SqlPermission: Refactor to use new server permission commands by johlju · Pull Request #2360 · dsccommunity/SqlServerDsc

johlju · 2025-12-04T20:16:07Z

Pull Request (PR) description

SqlPermission
- Refactored to use the new object-based server permission commands
  (Grant-SqlDscServerPermission, Deny-SqlDscServerPermission,
  Revoke-SqlDscServerPermission, and Get-SqlDscServerPermission)
  instead of the deprecated Set-SqlDscServerPermission command
  (issue #2159).

This Pull Request (PR) fixes the following issues

Fixes Set-SqlDscServerPermission: Use new object-based server permission commands #2159

Task list

Added an entry to the change log under the Unreleased section of the
file CHANGELOG.md. Entry should say what was changed and how that
affects users (if applicable), and reference the issue being resolved
(if applicable).
Resource documentation updated in the resource's README.md.
Resource parameter descriptions updated in schema.mof.
Comment-based help updated, including parameter descriptions.
Localization strings updated.
Examples updated.
Unit tests updated. See DSC Community Testing Guidelines.
Integration tests updated (where possible). See DSC Community Testing Guidelines.
Code changes adheres to DSC Community Style Guidelines.

This change is

coderabbitai · 2025-12-04T20:16:19Z

Walkthrough

SqlPermission was refactored to resolve principals as Login or ServerRole and to replace the deprecated Set-SqlDscServerPermission with object-based cmdlets (Grant-/Deny-/Revoke-SqlDscServerPermission and Get-SqlDscLogin/Get-SqlDscRole); tests, changelog, and a resource string were updated.

Changes

Cohort / File(s)	Summary
Changelog `CHANGELOG.md`	Added entry documenting SqlPermission refactor to use Grant/Deny/Revoke server-permission cmdlets instead of `Set-SqlDscServerPermission`.
Class implementation `source/Classes/020.SqlPermission.ps1`	Principal resolution unified (Login or ServerRole); replaced `Set-SqlDscServerPermission` with `Grant-SqlDscServerPermission`, `Deny-SqlDscServerPermission`, and `Revoke-SqlDscServerPermission`; introduced splatted principal parameters, permission-array handling, guarded revoke logic, WithGrant handling, and consolidated error propagation.
Tests `tests/Unit/Classes/SqlPermission.Tests.ps1`	Replaced mocks/expectations to exercise granular Grant/Deny/Revoke cmdlets; added `Get-SqlDscLogin`/`Get-SqlDscRole` and server-role contexts; expanded success and failure-path tests validating WithGrant and parameter semantics.
Strings `source/en-US/SqlPermission.strings.psd1`	Updated SP0004 message to "The name '{0}' is not a login or server role on the instance '{1}'".

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Review focus:
- Principal resolution and correct selection/passing of Login vs ServerRole parameters.
- Revoke guard (only revoke when permissions exist) and correct array handling of permissions.
- WithGrant semantics across Grant/Deny flows and error handling conversions.
- Unit tests: ensure mocks and assertions accurately reflect new cmdlet usage and server-role scenarios.

Possibly related PRs

*-SqlDscServerPermission: Add commands SQL Server permission management #2157 — Introduced the new object-based server permission cmdlets (Grant/Deny/Revoke/Get/Test-SqlDscServerPermission) that this change adapts the class resource to use.

Pre-merge checks

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: refactoring SqlPermission to use new server permission commands.
Description check	✅ Passed	The description is directly related to the changeset, explaining the refactoring from Set-SqlDscServerPermission to the new granular commands.
Linked Issues check	✅ Passed	The PR successfully implements the coding objectives from issue #2159 by refactoring SqlPermission class to use Grant/Deny/Revoke-SqlDscServerPermission commands directly.
Out of Scope Changes check	✅ Passed	All changes are directly in scope: SqlPermission class refactoring, unit tests updates, and localization string adjustment for principal validation messages.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a28c2d6 and 364c0de.

📒 Files selected for processing (2)

source/Classes/020.SqlPermission.ps1 (4 hunks)
tests/Unit/Classes/SqlPermission.Tests.ps1 (12 hunks)

🧰 Additional context used

📓 Path-based instructions (14)

**/*.ps1

📄 CodeRabbit inference engine (.github/instructions/SqlServerDsc-guidelines.instructions.md)

**/*.ps1: Format public commands as {Verb}-SqlDsc{Noun} following PowerShell naming conventions
Format private functions as {Verb}-{Noun} following PowerShell naming conventions

Files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

source/[cC]lasses/020.*.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-class-resource.instructions.md)

DSC class-based resources must use the file naming pattern source/Classes/020.{ResourceName}.ps1

Files:

source/Classes/020.SqlPermission.ps1

source/[cC]lasses/**/*.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-class-resource.instructions.md)

source/[cC]lasses/**/*.ps1: DSC class-based resources must be decorated with [DscResource(RunAsCredential = 'Optional')] or [DscResource(RunAsCredential = 'Mandatory')] based on requirements
DSC class-based resources must inherit from ResourceBase class from the DscResource.Base module
DSC class-based resources must use [Nullable[{FullTypeName}]] syntax for value-type properties (e.g., [Nullable[System.Int32]])
DSC class-based resources must implement a required constructor with signature ResourceName () : base ($PSScriptRoot) and populate $this.ExcludeDscProperties array
DSC class-based resources must implement required methods: Get(), Test(), Set(), GetCurrentState(), and Modify() following the specified pattern
DSC class-based resources may optionally implement methods: AssertProperties() and NormalizeProperties() following the specified pattern
DSC class-based resources must include comment-based help with .DESCRIPTION section containing Requirements and Known issues sections with a link to all open issues on GitHub
DSC class-based resources must use try/catch blocks for exception handling in classes
DSC class-based resources must use New-*Exception commands (such as New-InvalidDataException, New-ArgumentException, New-InvalidOperationException, New-ObjectNotFoundException, New-InvalidResultException, New-NotImplementedException) instead of throw for terminating errors in classes

Files:

source/Classes/020.SqlPermission.ps1

⚙️ CodeRabbit configuration file

source/[cC]lasses/**/*.ps1: # DSC Class-Based Resource Guidelines

Applies to: Classes with [DscResource(...)] decoration only.

Requirements

File: source/Classes/020.{ResourceName}.ps1
Decoration: [DscResource(RunAsCredential = 'Optional')] (replace with 'Mandatory' if required)
Inheritance: Must inherit ResourceBase (part of module DscResource.Base)
$this.localizedData hashtable auto-populated by ResourceBase from localization file
value-type properties: Use [Nullable[{FullTypeName}]] (e.g., [Nullable[System.Int32]])

Required constructor

MyResourceName () : base ($PSScriptRoot)
{
    # Property names where state cannot be enforced, e.g. IsSingleInstance, Force
    $this.ExcludeDscProperties = @()
}

Required Method Pattern

[MyResourceName] Get()
{
    # Call base implementation to get current state
    $currentState = ([ResourceBase] $this).Get()

    # If needed, post-processing on current state that can not be handled by GetCurrentState()

    return $currentState
}

[System.Boolean] Test()
{
    # Call base implementation to test current state
    $inDesiredState = ([ResourceBase] $this).Test()

    # If needed, post-processing on test result that can not be handled by base Test()

    return $inDesiredState
}

[void] Set()
{
    # Call base implementation to set desired state
    ([ResourceBase] $this).Set()

    # If needed, additional state changes that can not be handled by Modify()
}

hidden [System.Collections.Hashtable] GetCurrentState([System.Collections.Hashtable] $properties)
{
    # Always return current state as hashtable, $properties contains key properties
}

hidden [void] Modify([System.Collections.Hashtable] $properties)
{
    # Always set desired state, $properties contain those that must change state
}

Optional Method Pattern

hidden [void] AssertProperties([System.Collections.Hashtable] $properties)
{
    # Validate user-provided properties, $p...

Files:

source/Classes/020.SqlPermission.ps1

source/**/*.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-localization.instructions.md)

source/**/*.ps1: Localize all Write-Debug, Write-Verbose, Write-Error, Write-Warning and $PSCmdlet.ThrowTerminatingError() messages in PowerShell scripts
Use localized string keys from $script:localizedData, not hardcoded strings, in diagnostic messages
Reference localized strings using the syntax: Write-Verbose -Message ($script:localizedData.KeyName -f $value1)

Localize all strings using string keys; remove any orphaned string keys

Files:

source/Classes/020.SqlPermission.ps1

⚙️ CodeRabbit configuration file

source/**/*.ps1: # Localization Guidelines

Requirements

Localize all Write-Debug, Write-Verbose, Write-Error, Write-Warning and $PSCmdlet.ThrowTerminatingError() messages

Use localized string keys, not hardcoded strings

Assume $script:localizedData is available

String Files

Commands/functions: source/en-US/{MyModuleName}.strings.psd1

Class resources: source/en-US/{ResourceClassName}.strings.psd1

Key Naming Patterns

Format: Verb_FunctionName_Action (underscore separators), e.g. Get_Database_ConnectingToDatabase

String Format
ConvertFrom-StringData @'
    KeyName = Message with {0} placeholder. (PREFIX0001)
'@
String IDs

Format: (PREFIX####)

PREFIX: First letter of each word in class or function name (SqlSetup → SS, Get-SqlDscDatabase → GSDD)

Number: Sequential from 0001

Usage
Write-Verbose -Message ($script:localizedData.KeyName -f $value1)

Files:

source/Classes/020.SqlPermission.ps1

source/Classes/*.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines.instructions.md)

source/Classes/*.ps1: Classes should be located in source/Classes/{DependencyGroupNumber}.{ClassName}.ps1
DSC resources should always be created as class-based resources

Files:

source/Classes/020.SqlPermission.ps1

**/*.{ps1,psm1,psd1}

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-powershell.instructions.md)

**/*.{ps1,psm1,psd1}: Use descriptive names with 3+ characters and no abbreviations for functions, parameters, variables, keywords, and classes
Use PascalCase with Verb-Noun format for function names, using approved PowerShell verbs
Use PascalCase for parameter names
Use camelCase for variable names
Use lower-case for keywords
Use PascalCase for class names
Include scope for script/global/environment variables using $script:, $global:, or $env: prefixes
Use 4 spaces for indentation, not tabs
Use one space around operators (e.g., $a = 1 + 2)
Use one space between type and variable (e.g., [String] $name)
Use one space between keyword and parenthesis (e.g., if ($condition))
Avoid spaces on empty lines
Limit lines to 120 characters
Place opening brace on a new line, except for variable assignments
Add one newline after opening brace
Add two newlines after closing brace (one if followed by another brace or continuation)
Use single quotes unless variable expansion is needed (e.g., 'text' vs "text $variable")
Use single-line array syntax for simple arrays: @('one', 'two', 'three')
Use multi-line array syntax with each element on a separate line with proper indentation
Do not use the unary comma operator (,) in return statements to force an array
Use empty hashtable syntax: @{}
Place each hashtable property on a separate line with proper indentation
Use PascalCase for hashtable properties
Use single-line comment format # Comment (capitalized, on own line)
Use multi-line comment format <# Comment #> with opening and closing brackets on own lines and indented text
Never include commented-out code
Always add comment-based help to all functions and scripts with SYNOPSIS, DESCRIPTION (40+ chars), PARAMETER, and EXAMPLE sections before function/class declaration
Use comment-based help indentation with keywords at 4 spaces and text at 8 spaces
Include examples in comment-based help for all parameter sets and combinations
In comment-based help INPUTS sec...

Files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

**/[0-9][0-9][0-9].*.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-powershell.instructions.md)

Name class files using ###.ClassName.ps1 format (e.g., 001.SqlReason.ps1, 004.StartupParameters.ps1)

Files:

source/Classes/020.SqlPermission.ps1

**/*.{ps1,psm1}

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-powershell.instructions.md)

Use $PSCmdlet.ThrowTerminatingError() for terminating errors (except in classes), use relevant error category, and in try-catch include exception with localized message

Files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

**

⚙️ CodeRabbit configuration file

**: # DSC Community Guidelines

Terminology

Command: Public command

Function: Private function

Resource: DSC class-based resource

Build & Test Workflow Requirements

Run PowerShell script files from repository root

Setup build and test environment (once per pwsh session): ./build.ps1 -Tasks noop

Build project before running tests: ./build.ps1 -Tasks build

Always run tests in new pwsh session: Invoke-Pester -Path @({test paths}) -Output Detailed

File Organization

Public commands: source/Public/{CommandName}.ps1

Private functions: source/Private/{FunctionName}.ps1

Classes: source/Classes/{DependencyGroupNumber}.{ClassName}.ps1

Enums: source/Enum/{DependencyGroupNumber}.{EnumName}.ps1

Unit tests: tests/Unit/{Classes|Public|Private}/{Name}.Tests.ps1

Integration tests: tests/Integration/Commands/{CommandName}.Integration.Tests.ps1

Requirements

Follow instructions over existing code patterns

Follow PowerShell style and test guideline instructions strictly

Always update CHANGELOG.md Unreleased section

Localize all strings using string keys; remove any orphaned string keys

Check DscResource.Common before creating private functions

Separate reusable logic into private functions

DSC resources should always be created as class-based resources

Add unit tests for all commands/functions/resources

Add integration tests for all public commands and resources

Files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

{**/*.ps1,**/*.psm1,**/*.psd1}

⚙️ CodeRabbit configuration file

{**/*.ps1,**/*.psm1,**/*.psd1}: # PowerShell Guidelines

Naming

Use descriptive names (3+ characters, no abbreviations)

Functions: PascalCase with Verb-Noun format using approved verbs

Parameters: PascalCase

Variables: camelCase

Keywords: lower-case

Classes: PascalCase

Include scope for script/global/environment variables: $script:, $global:, $env:

File naming

Class files: ###.ClassName.ps1 format (e.g. 001.SqlReason.ps1, 004.StartupParameters.ps1)

Formatting

Indentation & Spacing

Use 4 spaces (no tabs)

One space around operators: $a = 1 + 2

One space between type and variable: [String] $name

One space between keyword and parenthesis: if ($condition)

No spaces on empty lines

Try to limit lines to 120 characters

Braces

Newline before opening brace (except variable assignments)

One newline after opening brace

Two newlines after closing brace (one if followed by another brace or continuation)

Quotes

Use single quotes unless variable expansion is needed: 'text' vs "text $variable"

Arrays

Single line: @('one', 'two', 'three')

Multi-line: each element on separate line with proper indentation

Do not use the unary comma operator (,) in return statements to force
an array

Hashtables

Empty: @{}

Each property on separate line with proper indentation

Properties: Use PascalCase

Comments

Single line: # Comment (capitalized, on own line)

Multi-line: <# Comment #> format (opening and closing brackets on own line), and indent text

No commented-out code

Comment-based help

Always add comment-based help to all functions and scripts

Comment-based help: SYNOPSIS, DESCRIPTION (40+ chars), PARAMETER, EXAMPLE sections before function/class

Comment-based help indentation: keywords 4 spaces, text 8 spaces

Include examples for all parameter sets and combinations

INPUTS: List each pipeline‑accepted type as inline code with a 1‑line description...

Files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

**/*.[Tt]ests.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-pester.instructions.md)

**/*.[Tt]ests.ps1: All public commands, private functions and classes must have unit tests
All public commands and class-based resources must have integration tests
Use Pester v5 syntax only
Test code only inside Describe blocks
Assertions only in It blocks
Never test verbose messages, debug messages or parameter binding behavior
Pass all mandatory parameters to avoid prompts
Inside It blocks, assign unused return objects to $null (unless part of pipeline)
Tested entity must be called from within the It blocks
Keep results and assertions in same It block
Avoid try-catch-finally for cleanup, use AfterAll or AfterEach
Avoid unnecessary remove/recreate cycles
One Describe block per file matching the tested entity name
Context descriptions start with 'When'
It descriptions start with 'Should', must not contain 'when'
Mock variables prefix: 'mock'
Public commands: Never use InModuleScope (unless retrieving localized strings or creating an object using an internal class)
Private functions/class resources: Always use InModuleScope
Each class method = separate Context block
Each scenario = separate Context block
Use nested Context blocks for complex scenarios
Mocking in BeforeAll (BeforeEach only when required)
Setup/teardown in BeforeAll,BeforeEach/AfterAll,AfterEach close to usage
Spacing between blocks, arrange, act, and assert for readability
PascalCase: Describe, Context, It, Should, BeforeAll, BeforeEach, AfterAll, AfterEach
Use -BeTrue/-BeFalse never -Be $true/-Be $false
Never use Assert-MockCalled, use Should -Invoke instead
No Should -Not -Throw - invoke commands directly
Never add an empty -MockWith block
Omit -MockWith when returning $null
Set $PSDefaultParameterValues for Mock:ModuleName, Should:ModuleName, InModuleScope:ModuleName
Omit -ModuleName parameter on Pester commands
Never use Mock inside InModuleScope-block
Never use param() inside -MockWith scriptblock...

