SqlDatabaseObjectPermission: Fixing issue with INSERT permissions (#2007

)

- SqlDatabaseObjectPermission
  - Added `foreach` loop in `Get-TargetResource` to fix issues with `INSERT`
    permissions when it's not the only permission on the table (issue #2006).

CHANGELOG.md

@@ -40,6 +40,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - New method ToString() for making verbose output better.
 - SqlAgDatabase
   - Remove unused help file ([issue #1745](https://github.com/dsccommunity/SqlServerDsc/issues/1745)).
+- SqlDatabaseObjectPermission
+  - Added `foreach` loop in `Get-TargetResource` to fix issues with `INSERT`
+    permissions when it's not the only permission on the table ([issue [#2006](https://github.com/dsccommunity/SqlServerDsc/issues/2006)]).
 - `Install-SqlDscServer`
   - No longer throws with duplicate parameter error if the parameter
     `ErrorAction` is passed to the command.

source/DSCResources/DSC_SqlDatabaseObjectPermission/DSC_SqlDatabaseObjectPermission.psm1

@@ -150,9 +150,12 @@ function Get-TargetResource
                 # Loop through each property to see if it is set to $true
                 foreach ($currentPermissionProperty in $permissionProperties)
                 {
-                    if ($true -in $currentObjectPermissions.PermissionType.$currentPermissionProperty)
+                    foreach ($objectPermission in $currentObjectPermissions)
                     {
-                        $currentObjectPermissionNames += $currentPermissionProperty
+                        if ($true -in $objectPermission.PermissionType[0].$currentPermissionProperty)
+                        {
+                            $currentObjectPermissionNames += $currentPermissionProperty
+                        }
                     }
                 }
 

tests/Integration/Resources/DSC_SqlDatabaseObjectPermission.Integration.Tests.ps1

@@ -432,16 +432,19 @@ Describe "$($script:dscResourceName)_Integration" -Tag @('Integration_SQL2016',
             $resourceCurrentState.ObjectType | Should -Be 'Table'
             $resourceCurrentState.Name | Should -Be $ConfigurationData.AllNodes.User1_Name
 
-            $resourceCurrentState.Permission | Should -HaveCount 3
+            $resourceCurrentState.Permission | Should -HaveCount 4
             $resourceCurrentState.Permission[0] | Should -BeOfType 'CimInstance'
             $resourceCurrentState.Permission[1] | Should -BeOfType 'CimInstance'
             $resourceCurrentState.Permission[2] | Should -BeOfType 'CimInstance'
+            $resourceCurrentState.Permission[2] | Should -BeOfType 'CimInstance'
 
             $grantPermission = $resourceCurrentState.Permission.Where( { $_.State -eq 'Grant' })
             $grantPermission | Should -Not -BeNullOrEmpty
-            $grantPermission.Ensure | Should -Be 'Present'
-            $grantPermission.Permission | Should -HaveCount 1
+            $grantPermission.Ensure[0] | Should -Be 'Present'
+            $grantPermission.Ensure[1] | Should -Be 'Present'
+            $grantPermission.Permission | Should -HaveCount 2
             $grantPermission.Permission | Should -Contain @('Select')
+            $grantPermission.Permission | Should -Contain @('Insert')
 
             $grantPermission = $resourceCurrentState.Permission.Where( { $_.State -eq 'Deny' })
             $grantPermission | Should -Not -BeNullOrEmpty

tests/Integration/Resources/DSC_SqlDatabaseObjectPermission.config.ps1

@@ -354,6 +354,12 @@ Configuration DSC_SqlDatabaseObjectPermission_Multiple_Grant_Config
                     Permission = 'Select'
                 }
 
+                DSC_DatabaseObjectPermission
+                {
+                    State      = 'Grant'
+                    Permission = 'Insert'
+                }
+
                 DSC_DatabaseObjectPermission
                 {
                     State      = 'Deny'

tests/Unit/DSC_SqlDatabaseObjectPermission.Tests.ps1

@@ -183,7 +183,7 @@ Describe 'SqlDatabaseObjectPermission\Get-TargetResource' -Tag 'Get' {
                                     Add-Member -MemberType NoteProperty -Name 'Delete' -Value $false -PassThru |
                                     Add-Member -MemberType NoteProperty -Name 'Execute' -Value $false -PassThru |
                                     Add-Member -MemberType NoteProperty -Name 'Impersonate' -Value $false -PassThru |
-                                    Add-Member -MemberType NoteProperty -Name 'Insert' -Value $false -PassThru |
+                                    Add-Member -MemberType NoteProperty -Name 'Insert' -Value $true -PassThru |
                                     Add-Member -MemberType NoteProperty -Name 'Receive' -Value $false -PassThru |
                                     Add-Member -MemberType NoteProperty -Name 'References' -Value $false -PassThru |
                                     Add-Member -MemberType NoteProperty -Name 'Select' -Value $true -PassThru |
@@ -224,6 +224,16 @@ Describe 'SqlDatabaseObjectPermission\Get-TargetResource' -Tag 'Get' {
                     } `
                     -ClientOnly
 
+                $cimInstancePermissionCollection += New-CimInstance `
+                    -ClassName 'DSC_DatabaseObjectPermission' `
+                    -Namespace 'root/microsoft/Windows/DesiredStateConfiguration' `
+                    -Property @{
+                        State      = 'Grant'
+                        Permission = 'Insert'
+                        Ensure     = '' # Must be empty string to hit a line in the code.
+                    } `
+                    -ClientOnly
+
                 $script:mockGetTargetResourceParameters = @{
                     InstanceName = 'DSCTEST'
                     DatabaseName = 'AdventureWorks'
@@ -258,17 +268,20 @@ Describe 'SqlDatabaseObjectPermission\Get-TargetResource' -Tag 'Get' {
 
                 $getTargetResourceResult = Get-TargetResource @mockGetTargetResourceParameters
 
-                $getTargetResourceResult.Permission | Should -HaveCount 2
+                $getTargetResourceResult.Permission | Should -HaveCount 3
                 $getTargetResourceResult.Permission[0] | Should -BeOfType 'CimInstance'
                 $getTargetResourceResult.Permission[1] | Should -BeOfType 'CimInstance'
+                $getTargetResourceResult.Permission[2] | Should -BeOfType 'CimInstance'
 
                 $grantPermission = $getTargetResourceResult.Permission | Where-Object -FilterScript { $_.State -eq 'Grant' }
                 $grantPermission | Should -Not -BeNullOrEmpty
                 $grantPermission.Ensure[0] | Should -Be 'Present'
                 $grantPermission.Ensure[1] | Should -Be 'Present'
-                $grantPermission.Permission | Should -HaveCount 2
+                $grantPermission.Ensure[2] | Should -Be 'Present'
+                $grantPermission.Permission | Should -HaveCount 3
                 $grantPermission.Permission | Should -Contain @('Select')
                 $grantPermission.Permission | Should -Contain @('Update')
+                $grantPermission.Permission | Should -Contain @('Insert')
             }
         }
     }
@@ -596,6 +609,12 @@ Describe 'SqlDatabaseObjectPermission\Test-TargetResource' -Tag 'Test' {
                 -PermissionState 'Grant' `
                 -Ensure 'Present'
 
+            # Checking that Insert comes back as expected
+            $cimInstancePermissionCollection += ConvertTo-CimDatabaseObjectPermission `
+                -Permission 'Insert' `
+                -PermissionState 'Grant' `
+                -Ensure 'Present'
+
             $script:mockTestTargetResourceParameters = @{
                 InstanceName = 'sql2014'
                 DatabaseName = 'AdventureWorks'