From b6303685babf3f6d849f683aa5c4f9382c22aa64 Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 12 Dec 2022 18:51:28 +0000 Subject: [PATCH 01/52] add: role module --- plugins/modules/roles.ps1 | 114 ++++++++++++++++++++++++++++++++++++++ plugins/modules/roles.py | 73 ++++++++++++++++++++++++ 2 files changed, 187 insertions(+) create mode 100644 plugins/modules/roles.ps1 create mode 100644 plugins/modules/roles.py diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 new file mode 100644 index 00000000..6ce99742 --- /dev/null +++ b/plugins/modules/roles.ps1 @@ -0,0 +1,114 @@ +#!powershell +# -*- coding: utf-8 -*- + +# (c) 2022, John McCall (@lowlydba) +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +#AnsibleRequires -CSharpUtil Ansible.Basic +#AnsibleRequires -PowerShell ansible_collections.lowlydba.sqlserver.plugins.module_utils._SqlServerUtils +#Requires -Modules @{ ModuleName="dbatools"; ModuleVersion="1.1.112" } + +$ErrorActionPreference = "Stop" + +$spec = @{ + supports_check_mode = $true + options = @{ + database = @{type = 'str'; required = $true } + username = @{type = 'str'; required = $true } + roles = @{type = 'list'; elements='str'; required = $true } + state = @{type = 'str'; required = $false; default = 'present'; choices = @('present', 'absent') } + } +} + + +$module = [Ansible.Basic.AnsibleModule]::Create($args, $spec, @(Get-LowlyDbaSqlServerAuthSpec)) +$sqlInstance, $sqlCredential = Get-SqlCredential -Module $module +$username = $module.Params.username +$database = $module.Params.database +$roles = $module.Params.roles +$state = $module.Params.state +$checkMode = $module.CheckMode + +$module.Result.changed = $false + +$getRoleSplat = @{ + SqlInstance = $sqlInstance + SqlCredential = $sqlCredential + Database = $database + EnableException = $true +} +$existingRoleObjects = Get-DbaDbRoleMember @getRoleSplat | where {$_.UserName -eq $username} + +if ($state -eq "absent") { + # loop through all roles to remove and see if they are assigned to the user + $removeRoles = @() + foreach ($roleObject in $existingRoleObjects) { + if ($roles -Contains $roleObject.role) { + $removeRoles += $roleObject.role + } + } + if ($null -ne $removeRoles) { + try { + $removeRolesSplat = @{ + SqlInstance = $sqlInstance + SqlCredential = $sqlCredential + User = $username + Database = $database + Role = $removeRoles -join "," + EnableException = $true + WhatIf = $checkMode + Confirm = $false + } + $output = Remove-DbaDbRoleMember @removeUserSplat + $module.Result.changed = $true + } + catch { + $module.FailJson("Removing role failed: $($_.Exception.Message)", $_) + } + } + else { + $output = $existingRoleObjects + } +} +elseif ($state -eq "present") { + $existingRoles = @() + # build an array of roles for the selected user + foreach ($roleObject in $existingRoleObjects) { + $existingRoles += $roleObject.role + } + # compare the list of roles to add vs the existing roles for the user and get the difference + $addRoles = $roles | where {$existingRoles -NotContains $_} + if ($null -ne $addRoles) { + try { + # No Set-DbaDbUser command exists, use SMO + $addRolesSplat = @{ + SqlInstance = $sqlInstance + SqlCredential = $sqlCredential + User = $username + Database = $database + Role = $addRoles -join "," + EnableException = $true + WhatIf = $checkMode + Confirm = $false + } + $output = Add-DbaDbRoleMember @addRolesSplat + $module.Result.changed = $true + } + catch { + $module.FailJson("Adding role failed: $($_.Exception.Message)", $_) + } + } + else { + $output = $existingRoleObjects + } +} +try { + if ($null -ne $output) { + $resultData = ConvertTo-SerializableObject -InputObject $output + $module.Result.data = $resultData + } + $module.ExitJson() +} +catch { + $module.FailJson("Failure: $($_.Exception.Message)", $_) +} diff --git a/plugins/modules/roles.py b/plugins/modules/roles.py new file mode 100644 index 00000000..cdc8622e --- /dev/null +++ b/plugins/modules/roles.py @@ -0,0 +1,73 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# (c) 2022, John McCall (@lowlydba) +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r''' +--- +module: user +short_description: Add or remove one or more roles for a given user in a specific database. +description: + - Add or remove one or more roles for a given user in a specific database. Returns a list of current roles if there are no changes. +version_added: 2.4.0 +options: + username: + description: + - Name of the user. + type: str + required: true + database: + description: + - Database for the user. + type: str + required: true + roles: + description: + - Specifies a comma separated list of roles to add or remove + type: list + elements: str + required: true + +author: + - "Joe Krilov (@joey40)" + - "John McCall (@lowlydba)" +requirements: + - L(dbatools,https://www.powershellgallery.com/packages/dbatools/) PowerShell module +extends_documentation_fragment: + - lowlydba.sqlserver.sql_credentials + - lowlydba.sqlserver.attributes.check_mode + - lowlydba.sqlserver.attributes.platform_all + - lowlydba.sqlserver.state +''' + +EXAMPLES = r''' +- name: Add a single role for a user + lowlydba.sqlserver.role: + sql_instance: sql-01.myco.io + username: TheIntern + database: InternProject1 + role: db_datareader + +- name: Add multiple roles for a user + lowlydba.sqlserver.role: + sql_instance: sql-01.myco.io + username: TheIntern + database: InternProject1 + role: db_datareader, db_datawriter + +- name: Remove roles for a user + lowlydba.sqlserver.role: + sql_instance: sql-01.myco.io + username: TheIntern + database: InternProject1 + role: db_datareader, db_datawriter + state: absent +''' + +RETURN = r''' +data: + description: Output from the C(Add-DbaDbRoleMember), C(Get-DbaDbRoleMember), or C(Remove-DbaDbRoleMember) function. + returned: success, but not in check_mode. + type: dict +''' From fe6bc2979e19f3e5899ba16aca3766b71109b8d9 Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 12 Dec 2022 19:52:47 +0000 Subject: [PATCH 02/52] add: role module tests --- tests/integration/targets/roles/aliases | 2 + tests/integration/targets/roles/meta/main.yml | 3 + .../integration/targets/roles/tasks/main.yml | 133 ++++++++++++++++++ tests/integration/targets/win_roles/aliases | 5 + .../targets/win_roles/meta/main.yml | 3 + 5 files changed, 146 insertions(+) create mode 100644 tests/integration/targets/roles/aliases create mode 100644 tests/integration/targets/roles/meta/main.yml create mode 100644 tests/integration/targets/roles/tasks/main.yml create mode 100644 tests/integration/targets/win_roles/aliases create mode 100644 tests/integration/targets/win_roles/meta/main.yml diff --git a/tests/integration/targets/roles/aliases b/tests/integration/targets/roles/aliases new file mode 100644 index 00000000..4f4b6b91 --- /dev/null +++ b/tests/integration/targets/roles/aliases @@ -0,0 +1,2 @@ +context/target +setup/once/setup_sqlserver diff --git a/tests/integration/targets/roles/meta/main.yml b/tests/integration/targets/roles/meta/main.yml new file mode 100644 index 00000000..a3309752 --- /dev/null +++ b/tests/integration/targets/roles/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - setup_sqlserver_test_plugins diff --git a/tests/integration/targets/roles/tasks/main.yml b/tests/integration/targets/roles/tasks/main.yml new file mode 100644 index 00000000..9899cb02 --- /dev/null +++ b/tests/integration/targets/roles/tasks/main.yml @@ -0,0 +1,133 @@ +--- +- name: Var block + vars: + login_name: "MrRoleTest" + plain_password: "P0pS3cret!23$%" + password_expiration_enabled: false + password_policy_enforced: false + password_must_change: false + enabled: false + default_database: "master" + language: "us_english" + default_schema: "dbo" + username: "MrRoleTest" + database: "master" + module_defaults: + lowlydba.sqlserver.roles: + sql_instance: "{{ sqlserver_instance }}" + sql_username: "{{ sqlserver_username }}" + sql_password: "{{ sqlserver_password }}" + username: "{{ username }}" + database: "{{ database }}" + lowlydba.sqlserver.login: + sql_instance: "{{ sqlserver_instance }}" + sql_username: "{{ sqlserver_username }}" + sql_password: "{{ sqlserver_password }}" + default_database: "{{ default_database }}" + login: "{{ login_name }}" + password: "{{ plain_password }}" + password_expiration_enabled: "{{ password_expiration_enabled }}" + password_must_change: "{{ password_must_change }}" + enabled: "{{ enabled }}" + language: "{{ language }}" + state: present + lowlydba.sqlserver.user: + sql_instance: "{{ sqlserver_instance }}" + sql_username: "{{ sqlserver_username }}" + sql_password: "{{ sqlserver_password }}" + database: "{{ database }}" + login: "{{ login_name }}" + username: "{{ username }}" + default_schema: "{{ default_schema }}" + state: present + tags: ["roles"] + block: + - name: Create login + lowlydba.sqlserver.login: + register: result + - assert: + that: + - result.data != None + + - name: Create user + lowlydba.sqlserver.user: + register: result + - assert: + that: + - result.data != None + + - name: Add roles for the user + lowlydba.sqlserver.roles: + roles: db_datareader, db_datawriter + register: result + - assert: + that: + - result.data != None + - result.data.ComputerName != None + - result.data.InstanceName != None + - result.data.SqlInstance != None + - result.data.User == "{{ username }}" + - result.data.Database == "{{ database }}" + - result is changed + + - name: Add roles for the user in checkmode + lowlydba.sqlserver.roles: + roles: db_datareader, db_datawriter, db_ddladmin + register: result + check_mode: true + - assert: + that: + - result is changed + + - name: Verify no changes from checkmode + lowlydba.sqlserver.roles: + roles: db_datareader, db_datawriter + register: result + - assert: + that: + - result.data != None + - result.data.ComputerName != None + - result.data.InstanceName != None + - result.data.SqlInstance != None + - result.data.User == "{{ username }}" + - result.data.Database == "{{ database }}" + - result is not changed + + - name: Drop roles for the user + lowlydba.sqlserver.roles: + roles: db_datareader, db_datawriter + state: "absent" + register: result + - assert: + that: + - result.data != None + - result.data.ComputerName != None + - result.data.InstanceName != None + - result.data.SqlInstance != None + - result.data.User == "{{ username }}" + - result.data.Database == "{{ database }}" + - result is changed + + - name: Drop user + lowlydba.sqlserver.user: + state: "absent" + register: result + - assert: + that: + - result.data != None + + - name: Drop login + lowlydba.sqlserver.login: + state: "absent" + register: result + - assert: + that: + - result.data != None + + always: + - name: Drop user + lowlydba.sqlserver.user: + state: "absent" + - name: Drop login + lowlydba.sqlserver.login: + state: "absent" diff --git a/tests/integration/targets/win_roles/aliases b/tests/integration/targets/win_roles/aliases new file mode 100644 index 00000000..8788acbd --- /dev/null +++ b/tests/integration/targets/win_roles/aliases @@ -0,0 +1,5 @@ +windows/all +windows/group/1 +context/target +setup/once/setup_win_sqlserver +needs/target/roles diff --git a/tests/integration/targets/win_roles/meta/main.yml b/tests/integration/targets/win_roles/meta/main.yml new file mode 100644 index 00000000..48fe029c --- /dev/null +++ b/tests/integration/targets/win_roles/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - roles From e8262450d2357a671268310bb5007ebf571c2007 Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 12 Dec 2022 19:58:39 +0000 Subject: [PATCH 03/52] add: changelog fragment --- changelogs/fragments/add_roles_module.yml | 2 ++ changelogs/fragments/fix_doc_example.yml | 2 -- 2 files changed, 2 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/add_roles_module.yml delete mode 100644 changelogs/fragments/fix_doc_example.yml diff --git a/changelogs/fragments/add_roles_module.yml b/changelogs/fragments/add_roles_module.yml new file mode 100644 index 00000000..d591397d --- /dev/null +++ b/changelogs/fragments/add_roles_module.yml @@ -0,0 +1,2 @@ +minor_changes: + - New module to add/remove database roles for a given user. diff --git a/changelogs/fragments/fix_doc_example.yml b/changelogs/fragments/fix_doc_example.yml deleted file mode 100644 index 3abf9fcd..00000000 --- a/changelogs/fragments/fix_doc_example.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - Fixes mismatched parameters in the credential documentation From 57c7cac1f3e97d10928d6f9f2348b60bc74d09b2 Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 12 Dec 2022 21:32:50 +0000 Subject: [PATCH 04/52] fix: linting errors --- plugins/modules/roles.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index 6ce99742..f96cad86 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -15,7 +15,7 @@ $spec = @{ options = @{ database = @{type = 'str'; required = $true } username = @{type = 'str'; required = $true } - roles = @{type = 'list'; elements='str'; required = $true } + roles = @{type = 'list'; elements = 'str'; required = $true } state = @{type = 'str'; required = $false; default = 'present'; choices = @('present', 'absent') } } } @@ -37,7 +37,7 @@ $getRoleSplat = @{ Database = $database EnableException = $true } -$existingRoleObjects = Get-DbaDbRoleMember @getRoleSplat | where {$_.UserName -eq $username} +$existingRoleObjects = Get-DbaDbRoleMember @getRoleSplat | Where-Object { $_.UserName -eq $username } if ($state -eq "absent") { # loop through all roles to remove and see if they are assigned to the user @@ -59,7 +59,7 @@ if ($state -eq "absent") { WhatIf = $checkMode Confirm = $false } - $output = Remove-DbaDbRoleMember @removeUserSplat + $output = Remove-DbaDbRoleMember @removeRolesSplat $module.Result.changed = $true } catch { @@ -77,7 +77,7 @@ elseif ($state -eq "present") { $existingRoles += $roleObject.role } # compare the list of roles to add vs the existing roles for the user and get the difference - $addRoles = $roles | where {$existingRoles -NotContains $_} + $addRoles = $roles | Where-Object { $existingRoles -NotContains $_ } if ($null -ne $addRoles) { try { # No Set-DbaDbUser command exists, use SMO From 9bdfcf481c1ddc8944f6756f283c2b1cd887087e Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 12 Dec 2022 21:34:56 +0000 Subject: [PATCH 05/52] fix: documentation role and version --- plugins/modules/roles.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/modules/roles.py b/plugins/modules/roles.py index cdc8622e..a82e1a27 100644 --- a/plugins/modules/roles.py +++ b/plugins/modules/roles.py @@ -6,11 +6,11 @@ DOCUMENTATION = r''' --- -module: user +module: roles short_description: Add or remove one or more roles for a given user in a specific database. description: - Add or remove one or more roles for a given user in a specific database. Returns a list of current roles if there are no changes. -version_added: 2.4.0 +version_added: 1.4.0 options: username: description: From 2412029345b2fcb1b776cd6b6047e799173c2cec Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 12 Dec 2022 21:48:47 +0000 Subject: [PATCH 06/52] fix: test data --- tests/integration/targets/roles/tasks/main.yml | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/tests/integration/targets/roles/tasks/main.yml b/tests/integration/targets/roles/tasks/main.yml index 9899cb02..0c8c6bd2 100644 --- a/tests/integration/targets/roles/tasks/main.yml +++ b/tests/integration/targets/roles/tasks/main.yml @@ -62,12 +62,6 @@ register: result - assert: that: - - result.data != None - - result.data.ComputerName != None - - result.data.InstanceName != None - - result.data.SqlInstance != None - - result.data.User == "{{ username }}" - - result.data.Database == "{{ database }}" - result is changed - name: Add roles for the user in checkmode @@ -85,12 +79,6 @@ register: result - assert: that: - - result.data != None - - result.data.ComputerName != None - - result.data.InstanceName != None - - result.data.SqlInstance != None - - result.data.User == "{{ username }}" - - result.data.Database == "{{ database }}" - result is not changed - name: Drop roles for the user @@ -100,12 +88,6 @@ register: result - assert: that: - - result.data != None - - result.data.ComputerName != None - - result.data.InstanceName != None - - result.data.SqlInstance != None - - result.data.User == "{{ username }}" - - result.data.Database == "{{ database }}" - result is changed - name: Drop user From 00eaf21c7635e2dc3aa6da276fb7394180ac0f63 Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 12 Dec 2022 22:18:58 +0000 Subject: [PATCH 07/52] feat: turn on verbosity --- plugins/modules/roles.ps1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index f96cad86..18c33d3b 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -58,6 +58,7 @@ if ($state -eq "absent") { EnableException = $true WhatIf = $checkMode Confirm = $false + Verbose = $true } $output = Remove-DbaDbRoleMember @removeRolesSplat $module.Result.changed = $true @@ -90,6 +91,7 @@ elseif ($state -eq "present") { EnableException = $true WhatIf = $checkMode Confirm = $false + Verbose = $true } $output = Add-DbaDbRoleMember @addRolesSplat $module.Result.changed = $true From abc1a711ea2c8184f34bbc54330e14ae15aff9cb Mon Sep 17 00:00:00 2001 From: Joe K Date: Tue, 13 Dec 2022 01:48:51 +0000 Subject: [PATCH 08/52] feat: add additional output --- plugins/modules/roles.ps1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index 18c33d3b..404d2174 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -47,6 +47,7 @@ if ($state -eq "absent") { $removeRoles += $roleObject.role } } + $module.Result.remove = $removeRoles if ($null -ne $removeRoles) { try { $removeRolesSplat = @{ @@ -79,6 +80,7 @@ elseif ($state -eq "present") { } # compare the list of roles to add vs the existing roles for the user and get the difference $addRoles = $roles | Where-Object { $existingRoles -NotContains $_ } + $module.Result.addRoles = $addRoles if ($null -ne $addRoles) { try { # No Set-DbaDbUser command exists, use SMO From e97255e834b0e69ce2590c3e006688dd946237ae Mon Sep 17 00:00:00 2001 From: Joe K Date: Tue, 13 Dec 2022 02:23:42 +0000 Subject: [PATCH 09/52] fix: verify test --- tests/integration/targets/roles/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/integration/targets/roles/tasks/main.yml b/tests/integration/targets/roles/tasks/main.yml index 0c8c6bd2..ab177c03 100644 --- a/tests/integration/targets/roles/tasks/main.yml +++ b/tests/integration/targets/roles/tasks/main.yml @@ -75,7 +75,8 @@ - name: Verify no changes from checkmode lowlydba.sqlserver.roles: - roles: db_datareader, db_datawriter + roles: db_ddladmin + state: "absent" register: result - assert: that: From 4be3e02dd57fa8618cda1520c0ffb8da8066df25 Mon Sep 17 00:00:00 2001 From: Joe K Date: Tue, 13 Dec 2022 03:00:34 +0000 Subject: [PATCH 10/52] fix: count logic --- plugins/modules/roles.