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

⚙️ CodeRabbit configuration file

**/*.[Tt]ests.ps1: # Tests Guidelines

Core Requirements

All public commands, private functions and classes must have unit tests

All public commands and class-based resources must have integration tests

Use Pester v5 syntax only

Test code only inside Describe blocks

Assertions only in It blocks

Never test verbose messages, debug messages or parameter binding behavior

Pass all mandatory parameters to avoid prompts

Requirements

Inside It blocks, assign unused return objects to $null (unless part of pipeline)

Tested entity must be called from within the It blocks

Keep results and assertions in same It block

Avoid try-catch-finally for cleanup, use AfterAll or AfterEach

Avoid unnecessary remove/recreate cycles

Naming

One Describe block per file matching the tested entity name

Context descriptions start with 'When'

It descriptions start with 'Should', must not contain 'when'

Mock variables prefix: 'mock'

Structure & Scope

Public commands: Never use InModuleScope (unless retrieving localized strings or creating an object using an internal class)

Private functions/class resources: Always use InModuleScope

Each class method = separate Context block

Each scenario = separate Context block

Use nested Context blocks for complex scenarios

Mocking in BeforeAll (BeforeEach only when required)

Setup/teardown in BeforeAll,BeforeEach/AfterAll,AfterEach close to usage

Spacing between blocks, arrange, act, and assert for readability

Syntax Rules

PascalCase: Describe, Context, It, Should, BeforeAll, BeforeEach, AfterAll, AfterEach

Use -BeTrue/-BeFalse never -Be $true/-Be $false

Never use Assert-MockCalled, use Should -Invoke instead

No Should -Not -Throw - invoke commands directly

Never add an empty -MockWith block

Omit -MockWith when returning $null

Set $PSDefaultParameterValues for Mock:ModuleName, Should:ModuleName, `...

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

tests/Unit/Classes/*.[Tt]ests.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-pester.instructions.md)

Class resources: tests/Unit/Classes/{Name}.Tests.ps1

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

tests/[Uu]nit/**/*.[Tt]ests.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-unit-tests.instructions.md)

tests/[Uu]nit/**/*.[Tt]ests.ps1: Test with localized strings using InModuleScope -ScriptBlock { $script:localizedData.Key }
Mock files using the $TestDrive variable (path to the test drive)
All public commands require parameter set validation tests
Use the exact setup block with BeforeDiscovery, BeforeAll, and AfterAll blocks including DscResource.Test module import and PSDefaultParameterValues configuration
Parameter set validation tests should use Get-Command with Where-Object filtering and Should assertions to verify ParameterSetName and ParameterListAsString
Parameter property tests should verify mandatory parameter attributes using Get-Command Parameters and Should -BeTrue assertions

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

⚙️ CodeRabbit configuration file

tests/[Uu]nit/**/*.[Tt]ests.ps1: # Unit Tests Guidelines

Test with localized strings: Use InModuleScope -ScriptBlock { $script:localizedData.Key }
Mock files: Use $TestDrive variable (path to the test drive)
All public commands require parameter set validation tests
After modifying classes, always run tests in new session (for changes to take effect)

Test Setup Requirements

Use this exact setup block before Describe:

[System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '', Justification = 'Suppressing this rule because Script Analyzer does not understand Pester syntax.')]
param ()

BeforeDiscovery {
    try
    {
        if (-not (Get-Module -Name 'DscResource.Test'))
        {
            # Assumes dependencies have been resolved, so if this module is not available, run 'noop' task.
            if (-not (Get-Module -Name 'DscResource.Test' -ListAvailable))
            {
                # Redirect all streams to $null, except the error stream (stream 2)
                & "$PSScriptRoot/../../../build.ps1" -Tasks 'noop' 3>&1 4>&1 5>&1 6>&1 > $null
            }

            # If the dependencies have not been resolved, this will throw an error.
            Import-Module -Name 'DscResource.Test' -Force -ErrorAction 'Stop'
        }
    }
    catch [System.IO.FileNotFoundException]
    {
        throw 'DscResource.Test module dependency not found. Please run ".\build.ps1 -ResolveDependency -Tasks noop" first.'
    }
}

BeforeAll {
    $script:moduleName = '{MyModuleName}'

    Import-Module -Name $script:moduleName -Force -ErrorAction 'Stop'

    $PSDefaultParameterValues['InModuleScope:ModuleName'] = $script:moduleName
    $PSDefaultParameterValues['Mock:ModuleName'] = $script:moduleName
    $PSDefaultParameterValues['Should:ModuleName'] = $script:moduleName
}

AfterAll {
    $PSDefaultParameterValues.Remove('InModuleScope:ModuleName')
    $PSDefaultParameterValues.Remove('Mock:ModuleNam...

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

tests/Unit/**/*.Tests.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines.instructions.md)

Unit tests should be located in tests/Unit/{Classes|Public|Private}/{Name}.Tests.ps1

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

🧠 Learnings (29)

📓 Common learnings

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/tests/Integration/**/*.ps1 : Integration tests: use `Connect-SqlDscDatabaseEngine` for SQL Server DB session with correct CI credentials, and always follow with `Disconnect-SqlDscDatabaseEngine`

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2136
File: source/Public/Remove-SqlDscLogin.ps1:104-108
Timestamp: 2025-08-17T10:13:30.079Z
Learning: In SqlServerDsc unit tests, SMO object stubs (like Login objects) should have properly mocked Parent properties with correct Server stub types and valid InstanceName values, rather than handling null Parent scenarios in production code.

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/resources/**/*.ps1 : Add `InstanceName`, `ServerName`, and `Credential` to `$this.ExcludeDscProperties` in Database Engine resources

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/tests/Integration/**/*.ps1 : Integration tests: use `Connect-SqlDscDatabaseEngine` for SQL Server DB session with correct CI credentials, and always follow with `Disconnect-SqlDscDatabaseEngine`

Applied to files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-08-17T10:13:30.079Z

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2136
File: source/Public/Remove-SqlDscLogin.ps1:104-108
Timestamp: 2025-08-17T10:13:30.079Z
Learning: In SqlServerDsc unit tests, SMO object stubs (like Login objects) should have properly mocked Parent properties with correct Server stub types and valid InstanceName values, rather than handling null Parent scenarios in production code.

Applied to files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/tests/**/*.tests.ps1 : When unit tests test classes or commands containing SMO types like `[Microsoft.SqlServer.Management.Smo.*]`, ensure they are properly stubbed in SMO.cs

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/tests/**/*.tests.ps1 : In unit tests: use SMO stub types from SMO.cs, never mock SMO types

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/tests/**/*.tests.ps1 : Add `$env:SqlServerDscCI = $true` in `BeforeAll` block and remove in `AfterAll` block of unit tests

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: After changing SMO stub types in SMO.cs, run tests in a new PowerShell session for changes to take effect

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Mock variables prefix: 'mock'

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Mocking in `BeforeAll` (`BeforeEach` only when required)

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to tests/Unit/Public/*.[Tt]ests.ps1 : Public commands: `tests/Unit/Public/{Name}.Tests.ps1`

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Set `$PSDefaultParameterValues` for `Mock:ModuleName`, `Should:ModuleName`, `InModuleScope:ModuleName`

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : No `Should -Not -Throw` - invoke commands directly

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Never use `Assert-MockCalled`, use `Should -Invoke` instead

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:31.910Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-integration-tests.instructions.md:0-0
Timestamp: 2025-11-27T17:58:31.910Z
Learning: Applies to tests/Integration/**/*.Integration.Tests.ps1 : Avoid `ExpectedMessage` parameter for `Should -Throw` assertions in integration tests

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Never use `Mock` inside `InModuleScope`-block

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Never add an empty `-MockWith` block

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Omit `-MockWith` when returning `$null`

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T18:00:20.934Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-unit-tests.instructions.md:0-0
Timestamp: 2025-11-27T18:00:20.934Z
Learning: Applies to tests/[Uu]nit/**/*.[Tt]ests.ps1 : Parameter set validation tests should use Get-Command with Where-Object filtering and Should assertions to verify ParameterSetName and ParameterListAsString

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T18:00:20.934Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-unit-tests.instructions.md:0-0
Timestamp: 2025-11-27T18:00:20.934Z
Learning: Applies to tests/[Uu]nit/**/*.[Tt]ests.ps1 : Parameter property tests should verify mandatory parameter attributes using Get-Command Parameters and Should -BeTrue assertions

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-12-04T17:07:00.186Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-powershell.instructions.md:0-0
Timestamp: 2025-12-04T17:07:00.186Z
Learning: Applies to **/*.{ps1,psm1,psd1} : Place ShouldProcess check immediately before each state-change operation

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Never use `param()` inside `-MockWith` scriptblocks, parameters are auto-bound

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-08-17T10:15:48.194Z

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2136
File: tests/Unit/Public/Remove-SqlDscLogin.Tests.ps1:36-39
Timestamp: 2025-08-17T10:15:48.194Z
Learning: Public command unit tests guideline: Never use InModuleScope unless accessing localized strings from $script:localizedData. PSDefaultParameterValues for InModuleScope should be kept in public command tests to support localized string retrieval when necessary.

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-10-12T12:10:48.625Z

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2303
File: tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1:127-143
Timestamp: 2025-10-12T12:10:48.625Z
Learning: For the SqlServerDsc module integration tests, ForceEncryption should not be enabled on the SQL Server instance (DSCSQLTEST) because the module needs to test both encrypted and non-encrypted connection scenarios in CI.

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T18:00:20.934Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-unit-tests.instructions.md:0-0
Timestamp: 2025-11-27T18:00:20.934Z
Learning: Applies to tests/[Uu]nit/**/*.[Tt]ests.ps1 : All public commands require parameter set validation tests

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-08-16T13:22:15.230Z

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2134
File: tests/Unit/Public/Get-SqlDscLogin.Tests.ps1:78-93
Timestamp: 2025-08-16T13:22:15.230Z
Learning: In PowerShell unit tests for parameter validation in SqlServerDsc, accessing parameter attributes directly like `$cmd.Parameters['ParameterName'].Attributes.Mandatory` works correctly because PowerShell automatically iterates through the array and returns the property values. Additional filtering to ParameterAttribute is not necessary when the parameter structure is known and controlled.

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T18:00:35.078Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T18:00:35.078Z
Learning: Follow PowerShell style and test guideline instructions strictly

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:31.910Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-integration-tests.instructions.md:0-0
Timestamp: 2025-11-27T17:58:31.910Z
Learning: Applies to tests/Integration/**/*.Integration.Tests.ps1 : Call commands with `-Force` parameter where applicable to avoid prompting

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Each scenario = separate `Context` block

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Use nested `Context` blocks for complex scenarios

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

GitHub Check: dsccommunity.SqlServerDsc (Build Package Module)
GitHub Check: PSScriptAnalyzer
GitHub Check: PSScriptAnalyzer

🔇 Additional comments (13)

tests/Unit/Classes/SqlPermission.Tests.ps1 (9)

1069-1076: LGTM!

The mock for Test-SqlDscIsRole is correctly added alongside Test-SqlDscIsLogin to handle the new principal resolution logic that checks both login and role types.

1101-1201: Well-structured test context for server role principal scenario.

This new context properly tests the server role path through the Modify() method. The mocks are correctly set up:

Test-SqlDscIsLogin returns $false

Test-SqlDscIsRole returns $true

Get-SqlDscRole returns a properly constructed ServerRole object with valid Parent property

The assertion verifies that Get-SqlDscRole is called and Grant-SqlDscServerPermission receives the expected permission.

1256-1272: LGTM!

The mocks are properly updated to use the new per-action permission commands (Grant-SqlDscServerPermission, Deny-SqlDscServerPermission, Revoke-SqlDscServerPermission) and correctly mock Get-SqlDscLogin with a properly constructed Login object including a valid Parent property. Based on learnings, SMO object stubs should have properly mocked Parent properties with correct Server stub types.

1296-1303: Correct assertion for Grant without WithGrant.

The parameter filter properly verifies:

Permission contains 'ConnectSql'

WithGrant is not present in bound parameters (-not $PSBoundParameters.ContainsKey('WithGrant'))

This correctly tests the Grant state path.

1301-1303: Correct assertion for GrantWithGrant.

The parameter filter properly verifies:

Permission contains 'AlterAnyEndpoint'

WithGrant equals $true

This correctly tests the GrantWithGrant state path.

1307-1399: Good addition of Deny permission test coverage.

This new context specifically tests the Deny permission state path, ensuring Deny-SqlDscServerPermission is called with the correct permission. This improves test coverage for the refactored permission commands.

1489-1506: Correct revocation assertions.

The parameter filters correctly verify:

Revoke without WithGrant for Grant and Deny states

Revoke with WithGrant = $true for GrantWithGrant state

This aligns with the expected behavior where WithGrant is used during revocation to revoke the grant option.

1713-1713: Context name updated to reflect new command structure.

The context description now accurately describes that Grant/Deny/Revoke commands can fail, matching the refactored implementation.

1776-1784: Mocks correctly set up for error scenarios.

All three permission commands (Grant-SqlDscServerPermission, Deny-SqlDscServerPermission, Revoke-SqlDscServerPermission) are mocked to throw errors, enabling testing of error handling paths for each operation type.

source/Classes/020.SqlPermission.ps1 (4)

356-399: Principal resolution and splatting logic is well-structured.

The implementation correctly:

Tests for both Login and Role principal types

Retrieves the appropriate principal object using Get-SqlDscLogin or Get-SqlDscRole

Creates a splatting hashtable ($principalParameter) that can be used with all permission commands

This approach reduces code duplication and ensures consistent parameter passing.

485-513: Revocation logic correctly refactored.

The implementation:

Converts permissions to an array

Guards against empty permission arrays before calling revoke

Uses Revoke-SqlDscServerPermission with the principal splatting

Correctly sets WithGrant = $true only for GrantWithGrant state

Wraps the call in try/catch with proper localized error message

The error handling uses New-InvalidOperationException which is appropriate for class-based resources.

528-564: Grant and Deny operations correctly implemented with per-action commands.

Each permission state is handled by the appropriate command:

Grant → Grant-SqlDscServerPermission (without WithGrant)

GrantWithGrant → Grant-SqlDscServerPermission (with WithGrant = $true)

Deny → Deny-SqlDscServerPermission

The principal splatting is correctly applied to each command call.

375-385: Verify error handling for Get-SqlDscLogin and Get-SqlDscRole.

The calls to Get-SqlDscLogin and Get-SqlDscRole use -ErrorAction 'Stop' which will throw if the principal is not found. However, since Test-SqlDscIsLogin/Test-SqlDscIsRole already confirmed the principal exists, this should be safe. Consider whether you want explicit try/catch here for more descriptive error messages if these commands fail for other reasons (e.g., connection issues).

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coderabbitai

Actionable comments posted: 0

🧹 Nitpick comments (3)

tests/Unit/Classes/SqlPermission.Tests.ps1 (2)

1183-1191: ParameterFilter assertions on Grant/Revoke look correct but Deny path is untested

The Should -Invoke ParameterFilter blocks for Grant-SqlDscServerPermission and Revoke-SqlDscServerPermission accurately validate Permission and WithGrant usage for Grant/GrantWithGrant and revoke scenarios. However, there is currently no Should -Invoke coverage for Deny-SqlDscServerPermission, so the Deny branch in Modify() is only indirectly exercised via failure tests.
Consider adding at least one scenario that drives a Deny state and asserts a Should -Invoke -CommandName Deny-SqlDscServerPermission with an appropriate ParameterFilter so all three code paths (Grant, GrantWithGrant, Deny) are explicitly covered.

