From 9d3a2ae1f757b77d73210b7f8283258cd52aae42 Mon Sep 17 00:00:00 2001 From: jpomfret Date: Fri, 17 Feb 2023 11:34:41 +0000 Subject: [PATCH 1/4] start of qs --- source/checks/Databasev5.Tests.ps1 | 14 +++- .../functions/Get-AllDatabaseInfo.ps1 | 68 +++++++++---------- 2 files changed, 46 insertions(+), 36 deletions(-) diff --git a/source/checks/Databasev5.Tests.ps1 b/source/checks/Databasev5.Tests.ps1 index 549f860c..5a9a1c03 100644 --- a/source/checks/Databasev5.Tests.ps1 +++ b/source/checks/Databasev5.Tests.ps1 @@ -34,7 +34,7 @@ BeforeDiscovery { $__dbcconfig = Get-DbcConfig } -# Each Test will have a -ForEach for the Instances and the InstancesToTest object will have a +# Each Test will have a -ForEach for the Instances and the InstancesToTest object will have a # lot of information gathered up front to reduce trips and connections to the database @@ -191,4 +191,14 @@ Describe "Database Status" -Tag DatabaseStatus, High, Database -ForEach $Instanc $psitem.Status | Should -Not -Match 'Suspect' -Because "We expect that there will be no databases in a Suspect state" } } -} \ No newline at end of file +} + +Describe "Query Store Enabled" -Tag QueryStoreEnabled, Medium, Database -ForEach $InstancesToTest { + $skip = ($__dbcconfig | Where-Object { $_.Name -eq 'skip.security.querystoreenabled' }).Value + + Context "Testing to see if Query Store is enabled on <_.Name>" { + It "Database <_.Name> should have Query Store enabled on <_.SqlInstance>" -Skip:$skip -ForEach $psitem.Databases.Where{ if ($Database) { $_.Name -in $Database } else { $psitem.ConfigValues.querystoreenabledexclude -notcontains $PsItem.Name } } { + $psitem.QsEnabled | Should -Not -BeIn ('OFF', 'ERROR') -Because "We expect the Query Store to be enabled" + } + } +} diff --git a/source/internal/functions/Get-AllDatabaseInfo.ps1 b/source/internal/functions/Get-AllDatabaseInfo.ps1 index 97c7239a..24928040 100644 --- a/source/internal/functions/Get-AllDatabaseInfo.ps1 +++ b/source/internal/functions/Get-AllDatabaseInfo.ps1 @@ -62,12 +62,13 @@ function Get-AllDatabaseInfo { 'AutoShrink' { $autoshrink = $true - $ConfigValues | Add-Member -MemberType NoteProperty -Name 'autoshrink' -Value (Get-DbcConfigValue policy.database.autoshrink) + $ConfigValues | Add-Member -MemberType NoteProperty -Name 'autoshrink' -Value (Get-DbcConfigValue policy.database.autoshrink) $ConfigValues | Add-Member -MemberType NoteProperty -Name 'autoshrinkexclude' -Value (Get-DbcConfigValue policy.autoshrinke.excludedb) } 'ValidDatabaseOwner' { $owner = $true + $dbOwner = $ConfigValues | Add-Member -MemberType NoteProperty -Name 'validdbownername' -Value (Get-DbcConfigValue policy.validdbowner.name) $ConfigValues | Add-Member -MemberType NoteProperty -Name 'validdbownerexclude' -Value (Get-DbcConfigValue policy.validdbowner.excludedb) } @@ -118,49 +119,48 @@ function Get-AllDatabaseInfo { } 'DatabaseStatus' { $status = $true - $ConfigValues | Add-Member -MemberType NoteProperty -Name 'excludereadonly' -Value (Get-DbcConfigValue policy.database.status.excludereadonly) - $ConfigValues | Add-Member -MemberType NoteProperty -Name 'excludeoffline' -Value (Get-DbcConfigValue policy.database.status.excludeoffline) - $ConfigValues | Add-Member -MemberType NoteProperty -Name 'excluderestoring' -Value (Get-DbcConfigValue policy.database.status.excluderestoring) + $ConfigValues | Add-Member -MemberType NoteProperty -Name 'excludereadonly' -Value (Get-DbcConfigValue policy.database.status.excludereadonly) + $ConfigValues | Add-Member -MemberType NoteProperty -Name 'excludeoffline' -Value (Get-DbcConfigValue policy.database.status.excludeoffline) + $ConfigValues | Add-Member -MemberType NoteProperty -Name 'excluderestoring' -Value (Get-DbcConfigValue policy.database.status.excluderestoring) $ConfigValues | Add-Member -MemberType NoteProperty -Name 'statusexclude' -Value (Get-DbcConfigValue policy.database.statusexcludedb) - } - 'SymmetricKeyEncryptionLevel' { - $symmetrickey = $true - $ConfigValues | Add-Member -MemberType NoteProperty -Name 'symmetrickeyexclude' -Value (Get-DbcConfigValue policy.database.symmetrickeyencryptionlevelexcludedb) - + 'QueryStoreEnabled' { + $qsenabled = $true + $ConfigValues | Add-Member -MemberType NoteProperty -Name 'qsenabledexclude' -Value (Get-DbcConfigValue database.querystoreenabled.excludedb) } Default { } } #build the object $testInstanceObject = [PSCustomObject]@{ - ComputerName = $Instance.ComputerName - InstanceName = $Instance.DbaInstanceName - Name = $Instance.Name - ConfigValues = $ConfigValues # can we move this out to here? - Databases = $Instance.Databases.Foreach{ + ComputerName = $Instance.ComputerName + InstanceName = $Instance.DbaInstanceName + Name = $Instance.Name + ConfigValues = $ConfigValues # can we move this out to here? + Databases = $Instance.Databases.Foreach{ [PSCustomObject]@{ - Name = $psitem.Name - SqlInstance = $Instance.Name - Owner = if ($owner) { $psitem.owner } - ServerCollation = if ($collation) { $Instance.collation } - Collation = if ($collation) { $psitem.collation } - SuspectPage = if ($suspectPage) { (Get-DbaSuspectPage -SqlInstance $Instance -Database $psitem.Name | Measure-Object).Count } - ConfigValues = $ConfigValues # can we move this out? - AsymmetricKeySize = if ($asymmetrickey) { ($psitem.AsymmetricKeys | Where-Object { $_.KeyLength -lt 2048} | Measure-Object).Count } + Name = $psitem.Name + SqlInstance = $Instance.Name + Owner = @(if ($owner) { $psitem.owner }) + ServerCollation = @(if ($collation) { $Instance.collation }) + Collation = @(if ($collation) { $psitem.collation }) + SuspectPage = @(if ($suspectPage) { (Get-DbaSuspectPage -SqlInstance $Instance -Database $psitem.Name | Measure-Object).Count }) + ConfigValues = $ConfigValues # can we move this out? + AsymmetricKeySize = @(if ($asymmetrickey) { ($psitem.AsymmetricKeys | Where-Object { $_.KeyLength -lt 2048 } | Measure-Object).Count }) #AsymmetricKeySize = if ($asymmetrickey) { $psitem.AsymmetricKeys.KeyLength } # doing this I got $null if there wasn't a key so counting ones that are too short - AutoClose = if ($autoclose) { $psitem.AutoClose} - AutoCreateStatistics = if ($autocreatestats) { $psitem.AutoCreateStatisticsEnabled } - AutoUpdateStatistics = if ($autoupdatestats) { $psitem.AutoUpdateStatisticsEnabled } - AutoUpdateStatisticsAsync = if ($autoupdatestatsasync) { $psitem.AutoUpdateStatisticsAsync } - AutoShrink = if ($autoshrink) { $psitem.AutoShrink} - VLF = if ($vlf) { ($psitem.Query("DBCC LOGINFO") | Measure-Object).Count } - LogFileCount = if ($logfilecount) { ($psitem.LogFiles | Measure-Object).Count } - Trustworthy = if ($trustworthy) { $psitem.Trustworthy } - Status = if ($status) { $psitem.Status } - IsDatabaseSnapshot = if ($status) { $psitem.IsDatabaseSnapshot } # needed for status test - Readonly = if ($status) { $psitem.Readonly } # needed for status test - SymmetricKey = if ($symmetrickey) { ($psitem | where IsAccessible).SymmetricKeys } + AutoClose = @(if ($autoclose) { $psitem.AutoClose }) + AutoCreateStatistics = @(if ($autocreatestats) { $psitem.AutoCreateStatisticsEnabled }) + AutoUpdateStatistics = @(if ($autoupdatestats) { $psitem.AutoUpdateStatisticsEnabled }) + AutoUpdateStatisticsAsync = @(if ($autoupdatestatsasync) { $psitem.AutoUpdateStatisticsAsync }) + AutoShrink = @(if ($autoshrink) { $psitem.AutoShrink }) + VLF = @(if ($vlf) { ($psitem.Query("DBCC LOGINFO") | Measure-Object).Count }) + LogFileCount = @(if ($logfilecount) { ($psitem.LogFiles | Measure-Object).Count }) + Trustworthy = @(if ($trustworthy) { $psitem.Trustworthy }) + Status = @(if ($status) { $psitem.Status }) + IsDatabaseSnapshot = @(if ($status) { $psitem.IsDatabaseSnapshot }) # needed for status test + Readonly = @(if ($status) { $psitem.Readonly }) # needed for status test + QueryStoreEnabled = @(if ($qsenabled) { $psitem.QueryStoreOptions.ActualState }) + } } } From 40e228555fef882c1dd479d6e155832f9da3c2c0 Mon Sep 17 00:00:00 2001 From: jpomfret Date: Fri, 17 Feb 2023 11:34:56 +0000 Subject: [PATCH 2/4] qs config --- source/internal/configurations/configuration.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/source/internal/configurations/configuration.ps1 b/source/internal/configurations/configuration.ps1 index 12c409f8..278be232 100644 --- a/source/internal/configurations/configuration.ps1 +++ b/source/internal/configurations/configuration.ps1 @@ -164,6 +164,7 @@ Set-PSFConfig -Module dbachecks -Name policy.database.status.excluderestoring -V Set-PSFConfig -Module dbachecks -Name database.querystoreenabled.excludedb -Value @() -Initialize -Description "A List of databases that we do not want to check for Query Store enabled" Set-PSFConfig -Module dbachecks -Name database.querystoredisabled.excludedb -Value @() -Initialize -Description "A List of databases that we do not want to check for Query Store disabled" Set-PSFConfig -Module dbachecks -Name policy.database.filegrowthdaystocheck -Value $null -Initialize -Description "The number of days to go back to check for growth events" +Set-PSFConfig -Module dbachecks -Name policy.database.querystoreenabledexclude -Value @('msdb', 'tempdb', 'master') -Initialize -Description "A List of databases that we do not want to check for Query store" Set-PSFConfig -Module dbachecks -Name policy.database.trustworthyexcludedb -Value @('msdb') -Initialize -Description "A List of databases that we do not want to check for Trustworthy being on" Set-PSFConfig -Module dbachecks -Name policy.database.duplicateindexexcludedb -Value @('msdb', 'ReportServer', 'ReportServerTempDB') -Initialize -Description "A List of databases we do not want to check for Duplicate Indexes" Set-PSFConfig -Module dbachecks -Name policy.database.clrassembliessafeexcludedb -Value @() -Initialize -Description " A List of database what we do not want to check for SAFE CLR Assemblies" From 836d5e72baff8c89b7f05d6f05d36141261e98b9 Mon Sep 17 00:00:00 2001 From: jpomfret Date: Fri, 17 Feb 2023 12:24:54 +0000 Subject: [PATCH 3/4] querystoreenabled check --- source/checks/Databasev5.Tests.ps1 | 4 ++-- source/internal/configurations/configuration.ps1 | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/source/checks/Databasev5.Tests.ps1 b/source/checks/Databasev5.Tests.ps1 index 5a9a1c03..3882045a 100644 --- a/source/checks/Databasev5.Tests.ps1 +++ b/source/checks/Databasev5.Tests.ps1 @@ -197,8 +197,8 @@ Describe "Query Store Enabled" -Tag QueryStoreEnabled, Medium, Database -ForEach $skip = ($__dbcconfig | Where-Object { $_.Name -eq 'skip.security.querystoreenabled' }).Value Context "Testing to see if Query Store is enabled on <_.Name>" { - It "Database <_.Name> should have Query Store enabled on <_.SqlInstance>" -Skip:$skip -ForEach $psitem.Databases.Where{ if ($Database) { $_.Name -in $Database } else { $psitem.ConfigValues.querystoreenabledexclude -notcontains $PsItem.Name } } { - $psitem.QsEnabled | Should -Not -BeIn ('OFF', 'ERROR') -Because "We expect the Query Store to be enabled" + It "Database <_.Name> should have Query Store enabled on <_.SqlInstance>" -Skip:$skip -ForEach $psitem.Databases.Where{ if ($Database) { $_.Name -in $Database } else { $psitem.ConfigValues.qsenabledexclude -notcontains $PsItem.Name } } { + $psitem.QueryStoreEnabled | Should -Not -BeIn ('OFF', 'ERROR') -Because "We expect the Query Store to be enabled" } } } diff --git a/source/internal/configurations/configuration.ps1 b/source/internal/configurations/configuration.ps1 index 278be232..2cf602fb 100644 --- a/source/internal/configurations/configuration.ps1 +++ b/source/internal/configurations/configuration.ps1 @@ -161,10 +161,9 @@ Set-PSFConfig -Module dbachecks -Name policy.database.maxdop -Value 0 -Initializ Set-PSFConfig -Module dbachecks -Name policy.database.status.excludereadonly -Value @() -Initialize -Description "Database names that we expect to be readonly" Set-PSFConfig -Module dbachecks -Name policy.database.status.excludeoffline -Value @() -Initialize -Description "Database names that we expect to be offline" Set-PSFConfig -Module dbachecks -Name policy.database.status.excluderestoring -Value @() -Initialize -Description "Database names that we expect to be restoring" -Set-PSFConfig -Module dbachecks -Name database.querystoreenabled.excludedb -Value @() -Initialize -Description "A List of databases that we do not want to check for Query Store enabled" +Set-PSFConfig -Module dbachecks -Name database.querystoreenabled.excludedb -Value @('model', 'tempdb', 'master') -Initialize -Description "A List of databases that we do not want to check for Query Store enabled" Set-PSFConfig -Module dbachecks -Name database.querystoredisabled.excludedb -Value @() -Initialize -Description "A List of databases that we do not want to check for Query Store disabled" Set-PSFConfig -Module dbachecks -Name policy.database.filegrowthdaystocheck -Value $null -Initialize -Description "The number of days to go back to check for growth events" -Set-PSFConfig -Module dbachecks -Name policy.database.querystoreenabledexclude -Value @('msdb', 'tempdb', 'master') -Initialize -Description "A List of databases that we do not want to check for Query store" Set-PSFConfig -Module dbachecks -Name policy.database.trustworthyexcludedb -Value @('msdb') -Initialize -Description "A List of databases that we do not want to check for Trustworthy being on" Set-PSFConfig -Module dbachecks -Name policy.database.duplicateindexexcludedb -Value @('msdb', 'ReportServer', 'ReportServerTempDB') -Initialize -Description "A List of databases we do not want to check for Duplicate Indexes" Set-PSFConfig -Module dbachecks -Name policy.database.clrassembliessafeexcludedb -Value @() -Initialize -Description " A List of database what we do not want to check for SAFE CLR Assemblies" From 3935ac30c6f75b213555db24e67da585aa8b00b8 Mon Sep 17 00:00:00 2001 From: jpomfret Date: Fri, 17 Feb 2023 12:26:21 +0000 Subject: [PATCH 4/4] cleanup --- source/internal/functions/Get-AllDatabaseInfo.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/source/internal/functions/Get-AllDatabaseInfo.ps1 b/source/internal/functions/Get-AllDatabaseInfo.ps1 index 24928040..b47b4200 100644 --- a/source/internal/functions/Get-AllDatabaseInfo.ps1 +++ b/source/internal/functions/Get-AllDatabaseInfo.ps1 @@ -68,7 +68,6 @@ function Get-AllDatabaseInfo { 'ValidDatabaseOwner' { $owner = $true - $dbOwner = $ConfigValues | Add-Member -MemberType NoteProperty -Name 'validdbownername' -Value (Get-DbcConfigValue policy.validdbowner.name) $ConfigValues | Add-Member -MemberType NoteProperty -Name 'validdbownerexclude' -Value (Get-DbcConfigValue policy.validdbowner.excludedb) }