feat: add login_role module

plugins/modules/login_role.ps1

@@ -0,0 +1,114 @@
+#!powershell
+# -*- coding: utf-8 -*-
+
+# (c) 2022, John McCall (@lowlydba)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+#AnsibleRequires -CSharpUtil Ansible.Basic
+#AnsibleRequires -PowerShell ansible_collections.lowlydba.sqlserver.plugins.module_utils._SqlServerUtils
+#Requires -Modules @{ ModuleName="dbatools"; ModuleVersion="2.0.0" }
+
+$ErrorActionPreference = "Stop"
+
+$spec = @{
+    supports_check_mode = $true
+    options = @{
+        login = @{type = 'str'; required = $true }
+        server_role = @{type = 'str'; required = $true }
+        state = @{type = 'str'; required = $false; default = 'present'; choices = @('present', 'absent') }
+    }
+}
+
+$module = [Ansible.Basic.AnsibleModule]::Create($args, $spec, @(Get-LowlyDbaSqlServerAuthSpec))
+$sqlInstance, $sqlCredential = Get-SqlCredential -Module $module
+$login = $module.Params.database
+$serverRole = $module.Params.server_role
+$state = $module.Params.state
+$checkMode = $module.CheckMode
+
+$module.Result.changed = $false
+
+$getLoginSplat = @{
+    SqlInstance = $sqlInstance
+    SqlCredential = $sqlCredential
+    Login = $login
+    EnableException = $true
+}
+$getRoleSplat = @{
+    SqlInstance = $sqlInstance
+    SqlCredential = $sqlCredential
+    ServerRole = $serverRole
+    EnableException = $true
+}
+$getRoleMemberSplat = @{
+    SqlInstance = $sqlInstance
+    SqlCredential = $sqlCredential
+    Login = $login
+    ServerRole = $serverRole
+    IncludeSystemUser = $true
+    EnableException = $true
+}
+
+$existingLogin = Get-DbaLogin @getLoginSplat
+if ($null -eq $existingLogin) {
+    $module.FailJson("Login [$login] does not exist.")
+}
+$existingRole = Get-DbaServerRole @getRoleSplat
+if ($null -eq $existingRole) {
+    $module.FailJson("Server role [$serverRole] does not exist.")
+}
+
+# Get role member
+$existingRoleMember = Get-DbaServerRoleMember @getRoleMemberSplat
+
+if ($state -eq "absent") {
+    if ($null -ne $existingRoleMember) {
+        try {
+            $removeRoleMemberSplat = @{
+                SqlInstance = $sqlInstance
+                SqlCredential = $sqlCredential
+                Login = $login
+                ServerRole = $serverRole
+                EnableException = $true
+                WhatIf = $checkMode
+                Confirm = $false
+            }
+            $output = Remove-DbaServerRoleMember @removeRoleMemberSplat
+            $module.Result.changed = $true
+        }
+        catch {
+            $module.FailJson("Removing login [$login] from server role [$role] failed: $($_.Exception.Message)", $_)
+        }
+    }
+}
+elseif ($state -eq "present") {
+    # Add user to role
+    if ($null -eq $existingRoleMembers) {
+        try {
+            $addRoleMemberSplat = @{
+                SqlInstance = $sqlInstance
+                SqlCredential = $sqlCredential
+                Login = $login
+                ServerRole = $serverRole
+                EnableException = $true
+                WhatIf = $checkMode
+                Confirm = $false
+            }
+            $output = Add-DbaServerRoleMember @addRoleMemberSplat
+            $module.Result.changed = $true
+        }
+        catch {
+            $module.FailJson("Adding login [$login] to server role [$serverRole] failed: $($_.Exception.Message)", $_)
+        }
+    }
+}
+try {
+    if ($null -ne $output) {
+        $resultData = ConvertTo-SerializableObject -InputObject $output
+        $module.Result.data = $resultData
+    }
+    $module.ExitJson()
+}
+catch {
+    $module.FailJson("Failure: $($_.Exception.Message)", $_)
+}

plugins/modules/login_role.py

@@ -0,0 +1,63 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2022, John McCall (@lowlydba)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+DOCUMENTATION = r'''
+---
+module: login_role
+short_description: Configures a login's  server roles.
+description:
+  - Adds or removes a login's server role.
+version_added: 2.5.0
+options:
+  login:
+    description:
+      - Name of the login.
+    type: str
+    required: true
+  server_role:
+    description:
+      - The server role for the login to be modified.
+    type: str
+    required: true
+author: "John McCall (@lowlydba)"
+requirements:
+  - L(dbatools,https://www.powershellgallery.com/packages/dbatools/) PowerShell module
+extends_documentation_fragment:
+  - lowlydba.sqlserver.sql_credentials
+  - lowlydba.sqlserver.attributes.check_mode
+  - lowlydba.sqlserver.attributes.platform_all
+  - lowlydba.sqlserver.state
+'''
+
+EXAMPLES = r'''
+- name: Add a user to a fixed server role
+  lowlydba.sqlserver.login_role:
+    sql_instance: sql-01.myco.io
+    login: TheIntern
+    server_role: sysadmin
+
+- name: Remove a user from a fixed server role
+  lowlydba.sqlserver.login_role:
+    sql_instance: sql-01.myco.io
+    sql_instance: sql-01.myco.io
+    login: TheIntern
+    server_role: sysadmin
+    state: absent
+
+- name: Add a user to a custom server role
+  lowlydba.sqlserver.login_role:
+    sql_instance: sql-01.myco.io
+    sql_instance: sql-01.myco.io
+    login: TheIntern
+    server_role: demi-admin
+'''
+
+RETURN = r'''
+data:
+  description: Output from the C(Remove-DbaDbRoleMember), (Get-DbaDbRoleMember), or C(Add-DbaDbRoleMember) functions.
+  returned: success, but not in check_mode.
+  type: dict
+'''