Also applies to: 1387-1395, 1279-1297, 1485-1493

1150-1155: Optional: ensure SMO.Login stub matches instance name used by the resource

The Get-SqlDscLogin mocks construct a Microsoft.SqlServer.Management.Smo.Login with a new Server parent but do not explicitly align the server stub’s InstanceName with 'NamedInstance'. If SqlPermission (now or in future) inspects principalObject.Parent.InstanceName, a mismatch could cause subtle test/production divergence.
Optionally consider initializing the stub server’s instance name (via the SMO.cs stub facilities) to 'NamedInstance' to mirror the resource configuration and follow the prior guidance about SMO stubs having correct parents/instance names.

Also applies to: 1246-1251, 1354-1359, 1452-1457

source/Classes/020.SqlPermission.ps1 (1)

374-385: Principal resolution is consistent, but ServerRole branch is currently unreachable

The new principalObject resolution correctly:

Uses Get-SqlDscLogin for logins.

Falls back to Get-SqlDscRole for server roles.

However, because the preceding block calls Test-SqlDscIsLogin and then unconditionally raises a terminating New-InvalidOperationException when -not $isLogin, the Get-SqlDscRole branch is currently unreachable in normal execution.

If supporting server roles is not intended yet, this is harmless but effectively dead code. If server roles are meant to be supported with the new object-based commands, you may want to revisit the principal-existence check (e.g., distinguish “principal is a role” from “principal does not exist”) and add tests that exercise the Get-SqlDscRole path.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 78ece95 and 76774fc.

📒 Files selected for processing (3)

CHANGELOG.md (1 hunks)
source/Classes/020.SqlPermission.ps1 (3 hunks)
tests/Unit/Classes/SqlPermission.Tests.ps1 (10 hunks)

🧰 Additional context used

📓 Path-based instructions (16)

CHANGELOG.md

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-changelog.instructions.md)

CHANGELOG.md: Always update the Unreleased section in CHANGELOG.md
Use Keep a Changelog format in CHANGELOG.md
Describe notable changes briefly in CHANGELOG.md, ≤2 items per change type
Reference issues using format issue #<issue_number> in CHANGELOG.md
No empty lines between list items in same section of CHANGELOG.md
Skip adding entry if same change already exists in Unreleased section of CHANGELOG.md
No duplicate sections or items in Unreleased section of CHANGELOG.md

Always update CHANGELOG.md Unreleased section

Files:

CHANGELOG.md

⚙️ CodeRabbit configuration file

CHANGELOG.md: # Changelog Guidelines

Always update the Unreleased section in CHANGELOG.md

Use Keep a Changelog format

Describe notable changes briefly, ≤2 items per change type

Reference issues using format issue #<issue_number>

No empty lines between list items in same section

Skip adding entry if same change already exists in Unreleased section

No duplicate sections or items in Unreleased section

Files:

CHANGELOG.md

**/*.md

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-markdown.instructions.md)

**/*.md: Wrap lines at word boundaries when over 80 characters (except tables/code blocks)
Use 2 spaces for indentation in Markdown files
Use '1.' for all items in ordered lists (1/1/1 numbering style)
Disable MD013 rule by adding a comment for tables/code blocks exceeding 80 characters
Empty lines required before/after code blocks and headings (except before line 1)
Escape backslashes in file paths only (not in code blocks)
Code blocks must specify language identifiers
Format parameters using bold in Markdown documentation
Format values and literals using inline code in Markdown documentation
Format resource/module/product names using italic in Markdown documentation
Format commands/files/paths using inline code in Markdown documentation

Files:

CHANGELOG.md

⚙️ CodeRabbit configuration file

**/*.md: # Markdown Style Guidelines

Wrap lines at word boundaries when over 80 characters (except tables/code blocks)

Use 2 spaces for indentation

Use '1.' for all items in ordered lists (1/1/1 numbering style)

Disable MD013 rule by adding a comment for tables/code blocks exceeding 80 characters

Empty lines required before/after code blocks and headings (except before line 1)

Escape backslashes in file paths only (not in code blocks)

Code blocks must specify language identifiers

Text Formatting

Parameters: bold

Values/literals: inline code

Resource/module/product names: italic

Commands/files/paths: inline code

Files:

CHANGELOG.md

**

⚙️ CodeRabbit configuration file

**: # DSC Community Guidelines

Terminology

Command: Public command

Function: Private function

Resource: DSC class-based resource

Build & Test Workflow Requirements

Run PowerShell script files from repository root

Setup build and test environment (once per pwsh session): ./build.ps1 -Tasks noop

Build project before running tests: ./build.ps1 -Tasks build

Always run tests in new pwsh session: Invoke-Pester -Path @({test paths}) -Output Detailed

File Organization

Public commands: source/Public/{CommandName}.ps1

Private functions: source/Private/{FunctionName}.ps1

Classes: source/Classes/{DependencyGroupNumber}.{ClassName}.ps1

Enums: source/Enum/{DependencyGroupNumber}.{EnumName}.ps1

Unit tests: tests/Unit/{Classes|Public|Private}/{Name}.Tests.ps1

Integration tests: tests/Integration/Commands/{CommandName}.Integration.Tests.ps1

Requirements

Follow instructions over existing code patterns

Follow PowerShell style and test guideline instructions strictly

Always update CHANGELOG.md Unreleased section

Localize all strings using string keys; remove any orphaned string keys

Check DscResource.Common before creating private functions

Separate reusable logic into private functions

DSC resources should always be created as class-based resources

Add unit tests for all commands/functions/resources

Add integration tests for all public commands and resources

Files:

CHANGELOG.md
source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

**/*.ps1

📄 CodeRabbit inference engine (.github/instructions/SqlServerDsc-guidelines.instructions.md)

**/*.ps1: Format public commands as {Verb}-SqlDsc{Noun} following PowerShell naming conventions
Format private functions as {Verb}-{Noun} following PowerShell naming conventions

Files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

source/[cC]lasses/020.*.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-class-resource.instructions.md)

DSC class-based resources must use the file naming pattern source/Classes/020.{ResourceName}.ps1

Files:

source/Classes/020.SqlPermission.ps1

source/[cC]lasses/**/*.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-class-resource.instructions.md)

source/[cC]lasses/**/*.ps1: DSC class-based resources must be decorated with [DscResource(RunAsCredential = 'Optional')] or [DscResource(RunAsCredential = 'Mandatory')] based on requirements
DSC class-based resources must inherit from ResourceBase class from the DscResource.Base module
DSC class-based resources must use [Nullable[{FullTypeName}]] syntax for value-type properties (e.g., [Nullable[System.Int32]])
DSC class-based resources must implement a required constructor with signature ResourceName () : base ($PSScriptRoot) and populate $this.ExcludeDscProperties array
DSC class-based resources must implement required methods: Get(), Test(), Set(), GetCurrentState(), and Modify() following the specified pattern
DSC class-based resources may optionally implement methods: AssertProperties() and NormalizeProperties() following the specified pattern
DSC class-based resources must include comment-based help with .DESCRIPTION section containing Requirements and Known issues sections with a link to all open issues on GitHub
DSC class-based resources must use try/catch blocks for exception handling in classes
DSC class-based resources must use New-*Exception commands (such as New-InvalidDataException, New-ArgumentException, New-InvalidOperationException, New-ObjectNotFoundException, New-InvalidResultException, New-NotImplementedException) instead of throw for terminating errors in classes

Files:

source/Classes/020.SqlPermission.ps1

⚙️ CodeRabbit configuration file

source/[cC]lasses/**/*.ps1: # DSC Class-Based Resource Guidelines

Applies to: Classes with [DscResource(...)] decoration only.

Requirements

File: source/Classes/020.{ResourceName}.ps1
Decoration: [DscResource(RunAsCredential = 'Optional')] (replace with 'Mandatory' if required)
Inheritance: Must inherit ResourceBase (part of module DscResource.Base)
$this.localizedData hashtable auto-populated by ResourceBase from localization file
value-type properties: Use [Nullable[{FullTypeName}]] (e.g., [Nullable[System.Int32]])

Required constructor

MyResourceName () : base ($PSScriptRoot)
{
    # Property names where state cannot be enforced, e.g. IsSingleInstance, Force
    $this.ExcludeDscProperties = @()
}

Required Method Pattern

[MyResourceName] Get()
{
    # Call base implementation to get current state
    $currentState = ([ResourceBase] $this).Get()

    # If needed, post-processing on current state that can not be handled by GetCurrentState()

    return $currentState
}

[System.Boolean] Test()
{
    # Call base implementation to test current state
    $inDesiredState = ([ResourceBase] $this).Test()

    # If needed, post-processing on test result that can not be handled by base Test()

    return $inDesiredState
}

[void] Set()
{
    # Call base implementation to set desired state
    ([ResourceBase] $this).Set()

    # If needed, additional state changes that can not be handled by Modify()
}

hidden [System.Collections.Hashtable] GetCurrentState([System.Collections.Hashtable] $properties)
{
    # Always return current state as hashtable, $properties contains key properties
}

hidden [void] Modify([System.Collections.Hashtable] $properties)
{
    # Always set desired state, $properties contain those that must change state
}

Optional Method Pattern

hidden [void] AssertProperties([System.Collections.Hashtable] $properties)
{
    # Validate user-provided properties, $p...

Files:

source/Classes/020.SqlPermission.ps1

source/**/*.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-localization.instructions.md)

source/**/*.ps1: Localize all Write-Debug, Write-Verbose, Write-Error, Write-Warning and $PSCmdlet.ThrowTerminatingError() messages in PowerShell scripts
Use localized string keys from $script:localizedData, not hardcoded strings, in diagnostic messages
Reference localized strings using the syntax: Write-Verbose -Message ($script:localizedData.KeyName -f $value1)

Localize all strings using string keys; remove any orphaned string keys

Files:

source/Classes/020.SqlPermission.ps1

⚙️ CodeRabbit configuration file

source/**/*.ps1: # Localization Guidelines

Requirements

Localize all Write-Debug, Write-Verbose, Write-Error, Write-Warning and $PSCmdlet.ThrowTerminatingError() messages

Use localized string keys, not hardcoded strings

Assume $script:localizedData is available

String Files

Commands/functions: source/en-US/{MyModuleName}.strings.psd1

Class resources: source/en-US/{ResourceClassName}.strings.psd1

Key Naming Patterns

Format: Verb_FunctionName_Action (underscore separators), e.g. Get_Database_ConnectingToDatabase

String Format
ConvertFrom-StringData @'
    KeyName = Message with {0} placeholder. (PREFIX0001)
'@
String IDs

Format: (PREFIX####)

PREFIX: First letter of each word in class or function name (SqlSetup → SS, Get-SqlDscDatabase → GSDD)

Number: Sequential from 0001

Usage
Write-Verbose -Message ($script:localizedData.KeyName -f $value1)

Files:

source/Classes/020.SqlPermission.ps1

source/Classes/*.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines.instructions.md)

source/Classes/*.ps1: Classes should be located in source/Classes/{DependencyGroupNumber}.{ClassName}.ps1
DSC resources should always be created as class-based resources

Files:

source/Classes/020.SqlPermission.ps1

**/*.{ps1,psm1,psd1}

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-powershell.instructions.md)

**/*.{ps1,psm1,psd1}: Use descriptive names with 3+ characters and no abbreviations for functions, parameters, variables, keywords, and classes
Use PascalCase with Verb-Noun format for function names, using approved PowerShell verbs
Use PascalCase for parameter names
Use camelCase for variable names
Use lower-case for keywords
Use PascalCase for class names
Include scope for script/global/environment variables using $script:, $global:, or $env: prefixes
Use 4 spaces for indentation, not tabs
Use one space around operators (e.g., $a = 1 + 2)
Use one space between type and variable (e.g., [String] $name)
Use one space between keyword and parenthesis (e.g., if ($condition))
Avoid spaces on empty lines
Limit lines to 120 characters
Place opening brace on a new line, except for variable assignments
Add one newline after opening brace
Add two newlines after closing brace (one if followed by another brace or continuation)
Use single quotes unless variable expansion is needed (e.g., 'text' vs "text $variable")
Use single-line array syntax for simple arrays: @('one', 'two', 'three')
Use multi-line array syntax with each element on a separate line with proper indentation
Do not use the unary comma operator (,) in return statements to force an array
Use empty hashtable syntax: @{}
Place each hashtable property on a separate line with proper indentation
Use PascalCase for hashtable properties
Use single-line comment format # Comment (capitalized, on own line)
Use multi-line comment format <# Comment #> with opening and closing brackets on own lines and indented text
Never include commented-out code
Always add comment-based help to all functions and scripts with SYNOPSIS, DESCRIPTION (40+ chars), PARAMETER, and EXAMPLE sections before function/class declaration
Use comment-based help indentation with keywords at 4 spaces and text at 8 spaces
Include examples in comment-based help for all parameter sets and combinations
In comment-based help INPUTS sec...

Files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

**/[0-9][0-9][0-9].*.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-powershell.instructions.md)

Name class files using ###.ClassName.ps1 format (e.g., 001.SqlReason.ps1, 004.StartupParameters.ps1)

Files:

source/Classes/020.SqlPermission.ps1

**/*.{ps1,psm1}

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-powershell.instructions.md)

Use $PSCmdlet.ThrowTerminatingError() for terminating errors (except in classes), use relevant error category, and in try-catch include exception with localized message

Files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

{**/*.ps1,**/*.psm1,**/*.psd1}

⚙️ CodeRabbit configuration file

{**/*.ps1,**/*.psm1,**/*.psd1}: # PowerShell Guidelines

Naming

Use descriptive names (3+ characters, no abbreviations)

Functions: PascalCase with Verb-Noun format using approved verbs

Parameters: PascalCase

Variables: camelCase

Keywords: lower-case

Classes: PascalCase

Include scope for script/global/environment variables: $script:, $global:, $env:

File naming

Class files: ###.ClassName.ps1 format (e.g. 001.SqlReason.ps1, 004.StartupParameters.ps1)

Formatting

Indentation & Spacing

Use 4 spaces (no tabs)

One space around operators: $a = 1 + 2

One space between type and variable: [String] $name

One space between keyword and parenthesis: if ($condition)

No spaces on empty lines

Try to limit lines to 120 characters

Braces

Newline before opening brace (except variable assignments)

One newline after opening brace

Two newlines after closing brace (one if followed by another brace or continuation)

Quotes

Use single quotes unless variable expansion is needed: 'text' vs "text $variable"

Arrays

Single line: @('one', 'two', 'three')

Multi-line: each element on separate line with proper indentation

Do not use the unary comma operator (,) in return statements to force
an array

Hashtables

Empty: @{}

Each property on separate line with proper indentation

Properties: Use PascalCase

Comments

Single line: # Comment (capitalized, on own line)

Multi-line: <# Comment #> format (opening and closing brackets on own line), and indent text

No commented-out code

Comment-based help

Always add comment-based help to all functions and scripts

Comment-based help: SYNOPSIS, DESCRIPTION (40+ chars), PARAMETER, EXAMPLE sections before function/class

Comment-based help indentation: keywords 4 spaces, text 8 spaces

Include examples for all parameter sets and combinations

INPUTS: List each pipeline‑accepted type as inline code with a 1‑line description...