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index 404d2174..e0563870 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -47,8 +47,8 @@ if ($state -eq "absent") { $removeRoles += $roleObject.role } } - $module.Result.remove = $removeRoles - if ($null -ne $removeRoles) { + $module.Result.removeRoles = $removeRoles + if ($removeRoles.count() -gt 0) { try { $removeRolesSplat = @{ SqlInstance = $sqlInstance From 4c659ffdab1ab3e801cdd76559e51176e1a92a00 Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 12 Dec 2022 23:02:18 -0500 Subject: [PATCH 11/52] Fix: check removed rolled --- plugins/modules/roles.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index e0563870..365ba142 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -48,7 +48,7 @@ if ($state -eq "absent") { } } $module.Result.removeRoles = $removeRoles - if ($removeRoles.count() -gt 0) { + if ($removeRoles) { try { $removeRolesSplat = @{ SqlInstance = $sqlInstance From 96ad14eea5d767b9432b0c8559dfdb572247217e Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 12 Dec 2022 23:31:57 -0500 Subject: [PATCH 12/52] Fix: role comparison --- plugins/modules/roles.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index 365ba142..bad240b7 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -43,7 +43,7 @@ if ($state -eq "absent") { # loop through all roles to remove and see if they are assigned to the user $removeRoles = @() foreach ($roleObject in $existingRoleObjects) { - if ($roles -Contains $roleObject.role) { + if ($roles.Contains($roleObject.role)) { $removeRoles += $roleObject.role } } From 244fe65fdca5423bc8c729a405962827afe5ab5f Mon Sep 17 00:00:00 2001 From: Joe K Date: Tue, 13 Dec 2022 14:20:22 +0000 Subject: [PATCH 13/52] feat: test role objects --- plugins/modules/roles.ps1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index bad240b7..ca0461cd 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -38,6 +38,7 @@ $getRoleSplat = @{ EnableException = $true } $existingRoleObjects = Get-DbaDbRoleMember @getRoleSplat | Where-Object { $_.UserName -eq $username } +$module.Result.existingRoleObjects = $existingRoleObjects if ($state -eq "absent") { # loop through all roles to remove and see if they are assigned to the user @@ -47,6 +48,7 @@ if ($state -eq "absent") { $removeRoles += $roleObject.role } } + $module.Result.removeRoles = $removeRoles if ($removeRoles) { try { From 0a8fc0217b32dbc5bac6d5fbc9a23fc751727e40 Mon Sep 17 00:00:00 2001 From: Joe K Date: Tue, 13 Dec 2022 14:53:19 +0000 Subject: [PATCH 14/52] test: roles --- plugins/modules/roles.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index ca0461cd..81a8ed25 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -37,6 +37,7 @@ $getRoleSplat = @{ Database = $database EnableException = $true } +$module.Result.roles = $roles $existingRoleObjects = Get-DbaDbRoleMember @getRoleSplat | Where-Object { $_.UserName -eq $username } $module.Result.existingRoleObjects = $existingRoleObjects From 29648d909f928cc9e83345666442fd314e47c044 Mon Sep 17 00:00:00 2001 From: Joe K Date: Tue, 13 Dec 2022 16:01:29 +0000 Subject: [PATCH 15/52] test: all roles --- plugins/modules/roles.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index 81a8ed25..9ba54db8 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -38,7 +38,7 @@ $getRoleSplat = @{ EnableException = $true } $module.Result.roles = $roles -$existingRoleObjects = Get-DbaDbRoleMember @getRoleSplat | Where-Object { $_.UserName -eq $username } +$existingRoleObjects = Get-DbaDbRoleMember @getRoleSplat #| Where-Object { $_.UserName -eq $username } $module.Result.existingRoleObjects = $existingRoleObjects if ($state -eq "absent") { From 479ba3a27ae5509de7c8e3903a11b6387320bb84 Mon Sep 17 00:00:00 2001 From: Joe K Date: Tue, 13 Dec 2022 17:35:07 +0000 Subject: [PATCH 16/52] test: object --- plugins/modules/roles.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index 9ba54db8..9da92c37 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -39,7 +39,7 @@ $getRoleSplat = @{ } $module.Result.roles = $roles $existingRoleObjects = Get-DbaDbRoleMember @getRoleSplat #| Where-Object { $_.UserName -eq $username } -$module.Result.existingRoleObjects = $existingRoleObjects +$module.Result.existingRoleObjects = ConvertTo-SerializableObject -InputObject $existingRoleObjects if ($state -eq "absent") { # loop through all roles to remove and see if they are assigned to the user From 3a1aea0e444e1f15498305a5327aba5b721ef9e4 Mon Sep 17 00:00:00 2001 From: Joe K Date: Wed, 14 Dec 2022 23:10:36 +0000 Subject: [PATCH 17/52] fix: param --- plugins/modules/roles.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index 9da92c37..c63ca98c 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -35,7 +35,7 @@ $getRoleSplat = @{ SqlInstance = $sqlInstance SqlCredential = $sqlCredential Database = $database - EnableException = $true + #EnableException = $true } $module.Result.roles = $roles $existingRoleObjects = Get-DbaDbRoleMember @getRoleSplat #| Where-Object { $_.UserName -eq $username } From 5b0a65b446abf742fd422e31b0fcc59603a7c49a Mon Sep 17 00:00:00 2001 From: Joe K Date: Wed, 14 Dec 2022 23:34:02 +0000 Subject: [PATCH 18/52] fix: serialize --- plugins/modules/roles.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index c63ca98c..8ad760e8 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -39,7 +39,7 @@ $getRoleSplat = @{ } $module.Result.roles = $roles $existingRoleObjects = Get-DbaDbRoleMember @getRoleSplat #| Where-Object { $_.UserName -eq $username } -$module.Result.existingRoleObjects = ConvertTo-SerializableObject -InputObject $existingRoleObjects +$module.Result.existingRoleObjects = $existingRoleObjects if ($state -eq "absent") { # loop through all roles to remove and see if they are assigned to the user From f286bc7b5dfa5fe6cf5e3fe27983a907c82b7952 Mon Sep 17 00:00:00 2001 From: Joe K Date: Sat, 17 Dec 2022 19:06:40 +0000 Subject: [PATCH 19/52] test: system user --- plugins/modules/roles.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index 8ad760e8..775fdbf3 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -35,7 +35,8 @@ $getRoleSplat = @{ SqlInstance = $sqlInstance SqlCredential = $sqlCredential Database = $database - #EnableException = $true + EnableException = $true + IncludeSystemUser = $true } $module.Result.roles = $roles $existingRoleObjects = Get-DbaDbRoleMember @getRoleSplat #| Where-Object { $_.UserName -eq $username } From c7c23ba07ef95b63836fb34ccb38e4d561b328da Mon Sep 17 00:00:00 2001 From: Joe K Date: Sun, 18 Dec 2022 13:29:58 +0000 Subject: [PATCH 20/52] test: serialize --- plugins/modules/roles.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index 775fdbf3..abf4e5f1 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -40,7 +40,7 @@ $getRoleSplat = @{ } $module.Result.roles = $roles $existingRoleObjects = Get-DbaDbRoleMember @getRoleSplat #| Where-Object { $_.UserName -eq $username } -$module.Result.existingRoleObjects = $existingRoleObjects +$module.Result.existingRoleObjects = ConvertTo-SerializableObject -InputObject $existingRoleObjects if ($state -eq "absent") { # loop through all roles to remove and see if they are assigned to the user From 26e0c96ce525a0e4d0fadb9136e65f626999d937 Mon Sep 17 00:00:00 2001 From: Joe K Date: Sun, 18 Dec 2022 15:28:32 +0000 Subject: [PATCH 21/52] test: fail better --- plugins/modules/roles.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index abf4e5f1..531ef1d1 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -118,5 +118,5 @@ try { $module.ExitJson() } catch { - $module.FailJson("Failure: $($_.Exception.Message)", $_) + $module.FailJson("Failure: $($_.Exception.Message)") } From 9a59477301d39c7b8b97ee2fe993c576a8a5c8a8 Mon Sep 17 00:00:00 2001 From: Joe K Date: Sun, 18 Dec 2022 16:27:03 +0000 Subject: [PATCH 22/52] test: itt through roles --- plugins/modules/roles.ps1 | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index 531ef1d1..d5d1de97 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -40,7 +40,11 @@ $getRoleSplat = @{ } $module.Result.roles = $roles $existingRoleObjects = Get-DbaDbRoleMember @getRoleSplat #| Where-Object { $_.UserName -eq $username } -$module.Result.existingRoleObjects = ConvertTo-SerializableObject -InputObject $existingRoleObjects +$roleObjectOutput = @{} +foreach ($object in $existingRoleObjects) { + $roleObjectOutput.Add($_.UserName, $_.Role) +} +$module.Result.existingRoleObjects = $roleObjectOutput if ($state -eq "absent") { # loop through all roles to remove and see if they are assigned to the user @@ -118,5 +122,5 @@ try { $module.ExitJson() } catch { - $module.FailJson("Failure: $($_.Exception.Message)") + $module.FailJson("Failure: $($_.Exception.Message)", $_) } From 764fd0b6857abf9197c83fead8d90725464fa38f Mon Sep 17 00:00:00 2001 From: Joe K Date: Sun, 18 Dec 2022 16:35:09 +0000 Subject: [PATCH 23/52] test: user --- plugins/modules/roles.ps1 | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index d5d1de97..88f6d1e7 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -36,13 +36,14 @@ $getRoleSplat = @{ SqlCredential = $sqlCredential Database = $database EnableException = $true - IncludeSystemUser = $true } $module.Result.roles = $roles -$existingRoleObjects = Get-DbaDbRoleMember @getRoleSplat #| Where-Object { $_.UserName -eq $username } +$existingRoleObjects = Get-DbaDbRoleMember @getRoleSplat | Where-Object { $_.UserName -eq $username } $roleObjectOutput = @{} +$i = 0 foreach ($object in $existingRoleObjects) { - $roleObjectOutput.Add($_.UserName, $_.Role) + $roleObjectOutput.Add("$($object.UserName)_($i)", $object.Role) + $i++ } $module.Result.existingRoleObjects = $roleObjectOutput From bd7a699f12045ce2f3858986496d80df43049836 Mon Sep 17 00:00:00 2001 From: Joe K Date: Sun, 18 Dec 2022 18:16:17 +0000 Subject: [PATCH 24/52] fix: join --- plugins/modules/roles.ps1 | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index 88f6d1e7..ead8eb7d 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -39,13 +39,7 @@ $getRoleSplat = @{ } $module.Result.roles = $roles $existingRoleObjects = Get-DbaDbRoleMember @getRoleSplat | Where-Object { $_.UserName -eq $username } -$roleObjectOutput = @{} -$i = 0 -foreach ($object in $existingRoleObjects) { - $roleObjectOutput.Add("$($object.UserName)_($i)", $object.Role) - $i++ -} -$module.Result.existingRoleObjects = $roleObjectOutput +$module.Result.existingRoleObjects = $existingRoleObjects if ($state -eq "absent") { # loop through all roles to remove and see if they are assigned to the user @@ -64,7 +58,7 @@ if ($state -eq "absent") { SqlCredential = $sqlCredential User = $username Database = $database - Role = $removeRoles -join "," + Role = $removeRoles EnableException = $true WhatIf = $checkMode Confirm = $false @@ -98,7 +92,7 @@ elseif ($state -eq "present") { SqlCredential = $sqlCredential User = $username Database = $database - Role = $addRoles -join "," + Role = $addRoles EnableException = $true WhatIf = $checkMode Confirm = $false From fbeec6f07a6f36c3ddddaf62253e88b8c0c75e95 Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 19 Dec 2022 00:11:07 +0000 Subject: [PATCH 25/52] fix: existing role output --- plugins/modules/roles.ps1 | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index ead8eb7d..284c78a8 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -39,7 +39,13 @@ $getRoleSplat = @{ } $module.Result.roles = $roles $existingRoleObjects = Get-DbaDbRoleMember @getRoleSplat | Where-Object { $_.UserName -eq $username } -$module.Result.existingRoleObjects = $existingRoleObjects +if ($null -ne $existingRoleObjects) { + $module.Result.existingRoleObjects = ConvertTo-SerializableObject -InputObject $existingRoleObjects +} +else { + $module.Result.existingRoleObjects = "$username doesn't have any existing roles assigned on $database" +} + if ($state -eq "absent") { # loop through all roles to remove and see if they are assigned to the user From 7441153ca9a678a5709bdfd1c62e7039780784b6 Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 19 Dec 2022 13:18:48 +0000 Subject: [PATCH 26/52] feat: add verify drop test --- tests/integration/targets/roles/tasks/main.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/integration/targets/roles/tasks/main.yml b/tests/integration/targets/roles/tasks/main.yml index ab177c03..9bc75720 100644 --- a/tests/integration/targets/roles/tasks/main.yml +++ b/tests/integration/targets/roles/tasks/main.yml @@ -91,6 +91,15 @@ that: - result is changed + - name: Verify drop roles for the user + lowlydba.sqlserver.roles: + roles: db_datareader, db_datawriter + state: "absent" + register: result + - assert: + that: + - result is not changed + - name: Drop user lowlydba.sqlserver.user: state: "absent" From 0ee8687db8c57b9e24306a95e52b0cb010eacbfa Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 19 Dec 2022 13:28:01 +0000 Subject: [PATCH 27/52] feat: roles will be optional now --- plugins/modules/roles.ps1 | 4 +--- plugins/modules/roles.py | 10 +++++----- tests/integration/targets/roles/tasks/main.yml | 7 +++++++ 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index 284c78a8..5f76f79f 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -15,12 +15,11 @@ $spec = @{ options = @{ database = @{type = 'str'; required = $true } username = @{type = 'str'; required = $true } - roles = @{type = 'list'; elements = 'str'; required = $true } + roles = @{type = 'list'; elements = 'str'; required = $false } state = @{type = 'str'; required = $false; default = 'present'; choices = @('present', 'absent') } } } - $module = [Ansible.Basic.AnsibleModule]::Create($args, $spec, @(Get-LowlyDbaSqlServerAuthSpec)) $sqlInstance, $sqlCredential = Get-SqlCredential -Module $module $username = $module.Params.username @@ -46,7 +45,6 @@ else { $module.Result.existingRoleObjects = "$username doesn't have any existing roles assigned on $database" } - if ($state -eq "absent") { # loop through all roles to remove and see if they are assigned to the user $removeRoles = @() diff --git a/plugins/modules/roles.py b/plugins/modules/roles.py index a82e1a27..1d8c13f3 100644 --- a/plugins/modules/roles.py +++ b/plugins/modules/roles.py @@ -9,25 +9,25 @@ module: roles short_description: Add or remove one or more roles for a given user in a specific database. description: - - Add or remove one or more roles for a given user in a specific database. Returns a list of current roles if there are no changes. + - Add or remove one or more roles for a given user in a specific database. Returns a list of current roles for the given user if there are no changes. version_added: 1.4.0 options: username: description: - - Name of the user. + - Name of the user type: str required: true database: description: - - Database for the user. + - Database for the user type: str required: true roles: description: - - Specifies a comma separated list of roles to add or remove + - Specifies a comma separated list of one or more roles to add or remove type: list elements: str - required: true + required: false author: - "Joe Krilov (@joey40)" diff --git a/tests/integration/targets/roles/tasks/main.yml b/tests/integration/targets/roles/tasks/main.yml index 9bc75720..6d6721ce 100644 --- a/tests/integration/targets/roles/tasks/main.yml +++ b/tests/integration/targets/roles/tasks/main.yml @@ -82,6 +82,13 @@ that: - result is not changed + - name: Get a list of roles without making changes + lowlydba.sqlserver.roles: + register: result + - assert: + that: + - result is not changed + - name: Drop roles for the user lowlydba.sqlserver.roles: roles: db_datareader, db_datawriter From 1e75d18e187f55583fcb2881b9c1f7cd61c9abf1 Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 19 Dec 2022 13:32:35 +0000 Subject: [PATCH 28/52] fix: comments and output --- plugins/modules/roles.ps1 | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index 5f76f79f..f575a3b7 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -38,15 +38,9 @@ $getRoleSplat = @{ } $module.Result.roles = $roles $existingRoleObjects = Get-DbaDbRoleMember @getRoleSplat | Where-Object { $_.UserName -eq $username } -if ($null -ne $existingRoleObjects) { - $module.Result.existingRoleObjects = ConvertTo-SerializableObject -InputObject $existingRoleObjects -} -else { - $module.Result.existingRoleObjects = "$username doesn't have any existing roles assigned on $database" -} if ($state -eq "absent") { - # loop through all roles to remove and see if they are assigned to the user + # loop through all roles to remove and see if any are assigned to the user $removeRoles = @() foreach ($roleObject in $existingRoleObjects) { if ($roles.Contains($roleObject.role)) { @@ -76,7 +70,13 @@ if ($state -eq "absent") { } } else { - $output = $existingRoleObjects + # If there are no changes we'll return the output of Get-DbaDbRoleMember + if ($null -ne $existingRoleObjects) { + $module.Result.existingRoleObjects = $existingRoleObjects + } + else { + $module.Result.existingRoleObjects = "$username doesn't have any existing roles assigned on $database" + } } } elseif ($state -eq "present") { @@ -90,7 +90,6 @@ elseif ($state -eq "present") { $module.Result.addRoles = $addRoles if ($null -ne $addRoles) { try { - # No Set-DbaDbUser command exists, use SMO $addRolesSplat = @{ SqlInstance = $sqlInstance SqlCredential = $sqlCredential @@ -110,7 +109,13 @@ elseif ($state -eq "present") { } } else { - $output = $existingRoleObjects + # If there are no changes we'll return the output of Get-DbaDbRoleMember + if ($null -ne $existingRoleObjects) { + $module.Result.existingRoleObjects = $existingRoleObjects + } + else { + $module.Result.existingRoleObjects = "$username doesn't have any existing roles assigned on $database" + } } } try { From 56bcc785401166da9c140c09df7d6c158488d3a4 Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 19 Dec 2022 14:09:52 +0000 Subject: [PATCH 29/52] fix: object output --- plugins/modules/roles.