseSyntacticallyCorrectExamples will always error in the editor due to https://github.com/indented-automation/Indented.ScriptAnalyzerRules/issues/8.')]
+    [OutputType([Microsoft.SqlServer.Management.Smo.Login[]])]
+    [CmdletBinding()]
+    param
+    (
+        [Parameter(Mandatory = $true, ValueFromPipeline = $true)]
+        [Microsoft.SqlServer.Management.Smo.Server]
+        $ServerObject,
+
+        [Parameter()]
+        [System.String]
+        $Name,
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        $Refresh
+    )
+
+    process
+    {
+        if ($Refresh.IsPresent)
+        {
+            # Make sure the logins are up-to-date to get any newly created logins.
+            $ServerObject.Logins.Refresh()
+        }
+
+        $loginObject = @()
+
+        if ($PSBoundParameters.ContainsKey('Name'))
+        {
+            $loginObject = $ServerObject.Logins[$Name]
+
+            if (-not $loginObject)
+            {
+                $missingLoginMessage = $script:localizedData.Login_Missing -f $Name
+
+                $writeErrorParameters = @{
+                    Message      = $missingLoginMessage
+                    Category     = 'InvalidOperation'
+                    ErrorId      = 'GSDL0001' # cspell: disable-line
+                    TargetObject = $Name
+                }
+
+                Write-Error @writeErrorParameters
+            }
+        }
+        else
+        {
+            $loginObject = $ServerObject.Logins
+        }
+
+        return [Microsoft.SqlServer.Management.Smo.Login[]] $loginObject
+    }
+}
diff --git a/source/en-US/SqlServerDsc.strings.psd1 b/source/en-US/SqlServerDsc.strings.psd1
@@ -61,6 +61,9 @@ ConvertFrom-StringData @'
     ## Get-SqlDscAudit
     Audit_Missing = There is no audit with the name '{0}'.
 
+    ## Get-SqlDscLogin
+    Login_Missing = There is no login with the name '{0}'.
+
     ## Remove-SqlDscAudit
     Audit_Remove_ShouldProcessVerboseDescription = Removing the audit '{0}' on the instance '{1}'.
     Audit_Remove_ShouldProcessVerboseWarning = Are you sure you want to remove the audit '{0}'?
diff --git a/tests/Integration/Commands/Get-SqlDscLogin.Integration.Tests.ps1 b/tests/Integration/Commands/Get-SqlDscLogin.Integration.Tests.ps1
@@ -0,0 +1,131 @@
+[System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '', Justification = 'Suppressing this rule because Script Analyzer does not understand Pester syntax.')]
+param ()
+
+BeforeDiscovery {
+    try
+    {
+        if (-not (Get-Module -Name 'DscResource.Test'))
+        {
+            # Assumes dependencies has been resolved, so if this module is not available, run 'noop' task.
+            if (-not (Get-Module -Name 'DscResource.Test' -ListAvailable))
+            {
+                # Redirect all streams to $null, except the error stream (stream 2)
+                & "$PSScriptRoot/../../../build.ps1" -Tasks 'noop' 3>&1 4>&1 5>&1 6>&1 > $null
+            }
+
+            # If the dependencies has not been resolved, this will throw an error.
+            Import-Module -Name 'DscResource.Test' -Force -ErrorAction 'Stop'
+        }
+    }
+    catch [System.IO.FileNotFoundException]
+    {
+        throw 'DscResource.Test module dependency not found. Please run ".\build.ps1 -ResolveDependency -Tasks build" first.'
+    }
+}
+
+BeforeAll {
+    $script:dscModuleName = 'SqlServerDsc'
+
+    Import-Module -Name $script:dscModuleName
+
+    # Loading stub cmdlets
+    Import-Module -Name "$PSScriptRoot/../../Stubs/SqlServerStub.psm1" -Force
+
+    $PSDefaultParameterValues['InModuleScope:ModuleName'] = $script:dscModuleName
+    $PSDefaultParameterValues['Mock:ModuleName'] = $script:dscModuleName
+    $PSDefaultParameterValues['Should:ModuleName'] = $script:dscModuleName
+}
+
+AfterAll {
+    $PSDefaultParameterValues.Remove('InModuleScope:ModuleName')
+    $PSDefaultParameterValues.Remove('Mock:ModuleName')
+    $PSDefaultParameterValues.Remove('Should:ModuleName')
+
+    # Unload the module being tested so that it doesn't impact any other tests.