Files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

**/*.[Tt]ests.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-pester.instructions.md)

**/*.[Tt]ests.ps1: All public commands, private functions and classes must have unit tests
All public commands and class-based resources must have integration tests
Use Pester v5 syntax only
Test code only inside Describe blocks
Assertions only in It blocks
Never test verbose messages, debug messages or parameter binding behavior
Pass all mandatory parameters to avoid prompts
Inside It blocks, assign unused return objects to $null (unless part of pipeline)
Tested entity must be called from within the It blocks
Keep results and assertions in same It block
Avoid try-catch-finally for cleanup, use AfterAll or AfterEach
Avoid unnecessary remove/recreate cycles
One Describe block per file matching the tested entity name
Context descriptions start with 'When'
It descriptions start with 'Should', must not contain 'when'
Mock variables prefix: 'mock'
Public commands: Never use InModuleScope (unless retrieving localized strings or creating an object using an internal class)
Private functions/class resources: Always use InModuleScope
Each class method = separate Context block
Each scenario = separate Context block
Use nested Context blocks for complex scenarios
Mocking in BeforeAll (BeforeEach only when required)
Setup/teardown in BeforeAll,BeforeEach/AfterAll,AfterEach close to usage
Spacing between blocks, arrange, act, and assert for readability
PascalCase: Describe, Context, It, Should, BeforeAll, BeforeEach, AfterAll, AfterEach
Use -BeTrue/-BeFalse never -Be $true/-Be $false
Never use Assert-MockCalled, use Should -Invoke instead
No Should -Not -Throw - invoke commands directly
Never add an empty -MockWith block
Omit -MockWith when returning $null
Set $PSDefaultParameterValues for Mock:ModuleName, Should:ModuleName, InModuleScope:ModuleName
Omit -ModuleName parameter on Pester commands
Never use Mock inside InModuleScope-block
Never use param() inside -MockWith scriptblock...

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

⚙️ CodeRabbit configuration file

**/*.[Tt]ests.ps1: # Tests Guidelines

Core Requirements

All public commands, private functions and classes must have unit tests

All public commands and class-based resources must have integration tests

Use Pester v5 syntax only

Test code only inside Describe blocks

Assertions only in It blocks

Never test verbose messages, debug messages or parameter binding behavior

Pass all mandatory parameters to avoid prompts

Requirements

Inside It blocks, assign unused return objects to $null (unless part of pipeline)

Tested entity must be called from within the It blocks

Keep results and assertions in same It block

Avoid try-catch-finally for cleanup, use AfterAll or AfterEach

Avoid unnecessary remove/recreate cycles

Naming

One Describe block per file matching the tested entity name

Context descriptions start with 'When'

It descriptions start with 'Should', must not contain 'when'

Mock variables prefix: 'mock'

Structure & Scope

Public commands: Never use InModuleScope (unless retrieving localized strings or creating an object using an internal class)

Private functions/class resources: Always use InModuleScope

Each class method = separate Context block

Each scenario = separate Context block

Use nested Context blocks for complex scenarios

Mocking in BeforeAll (BeforeEach only when required)

Setup/teardown in BeforeAll,BeforeEach/AfterAll,AfterEach close to usage

Spacing between blocks, arrange, act, and assert for readability

Syntax Rules

PascalCase: Describe, Context, It, Should, BeforeAll, BeforeEach, AfterAll, AfterEach

Use -BeTrue/-BeFalse never -Be $true/-Be $false

Never use Assert-MockCalled, use Should -Invoke instead

No Should -Not -Throw - invoke commands directly

Never add an empty -MockWith block

Omit -MockWith when returning $null

Set $PSDefaultParameterValues for Mock:ModuleName, Should:ModuleName, `...

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

tests/Unit/Classes/*.[Tt]ests.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-pester.instructions.md)

Class resources: tests/Unit/Classes/{Name}.Tests.ps1

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

tests/[Uu]nit/**/*.[Tt]ests.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-unit-tests.instructions.md)

tests/[Uu]nit/**/*.[Tt]ests.ps1: Test with localized strings using InModuleScope -ScriptBlock { $script:localizedData.Key }
Mock files using the $TestDrive variable (path to the test drive)
All public commands require parameter set validation tests
Use the exact setup block with BeforeDiscovery, BeforeAll, and AfterAll blocks including DscResource.Test module import and PSDefaultParameterValues configuration
Parameter set validation tests should use Get-Command with Where-Object filtering and Should assertions to verify ParameterSetName and ParameterListAsString
Parameter property tests should verify mandatory parameter attributes using Get-Command Parameters and Should -BeTrue assertions

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

⚙️ CodeRabbit configuration file

tests/[Uu]nit/**/*.[Tt]ests.ps1: # Unit Tests Guidelines

Test with localized strings: Use InModuleScope -ScriptBlock { $script:localizedData.Key }
Mock files: Use $TestDrive variable (path to the test drive)
All public commands require parameter set validation tests
After modifying classes, always run tests in new session (for changes to take effect)

Test Setup Requirements

Use this exact setup block before Describe:

[System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '', Justification = 'Suppressing this rule because Script Analyzer does not understand Pester syntax.')]
param ()

BeforeDiscovery {
    try
    {
        if (-not (Get-Module -Name 'DscResource.Test'))
        {
            # Assumes dependencies have been resolved, so if this module is not available, run 'noop' task.
            if (-not (Get-Module -Name 'DscResource.Test' -ListAvailable))
            {
                # Redirect all streams to $null, except the error stream (stream 2)
                & "$PSScriptRoot/../../../build.ps1" -Tasks 'noop' 3>&1 4>&1 5>&1 6>&1 > $null
            }

            # If the dependencies have not been resolved, this will throw an error.
            Import-Module -Name 'DscResource.Test' -Force -ErrorAction 'Stop'
        }
    }
    catch [System.IO.FileNotFoundException]
    {
        throw 'DscResource.Test module dependency not found. Please run ".\build.ps1 -ResolveDependency -Tasks noop" first.'
    }
}

BeforeAll {
    $script:moduleName = '{MyModuleName}'

    Import-Module -Name $script:moduleName -Force -ErrorAction 'Stop'

    $PSDefaultParameterValues['InModuleScope:ModuleName'] = $script:moduleName
    $PSDefaultParameterValues['Mock:ModuleName'] = $script:moduleName
    $PSDefaultParameterValues['Should:ModuleName'] = $script:moduleName
}

AfterAll {
    $PSDefaultParameterValues.Remove('InModuleScope:ModuleName')
    $PSDefaultParameterValues.Remove('Mock:ModuleNam...

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

tests/Unit/**/*.Tests.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines.instructions.md)

Unit tests should be located in tests/Unit/{Classes|Public|Private}/{Name}.Tests.ps1

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

🧠 Learnings (30)

📓 Common learnings

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2136
File: source/Public/Remove-SqlDscLogin.ps1:104-108
Timestamp: 2025-08-17T10:13:30.079Z
Learning: In SqlServerDsc unit tests, SMO object stubs (like Login objects) should have properly mocked Parent properties with correct Server stub types and valid InstanceName values, rather than handling null Parent scenarios in production code.

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/*.ps1 : Format public commands as `{Verb}-SqlDsc{Noun}` following PowerShell naming conventions

Applied to files:

CHANGELOG.md

📚 Learning: 2025-11-22T17:36:09.703Z

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2343
File: source/Classes/004.DatabaseFileGroupSpec.ps1:5-34
Timestamp: 2025-11-22T17:36:09.703Z
Learning: The comment-based help requirements for ## Requirements and ## Known issues sections only apply to class-based DSC resources (classes decorated with [DscResource(...)]) in source/Classes/**/*.ps1, not to regular helper classes, DTO classes, or specification classes in the same directory.

Applied to files:

CHANGELOG.md

📚 Learning: 2025-10-03T15:27:24.417Z

Learnt from: Borgquite
Repo: dsccommunity/UpdateServicesDsc PR: 78
File: source/DSCResources/MSFT_UpdateServicesComputerTargetGroup/MSFT_UpdateServicesComputerTargetGroup.psm1:9-22
Timestamp: 2025-10-03T15:27:24.417Z
Learning: In the UpdateServicesDsc repository, MOF-based DSC resources follow a minimal comment-based help convention that includes only .SYNOPSIS and .PARAMETER sections. The .DESCRIPTION, .INPUTS, and .OUTPUTS sections are intentionally omitted, even though functions have [OutputType()] attributes. This is consistent across all existing DSC resources: MSFT_UpdateServicesServer, MSFT_UpdateServicesCleanup, and MSFT_UpdateServicesApprovalRule.

Applied to files:

CHANGELOG.md

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/tests/Integration/**/*.ps1 : Integration tests: use `Connect-SqlDscDatabaseEngine` for SQL Server DB session with correct CI credentials, and always follow with `Disconnect-SqlDscDatabaseEngine`

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/tests/**/*.tests.ps1 : When unit tests test classes or commands containing SMO types like `[Microsoft.SqlServer.Management.Smo.*]`, ensure they are properly stubbed in SMO.cs

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-08-17T10:13:30.079Z

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2136
File: source/Public/Remove-SqlDscLogin.ps1:104-108
Timestamp: 2025-08-17T10:13:30.079Z
Learning: In SqlServerDsc unit tests, SMO object stubs (like Login objects) should have properly mocked Parent properties with correct Server stub types and valid InstanceName values, rather than handling null Parent scenarios in production code.

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/tests/**/*.tests.ps1 : Add `$env:SqlServerDscCI = $true` in `BeforeAll` block and remove in `AfterAll` block of unit tests

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/tests/**/*.tests.ps1 : In unit tests: use SMO stub types from SMO.cs, never mock SMO types

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Mock variables prefix: 'mock'

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: After changing SMO stub types in SMO.cs, run tests in a new PowerShell session for changes to take effect

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to tests/Unit/Public/*.[Tt]ests.ps1 : Public commands: `tests/Unit/Public/{Name}.Tests.ps1`

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Mocking in `BeforeAll` (`BeforeEach` only when required)

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Set `$PSDefaultParameterValues` for `Mock:ModuleName`, `Should:ModuleName`, `InModuleScope:ModuleName`

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T18:00:20.934Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-unit-tests.instructions.md:0-0
Timestamp: 2025-11-27T18:00:20.934Z
Learning: Applies to tests/[Uu]nit/**/*.[Tt]ests.ps1 : Parameter set validation tests should use Get-Command with Where-Object filtering and Should assertions to verify ParameterSetName and ParameterListAsString

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Omit `-MockWith` when returning `$null`

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Never use `Assert-MockCalled`, use `Should -Invoke` instead

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Never use `param()` inside `-MockWith` scriptblocks, parameters are auto-bound

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T18:00:20.934Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-unit-tests.instructions.md:0-0
Timestamp: 2025-11-27T18:00:20.934Z
Learning: Applies to tests/[Uu]nit/**/*.[Tt]ests.ps1 : Parameter property tests should verify mandatory parameter attributes using Get-Command Parameters and Should -BeTrue assertions

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T18:00:35.078Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T18:00:35.078Z
Learning: Follow PowerShell style and test guideline instructions strictly

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:31.910Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-integration-tests.instructions.md:0-0
Timestamp: 2025-11-27T17:58:31.910Z
Learning: Applies to tests/Integration/**/*.Integration.Tests.ps1 : Call commands with `-Force` parameter where applicable to avoid prompting

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : No `Should -Not -Throw` - invoke commands directly

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-08-16T13:22:15.230Z

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2134
File: tests/Unit/Public/Get-SqlDscLogin.Tests.ps1:78-93
Timestamp: 2025-08-16T13:22:15.230Z
Learning: In PowerShell unit tests for parameter validation in SqlServerDsc, accessing parameter attributes directly like `$cmd.Parameters['ParameterName'].Attributes.Mandatory` works correctly because PowerShell automatically iterates through the array and returns the property values. Additional filtering to ParameterAttribute is not necessary when the parameter structure is known and controlled.

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T18:00:20.934Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-unit-tests.instructions.md:0-0
Timestamp: 2025-11-27T18:00:20.934Z
Learning: Applies to tests/[Uu]nit/**/*.[Tt]ests.ps1 : All public commands require parameter set validation tests

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-12-04T17:07:00.169Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-powershell.instructions.md:0-0
Timestamp: 2025-12-04T17:07:00.169Z
Learning: Applies to **/*.{ps1,psm1,psd1} : Place ShouldProcess check immediately before each state-change operation

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Each scenario = separate `Context` block

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Use nested `Context` blocks for complex scenarios

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-08-17T10:15:48.194Z

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2136
File: tests/Unit/Public/Remove-SqlDscLogin.Tests.ps1:36-39
Timestamp: 2025-08-17T10:15:48.194Z
Learning: Public command unit tests guideline: Never use InModuleScope unless accessing localized strings from $script:localizedData. PSDefaultParameterValues for InModuleScope should be kept in public command tests to support localized string retrieval when necessary.

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Never use `Mock` inside `InModuleScope`-block

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Never add an empty `-MockWith` block

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

GitHub Check: dsccommunity.SqlServerDsc (Build Package Module)
GitHub Check: PSScriptAnalyzer
GitHub Check: PSScriptAnalyzer

🔇 Additional comments (5)

CHANGELOG.md (1)

24-29: Changelog entry reads well; confirm if Test-SqlDscServerPermission should be noted.

Formatting, wrapping, and issue reference comply with the repository’s CHANGELOG style. If the resource also calls Test-SqlDscServerPermission during its Test phase, consider adding it to the listed commands for completeness; otherwise, no change needed.

tests/Unit/Classes/SqlPermission.Tests.ps1 (2)

1150-1159: Good use of Get-SqlDscLogin and new Grant/Deny/Revoke mocks

The new mocks for Get-SqlDscLogin and the Grant-/Deny-/Revoke-SqlDscServerPermission commands are wired correctly and align with the new object-based API. They also respect the guideline of using SMO stubs rather than mocking SMO types directly, and keep Mock calls outside InModuleScope.

Also applies to: 1246-1255, 1354-1363, 1452-1461

1497-1565: Failure-path tests for Grant/Revoke are well structured

The new contexts for command failures (When Grant/Deny/Revoke commands fail to change permission) correctly:

Mock each of Grant-/Deny-/Revoke-SqlDscServerPermission to throw.

Use localized messages (FailedToSetPermission, FailedToRevokePermissionFromCurrentState) and Get-InvalidOperationRecord to create expected error records.

Assert with Should -Throw -ExpectedMessage against the localized error, independent of the underlying exception text.

This gives solid coverage of the new error-handling branches in Modify().

Also applies to: 1602-1669

source/Classes/020.SqlPermission.ps1 (2)

468-505: Revoke logic with Revoke-SqlDscServerPermission and WithGrant handling looks sound

The refactored revoke path:

Aggregates permissions per state into ServerPermission objects.

Converts each to a Permission array and skips calls when the array is empty.

Adds WithGrant = $true only for State -eq 'GrantWithGrant'.

Invokes Revoke-SqlDscServerPermission with either -Login $principalObject or -ServerRole $principalObject, plus Force = $true.

Wraps each call in a try/catch and surfaces a localized FailedToRevokePermissionFromCurrentState via New-InvalidOperationException.

This matches the expected semantics of revoking extra grants/denies and gives clear, localized failure reporting.

520-577: Grant/Deny logic correctly maps states to new cmdlets and preserves error semantics

The updated grant/deny section:

Converts each ServerPermission’s Permission list into permissionsArray.

For 'Grant' and 'GrantWithGrant', calls Grant-SqlDscServerPermission with Permission, Force = $true, and WithGrant = $true only for GrantWithGrant.

For 'Deny', calls Deny-SqlDscServerPermission with Permission and Force = $true.

Always targets either -Login or -ServerRole based on isLogin.

On any failure, wraps the underlying error into a localized FailedToSetPermission via New-InvalidOperationException.

This preserves the previous behavior with Set-SqlDscServerPermission while aligning with the new object-based cmdlets and class error-handling guidelines. Unit tests added in the PR exercise the Grant/GrantWithGrant branches and the failure paths.

codecov · 2025-12-04T21:06:55Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94%. Comparing base (918557f) to head (364c0de).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@         Coverage Diff          @@
##           main   #2360   +/-   ##
====================================
  Coverage    94%     94%           
====================================
  Files       166     166           
  Lines      9764    9778   +14     
====================================
+ Hits       9205    9219   +14     
  Misses      559     559

Flag	Coverage Δ
unit	`94% <100%> (+<1%)`	⬆️

Files with missing lines	Coverage Δ
source/Classes/020.SqlPermission.ps1	`100% <100%> (ø)`

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

…or messages

coderabbitai

Actionable comments posted: 0

🧹 Nitpick comments (1)

tests/Unit/Classes/SqlPermission.Tests.ps1 (1)
1252-1268: Consider adding Test-SqlDscIsRole mock for test robustness.

While Test-SqlDscIsLogin is mocked to return $true, the production code also calls Test-SqlDscIsRole (line 363 in the class). Without a mock, the real function is called which may introduce test fragility.