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index f575a3b7..d72b5e56 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -72,7 +72,7 @@ if ($state -eq "absent") { else { # If there are no changes we'll return the output of Get-DbaDbRoleMember if ($null -ne $existingRoleObjects) { - $module.Result.existingRoleObjects = $existingRoleObjects + $module.Result.existingRoleObjects = ConvertTo-SerializableObject -InputObject $existingRoleObjects } else { $module.Result.existingRoleObjects = "$username doesn't have any existing roles assigned on $database" @@ -111,7 +111,7 @@ elseif ($state -eq "present") { else { # If there are no changes we'll return the output of Get-DbaDbRoleMember if ($null -ne $existingRoleObjects) { - $module.Result.existingRoleObjects = $existingRoleObjects + $module.Result.existingRoleObjects = ConvertTo-SerializableObject -InputObject $existingRoleObjects } else { $module.Result.existingRoleObjects = "$username doesn't have any existing roles assigned on $database" From a3b8e14ff0979b4926c5d41624e2c5b51c25cff1 Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 19 Dec 2022 15:04:29 +0000 Subject: [PATCH 30/52] feat: simplify role logic --- plugins/modules/roles.ps1 | 35 +++++++------------ .../integration/targets/roles/tasks/main.yml | 2 ++ 2 files changed, 14 insertions(+), 23 deletions(-) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/roles.ps1 index d72b5e56..2408501a 100644 --- a/plugins/modules/roles.ps1 +++ b/plugins/modules/roles.ps1 @@ -38,6 +38,18 @@ $getRoleSplat = @{ } $module.Result.roles = $roles $existingRoleObjects = Get-DbaDbRoleMember @getRoleSplat | Where-Object { $_.UserName -eq $username } +$existingRoles = @() +# build an array of roles for the selected user +foreach ($roleObject in $existingRoleObjects) { + $existingRoles += $roleObject.role +} +# Always return a list of existing roles if any exist +if ($null -ne $existingRoleObjects) { + $module.Result.existingRoles = $existingRoles +} +else { + $module.Result.noRoles = "'$username' doesn't have any existing roles assigned on '$database'" +} if ($state -eq "absent") { # loop through all roles to remove and see if any are assigned to the user @@ -69,22 +81,8 @@ if ($state -eq "absent") { $module.FailJson("Removing role failed: $($_.Exception.Message)", $_) } } - else { - # If there are no changes we'll return the output of Get-DbaDbRoleMember - if ($null -ne $existingRoleObjects) { - $module.Result.existingRoleObjects = ConvertTo-SerializableObject -InputObject $existingRoleObjects - } - else { - $module.Result.existingRoleObjects = "$username doesn't have any existing roles assigned on $database" - } - } } elseif ($state -eq "present") { - $existingRoles = @() - # build an array of roles for the selected user - foreach ($roleObject in $existingRoleObjects) { - $existingRoles += $roleObject.role - } # compare the list of roles to add vs the existing roles for the user and get the difference $addRoles = $roles | Where-Object { $existingRoles -NotContains $_ } $module.Result.addRoles = $addRoles @@ -108,15 +106,6 @@ elseif ($state -eq "present") { $module.FailJson("Adding role failed: $($_.Exception.Message)", $_) } } - else { - # If there are no changes we'll return the output of Get-DbaDbRoleMember - if ($null -ne $existingRoleObjects) { - $module.Result.existingRoleObjects = ConvertTo-SerializableObject -InputObject $existingRoleObjects - } - else { - $module.Result.existingRoleObjects = "$username doesn't have any existing roles assigned on $database" - } - } } try { if ($null -ne $output) { diff --git a/tests/integration/targets/roles/tasks/main.yml b/tests/integration/targets/roles/tasks/main.yml index 6d6721ce..a9a66fc7 100644 --- a/tests/integration/targets/roles/tasks/main.yml +++ b/tests/integration/targets/roles/tasks/main.yml @@ -88,6 +88,7 @@ - assert: that: - result is not changed + - result.existingRoles != None - name: Drop roles for the user lowlydba.sqlserver.roles: @@ -106,6 +107,7 @@ - assert: that: - result is not changed + - result.noRoles != None - name: Drop user lowlydba.sqlserver.user: From 2febb13d39c304d479289457aac914b4652391e7 Mon Sep 17 00:00:00 2001 From: Joe K Date: Tue, 20 Dec 2022 12:57:05 +0000 Subject: [PATCH 31/52] feat: change role to singular --- plugins/modules/{roles.ps1 => role.ps1} | 0 plugins/modules/{roles.py => role.py} | 4 ++-- .../integration/targets/{roles => role}/aliases | 0 .../targets/{roles => role}/meta/main.yml | 0 .../targets/{roles => role}/tasks/main.yml | 16 ++++++++-------- .../targets/{win_roles => win_role}/aliases | 2 +- .../{win_roles => win_role}/meta/main.yml | 2 +- 7 files changed, 12 insertions(+), 12 deletions(-) rename plugins/modules/{roles.ps1 => role.ps1} (100%) rename plugins/modules/{roles.py => role.py} (94%) rename tests/integration/targets/{roles => role}/aliases (100%) rename tests/integration/targets/{roles => role}/meta/main.yml (100%) rename tests/integration/targets/{roles => role}/tasks/main.yml (93%) rename tests/integration/targets/{win_roles => win_role}/aliases (79%) rename tests/integration/targets/{win_roles => win_role}/meta/main.yml (64%) diff --git a/plugins/modules/roles.ps1 b/plugins/modules/role.ps1 similarity index 100% rename from plugins/modules/roles.ps1 rename to plugins/modules/role.ps1 diff --git a/plugins/modules/roles.py b/plugins/modules/role.py similarity index 94% rename from plugins/modules/roles.py rename to plugins/modules/role.py index 1d8c13f3..0e49a08e 100644 --- a/plugins/modules/roles.py +++ b/plugins/modules/role.py @@ -6,10 +6,10 @@ DOCUMENTATION = r''' --- -module: roles +module: role short_description: Add or remove one or more roles for a given user in a specific database. description: - - Add or remove one or more roles for a given user in a specific database. Returns a list of current roles for the given user if there are no changes. + - Add or remove one or more roles for a given user in a specific database. version_added: 1.4.0 options: username: diff --git a/tests/integration/targets/roles/aliases b/tests/integration/targets/role/aliases similarity index 100% rename from tests/integration/targets/roles/aliases rename to tests/integration/targets/role/aliases diff --git a/tests/integration/targets/roles/meta/main.yml b/tests/integration/targets/role/meta/main.yml similarity index 100% rename from tests/integration/targets/roles/meta/main.yml rename to tests/integration/targets/role/meta/main.yml diff --git a/tests/integration/targets/roles/tasks/main.yml b/tests/integration/targets/role/tasks/main.yml similarity index 93% rename from tests/integration/targets/roles/tasks/main.yml rename to tests/integration/targets/role/tasks/main.yml index a9a66fc7..6320ff66 100644 --- a/tests/integration/targets/roles/tasks/main.yml +++ b/tests/integration/targets/role/tasks/main.yml @@ -13,7 +13,7 @@ username: "MrRoleTest" database: "master" module_defaults: - lowlydba.sqlserver.roles: + lowlydba.sqlserver.role: sql_instance: "{{ sqlserver_instance }}" sql_username: "{{ sqlserver_username }}" sql_password: "{{ sqlserver_password }}" @@ -40,7 +40,7 @@ username: "{{ username }}" default_schema: "{{ default_schema }}" state: present - tags: ["roles"] + tags: ["role"] block: - name: Create login lowlydba.sqlserver.login: @@ -57,7 +57,7 @@ - result.data != None - name: Add roles for the user - lowlydba.sqlserver.roles: + lowlydba.sqlserver.role: roles: db_datareader, db_datawriter register: result - assert: @@ -65,7 +65,7 @@ - result is changed - name: Add roles for the user in checkmode - lowlydba.sqlserver.roles: + lowlydba.sqlserver.role: roles: db_datareader, db_datawriter, db_ddladmin register: result check_mode: true @@ -74,7 +74,7 @@ - result is changed - name: Verify no changes from checkmode - lowlydba.sqlserver.roles: + lowlydba.sqlserver.role: roles: db_ddladmin state: "absent" register: result @@ -83,7 +83,7 @@ - result is not changed - name: Get a list of roles without making changes - lowlydba.sqlserver.roles: + lowlydba.sqlserver.role: register: result - assert: that: @@ -91,7 +91,7 @@ - result.existingRoles != None - name: Drop roles for the user - lowlydba.sqlserver.roles: + lowlydba.sqlserver.role: roles: db_datareader, db_datawriter state: "absent" register: result @@ -100,7 +100,7 @@ - result is changed - name: Verify drop roles for the user - lowlydba.sqlserver.roles: + lowlydba.sqlserver.role: roles: db_datareader, db_datawriter state: "absent" register: result diff --git a/tests/integration/targets/win_roles/aliases b/tests/integration/targets/win_role/aliases similarity index 79% rename from tests/integration/targets/win_roles/aliases rename to tests/integration/targets/win_role/aliases index 8788acbd..6cf72032 100644 --- a/tests/integration/targets/win_roles/aliases +++ b/tests/integration/targets/win_role/aliases @@ -2,4 +2,4 @@ windows/all windows/group/1 context/target setup/once/setup_win_sqlserver -needs/target/roles +needs/target/role diff --git a/tests/integration/targets/win_roles/meta/main.yml b/tests/integration/targets/win_role/meta/main.yml similarity index 64% rename from tests/integration/targets/win_roles/meta/main.yml rename to tests/integration/targets/win_role/meta/main.yml index 48fe029c..7c5b8009 100644 --- a/tests/integration/targets/win_roles/meta/main.yml +++ b/tests/integration/targets/win_role/meta/main.yml @@ -1,3 +1,3 @@ --- dependencies: - - roles + - role From 52edfaefb086f5863da04580b38537fb77b5f436 