+    Get-Module -Name $script:dscModuleName -All | Remove-Module -Force
+}
+
+Describe 'Get-SqlDscLogin' -Tag @('Integration_SQL2016', 'Integration_SQL2017', 'Integration_SQL2019', 'Integration_SQL2022') {
+    BeforeAll {
+        $mockInstanceName = $env:COMPUTERNAME
+        $mockSqlCredential = $null
+        $mockConnectTimeout = 30
+        $mockEncryptConnection = $true
+
+        if ($env:INTEGRATION_TESTS_SQLSERVER_CREDENTIAL)
+        {
+            <#
+                This is set by the pipeline so we can run the tests towards the
+                SQL Server instance on the AppVeyor build worker.
+            #>
+            $mockSqlCredential = (ConvertFrom-Json -InputObject $env:INTEGRATION_TESTS_SQLSERVER_CREDENTIAL)
+        }
+
+        try
+        {
+            $serverObject = Connect-SqlDscDatabaseEngine -InstanceName $mockInstanceName -Credential $mockSqlCredential -ConnectTimeout $mockConnectTimeout -EncryptConnection $mockEncryptConnection
+        }
+        catch
+        {
+            Set-ItResult -Skip -Because 'Could not connect to SQL Server instance'
+        }
+    }
+
+    Context 'When getting all SQL Server logins' {
+        It 'Should return an array of Login objects' {
+            $result = Get-SqlDscLogin -ServerObject $serverObject
+
+            <#
+                Casting to array to ensure we get the count on Windows PowerShell
+                when there is only one login.
+            #>
+            @($result).Count | Should -BeGreaterOrEqual 1
+            $result[0] | Should -BeOfType 'Microsoft.SqlServer.Management.Smo.Login'
+        }
+
+        It 'Should return system logins including sa' {
+            $result = Get-SqlDscLogin -ServerObject $serverObject
+
+            $result.Name | Should -Contain 'sa'
+        }
+    }
+
+    Context 'When getting a specific SQL Server login' {
+        It 'Should return the specified login when it exists' {
+            $result = Get-SqlDscLogin -ServerObject $serverObject -Name 'sa'
+
+            $result | Should -BeOfType 'Microsoft.SqlServer.Management.Smo.Login'
+            $result.Name | Should -Be 'sa'
+            $result.LoginType | Should -Be 'SqlLogin'
+        }
+
+        It 'Should throw an error when the login does not exist' {
+            { Get-SqlDscLogin -ServerObject $serverObject -Name 'NonExistentLogin' -ErrorAction 'Stop' } |
+                Should -Throw -ExpectedMessage "There is no login with the name 'NonExistentLogin'."
+        }
+
+        It 'Should return null when the login does not exist and error action is SilentlyContinue' {
+            $result = Get-SqlDscLogin -ServerObject $serverObject -Name 'NonExistentLogin' -ErrorAction 'SilentlyContinue'
+
+            $result | Should -BeNullOrEmpty
+        }
+    }
+
+    Context 'When using the Refresh parameter' {
+        It 'Should return the same results with and without Refresh' {
+            $resultWithoutRefresh = Get-SqlDscLogin -ServerObject $serverObject
+            $resultWithRefresh = Get-SqlDscLogin -ServerObject $serverObject -Refresh
+
+            $resultWithoutRefresh.Count | Should -Be $resultWithRefresh.Count
+        }
+    }
+
+    Context 'When using pipeline input' {
+        It 'Should accept ServerObject from pipeline' {
+            $result = $serverObject | Get-SqlDscLogin -Name 'sa'
+
+            $result | Should -BeOfType 'Microsoft.SqlServer.Management.Smo.Login'
+            $result.Name | Should -Be 'sa'
+        }
+    }
+}
diff --git a/tests/Unit/Public/Get-SqlDscLogin.Tests.ps1 b/tests/Unit/Public/Get-SqlDscLogin.Tests.ps1

Original file line number	Diff line number	Diff line change
`@@ -249,6 +249,7 @@ stages:`
`249`	`249`	`'tests/Integration/Commands/Connect-SqlDscDatabaseEngine.Integration.Tests.ps1'`
`250`	`250`	`# Group 2`
`251`	`251`	`'tests/Integration/Commands/Assert-SqlDscLogin.Integration.Tests.ps1'`
	`252`	`+ 'tests/Integration/Commands/Get-SqlDscLogin.Integration.Tests.ps1'`
`252`	`253`	`# Group 9`
`253`	`254`	`'tests/Integration/Commands/Uninstall-SqlDscServer.Integration.Tests.ps1'`
`254`	`255`	`)`