Add a mock for Test-SqlDscIsRole returning $false to make the test self-contained:
 Mock -CommandName Test-SqlDscIsLogin -MockWith {
     return $true
 }
+
+Mock -CommandName Test-SqlDscIsRole -MockWith {
+    return $false
+}
This pattern should be applied to all Modify() test contexts where only Test-SqlDscIsLogin is mocked.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 76774fc and f7d4ca4.

📒 Files selected for processing (3)

source/Classes/020.SqlPermission.ps1 (4 hunks)
source/en-US/SqlPermission.strings.psd1 (1 hunks)
tests/Unit/Classes/SqlPermission.Tests.ps1 (12 hunks)

🧰 Additional context used

📓 Path-based instructions (16)

source/en-US/*.strings.psd1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-localization.instructions.md)

source/en-US/*.strings.psd1: Store command/function localized strings in source/en-US/{MyModuleName}.strings.psd1 files
Store class resource localized strings in source/en-US/{ResourceClassName}.strings.psd1 files
Use Key Naming Pattern format: Verb_FunctionName_Action with underscore separators (e.g., Get_Database_ConnectingToDatabase)
Format localized strings using ConvertFrom-StringData with placeholder syntax: KeyName = Message with {0} placeholder. (PREFIX0001)
Prefix string IDs with an acronym derived from the first letter of each word in the class or function name (e.g., SqlSetup → SS, Get-SqlDscDatabase → GSDD), followed by sequential numbers starting from 0001

Files:

source/en-US/SqlPermission.strings.psd1

**/*.{ps1,psm1,psd1}

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-powershell.instructions.md)

**/*.{ps1,psm1,psd1}: Use descriptive names with 3+ characters and no abbreviations for functions, parameters, variables, keywords, and classes
Use PascalCase with Verb-Noun format for function names, using approved PowerShell verbs
Use PascalCase for parameter names
Use camelCase for variable names
Use lower-case for keywords
Use PascalCase for class names
Include scope for script/global/environment variables using $script:, $global:, or $env: prefixes
Use 4 spaces for indentation, not tabs
Use one space around operators (e.g., $a = 1 + 2)
Use one space between type and variable (e.g., [String] $name)
Use one space between keyword and parenthesis (e.g., if ($condition))
Avoid spaces on empty lines
Limit lines to 120 characters
Place opening brace on a new line, except for variable assignments
Add one newline after opening brace
Add two newlines after closing brace (one if followed by another brace or continuation)
Use single quotes unless variable expansion is needed (e.g., 'text' vs "text $variable")
Use single-line array syntax for simple arrays: @('one', 'two', 'three')
Use multi-line array syntax with each element on a separate line with proper indentation
Do not use the unary comma operator (,) in return statements to force an array
Use empty hashtable syntax: @{}
Place each hashtable property on a separate line with proper indentation
Use PascalCase for hashtable properties
Use single-line comment format # Comment (capitalized, on own line)
Use multi-line comment format <# Comment #> with opening and closing brackets on own lines and indented text
Never include commented-out code
Always add comment-based help to all functions and scripts with SYNOPSIS, DESCRIPTION (40+ chars), PARAMETER, and EXAMPLE sections before function/class declaration
Use comment-based help indentation with keywords at 4 spaces and text at 8 spaces
Include examples in comment-based help for all parameter sets and combinations
In comment-based help INPUTS sec...

Files:

source/en-US/SqlPermission.strings.psd1
source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

**/*.psd1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-powershell.instructions.md)

Do not use NestedModules for shared commands without RootModule

Files:

source/en-US/SqlPermission.strings.psd1

**

⚙️ CodeRabbit configuration file

**: # DSC Community Guidelines

Terminology

Command: Public command

Function: Private function

Resource: DSC class-based resource

Build & Test Workflow Requirements

Run PowerShell script files from repository root

Setup build and test environment (once per pwsh session): ./build.ps1 -Tasks noop

Build project before running tests: ./build.ps1 -Tasks build

Always run tests in new pwsh session: Invoke-Pester -Path @({test paths}) -Output Detailed

File Organization

Public commands: source/Public/{CommandName}.ps1

Private functions: source/Private/{FunctionName}.ps1

Classes: source/Classes/{DependencyGroupNumber}.{ClassName}.ps1

Enums: source/Enum/{DependencyGroupNumber}.{EnumName}.ps1

Unit tests: tests/Unit/{Classes|Public|Private}/{Name}.Tests.ps1

Integration tests: tests/Integration/Commands/{CommandName}.Integration.Tests.ps1

Requirements

Follow instructions over existing code patterns

Follow PowerShell style and test guideline instructions strictly

Always update CHANGELOG.md Unreleased section

Localize all strings using string keys; remove any orphaned string keys

Check DscResource.Common before creating private functions

Separate reusable logic into private functions

DSC resources should always be created as class-based resources

Add unit tests for all commands/functions/resources

Add integration tests for all public commands and resources

Files:

source/en-US/SqlPermission.strings.psd1
source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

{**/*.ps1,**/*.psm1,**/*.psd1}

⚙️ CodeRabbit configuration file

{**/*.ps1,**/*.psm1,**/*.psd1}: # PowerShell Guidelines

Naming

Use descriptive names (3+ characters, no abbreviations)

Functions: PascalCase with Verb-Noun format using approved verbs

Parameters: PascalCase

Variables: camelCase

Keywords: lower-case

Classes: PascalCase

Include scope for script/global/environment variables: $script:, $global:, $env:

File naming

Class files: ###.ClassName.ps1 format (e.g. 001.SqlReason.ps1, 004.StartupParameters.ps1)

Formatting

Indentation & Spacing

Use 4 spaces (no tabs)

One space around operators: $a = 1 + 2

One space between type and variable: [String] $name

One space between keyword and parenthesis: if ($condition)

No spaces on empty lines

Try to limit lines to 120 characters

Braces

Newline before opening brace (except variable assignments)

One newline after opening brace

Two newlines after closing brace (one if followed by another brace or continuation)

Quotes

Use single quotes unless variable expansion is needed: 'text' vs "text $variable"

Arrays

Single line: @('one', 'two', 'three')

Multi-line: each element on separate line with proper indentation

Do not use the unary comma operator (,) in return statements to force
an array

Hashtables

Empty: @{}

Each property on separate line with proper indentation

Properties: Use PascalCase

Comments

Single line: # Comment (capitalized, on own line)

Multi-line: <# Comment #> format (opening and closing brackets on own line), and indent text

No commented-out code

Comment-based help

Always add comment-based help to all functions and scripts

Comment-based help: SYNOPSIS, DESCRIPTION (40+ chars), PARAMETER, EXAMPLE sections before function/class

Comment-based help indentation: keywords 4 spaces, text 8 spaces

Include examples for all parameter sets and combinations

INPUTS: List each pipeline‑accepted type as inline code with a 1‑line description...

Files:

source/en-US/SqlPermission.strings.psd1
source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

**/*.ps1

📄 CodeRabbit inference engine (.github/instructions/SqlServerDsc-guidelines.instructions.md)

**/*.ps1: Format public commands as {Verb}-SqlDsc{Noun} following PowerShell naming conventions
Format private functions as {Verb}-{Noun} following PowerShell naming conventions

Files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

source/[cC]lasses/020.*.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-class-resource.instructions.md)

DSC class-based resources must use the file naming pattern source/Classes/020.{ResourceName}.ps1

Files:

source/Classes/020.SqlPermission.ps1

source/[cC]lasses/**/*.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-class-resource.instructions.md)

source/[cC]lasses/**/*.ps1: DSC class-based resources must be decorated with [DscResource(RunAsCredential = 'Optional')] or [DscResource(RunAsCredential = 'Mandatory')] based on requirements
DSC class-based resources must inherit from ResourceBase class from the DscResource.Base module
DSC class-based resources must use [Nullable[{FullTypeName}]] syntax for value-type properties (e.g., [Nullable[System.Int32]])
DSC class-based resources must implement a required constructor with signature ResourceName () : base ($PSScriptRoot) and populate $this.ExcludeDscProperties array
DSC class-based resources must implement required methods: Get(), Test(), Set(), GetCurrentState(), and Modify() following the specified pattern
DSC class-based resources may optionally implement methods: AssertProperties() and NormalizeProperties() following the specified pattern
DSC class-based resources must include comment-based help with .DESCRIPTION section containing Requirements and Known issues sections with a link to all open issues on GitHub
DSC class-based resources must use try/catch blocks for exception handling in classes
DSC class-based resources must use New-*Exception commands (such as New-InvalidDataException, New-ArgumentException, New-InvalidOperationException, New-ObjectNotFoundException, New-InvalidResultException, New-NotImplementedException) instead of throw for terminating errors in classes

Files:

source/Classes/020.SqlPermission.ps1

⚙️ CodeRabbit configuration file

source/[cC]lasses/**/*.ps1: # DSC Class-Based Resource Guidelines

Applies to: Classes with [DscResource(...)] decoration only.

Requirements

File: source/Classes/020.{ResourceName}.ps1
Decoration: [DscResource(RunAsCredential = 'Optional')] (replace with 'Mandatory' if required)
Inheritance: Must inherit ResourceBase (part of module DscResource.Base)
$this.localizedData hashtable auto-populated by ResourceBase from localization file
value-type properties: Use [Nullable[{FullTypeName}]] (e.g., [Nullable[System.Int32]])

Required constructor

MyResourceName () : base ($PSScriptRoot)
{
    # Property names where state cannot be enforced, e.g. IsSingleInstance, Force
    $this.ExcludeDscProperties = @()
}

Required Method Pattern

[MyResourceName] Get()
{
    # Call base implementation to get current state
    $currentState = ([ResourceBase] $this).Get()

    # If needed, post-processing on current state that can not be handled by GetCurrentState()

    return $currentState
}

[System.Boolean] Test()
{
    # Call base implementation to test current state
    $inDesiredState = ([ResourceBase] $this).Test()

    # If needed, post-processing on test result that can not be handled by base Test()

    return $inDesiredState
}

[void] Set()
{
    # Call base implementation to set desired state
    ([ResourceBase] $this).Set()

    # If needed, additional state changes that can not be handled by Modify()
}

hidden [System.Collections.Hashtable] GetCurrentState([System.Collections.Hashtable] $properties)
{
    # Always return current state as hashtable, $properties contains key properties
}

hidden [void] Modify([System.Collections.Hashtable] $properties)
{
    # Always set desired state, $properties contain those that must change state
}

Optional Method Pattern

hidden [void] AssertProperties([System.Collections.Hashtable] $properties)
{
    # Validate user-provided properties, $p...

Files:

source/Classes/020.SqlPermission.ps1

source/**/*.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-localization.instructions.md)

source/**/*.ps1: Localize all Write-Debug, Write-Verbose, Write-Error, Write-Warning and $PSCmdlet.ThrowTerminatingError() messages in PowerShell scripts
Use localized string keys from $script:localizedData, not hardcoded strings, in diagnostic messages
Reference localized strings using the syntax: Write-Verbose -Message ($script:localizedData.KeyName -f $value1)

Localize all strings using string keys; remove any orphaned string keys

Files:

source/Classes/020.SqlPermission.ps1

⚙️ CodeRabbit configuration file

source/**/*.ps1: # Localization Guidelines

Requirements

Localize all Write-Debug, Write-Verbose, Write-Error, Write-Warning and $PSCmdlet.ThrowTerminatingError() messages

Use localized string keys, not hardcoded strings

Assume $script:localizedData is available

String Files

Commands/functions: source/en-US/{MyModuleName}.strings.psd1

Class resources: source/en-US/{ResourceClassName}.strings.psd1

Key Naming Patterns

Format: Verb_FunctionName_Action (underscore separators), e.g. Get_Database_ConnectingToDatabase

String Format
ConvertFrom-StringData @'
    KeyName = Message with {0} placeholder. (PREFIX0001)
'@
String IDs

Format: (PREFIX####)

PREFIX: First letter of each word in class or function name (SqlSetup → SS, Get-SqlDscDatabase → GSDD)

Number: Sequential from 0001

Usage
Write-Verbose -Message ($script:localizedData.KeyName -f $value1)

Files:

source/Classes/020.SqlPermission.ps1

source/Classes/*.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines.instructions.md)

source/Classes/*.ps1: Classes should be located in source/Classes/{DependencyGroupNumber}.{ClassName}.ps1
DSC resources should always be created as class-based resources

Files:

source/Classes/020.SqlPermission.ps1

**/[0-9][0-9][0-9].*.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-powershell.instructions.md)

Name class files using ###.ClassName.ps1 format (e.g., 001.SqlReason.ps1, 004.StartupParameters.ps1)

Files:

source/Classes/020.SqlPermission.ps1

**/*.{ps1,psm1}

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-powershell.instructions.md)

Use $PSCmdlet.ThrowTerminatingError() for terminating errors (except in classes), use relevant error category, and in try-catch include exception with localized message

Files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

**/*.[Tt]ests.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-pester.instructions.md)

**/*.[Tt]ests.ps1: All public commands, private functions and classes must have unit tests
All public commands and class-based resources must have integration tests
Use Pester v5 syntax only
Test code only inside Describe blocks
Assertions only in It blocks
Never test verbose messages, debug messages or parameter binding behavior
Pass all mandatory parameters to avoid prompts
Inside It blocks, assign unused return objects to $null (unless part of pipeline)
Tested entity must be called from within the It blocks
Keep results and assertions in same It block
Avoid try-catch-finally for cleanup, use AfterAll or AfterEach
Avoid unnecessary remove/recreate cycles
One Describe block per file matching the tested entity name
Context descriptions start with 'When'
It descriptions start with 'Should', must not contain 'when'
Mock variables prefix: 'mock'
Public commands: Never use InModuleScope (unless retrieving localized strings or creating an object using an internal class)
Private functions/class resources: Always use InModuleScope
Each class method = separate Context block
Each scenario = separate Context block
Use nested Context blocks for complex scenarios
Mocking in BeforeAll (BeforeEach only when required)
Setup/teardown in BeforeAll,BeforeEach/AfterAll,AfterEach close to usage
Spacing between blocks, arrange, act, and assert for readability
PascalCase: Describe, Context, It, Should, BeforeAll, BeforeEach, AfterAll, AfterEach
Use -BeTrue/-BeFalse never -Be $true/-Be $false
Never use Assert-MockCalled, use Should -Invoke instead
No Should -Not -Throw - invoke commands directly
Never add an empty -MockWith block
Omit -MockWith when returning $null
Set $PSDefaultParameterValues for Mock:ModuleName, Should:ModuleName, InModuleScope:ModuleName
Omit -ModuleName parameter on Pester commands
Never use Mock inside InModuleScope-block
Never use param() inside -MockWith scriptblock...

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

⚙️ CodeRabbit configuration file

**/*.[Tt]ests.ps1: # Tests Guidelines

Core Requirements

All public commands, private functions and classes must have unit tests

All public commands and class-based resources must have integration tests

Use Pester v5 syntax only

Test code only inside Describe blocks

Assertions only in It blocks

Never test verbose messages, debug messages or parameter binding behavior

Pass all mandatory parameters to avoid prompts

Requirements

Inside It blocks, assign unused return objects to $null (unless part of pipeline)

Tested entity must be called from within the It blocks

Keep results and assertions in same It block

Avoid try-catch-finally for cleanup, use AfterAll or AfterEach

Avoid unnecessary remove/recreate cycles

Naming

One Describe block per file matching the tested entity name

Context descriptions start with 'When'

It descriptions start with 'Should', must not contain 'when'

Mock variables prefix: 'mock'

Structure & Scope

Public commands: Never use InModuleScope (unless retrieving localized strings or creating an object using an internal class)

Private functions/class resources: Always use InModuleScope

Each class method = separate Context block

Each scenario = separate Context block

Use nested Context blocks for complex scenarios

Mocking in BeforeAll (BeforeEach only when required)

Setup/teardown in BeforeAll,BeforeEach/AfterAll,AfterEach close to usage

Spacing between blocks, arrange, act, and assert for readability

Syntax Rules

PascalCase: Describe, Context, It, Should, BeforeAll, BeforeEach, AfterAll, AfterEach

Use -BeTrue/-BeFalse never -Be $true/-Be $false

Never use Assert-MockCalled, use Should -Invoke instead

No Should -Not -Throw - invoke commands directly

Never add an empty -MockWith block

Omit -MockWith when returning $null

Set $PSDefaultParameterValues for Mock:ModuleName, Should:ModuleName, `...

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

tests/Unit/Classes/*.[Tt]ests.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-pester.instructions.md)

Class resources: tests/Unit/Classes/{Name}.Tests.ps1

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

tests/[Uu]nit/**/*.[Tt]ests.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-unit-tests.instructions.md)

tests/[Uu]nit/**/*.[Tt]ests.ps1: Test with localized strings using InModuleScope -ScriptBlock { $script:localizedData.Key }
Mock files using the $TestDrive variable (path to the test drive)
All public commands require parameter set validation tests
Use the exact setup block with BeforeDiscovery, BeforeAll, and AfterAll blocks including DscResource.Test module import and PSDefaultParameterValues configuration
Parameter set validation tests should use Get-Command with Where-Object filtering and Should assertions to verify ParameterSetName and ParameterListAsString
Parameter property tests should verify mandatory parameter attributes using Get-Command Parameters and Should -BeTrue assertions

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

⚙️ CodeRabbit configuration file

tests/[Uu]nit/**/*.[Tt]ests.ps1: # Unit Tests Guidelines

Test with localized strings: Use InModuleScope -ScriptBlock { $script:localizedData.Key }
Mock files: Use $TestDrive variable (path to the test drive)
All public commands require parameter set validation tests
After modifying classes, always run tests in new session (for changes to take effect)

Test Setup Requirements

Use this exact setup block before Describe:

[System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '', Justification = 'Suppressing this rule because Script Analyzer does not understand Pester syntax.')]
param ()

BeforeDiscovery {
    try
    {
        if (-not (Get-Module -Name 'DscResource.Test'))
        {
            # Assumes dependencies have been resolved, so if this module is not available, run 'noop' task.
            if (-not (Get-Module -Name 'DscResource.Test' -ListAvailable))
            {
                # Redirect all streams to $null, except the error stream (stream 2)
                & "$PSScriptRoot/../../../build.ps1" -Tasks 'noop' 3>&1 4>&1 5>&1 6>&1 > $null
            }

            # If the dependencies have not been resolved, this will throw an error.
            Import-Module -Name 'DscResource.Test' -Force -ErrorAction 'Stop'
        }
    }
    catch [System.IO.FileNotFoundException]
    {
        throw 'DscResource.Test module dependency not found. Please run ".\build.ps1 -ResolveDependency -Tasks noop" first.'
    }
}

BeforeAll {
    $script:moduleName = '{MyModuleName}'

    Import-Module -Name $script:moduleName -Force -ErrorAction 'Stop'

    $PSDefaultParameterValues['InModuleScope:ModuleName'] = $script:moduleName
    $PSDefaultParameterValues['Mock:ModuleName'] = $script:moduleName
    $PSDefaultParameterValues['Should:ModuleName'] = $script:moduleName
}

AfterAll {
    $PSDefaultParameterValues.Remove('InModuleScope:ModuleName')
    $PSDefaultParameterValues.Remove('Mock:ModuleNam...

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

tests/Unit/**/*.Tests.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines.instructions.md)

Unit tests should be located in tests/Unit/{Classes|Public|Private}/{Name}.Tests.ps1

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

🧠 Learnings (37)

📓 Common learnings

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2136
File: source/Public/Remove-SqlDscLogin.ps1:104-108
Timestamp: 2025-08-17T10:13:30.079Z
Learning: In SqlServerDsc unit tests, SMO object stubs (like Login objects) should have properly mocked Parent properties with correct Server stub types and valid InstanceName values, rather than handling null Parent scenarios in production code.

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/tests/Integration/**/*.ps1 : Integration tests: use `Connect-SqlDscDatabaseEngine` for SQL Server DB session with correct CI credentials, and always follow with `Disconnect-SqlDscDatabaseEngine`

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/*.ps1 : Format public commands as `{Verb}-SqlDsc{Noun}` following PowerShell naming conventions

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2134
File: tests/Unit/Public/Get-SqlDscLogin.Tests.ps1:78-93
Timestamp: 2025-08-16T13:22:15.230Z
Learning: In PowerShell unit tests for parameter validation in SqlServerDsc, accessing parameter attributes directly like `$cmd.Parameters['ParameterName'].Attributes.Mandatory` works correctly because PowerShell automatically iterates through the array and returns the property values. Additional filtering to ParameterAttribute is not necessary when the parameter structure is known and controlled.

📚 Learning: 2025-11-27T17:58:42.327Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-localization.instructions.md:0-0
Timestamp: 2025-11-27T17:58:42.327Z
Learning: Applies to source/en-US/*.strings.psd1 : Prefix string IDs with an acronym derived from the first letter of each word in the class or function name (e.g., SqlSetup → SS, Get-SqlDscDatabase → GSDD), followed by sequential numbers starting from 0001

Applied to files:

source/en-US/SqlPermission.strings.psd1

📚 Learning: 2025-11-27T17:58:42.327Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-localization.instructions.md:0-0
Timestamp: 2025-11-27T17:58:42.327Z
Learning: Applies to source/en-US/*.strings.psd1 : Store class resource localized strings in source/en-US/{ResourceClassName}.strings.psd1 files

Applied to files:

source/en-US/SqlPermission.strings.psd1

📚 Learning: 2025-11-27T17:58:42.327Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-localization.instructions.md:0-0
Timestamp: 2025-11-27T17:58:42.327Z
Learning: Applies to source/en-US/*.strings.psd1 : Use Key Naming Pattern format: Verb_FunctionName_Action with underscore separators (e.g., Get_Database_ConnectingToDatabase)

Applied to files:

source/en-US/SqlPermission.strings.psd1

📚 Learning: 2025-11-27T17:59:01.508Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-mof-resources.instructions.md:0-0
Timestamp: 2025-11-27T17:59:01.508Z
Learning: Applies to source/DSCResources/**/en-US/DSC_*.strings.psd1 : Name localized strings file as `DSC_<ResourceName>.strings.psd1` in the `en-US` folder

Applied to files:

source/en-US/SqlPermission.strings.psd1

📚 Learning: 2025-11-27T17:58:42.327Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-localization.instructions.md:0-0
Timestamp: 2025-11-27T17:58:42.327Z
Learning: Applies to source/en-US/*.strings.psd1 : Store command/function localized strings in source/en-US/{MyModuleName}.strings.psd1 files

Applied to files:

source/en-US/SqlPermission.strings.psd1

📚 Learning: 2025-11-27T17:59:01.508Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-mof-resources.instructions.md:0-0
Timestamp: 2025-11-27T17:59:01.508Z
Learning: Applies to source/DSCResources/**/en-US/DSC_*.strings.psd1 : In `.strings.psd1` files, use underscores as word separators in localized string key names for multi-word keys

Applied to files:

source/en-US/SqlPermission.strings.psd1

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/resources/**/*.ps1 : Add `InstanceName`, `ServerName`, and `Credential` to `$this.ExcludeDscProperties` in Database Engine resources

Applied to files:

source/en-US/SqlPermission.strings.psd1

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/resources/**/*.ps1 : Database Engine resources must inherit from `SqlResourceBase`

Applied to files:

source/en-US/SqlPermission.strings.psd1

📚 Learning: 2025-10-04T21:33:23.022Z

Learnt from: dan-hughes
Repo: dsccommunity/UpdateServicesDsc PR: 85
File: source/en-US/UpdateServicesDsc.strings.psd1:1-2
Timestamp: 2025-10-04T21:33:23.022Z
Learning: In UpdateServicesDsc (and similar DSC modules), the module-level localization file (source/en-US/<ModuleName>.strings.psd1) can be empty when DSC resources have their own localization files in source/DSCResources/<ResourceName>/en-US/DSC_<ResourceName>.strings.psd1. Automated tests verify localization completeness for resources. Don't flag empty module-level localization files as issues when resources have separate localization.

Applied to files:

source/en-US/SqlPermission.strings.psd1

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/tests/Integration/**/*.ps1 : Integration tests: use `Connect-SqlDscDatabaseEngine` for SQL Server DB session with correct CI credentials, and always follow with `Disconnect-SqlDscDatabaseEngine`

Applied to files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-08-17T10:13:30.079Z

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2136
File: source/Public/Remove-SqlDscLogin.ps1:104-108
Timestamp: 2025-08-17T10:13:30.079Z
Learning: In SqlServerDsc unit tests, SMO object stubs (like Login objects) should have properly mocked Parent properties with correct Server stub types and valid InstanceName values, rather than handling null Parent scenarios in production code.

Applied to files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/tests/**/*.tests.ps1 : When unit tests test classes or commands containing SMO types like `[Microsoft.SqlServer.Management.Smo.*]`, ensure they are properly stubbed in SMO.cs

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/tests/**/*.tests.ps1 : In unit tests: use SMO stub types from SMO.cs, never mock SMO types

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/tests/**/*.tests.ps1 : Add `$env:SqlServerDscCI = $true` in `BeforeAll` block and remove in `AfterAll` block of unit tests

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Mock variables prefix: 'mock'

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Mocking in `BeforeAll` (`BeforeEach` only when required)

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: After changing SMO stub types in SMO.cs, run tests in a new PowerShell session for changes to take effect

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Set `$PSDefaultParameterValues` for `Mock:ModuleName`, `Should:ModuleName`, `InModuleScope:ModuleName`

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Never use `Mock` inside `InModuleScope`-block

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : No `Should -Not -Throw` - invoke commands directly

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Never use `Assert-MockCalled`, use `Should -Invoke` instead

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:31.910Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-integration-tests.instructions.md:0-0
Timestamp: 2025-11-27T17:58:31.910Z
Learning: Applies to tests/Integration/**/*.Integration.Tests.ps1 : Avoid `ExpectedMessage` parameter for `Should -Throw` assertions in integration tests

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Never add an empty `-MockWith` block

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Omit `-MockWith` when returning `$null`

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T18:00:20.934Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-unit-tests.instructions.md:0-0
Timestamp: 2025-11-27T18:00:20.934Z
Learning: Applies to tests/[Uu]nit/**/*.[Tt]ests.ps1 : Parameter set validation tests should use Get-Command with Where-Object filtering and Should assertions to verify ParameterSetName and ParameterListAsString

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T18:00:20.934Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-unit-tests.instructions.md:0-0
Timestamp: 2025-11-27T18:00:20.934Z
Learning: Applies to tests/[Uu]nit/**/*.[Tt]ests.ps1 : Parameter property tests should verify mandatory parameter attributes using Get-Command Parameters and Should -BeTrue assertions

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-12-04T17:07:00.186Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-powershell.instructions.md:0-0
Timestamp: 2025-12-04T17:07:00.186Z
Learning: Applies to **/*.{ps1,psm1,psd1} : Place ShouldProcess check immediately before each state-change operation

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Never use `param()` inside `-MockWith` scriptblocks, parameters are auto-bound

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-08-17T10:15:48.194Z

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2136
File: tests/Unit/Public/Remove-SqlDscLogin.Tests.ps1:36-39
Timestamp: 2025-08-17T10:15:48.194Z
Learning: Public command unit tests guideline: Never use InModuleScope unless accessing localized strings from $script:localizedData. PSDefaultParameterValues for InModuleScope should be kept in public command tests to support localized string retrieval when necessary.

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-10-12T12:10:48.625Z

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2303
File: tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1:127-143
Timestamp: 2025-10-12T12:10:48.625Z
Learning: For the SqlServerDsc module integration tests, ForceEncryption should not be enabled on the SQL Server instance (DSCSQLTEST) because the module needs to test both encrypted and non-encrypted connection scenarios in CI.

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T18:00:20.934Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-unit-tests.instructions.md:0-0
Timestamp: 2025-11-27T18:00:20.934Z
Learning: Applies to tests/[Uu]nit/**/*.[Tt]ests.ps1 : All public commands require parameter set validation tests

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T18:00:35.078Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T18:00:35.078Z
Learning: Follow PowerShell style and test guideline instructions strictly

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-08-16T13:22:15.230Z

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2134
File: tests/Unit/Public/Get-SqlDscLogin.Tests.ps1:78-93
Timestamp: 2025-08-16T13:22:15.230Z
Learning: In PowerShell unit tests for parameter validation in SqlServerDsc, accessing parameter attributes directly like `$cmd.Parameters['ParameterName'].Attributes.Mandatory` works correctly because PowerShell automatically iterates through the array and returns the property values. Additional filtering to ParameterAttribute is not necessary when the parameter structure is known and controlled.

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:31.910Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-integration-tests.instructions.md:0-0
Timestamp: 2025-11-27T17:58:31.910Z
Learning: Applies to tests/Integration/**/*.Integration.Tests.ps1 : Call commands with `-Force` parameter where applicable to avoid prompting

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Each scenario = separate `Context` block

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Use nested `Context` blocks for complex scenarios

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

GitHub Check: dsccommunity.SqlServerDsc (Build Package Module)
GitHub Check: PSScriptAnalyzer
GitHub Check: PSScriptAnalyzer

🔇 Additional comments (12)

source/en-US/SqlPermission.strings.psd1 (1)

15-15: LGTM!

The localized string correctly reflects the expanded principal support (login or server role) introduced by this refactor.

source/Classes/020.SqlPermission.ps1 (5)

356-385: LGTM!

The principal detection logic correctly handles both logins and server roles. The pattern of checking both types and retrieving the appropriate object based on the result is clean and follows the established error handling patterns for class-based resources using New-InvalidOperationException.

471-506: LGTM!

The revocation flow correctly:

Skips empty permission arrays (line 475 count check)

Sets -WithGrant for GrantWithGrant state revocations

Dispatches to the appropriate parameter set (-Login vs -ServerRole) based on principal type

Propagates the original exception via New-InvalidOperationException

528-543: LGTM!

The Grant flow correctly dispatches to the appropriate Grant-SqlDscServerPermission variant based on principal type.

545-561: LGTM!

The GrantWithGrant flow correctly sets -WithGrant = $true and dispatches appropriately.

563-578: LGTM!

The Deny flow correctly uses Deny-SqlDscServerPermission with the appropriate principal parameter.

tests/Unit/Classes/SqlPermission.Tests.ps1 (6)

1072-1075: LGTM!

Good addition of Test-SqlDscIsRole mock to ensure both principal type checks fail, correctly triggering the "principal not found" error path.

1101-1201: LGTM!

Excellent addition of the server role test scenario. The test correctly:

Mocks Test-SqlDscIsLogin to return $false and Test-SqlDscIsRole to return $true

Creates a properly structured ServerRole object with a valid Parent property (per learnings)

Verifies both Get-SqlDscRole invocation and Grant-SqlDscServerPermission with correct permission

1292-1300: LGTM!

The assertions correctly verify the new command behavior:

Permission array containment check (-contains 'ConnectSql')

Absence of -WithGrant for regular Grant state

Presence of -WithGrant = $true for GrantWithGrant state

1303-1393: LGTM!

Good addition of a dedicated test context for the Deny permission path. The test correctly verifies that Deny-SqlDscServerPermission is invoked with the expected permission (ViewServerState).

1485-1502: LGTM!

The revocation assertions correctly verify:

Multiple permissions revoked together (AlterAnyAvailabilityGroup and ViewServerState)

-WithGrant = $true for revoking GrantWithGrant permissions

No -WithGrant for revoking regular Grant/Deny permissions

1709-1923: LGTM!

The failure test context correctly:

Uses a descriptive name reflecting all three command types

Mocks all permission commands (Grant-, Deny-, Revoke-SqlDscServerPermission) to throw errors

Tests both granting and revoking failure paths

Verifies proper error message propagation using localized strings

coderabbitai

Actionable comments posted: 0

🧹 Nitpick comments (1)

source/Classes/020.SqlPermission.ps1 (1)
489-496: Consider extracting a helper for principal parameter selection.

The pattern of selecting -Login $principalObject vs -ServerRole $principalObject is repeated 5 times throughout the Modify() method. This could be consolidated into a helper method or a splatting approach:
# At the start of Modify(), after retrieving principalObject:
$principalParameters = if ($isLogin) { @{ Login = $principalObject } } else { @{ ServerRole = $principalObject } }

# Then use it like:
Revoke-SqlDscServerPermission @principalParameters @revokeSqlDscServerPermissionParameters
This would reduce duplication and make the code more maintainable.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 76774fc and a28c2d6.

📒 Files selected for processing (4)

CHANGELOG.md (1 hunks)
source/Classes/020.SqlPermission.ps1 (4 hunks)
source/en-US/SqlPermission.strings.psd1 (1 hunks)
tests/Unit/Classes/SqlPermission.Tests.ps1 (12 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

CHANGELOG.md

🧰 Additional context used

📓 Path-based instructions (16)

**/*.ps1

📄 CodeRabbit inference engine (.github/instructions/SqlServerDsc-guidelines.instructions.md)

**/*.ps1: Format public commands as {Verb}-SqlDsc{Noun} following PowerShell naming conventions
Format private functions as {Verb}-{Noun} following PowerShell naming conventions

Files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

source/[cC]lasses/020.*.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-class-resource.instructions.md)

DSC class-based resources must use the file naming pattern source/Classes/020.{ResourceName}.ps1

Files:

source/Classes/020.SqlPermission.ps1

source/[cC]lasses/**/*.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-class-resource.instructions.md)

source/[cC]lasses/**/*.ps1: DSC class-based resources must be decorated with [DscResource(RunAsCredential = 'Optional')] or [DscResource(RunAsCredential = 'Mandatory')] based on requirements
DSC class-based resources must inherit from ResourceBase class from the DscResource.Base module
DSC class-based resources must use [Nullable[{FullTypeName}]] syntax for value-type properties (e.g., [Nullable[System.Int32]])
DSC class-based resources must implement a required constructor with signature ResourceName () : base ($PSScriptRoot) and populate $this.ExcludeDscProperties array
DSC class-based resources must implement required methods: Get(), Test(), Set(), GetCurrentState(), and Modify() following the specified pattern
DSC class-based resources may optionally implement methods: AssertProperties() and NormalizeProperties() following the specified pattern
DSC class-based resources must include comment-based help with .DESCRIPTION section containing Requirements and Known issues sections with a link to all open issues on GitHub
DSC class-based resources must use try/catch blocks for exception handling in classes
DSC class-based resources must use New-*Exception commands (such as New-InvalidDataException, New-ArgumentException, New-InvalidOperationException, New-ObjectNotFoundException, New-InvalidResultException, New-NotImplementedException) instead of throw for terminating errors in classes

Files:

source/Classes/020.SqlPermission.ps1

⚙️ CodeRabbit configuration file

source/[cC]lasses/**/*.ps1: # DSC Class-Based Resource Guidelines

Applies to: Classes with [DscResource(...)] decoration only.

Requirements

File: source/Classes/020.{ResourceName}.ps1
Decoration: [DscResource(RunAsCredential = 'Optional')] (replace with 'Mandatory' if required)
Inheritance: Must inherit ResourceBase (part of module DscResource.Base)
$this.localizedData hashtable auto-populated by ResourceBase from localization file
value-type properties: Use [Nullable[{FullTypeName}]] (e.g., [Nullable[System.Int32]])

Required constructor

MyResourceName () : base ($PSScriptRoot)
{
    # Property names where state cannot be enforced, e.g. IsSingleInstance, Force
    $this.ExcludeDscProperties = @()
}

Required Method Pattern

[MyResourceName] Get()
{
    # Call base implementation to get current state
    $currentState = ([ResourceBase] $this).Get()

    # If needed, post-processing on current state that can not be handled by GetCurrentState()

    return $currentState
}

[System.Boolean] Test()
{
    # Call base implementation to test current state
    $inDesiredState = ([ResourceBase] $this).Test()

    # If needed, post-processing on test result that can not be handled by base Test()

    return $inDesiredState
}

[void] Set()
{
    # Call base implementation to set desired state
    ([ResourceBase] $this).Set()

    # If needed, additional state changes that can not be handled by Modify()
}

hidden [System.Collections.Hashtable] GetCurrentState([System.Collections.Hashtable] $properties)
{
    # Always return current state as hashtable, $properties contains key properties
}

hidden [void] Modify([System.Collections.Hashtable] $properties)
{
    # Always set desired state, $properties contain those that must change state
}

Optional Method Pattern

hidden [void] AssertProperties([System.Collections.Hashtable] $properties)
{
    # Validate user-provided properties, $p...

Files:

source/Classes/020.SqlPermission.ps1

source/**/*.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-localization.instructions.md)

source/**/*.ps1: Localize all Write-Debug, Write-Verbose, Write-Error, Write-Warning and $PSCmdlet.ThrowTerminatingError() messages in PowerShell scripts
Use localized string keys from $script:localizedData, not hardcoded strings, in diagnostic messages
Reference localized strings using the syntax: Write-Verbose -Message ($script:localizedData.KeyName -f $value1)

Localize all strings using string keys; remove any orphaned string keys

Files:

source/Classes/020.SqlPermission.ps1

⚙️ CodeRabbit configuration file

source/**/*.ps1: # Localization Guidelines

Requirements

Localize all Write-Debug, Write-Verbose, Write-Error, Write-Warning and $PSCmdlet.ThrowTerminatingError() messages

Use localized string keys, not hardcoded strings

Assume $script:localizedData is available

String Files

Commands/functions: source/en-US/{MyModuleName}.strings.psd1

Class resources: source/en-US/{ResourceClassName}.strings.psd1

Key Naming Patterns

Format: Verb_FunctionName_Action (underscore separators), e.g. Get_Database_ConnectingToDatabase

String Format
ConvertFrom-StringData @'
    KeyName = Message with {0} placeholder. (PREFIX0001)
'@
String IDs

Format: (PREFIX####)

PREFIX: First letter of each word in class or function name (SqlSetup → SS, Get-SqlDscDatabase → GSDD)

Number: Sequential from 0001

Usage
Write-Verbose -Message ($script:localizedData.KeyName -f $value1)

Files:

source/Classes/020.SqlPermission.ps1

source/Classes/*.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines.instructions.md)

source/Classes/*.ps1: Classes should be located in source/Classes/{DependencyGroupNumber}.{ClassName}.ps1
DSC resources should always be created as class-based resources

Files:

source/Classes/020.SqlPermission.ps1

**/*.{ps1,psm1,psd1}

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-powershell.instructions.md)

**/*.{ps1,psm1,psd1}: Use descriptive names with 3+ characters and no abbreviations for functions, parameters, variables, keywords, and classes
Use PascalCase with Verb-Noun format for function names, using approved PowerShell verbs
Use PascalCase for parameter names
Use camelCase for variable names
Use lower-case for keywords
Use PascalCase for class names
Include scope for script/global/environment variables using $script:, $global:, or $env: prefixes
Use 4 spaces for indentation, not tabs
Use one space around operators (e.g., $a = 1 + 2)
Use one space between type and variable (e.g., [String] $name)
Use one space between keyword and parenthesis (e.g., if ($condition))
Avoid spaces on empty lines
Limit lines to 120 characters
Place opening brace on a new line, except for variable assignments
Add one newline after opening brace
Add two newlines after closing brace (one if followed by another brace or continuation)
Use single quotes unless variable expansion is needed (e.g., 'text' vs "text $variable")
Use single-line array syntax for simple arrays: @('one', 'two', 'three')
Use multi-line array syntax with each element on a separate line with proper indentation
Do not use the unary comma operator (,) in return statements to force an array
Use empty hashtable syntax: @{}
Place each hashtable property on a separate line with proper indentation
Use PascalCase for hashtable properties
Use single-line comment format # Comment (capitalized, on own line)
Use multi-line comment format <# Comment #> with opening and closing brackets on own lines and indented text
Never include commented-out code
Always add comment-based help to all functions and scripts with SYNOPSIS, DESCRIPTION (40+ chars), PARAMETER, and EXAMPLE sections before function/class declaration
Use comment-based help indentation with keywords at 4 spaces and text at 8 spaces
Include examples in comment-based help for all parameter sets and combinations
In comment-based help INPUTS sec...

Files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1
source/en-US/SqlPermission.strings.psd1

**/[0-9][0-9][0-9].*.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-powershell.instructions.md)

Name class files using ###.ClassName.ps1 format (e.g., 001.SqlReason.ps1, 004.StartupParameters.ps1)

Files:

source/Classes/020.SqlPermission.ps1

**/*.{ps1,psm1}

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-powershell.instructions.md)

Use $PSCmdlet.ThrowTerminatingError() for terminating errors (except in classes), use relevant error category, and in try-catch include exception with localized message

Files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

**

⚙️ CodeRabbit configuration file

**: # DSC Community Guidelines

Terminology

Command: Public command

Function: Private function

Resource: DSC class-based resource

Build & Test Workflow Requirements

Run PowerShell script files from repository root

Setup build and test environment (once per pwsh session): ./build.ps1 -Tasks noop

Build project before running tests: ./build.ps1 -Tasks build

Always run tests in new pwsh session: Invoke-Pester -Path @({test paths}) -Output Detailed

File Organization

Public commands: source/Public/{CommandName}.ps1

Private functions: source/Private/{FunctionName}.ps1

Classes: source/Classes/{DependencyGroupNumber}.{ClassName}.ps1

Enums: source/Enum/{DependencyGroupNumber}.{EnumName}.ps1

Unit tests: tests/Unit/{Classes|Public|Private}/{Name}.Tests.ps1

Integration tests: tests/Integration/Commands/{CommandName}.Integration.Tests.ps1

Requirements

Follow instructions over existing code patterns

Follow PowerShell style and test guideline instructions strictly

Always update CHANGELOG.md Unreleased section

Localize all strings using string keys; remove any orphaned string keys

Check DscResource.Common before creating private functions

Separate reusable logic into private functions

DSC resources should always be created as class-based resources

Add unit tests for all commands/functions/resources

Add integration tests for all public commands and resources

Files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1
source/en-US/SqlPermission.strings.psd1

{**/*.ps1,**/*.psm1,**/*.psd1}

⚙️ CodeRabbit configuration file

{**/*.ps1,**/*.psm1,**/*.psd1}: # PowerShell Guidelines

Naming

Use descriptive names (3+ characters, no abbreviations)

Functions: PascalCase with Verb-Noun format using approved verbs

Parameters: PascalCase

Variables: camelCase

Keywords: lower-case

Classes: PascalCase

Include scope for script/global/environment variables: $script:, $global:, $env:

File naming

Class files: ###.ClassName.ps1 format (e.g. 001.SqlReason.ps1, 004.StartupParameters.ps1)

Formatting

Indentation & Spacing

Use 4 spaces (no tabs)

One space around operators: $a = 1 + 2

One space between type and variable: [String] $name

One space between keyword and parenthesis: if ($condition)

No spaces on empty lines

Try to limit lines to 120 characters

Braces

Newline before opening brace (except variable assignments)

One newline after opening brace

Two newlines after closing brace (one if followed by another brace or continuation)

Quotes

Use single quotes unless variable expansion is needed: 'text' vs "text $variable"

Arrays

Single line: @('one', 'two', 'three')

Multi-line: each element on separate line with proper indentation

Do not use the unary comma operator (,) in return statements to force
an array

Hashtables

Empty: @{}

Each property on separate line with proper indentation

Properties: Use PascalCase

Comments

Single line: # Comment (capitalized, on own line)

Multi-line: <# Comment #> format (opening and closing brackets on own line), and indent text

No commented-out code

Comment-based help

Always add comment-based help to all functions and scripts

Comment-based help: SYNOPSIS, DESCRIPTION (40+ chars), PARAMETER, EXAMPLE sections before function/class

Comment-based help indentation: keywords 4 spaces, text 8 spaces

Include examples for all parameter sets and combinations

INPUTS: List each pipeline‑accepted type as inline code with a 1‑line description...

Files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1
source/en-US/SqlPermission.strings.psd1

**/*.[Tt]ests.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-pester.instructions.md)

**/*.[Tt]ests.ps1: All public commands, private functions and classes must have unit tests
All public commands and class-based resources must have integration tests
Use Pester v5 syntax only
Test code only inside Describe blocks
Assertions only in It blocks
Never test verbose messages, debug messages or parameter binding behavior
Pass all mandatory parameters to avoid prompts
Inside It blocks, assign unused return objects to $null (unless part of pipeline)
Tested entity must be called from within the It blocks
Keep results and assertions in same It block
Avoid try-catch-finally for cleanup, use AfterAll or AfterEach
Avoid unnecessary remove/recreate cycles
One Describe block per file matching the tested entity name
Context descriptions start with 'When'
It descriptions start with 'Should', must not contain 'when'
Mock variables prefix: 'mock'
Public commands: Never use InModuleScope (unless retrieving localized strings or creating an object using an internal class)
Private functions/class resources: Always use InModuleScope
Each class method = separate Context block
Each scenario = separate Context block
Use nested Context blocks for complex scenarios
Mocking in BeforeAll (BeforeEach only when required)
Setup/teardown in BeforeAll,BeforeEach/AfterAll,AfterEach close to usage
Spacing between blocks, arrange, act, and assert for readability
PascalCase: Describe, Context, It, Should, BeforeAll, BeforeEach, AfterAll, AfterEach
Use -BeTrue/-BeFalse never -Be $true/-Be $false
Never use Assert-MockCalled, use Should -Invoke instead
No Should -Not -Throw - invoke commands directly
Never add an empty -MockWith block
Omit -MockWith when returning $null
Set $PSDefaultParameterValues for Mock:ModuleName, Should:ModuleName, InModuleScope:ModuleName
Omit -ModuleName parameter on Pester commands
Never use Mock inside InModuleScope-block
Never use param() inside -MockWith scriptblock...

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

⚙️ CodeRabbit configuration file

**/*.[Tt]ests.ps1: # Tests Guidelines

Core Requirements

All public commands, private functions and classes must have unit tests

All public commands and class-based resources must have integration tests

Use Pester v5 syntax only

Test code only inside Describe blocks

Assertions only in It blocks

Never test verbose messages, debug messages or parameter binding behavior

Pass all mandatory parameters to avoid prompts

Requirements

Inside It blocks, assign unused return objects to $null (unless part of pipeline)

Tested entity must be called from within the It blocks

Keep results and assertions in same It block

Avoid try-catch-finally for cleanup, use AfterAll or AfterEach

Avoid unnecessary remove/recreate cycles

Naming

One Describe block per file matching the tested entity name

Context descriptions start with 'When'

It descriptions start with 'Should', must not contain 'when'

Mock variables prefix: 'mock'

Structure & Scope

Public commands: Never use InModuleScope (unless retrieving localized strings or creating an object using an internal class)

Private functions/class resources: Always use InModuleScope

Each class method = separate Context block

Each scenario = separate Context block

Use nested Context blocks for complex scenarios

Mocking in BeforeAll (BeforeEach only when required)

Setup/teardown in BeforeAll,BeforeEach/AfterAll,AfterEach close to usage

Spacing between blocks, arrange, act, and assert for readability

Syntax Rules

PascalCase: Describe, Context, It, Should, BeforeAll, BeforeEach, AfterAll, AfterEach

Use -BeTrue/-BeFalse never -Be $true/-Be $false

Never use Assert-MockCalled, use Should -Invoke instead

No Should -Not -Throw - invoke commands directly

Never add an empty -MockWith block

Omit -MockWith when returning $null

Set $PSDefaultParameterValues for Mock:ModuleName, Should:ModuleName, `...