Mon Sep 17 00:00:00 2001 From: Joe K Date: Thu, 22 Dec 2022 16:19:47 +0000 Subject: [PATCH 32/52] feat: rename role to role_member --- plugins/modules/{role.ps1 => role_member.ps1} | 0 plugins/modules/{role.py => role_member.py} | 8 ++++---- .../targets/{role => role_member}/aliases | 0 .../targets/{role => role_member}/meta/main.yml | 0 .../targets/{role => role_member}/tasks/main.yml | 16 ++++++++-------- .../{win_role => win_role_member}/aliases | 2 +- .../{win_role => win_role_member}/meta/main.yml | 2 +- 7 files changed, 14 insertions(+), 14 deletions(-) rename plugins/modules/{role.ps1 => role_member.ps1} (100%) rename plugins/modules/{role.py => role_member.py} (93%) rename tests/integration/targets/{role => role_member}/aliases (100%) rename tests/integration/targets/{role => role_member}/meta/main.yml (100%) rename tests/integration/targets/{role => role_member}/tasks/main.yml (92%) rename tests/integration/targets/{win_role => win_role_member}/aliases (74%) rename tests/integration/targets/{win_role => win_role_member}/meta/main.yml (52%) diff --git a/plugins/modules/role.ps1 b/plugins/modules/role_member.ps1 similarity index 100% rename from plugins/modules/role.ps1 rename to plugins/modules/role_member.ps1 diff --git a/plugins/modules/role.py b/plugins/modules/role_member.py similarity index 93% rename from plugins/modules/role.py rename to plugins/modules/role_member.py index 0e49a08e..0beb30c7 100644 --- a/plugins/modules/role.py +++ b/plugins/modules/role_member.py @@ -6,7 +6,7 @@ DOCUMENTATION = r''' --- -module: role +module: role_member short_description: Add or remove one or more roles for a given user in a specific database. description: - Add or remove one or more roles for a given user in a specific database. @@ -43,21 +43,21 @@ EXAMPLES = r''' - name: Add a single role for a user - lowlydba.sqlserver.role: + lowlydba.sqlserver.role_member: sql_instance: sql-01.myco.io username: TheIntern database: InternProject1 role: db_datareader - name: Add multiple roles for a user - lowlydba.sqlserver.role: + lowlydba.sqlserver.role_member: sql_instance: sql-01.myco.io username: TheIntern database: InternProject1 role: db_datareader, db_datawriter - name: Remove roles for a user - lowlydba.sqlserver.role: + lowlydba.sqlserver.role_member: sql_instance: sql-01.myco.io username: TheIntern database: InternProject1 diff --git a/tests/integration/targets/role/aliases b/tests/integration/targets/role_member/aliases similarity index 100% rename from tests/integration/targets/role/aliases rename to tests/integration/targets/role_member/aliases diff --git a/tests/integration/targets/role/meta/main.yml b/tests/integration/targets/role_member/meta/main.yml similarity index 100% rename from tests/integration/targets/role/meta/main.yml rename to tests/integration/targets/role_member/meta/main.yml diff --git a/tests/integration/targets/role/tasks/main.yml b/tests/integration/targets/role_member/tasks/main.yml similarity index 92% rename from tests/integration/targets/role/tasks/main.yml rename to tests/integration/targets/role_member/tasks/main.yml index 6320ff66..d7c41d51 100644 --- a/tests/integration/targets/role/tasks/main.yml +++ b/tests/integration/targets/role_member/tasks/main.yml @@ -13,7 +13,7 @@ username: "MrRoleTest" database: "master" module_defaults: - lowlydba.sqlserver.role: + lowlydba.sqlserver.role_member: sql_instance: "{{ sqlserver_instance }}" sql_username: "{{ sqlserver_username }}" sql_password: "{{ sqlserver_password }}" @@ -40,7 +40,7 @@ username: "{{ username }}" default_schema: "{{ default_schema }}" state: present - tags: ["role"] + tags: ["role_member"] block: - name: Create login lowlydba.sqlserver.login: @@ -57,7 +57,7 @@ - result.data != None - name: Add roles for the user - lowlydba.sqlserver.role: + lowlydba.sqlserver.role_member: roles: db_datareader, db_datawriter register: result - assert: @@ -65,7 +65,7 @@ - result is changed - name: Add roles for the user in checkmode - lowlydba.sqlserver.role: + lowlydba.sqlserver.role_member: roles: db_datareader, db_datawriter, db_ddladmin register: result check_mode: true @@ -74,7 +74,7 @@ - result is changed - name: Verify no changes from checkmode - lowlydba.sqlserver.role: + lowlydba.sqlserver.role_member: roles: db_ddladmin state: "absent" register: result @@ -83,7 +83,7 @@ - result is not changed - name: Get a list of roles without making changes - lowlydba.sqlserver.role: + lowlydba.sqlserver.role_member: register: result - assert: that: @@ -91,7 +91,7 @@ - result.existingRoles != None - name: Drop roles for the user - lowlydba.sqlserver.role: + lowlydba.sqlserver.role_member: roles: db_datareader, db_datawriter state: "absent" register: result @@ -100,7 +100,7 @@ - result is changed - name: Verify drop roles for the user - lowlydba.sqlserver.role: + lowlydba.sqlserver.role_member: roles: db_datareader, db_datawriter state: "absent" register: result diff --git a/tests/integration/targets/win_role/aliases b/tests/integration/targets/win_role_member/aliases similarity index 74% rename from tests/integration/targets/win_role/aliases rename to tests/integration/targets/win_role_member/aliases index 6cf72032..544c089c 100644 --- a/tests/integration/targets/win_role/aliases +++ b/tests/integration/targets/win_role_member/aliases @@ -2,4 +2,4 @@ windows/all windows/group/1 context/target setup/once/setup_win_sqlserver -needs/target/role +needs/target/role_member diff --git a/tests/integration/targets/win_role/meta/main.yml b/tests/integration/targets/win_role_member/meta/main.yml similarity index 52% rename from tests/integration/targets/win_role/meta/main.yml rename to tests/integration/targets/win_role_member/meta/main.yml index 7c5b8009..7d1f5d9c 100644 --- a/tests/integration/targets/win_role/meta/main.yml +++ b/tests/integration/targets/win_role_member/meta/main.yml @@ -1,3 +1,3 @@ --- dependencies: - - role + - role_member From 7dce00e38b667fd8847b1becbe533b5d0b7dea3d Mon Sep 17 00:00:00 2001 From: Joe K Date: Thu, 22 Dec 2022 16:32:35 +0000 Subject: [PATCH 33/52] feat: update doc fragment --- changelogs/fragments/add_roles_module.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/changelogs/fragments/add_roles_module.yml b/changelogs/fragments/add_roles_module.yml index d591397d..a66ec203 100644 --- a/changelogs/fragments/add_roles_module.yml +++ b/changelogs/fragments/add_roles_module.yml @@ -1,2 +1,3 @@ minor_changes: - - New module to add/remove database roles for a given user. + - New module to add/remove database role members. + - New module to get role member information. From c74bff7722bb111dcb310b14e63a6c5846e711ce Mon Sep 17 00:00:00 2001 From: Joe K Date: Thu, 22 Dec 2022 16:32:55 +0000 Subject: [PATCH 34/52] add: role_member_info module --- plugins/modules/role_member_info.ps1 | 61 ++++++++++++++++++++++++++++ plugins/modules/role_member_info.py | 45 ++++++++++++++++++++ 2 files changed, 106 insertions(+) create mode 100644 plugins/modules/role_member_info.ps1 create mode 100644 plugins/modules/role_member_info.py diff --git a/plugins/modules/role_member_info.ps1 b/plugins/modules/role_member_info.ps1 new file mode 100644 index 00000000..c48ad2dc --- /dev/null +++ b/plugins/modules/role_member_info.ps1 @@ -0,0 +1,61 @@ +#!powershell +# -*- coding: utf-8 -*- + +# (c) 2022, John McCall (@lowlydba) +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +#AnsibleRequires -CSharpUtil Ansible.Basic +#AnsibleRequires -PowerShell ansible_collections.lowlydba.sqlserver.plugins.module_utils._SqlServerUtils +#Requires -Modules @{ ModuleName="dbatools"; ModuleVersion="1.1.112" } + +$ErrorActionPreference = "Stop" + +$spec = @{ + supports_check_mode = $true + options = @{ + database = @{type = 'str'; required = $false } + username = @{type = 'str'; required = $false } + roles = @{type = 'list'; elements = 'str'; required = $false } + } +} + +$module = [Ansible.Basic.AnsibleModule]::Create($args, $spec, @(Get-LowlyDbaSqlServerAuthSpec)) +$sqlInstance, $sqlCredential = Get-SqlCredential -Module $module +$username = $module.Params.username +$database = $module.Params.database +$roles = $module.Params.roles +$state = $module.Params.state +$checkMode = $module.CheckMode + +$module.Result.changed = $false + +try { + $getRoleSplat = @{ + SqlInstance = $sqlInstance + SqlCredential = $sqlCredential + EnableException = $true + } + if ($null -ne $roles) { + $getRoleSplat.Add("Role", $roles) + } + if ($null -ne $database) { + $getRoleSplat.Add("Database", $database) + } + if ($null -ne $username) { + $output = Get-DbaDbRoleMember @getRoleSplat | Where-Object { $_.UserName -eq $username } + } + else { + $output = Get-DbaDbRoleMember @getRoleSplat + } + + if ($null -ne $output) { + $resultData = ConvertTo-SerializableObject -InputObject $output + $module.Result.data = $resultData + } + + $module.ExitJson() + +} +catch { + $module.FailJson("Failure: $($_.Exception.Message)", $_) +} diff --git a/plugins/modules/role_member_info.py b/plugins/modules/role_member_info.py new file mode 100644 index 00000000..ee4bd637 --- /dev/null +++ b/plugins/modules/role_member_info.py @@ -0,0 +1,45 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# (c) 2022, John McCall (@lowlydba) +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r''' +--- +module: role_member_info +short_description: Returns basic information about a role or roles +description: + - Returns basic information about a role or roles. +version_added: 1.4.0 +author: + - "Joe Krilov (@joey40)" + - "John McCall (@lowlydba)" +requirements: + - L(dbatools,https://www.powershellgallery.com/packages/dbatools/) PowerShell module +extends_documentation_fragment: + - lowlydba.sqlserver.sql_credentials + - lowlydba.sqlserver.attributes.check_mode_read_only + - lowlydba.sqlserver.attributes.platform_all +''' + +EXAMPLES = r''' +- name: Return member of the db_datareader and db_datawriter role on the 'InternProject1' DB + lowlydba.sqlserver.role_member_info: + sql_instance: sql-01.myco.io + database: InternProject1 + role: db_datareader, db_datawriter + + +- name: Return all roles for user 'TheIntern' on the 'InternProject1' DB + lowlydba.sqlserver.role_member_info: + sql_instance: sql-01.myco.io + username: TheIntern + database: InternProject1 +''' + +RETURN = r''' +data: + description: Output from the C(Get-DbaDbRoleMember) function. + returned: always + type: dict +''' From db98d7e3b1940c77de2eb9bc96f4ea31cf51b3a2 Mon Sep 17 00:00:00 2001 From: Joe K Date: Thu, 22 Dec 2022 16:37:04 +0000 Subject: [PATCH 35/52] add: role_member_info tests --- .../targets/role_member_info/aliases | 2 + .../targets/role_member_info/meta/main.yml | 3 + .../targets/role_member_info/tasks/main.yml | 120 ++++++++++++++++++ .../targets/win_role_member_info/aliases | 5 + .../win_role_member_info/meta/main.yml | 3 + 5 files changed, 133 insertions(+) create mode 100644 tests/integration/targets/role_member_info/aliases create mode 100644 tests/integration/targets/role_member_info/meta/main.yml create mode 100644 tests/integration/targets/role_member_info/tasks/main.yml create mode 100644 tests/integration/targets/win_role_member_info/aliases create mode 100644 tests/integration/targets/win_role_member_info/meta/main.yml diff --git a/tests/integration/targets/role_member_info/aliases b/tests/integration/targets/role_member_info/aliases new file mode 100644 index 00000000..4f4b6b91 --- /dev/null +++ b/tests/integration/targets/role_member_info/aliases @@ -0,0 +1,2 @@ +context/target +setup/once/setup_sqlserver diff --git a/tests/integration/targets/role_member_info/meta/main.yml b/tests/integration/targets/role_member_info/meta/main.yml new file mode 100644 index 00000000..a3309752 --- /dev/null +++ b/tests/integration/targets/role_member_info/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - setup_sqlserver_test_plugins diff --git a/tests/integration/targets/role_member_info/tasks/main.yml b/tests/integration/targets/role_member_info/tasks/main.yml new file mode 100644 index 00000000..970d9dfe --- /dev/null +++ b/tests/integration/targets/role_member_info/tasks/main.yml @@ -0,0 +1,120 @@ +--- +- name: Var block + vars: + login_name: "MrRoleTest" + plain_password: "P0pS3cret!23$%" + password_expiration_enabled: false + password_policy_enforced: false + password_must_change: false + enabled: false + default_database: "master" + language: "us_english" + default_schema: "dbo" + username: "MrRoleTest" + database: "master" + module_defaults: + lowlydba.sqlserver.role_member_info: + sql_instance: "{{ sqlserver_instance }}" + sql_username: "{{ sqlserver_username }}" + sql_password: "{{ sqlserver_password }}" + database: "{{ database }}" + lowlydba.sqlserver.role_member: + sql_instance: "{{ sqlserver_instance }}" + sql_username: "{{ sqlserver_username }}" + sql_password: "{{ sqlserver_password }}" + username: "{{ username }}" + database: "{{ database }}" + lowlydba.sqlserver.login: + sql_instance: "{{ sqlserver_instance }}" + sql_username: "{{ sqlserver_username }}" + sql_password: "{{ sqlserver_password }}" + default_database: "{{ default_database }}" + login: "{{ login_name }}" + password: "{{ plain_password }}" + password_expiration_enabled: "{{ password_expiration_enabled }}" + password_must_change: "{{ password_must_change }}" + enabled: "{{ enabled }}" + language: "{{ language }}" + state: present + lowlydba.sqlserver.user: + sql_instance: "{{ sqlserver_instance }}" + sql_username: "{{ sqlserver_username }}" + sql_password: "{{ sqlserver_password }}" + database: "{{ database }}" + login: "{{ login_name }}" + username: "{{ username }}" + default_schema: "{{ default_schema }}" + state: present + tags: ["role_member"] + block: + - name: Create login + lowlydba.sqlserver.login: + register: result + - assert: + that: + - result.data != None + + - name: Create user + lowlydba.sqlserver.user: + register: result + - assert: + that: + - result.data != None + + - name: Add roles for the user + lowlydba.sqlserver.role_member: + roles: db_datareader, db_datawriter + register: result + - assert: + that: + - result is changed + + + - name: Get roles for the user + lowlydba.sqlserver.role_member_info: + username: "{{ username }}" + register: result + - assert: + that: + - result is not changed + + - name: Get member of db_datareader and db_datawriter roles + lowlydba.sqlserver.role_member_info: + roles: db_datareader, db_datawriter + register: result + - assert: + that: + - result is not changed + + - name: Drop roles for the user + lowlydba.sqlserver.role_member: + roles: db_datareader, db_datawriter + state: "absent" + register: result + - assert: + that: + - result is changed + + - name: Drop user + lowlydba.sqlserver.user: + state: "absent" + register: result + - assert: + that: + - result.data != None + + - name: Drop login + lowlydba.sqlserver.login: + state: "absent" + register: result + - assert: + that: + - result.data != None + + always: + - name: Drop user + lowlydba.sqlserver.user: + state: "absent" + - name: Drop login + lowlydba.sqlserver.login: + state: "absent" diff --git a/tests/integration/targets/win_role_member_info/aliases b/tests/integration/targets/win_role_member_info/aliases new file mode 100644 index 00000000..77bf7d1a --- /dev/null +++ b/tests/integration/targets/win_role_member_info/aliases @@ -0,0 +1,5 @@ +windows/all +windows/group/1 +context/target +setup/once/setup_win_sqlserver +needs/target/role_member_info diff --git a/tests/integration/targets/win_role_member_info/meta/main.yml b/tests/integration/targets/win_role_member_info/meta/main.yml new file mode 100644 index 00000000..065d01a6 --- /dev/null +++ b/tests/integration/targets/win_role_member_info/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role_member_info From 9864b7578696c91c627157df7209134849bd151a Mon Sep 17 00:00:00 2001 From: Joe K Date: Thu, 22 Dec 2022 17:35:14 +0000 Subject: [PATCH 36/52] fix: serialization --- plugins/modules/role_member_info.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/modules/role_member_info.ps1 b/plugins/modules/role_member_info.ps1 index c48ad2dc..8fd3118c 100644 --- a/plugins/modules/role_member_info.ps1 +++ b/plugins/modules/role_member_info.ps1 @@ -49,10 +49,10 @@ try { } if ($null -ne $output) { - $resultData = ConvertTo-SerializableObject -InputObject $output + $resultData = ConvertTo-Json -InputObject $output -Depth 10 -EnumsAsStrings $module.Result.data = $resultData } - + $module.ExitJson() } From 47fabaacaf9402fcfcc742999876d296b286830b Mon Sep 17 00:00:00 2001 From: Joe K Date: Thu, 22 Dec 2022 17:40:20 +0000 Subject: [PATCH 37/52] remove: unused vars --- plugins/modules/role_member_info.ps1 | 2 -- 1 file changed, 2 deletions(-) diff --git a/plugins/modules/role_member_info.ps1 b/plugins/modules/role_member_info.ps1 index 8fd3118c..072231b5 100644 --- a/plugins/modules/role_member_info.ps1 +++ b/plugins/modules/role_member_info.ps1 @@ -24,8 +24,6 @@ $sqlInstance, $sqlCredential = Get-SqlCredential -Module $module $username = $module.Params.username $database = $module.Params.database $roles = $module.Params.roles -$state = $module.Params.state -$checkMode = $module.CheckMode $module.Result.changed = $false From a6703e363f969d25ed07291a6edb3e42abdb3566 Mon Sep 17 00:00:00 2001 From: Joe K Date: Thu, 22 Dec 2022 17:43:17 +0000 Subject: [PATCH 38/52] add: options to docs --- plugins/modules/role_member_info.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/plugins/modules/role_member_info.py b/plugins/modules/role_member_info.py index ee4bd637..c3c2b6f8 100644 --- a/plugins/modules/role_member_info.py +++ b/plugins/modules/role_member_info.py @@ -11,6 +11,23 @@ description: - Returns basic information about a role or roles. version_added: 1.4.0 +options: + username: + description: + - Name of the user + type: str + required: false + database: + description: + - Database for the user + type: str + required: false + roles: + description: + - Specifies a comma separated list of one or more roles + type: list + elements: str + required: false author: - "Joe Krilov (@joey40)" - "John McCall (@lowlydba)" From 5ae70a6d4156bc5ec0a63ac6699a425e50885ce0 Mon Sep 17 00:00:00 2001 From: Joe K Date: Thu, 22 Dec 2022 18:20:28 +0000 Subject: [PATCH 39/52] fix: convert to json --- plugins/modules/role_member_info.