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

tests/Unit/Classes/*.[Tt]ests.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-pester.instructions.md)

Class resources: tests/Unit/Classes/{Name}.Tests.ps1

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

tests/[Uu]nit/**/*.[Tt]ests.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-unit-tests.instructions.md)

tests/[Uu]nit/**/*.[Tt]ests.ps1: Test with localized strings using InModuleScope -ScriptBlock { $script:localizedData.Key }
Mock files using the $TestDrive variable (path to the test drive)
All public commands require parameter set validation tests
Use the exact setup block with BeforeDiscovery, BeforeAll, and AfterAll blocks including DscResource.Test module import and PSDefaultParameterValues configuration
Parameter set validation tests should use Get-Command with Where-Object filtering and Should assertions to verify ParameterSetName and ParameterListAsString
Parameter property tests should verify mandatory parameter attributes using Get-Command Parameters and Should -BeTrue assertions

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

⚙️ CodeRabbit configuration file

tests/[Uu]nit/**/*.[Tt]ests.ps1: # Unit Tests Guidelines

Test with localized strings: Use InModuleScope -ScriptBlock { $script:localizedData.Key }
Mock files: Use $TestDrive variable (path to the test drive)
All public commands require parameter set validation tests
After modifying classes, always run tests in new session (for changes to take effect)

Test Setup Requirements

Use this exact setup block before Describe:

[System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '', Justification = 'Suppressing this rule because Script Analyzer does not understand Pester syntax.')]
param ()

BeforeDiscovery {
    try
    {
        if (-not (Get-Module -Name 'DscResource.Test'))
        {
            # Assumes dependencies have been resolved, so if this module is not available, run 'noop' task.
            if (-not (Get-Module -Name 'DscResource.Test' -ListAvailable))
            {
                # Redirect all streams to $null, except the error stream (stream 2)
                & "$PSScriptRoot/../../../build.ps1" -Tasks 'noop' 3>&1 4>&1 5>&1 6>&1 > $null
            }

            # If the dependencies have not been resolved, this will throw an error.
            Import-Module -Name 'DscResource.Test' -Force -ErrorAction 'Stop'
        }
    }
    catch [System.IO.FileNotFoundException]
    {
        throw 'DscResource.Test module dependency not found. Please run ".\build.ps1 -ResolveDependency -Tasks noop" first.'
    }
}

BeforeAll {
    $script:moduleName = '{MyModuleName}'

    Import-Module -Name $script:moduleName -Force -ErrorAction 'Stop'

    $PSDefaultParameterValues['InModuleScope:ModuleName'] = $script:moduleName
    $PSDefaultParameterValues['Mock:ModuleName'] = $script:moduleName
    $PSDefaultParameterValues['Should:ModuleName'] = $script:moduleName
}

AfterAll {
    $PSDefaultParameterValues.Remove('InModuleScope:ModuleName')
    $PSDefaultParameterValues.Remove('Mock:ModuleNam...

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

tests/Unit/**/*.Tests.ps1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines.instructions.md)

Unit tests should be located in tests/Unit/{Classes|Public|Private}/{Name}.Tests.ps1

Files:

tests/Unit/Classes/SqlPermission.Tests.ps1

source/en-US/*.strings.psd1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-localization.instructions.md)

source/en-US/*.strings.psd1: Store command/function localized strings in source/en-US/{MyModuleName}.strings.psd1 files
Store class resource localized strings in source/en-US/{ResourceClassName}.strings.psd1 files
Use Key Naming Pattern format: Verb_FunctionName_Action with underscore separators (e.g., Get_Database_ConnectingToDatabase)
Format localized strings using ConvertFrom-StringData with placeholder syntax: KeyName = Message with {0} placeholder. (PREFIX0001)
Prefix string IDs with an acronym derived from the first letter of each word in the class or function name (e.g., SqlSetup → SS, Get-SqlDscDatabase → GSDD), followed by sequential numbers starting from 0001

Files:

source/en-US/SqlPermission.strings.psd1

**/*.psd1

📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-powershell.instructions.md)

Do not use NestedModules for shared commands without RootModule

Files:

source/en-US/SqlPermission.strings.psd1

🧠 Learnings (31)

📓 Common learnings

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/resources/**/*.ps1 : Database Engine resources must inherit from `SqlResourceBase`

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2136
File: source/Public/Remove-SqlDscLogin.ps1:104-108
Timestamp: 2025-08-17T10:13:30.079Z
Learning: In SqlServerDsc unit tests, SMO object stubs (like Login objects) should have properly mocked Parent properties with correct Server stub types and valid InstanceName values, rather than handling null Parent scenarios in production code.

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/tests/Integration/**/*.ps1 : Integration tests: use `Connect-SqlDscDatabaseEngine` for SQL Server DB session with correct CI credentials, and always follow with `Disconnect-SqlDscDatabaseEngine`

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/tests/Integration/**/*.ps1 : Integration tests: use `Connect-SqlDscDatabaseEngine` for SQL Server DB session with correct CI credentials, and always follow with `Disconnect-SqlDscDatabaseEngine`

Applied to files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-08-17T10:13:30.079Z

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2136
File: source/Public/Remove-SqlDscLogin.ps1:104-108
Timestamp: 2025-08-17T10:13:30.079Z
Learning: In SqlServerDsc unit tests, SMO object stubs (like Login objects) should have properly mocked Parent properties with correct Server stub types and valid InstanceName values, rather than handling null Parent scenarios in production code.

Applied to files:

source/Classes/020.SqlPermission.ps1
tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/tests/**/*.tests.ps1 : When unit tests test classes or commands containing SMO types like `[Microsoft.SqlServer.Management.Smo.*]`, ensure they are properly stubbed in SMO.cs

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/tests/**/*.tests.ps1 : In unit tests: use SMO stub types from SMO.cs, never mock SMO types

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: Applies to **/tests/**/*.tests.ps1 : Add `$env:SqlServerDscCI = $true` in `BeforeAll` block and remove in `AfterAll` block of unit tests

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:02.422Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T17:58:02.422Z
Learning: After changing SMO stub types in SMO.cs, run tests in a new PowerShell session for changes to take effect

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Mock variables prefix: 'mock'

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to tests/Unit/Public/*.[Tt]ests.ps1 : Public commands: `tests/Unit/Public/{Name}.Tests.ps1`

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Mocking in `BeforeAll` (`BeforeEach` only when required)

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Set `$PSDefaultParameterValues` for `Mock:ModuleName`, `Should:ModuleName`, `InModuleScope:ModuleName`

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : No `Should -Not -Throw` - invoke commands directly

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Never use `Assert-MockCalled`, use `Should -Invoke` instead

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:31.910Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-integration-tests.instructions.md:0-0
Timestamp: 2025-11-27T17:58:31.910Z
Learning: Applies to tests/Integration/**/*.Integration.Tests.ps1 : Avoid `ExpectedMessage` parameter for `Should -Throw` assertions in integration tests

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Never use `Mock` inside `InModuleScope`-block

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Never add an empty `-MockWith` block

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Omit `-MockWith` when returning `$null`

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T18:00:20.934Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-unit-tests.instructions.md:0-0
Timestamp: 2025-11-27T18:00:20.934Z
Learning: Applies to tests/[Uu]nit/**/*.[Tt]ests.ps1 : Parameter set validation tests should use Get-Command with Where-Object filtering and Should assertions to verify ParameterSetName and ParameterListAsString

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T18:00:20.934Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-unit-tests.instructions.md:0-0
Timestamp: 2025-11-27T18:00:20.934Z
Learning: Applies to tests/[Uu]nit/**/*.[Tt]ests.ps1 : Parameter property tests should verify mandatory parameter attributes using Get-Command Parameters and Should -BeTrue assertions

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-12-04T17:07:00.186Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-powershell.instructions.md:0-0
Timestamp: 2025-12-04T17:07:00.186Z
Learning: Applies to **/*.{ps1,psm1,psd1} : Place ShouldProcess check immediately before each state-change operation

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Never use `param()` inside `-MockWith` scriptblocks, parameters are auto-bound

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-08-17T10:15:48.194Z

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2136
File: tests/Unit/Public/Remove-SqlDscLogin.Tests.ps1:36-39
Timestamp: 2025-08-17T10:15:48.194Z
Learning: Public command unit tests guideline: Never use InModuleScope unless accessing localized strings from $script:localizedData. PSDefaultParameterValues for InModuleScope should be kept in public command tests to support localized string retrieval when necessary.

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-10-12T12:10:48.625Z

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2303
File: tests/Integration/Commands/PostInstallationConfiguration.Integration.Tests.ps1:127-143
Timestamp: 2025-10-12T12:10:48.625Z
Learning: For the SqlServerDsc module integration tests, ForceEncryption should not be enabled on the SQL Server instance (DSCSQLTEST) because the module needs to test both encrypted and non-encrypted connection scenarios in CI.

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T18:00:20.934Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-unit-tests.instructions.md:0-0
Timestamp: 2025-11-27T18:00:20.934Z
Learning: Applies to tests/[Uu]nit/**/*.[Tt]ests.ps1 : All public commands require parameter set validation tests

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T18:00:35.078Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines.instructions.md:0-0
Timestamp: 2025-11-27T18:00:35.078Z
Learning: Follow PowerShell style and test guideline instructions strictly

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-08-16T13:22:15.230Z

Learnt from: johlju
Repo: dsccommunity/SqlServerDsc PR: 2134
File: tests/Unit/Public/Get-SqlDscLogin.Tests.ps1:78-93
Timestamp: 2025-08-16T13:22:15.230Z
Learning: In PowerShell unit tests for parameter validation in SqlServerDsc, accessing parameter attributes directly like `$cmd.Parameters['ParameterName'].Attributes.Mandatory` works correctly because PowerShell automatically iterates through the array and returns the property values. Additional filtering to ParameterAttribute is not necessary when the parameter structure is known and controlled.

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:31.910Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-integration-tests.instructions.md:0-0
Timestamp: 2025-11-27T17:58:31.910Z
Learning: Applies to tests/Integration/**/*.Integration.Tests.ps1 : Call commands with `-Force` parameter where applicable to avoid prompting

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Each scenario = separate `Context` block

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:59:27.205Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-pester.instructions.md:0-0
Timestamp: 2025-11-27T17:59:27.205Z
Learning: Applies to **/*.[Tt]ests.ps1 : Use nested `Context` blocks for complex scenarios

Applied to files:

tests/Unit/Classes/SqlPermission.Tests.ps1

📚 Learning: 2025-11-27T17:58:42.327Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-localization.instructions.md:0-0
Timestamp: 2025-11-27T17:58:42.327Z
Learning: Applies to source/en-US/*.strings.psd1 : Use Key Naming Pattern format: Verb_FunctionName_Action with underscore separators (e.g., Get_Database_ConnectingToDatabase)

Applied to files:

source/en-US/SqlPermission.strings.psd1

📚 Learning: 2025-11-27T17:58:42.327Z

Learnt from: CR
Repo: dsccommunity/SqlServerDsc PR: 0
File: .github/instructions/dsc-community-style-guidelines-localization.instructions.md:0-0
Timestamp: 2025-11-27T17:58:42.327Z
Learning: Applies to source/en-US/*.strings.psd1 : Prefix string IDs with an acronym derived from the first letter of each word in the class or function name (e.g., SqlSetup → SS, Get-SqlDscDatabase → GSDD), followed by sequential numbers starting from 0001

Applied to files:

source/en-US/SqlPermission.strings.psd1

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

GitHub Check: dsccommunity.SqlServerDsc (Build Package Module)
GitHub Check: PSScriptAnalyzer
GitHub Check: PSScriptAnalyzer

🔇 Additional comments (15)

tests/Unit/Classes/SqlPermission.Tests.ps1 (8)

1069-1076: LGTM!

The addition of Test-SqlDscIsRole mock correctly aligns with the source changes that now check for both login and server role principals. The mock pattern follows guidelines with no -MockWith block when returning $false.

1101-1201: Good test coverage for server role principals.

The new context properly validates the server role principal path, including correct mock setup and verification that Get-SqlDscRole and Grant-SqlDscServerPermission are invoked appropriately.

1256-1268: LGTM!

The mock setup correctly creates the Login SMO object with a proper Server parent containing the InstanceName. The permission command mocks follow the guideline of omitting -MockWith when returning $null.

1292-1299: LGTM!

The parameter filter correctly validates that Grant-SqlDscServerPermission is called with the expected permission and properly distinguishes between regular Grant (no WithGrant) and GrantWithGrant scenarios.

1303-1395: LGTM!

Good addition of a dedicated context to test the Deny permission path. The test properly verifies that Deny-SqlDscServerPermission is invoked with the correct permission.

1485-1502: LGTM!

The revoke assertions properly validate that Revoke-SqlDscServerPermission is called for each permission state with the correct permissions and WithGrant parameter handling.

1709-1709: LGTM!

The renamed context accurately reflects that the tests now cover failures from the granular Grant/Deny/Revoke commands rather than the deprecated Set-SqlDscServerPermission.

1772-1780: LGTM!

The error-throwing mocks for all three permission commands ensure the error handling paths are exercised when any operation fails.

source/Classes/020.SqlPermission.ps1 (6)

356-373: LGTM!

Good refactoring to support both logins and server roles. The combined check (-not $isLogin -and -not $isRole) correctly handles the case where the principal doesn't exist as either type, and the error message has been updated to reflect this.

375-385: LGTM!

The principal object retrieval correctly uses Get-SqlDscLogin or Get-SqlDscRole based on the principal type, with -ErrorAction 'Stop' ensuring any failures are properly handled.

471-506: LGTM!

The revoke logic correctly:

Guards against empty permission arrays before calling the revoke command

Handles WithGrant for GrantWithGrant state

Uses the appropriate -Login or -ServerRole parameter based on principal type

Properly catches and rethrows errors with localized messages

528-543: LGTM!

The Grant implementation correctly builds parameters and dispatches to Grant-SqlDscServerPermission with the appropriate principal parameter.

545-561: LGTM!

The GrantWithGrant case correctly adds WithGrant = $true to the parameters before calling Grant-SqlDscServerPermission.

563-578: LGTM!

The Deny implementation correctly uses Deny-SqlDscServerPermission with the appropriate principal parameter.

source/en-US/SqlPermission.strings.psd1 (1)

15-15: LGTM!

The updated error message correctly reflects that the principal can now be either a login or a server role, aligning with the source code changes in Modify().

…incipal parameters

SqlPermission: Refactor to use new server permission commands

76774fc

johlju requested a review from a team as a code owner December 4, 2025 20:16

coderabbitai bot reviewed Dec 4, 2025

View reviewed changes

johlju and others added 2 commits December 5, 2025 18:23

SqlPermission: Update logic to check for server roles and enhance err…

f7d4ca4

…or messages

Merge branch 'main' into fix/issue-#2159

a28c2d6

coderabbitai bot reviewed Dec 5, 2025

View reviewed changes

SqlPermission: Simplify permission handling by using splatting for pr…

364c0de

…incipal parameters

johlju merged commit 0037064 into dsccommunity:main Dec 6, 2025
48 checks passed

johlju deleted the fix/issue-#2159 branch December 6, 2025 13:28

This was referenced Dec 6, 2025

Set-SqlDscServerPermission: Refactor to set exact permission #2361

Merged

SqlPermission: Added integration tests for server role permissions #2362

Merged

johlju mentioned this pull request Dec 7, 2025

SqlPermission can not grant permissions to a SqlRole #2057

Closed

This was referenced Dec 31, 2025

Update tests for ResourceBase 2.0 #2386

Merged

Fix DatabasePermission and ServerPermission Equals() and add GetHashCode() override #2392

Merged

Conversation

johlju commented Dec 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Pull Request (PR) description

This Pull Request (PR) fixes the following issues

Task list

Uh oh!

coderabbitai bot commented Dec 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

Possibly related PRs

Pre-merge checks

Requirements

Required constructor

Required Method Pattern

Optional Method Pattern

Requirements

String Files

Key Naming Patterns

String Format

String IDs

Usage

Terminology

Build & Test Workflow Requirements

File Organization

Requirements

Naming

File naming

Formatting

Indentation & Spacing

Braces

Quotes

Arrays

Hashtables

Comments

Comment-based help

Core Requirements

Requirements

Naming

Structure & Scope

Syntax Rules

Test Setup Requirements

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Text Formatting

Terminology

Build & Test Workflow Requirements

File Organization

Requirements

Requirements

Required constructor

Required Method Pattern

Optional Method Pattern

Requirements

String Files

Key Naming Patterns

String Format

String IDs

Usage

Naming

File naming

Formatting

Indentation & Spacing

Braces

Quotes

Arrays

Hashtables

Comments

Comment-based help

Core Requirements

Requirements

Naming

Structure & Scope

Syntax Rules

Test Setup Requirements

Uh oh!

codecov bot commented Dec 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

johlju commented Dec 4, 2025 •

edited

Loading

coderabbitai bot commented Dec 4, 2025 •

edited

Loading

codecov bot commented Dec 4, 2025 •

edited

Loading