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/role_member_info.ps1 b/plugins/modules/role_member_info.ps1 index 072231b5..17a0c593 100644 --- a/plugins/modules/role_member_info.ps1 +++ b/plugins/modules/role_member_info.ps1 @@ -47,7 +47,7 @@ try { } if ($null -ne $output) { - $resultData = ConvertTo-Json -InputObject $output -Depth 10 -EnumsAsStrings + $resultData = ConvertTo-Json -InputObject $output -Depth 10 $module.Result.data = $resultData } From 2537b0f444cc0afa6c7af93e654598aeba9c2f04 Mon Sep 17 00:00:00 2001 From: Joe K Date: Thu, 22 Dec 2022 20:29:45 +0000 Subject: [PATCH 40/52] fix: json output --- plugins/modules/role_member_info.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/role_member_info.ps1 b/plugins/modules/role_member_info.ps1 index 17a0c593..1247b862 100644 --- a/plugins/modules/role_member_info.ps1 +++ b/plugins/modules/role_member_info.ps1 @@ -47,7 +47,7 @@ try { } if ($null -ne $output) { - $resultData = ConvertTo-Json -InputObject $output -Depth 10 + $resultData = ConvertTo-Json -InputObject $output -Depth 10 -Compress -AsArray $module.Result.data = $resultData } From 21a0dad4136b575faba24d4d85e705eaa0efc6a4 Mon Sep 17 00:00:00 2001 From: Joe K Date: Thu, 22 Dec 2022 16:47:22 -0500 Subject: [PATCH 41/52] fix: json options --- plugins/modules/role_member_info.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/role_member_info.ps1 b/plugins/modules/role_member_info.ps1 index 1247b862..5f94afe8 100644 --- a/plugins/modules/role_member_info.ps1 +++ b/plugins/modules/role_member_info.ps1 @@ -47,7 +47,7 @@ try { } if ($null -ne $output) { - $resultData = ConvertTo-Json -InputObject $output -Depth 10 -Compress -AsArray + $resultData = ConvertTo-Json -InputObject $output -Depth 10 -Compress $module.Result.data = $resultData } From e7d2646fdd8a08a6ce945065afd2a8eead74bd7f Mon Sep 17 00:00:00 2001 From: Joe K Date: Thu, 22 Dec 2022 19:03:43 -0500 Subject: [PATCH 42/52] fix: string output --- plugins/modules/role_member_info.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/role_member_info.ps1 b/plugins/modules/role_member_info.ps1 index 5f94afe8..e986e35a 100644 --- a/plugins/modules/role_member_info.ps1 +++ b/plugins/modules/role_member_info.ps1 @@ -47,7 +47,7 @@ try { } if ($null -ne $output) { - $resultData = ConvertTo-Json -InputObject $output -Depth 10 -Compress + $resultData = ConvertTo-Json -InputObject $output -Depth 10 -Compress | Out-String $module.Result.data = $resultData } From c62591cf527f3a07dc9614520334c1d2efb8927a Mon Sep 17 00:00:00 2001 From: Joe K Date: Sun, 25 Dec 2022 10:47:02 -0500 Subject: [PATCH 43/52] test: server 2022 --- .github/workflows/ansible-test-windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ansible-test-windows.yml b/.github/workflows/ansible-test-windows.yml index e754516e..5b6e93af 100644 --- a/.github/workflows/ansible-test-windows.yml +++ b/.github/workflows/ansible-test-windows.yml @@ -47,7 +47,7 @@ jobs: fail-fast: false matrix: os: - - windows-2019 + - windows-2022 ansible: - stable-2.11 - stable-2.12 From ad04e629a89323c3cb68a62664b77b3f87cc11fd Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 26 Dec 2022 09:47:27 -0500 Subject: [PATCH 44/52] feat: enum as strings --- plugins/modules/role_member_info.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/role_member_info.ps1 b/plugins/modules/role_member_info.ps1 index e986e35a..7a0d4289 100644 --- a/plugins/modules/role_member_info.ps1 +++ b/plugins/modules/role_member_info.ps1 @@ -47,7 +47,7 @@ try { } if ($null -ne $output) { - $resultData = ConvertTo-Json -InputObject $output -Depth 10 -Compress | Out-String + $resultData = ConvertTo-Json -InputObject $output -Depth 10 -Compress -EnumsAsStrings | Out-String $module.Result.data = $resultData } From 4055b70ededa810bd1483d72e8e8cc094cf16c4d Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 26 Dec 2022 11:15:02 -0500 Subject: [PATCH 45/52] fix: string --- plugins/modules/role_member_info.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/modules/role_member_info.ps1 b/plugins/modules/role_member_info.ps1 index 7a0d4289..b9005026 100644 --- a/plugins/modules/role_member_info.ps1 +++ b/plugins/modules/role_member_info.ps1 @@ -47,8 +47,8 @@ try { } if ($null -ne $output) { - $resultData = ConvertTo-Json -InputObject $output -Depth 10 -Compress -EnumsAsStrings | Out-String - $module.Result.data = $resultData + $resultData = ConvertTo-Json -InputObject $output -Depth 10 -Compress + $module.Result.data = $resultData.ToString() } $module.ExitJson() From f6822ffd7b18bee1e1da0593022785c34937789c Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 26 Dec 2022 11:15:32 -0500 Subject: [PATCH 46/52] remove: redundant winrm step --- .github/workflows/ansible-test-windows.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/ansible-test-windows.yml b/.github/workflows/ansible-test-windows.yml index 5b6e93af..7fdbe480 100644 --- a/.github/workflows/ansible-test-windows.yml +++ b/.github/workflows/ansible-test-windows.yml @@ -81,11 +81,6 @@ jobs: $sb = [ScriptBlock]::Create((New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1')) & $sb -Verbose -ForceNewSSLCert 4>&1 - - name: Enable winrm - shell: powershell - run: | - winrm quickconfig -force - - name: Why is MongoDB running? Disable it. shell: powershell run: | From 15ec85dd95704870119ae42a31a5b2a274758520 Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 26 Dec 2022 11:15:33 -0500 Subject: [PATCH 47/52] remove: redundant winrm step From 62e8f46171d6eb3d7ce6809605a0fb476e875f19 Mon Sep 17 00:00:00 2001 From: Joe K Date: Mon, 26 Dec 2022 11:41:08 -0500 Subject: [PATCH 48/52] revert: winrm --- .github/workflows/ansible-test-windows.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/ansible-test-windows.yml b/.github/workflows/ansible-test-windows.yml index 7fdbe480..5b6e93af 100644 --- a/.github/workflows/ansible-test-windows.yml +++ b/.github/workflows/ansible-test-windows.yml @@ -81,6 +81,11 @@ jobs: $sb = [ScriptBlock]::Create((New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1')) & $sb -Verbose -ForceNewSSLCert 4>&1 + - name: Enable winrm + shell: powershell + run: | + winrm quickconfig -force + - name: Why is MongoDB running? Disable it. shell: powershell run: | From 9bae6b1c8a4c5158be771344defda522e5fe3ef4 Mon Sep 17 00:00:00 2001 From: Joe K Date: Tue, 27 Dec 2022 09:09:35 -0500 Subject: [PATCH 49/52] feat: serialize --- plugins/modules/role_member_info.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/modules/role_member_info.ps1 b/plugins/modules/role_member_info.ps1 index b9005026..0462ec26 100644 --- a/plugins/modules/role_member_info.ps1 +++ b/plugins/modules/role_member_info.ps1 @@ -47,8 +47,8 @@ try { } if ($null -ne $output) { - $resultData = ConvertTo-Json -InputObject $output -Depth 10 -Compress - $module.Result.data = $resultData.ToString() + $resultData = ConvertTo-SerializableObject -InputObject $output + $module.Result.data = $resultData } $module.ExitJson() From 2d02303e4f37face5386282094e5eaff339fcf11 Mon Sep 17 00:00:00 2001 From: Joe K Date: Fri, 10 Mar 2023 12:00:02 -0500 Subject: [PATCH 50/52] remove: role info --- plugins/modules/role_member.ps1 | 7 ------- 1 file changed, 7 deletions(-) diff --git a/plugins/modules/role_member.ps1 b/plugins/modules/role_member.ps1 index 2408501a..de86e197 100644 --- a/plugins/modules/role_member.ps1 +++ b/plugins/modules/role_member.ps1 @@ -43,13 +43,6 @@ $existingRoles = @() foreach ($roleObject in $existingRoleObjects) { $existingRoles += $roleObject.role } -# Always return a list of existing roles if any exist -if ($null -ne $existingRoleObjects) { - $module.Result.existingRoles = $existingRoles -} -else { - $module.Result.noRoles = "'$username' doesn't have any existing roles assigned on '$database'" -} if ($state -eq "absent") { # loop through all roles to remove and see if any are assigned to the user From a497097f3b9880271357baa63602153bd3839dd1 Mon Sep 17 00:00:00 2001 From: Joe K Date: Fri, 10 Mar 2023 12:00:45 -0500 Subject: [PATCH 51/52] Update plugins/modules/role_member_info.py Co-authored-by: John McCall --- plugins/modules/role_member_info.py | 1 - 1 file changed, 1 deletion(-) diff --git a/plugins/modules/role_member_info.py b/plugins/modules/role_member_info.py index c3c2b6f8..1603ee1c 100644 --- a/plugins/modules/role_member_info.py +++ b/plugins/modules/role_member_info.py @@ -46,7 +46,6 @@ database: InternProject1 role: db_datareader, db_datawriter - - name: Return all roles for user 'TheIntern' on the 'InternProject1' DB lowlydba.sqlserver.role_member_info: sql_instance: sql-01.myco.io From 5334e6b423df20d59f9cf6c7decf29293982c77f Mon Sep 17 00:00:00 2001 From: Joe K Date: Fri, 10 Mar 2023 12:06:21 -0500 Subject: [PATCH 52/52] Update tests/integration/targets/role_member/tasks/main.yml Co-authored-by: John McCall --- tests/integration/targets/role_member/tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/integration/targets/role_member/tasks/main.yml b/tests/integration/targets/role_member/tasks/main.yml index d7c41d51..212be3eb 100644 --- a/tests/integration/targets/role_member/tasks/main.yml +++ b/tests/integration/targets/role_member/tasks/main.yml @@ -63,6 +63,9 @@ - assert: that: - result is changed + - result.data.SqlInstance != None + - result.data.Database == "{{ database }}" + - result.data.UserName == "{{ username }}" - name: Add roles for the user in checkmode lowlydba.sqlserver.role_member: