Sync-DbaLoginPassword - command to sync passwords based on hashed value

[wsmelton]

Includes bumping the version of PSSA, so some commands not being caught before with formatting issues are included in this PR.

• Please confirm you have the smaller repo (85MB .git directory vs 275MB or 110MB or 185MB .git directory)

Type of Change

• Bug fix (non-breaking change, fixes Set-DbaLogin - processing all logins even if you only pass in one #8980 )
• New feature (non-breaking change, adds functionality, fixes Sync-DbaLoginPassword - Support for sync SQL Login passwords between instances #1032 )
• Breaking change (affects multiple commands or functionality, fixes # )
• Ran manual Pester test and has passed (.\tests\manual.pester.ps1)
• Adding code coverage to existing functionality
• Pester test is included
• If new file reference added for test, has is been added to github.com/dataplat/appveyor-lab ?
• Unit test is included
• Documentation
• Build system

Purpose

Adding functionality to support syncing passwords between instances using a hashed password value.

Approach

Internal function added Get-LoginPasswordHash that uses T-SQL from Microsoft in the sp_help_revlogin to grab the hashed password value.

A number of updates to Set-DbaLogin to improve performance but also a new parameter, -PasswordHash, that allows it to handle setting the password by hash. It belongs in that command, and makes it where it can be used outside of the sync process if user desires.

This provides support for adding password sync to Sync-DbaAvailabiltyGroup now if anyone wishes.

Commands to test

Test included

Screenshots

Learning

https://learn.microsoft.com/en-us/troubleshoot/sql/database-engine/security/transfer-logins-passwords-between-instances

[andreasjordan]

In case you have not seen it: AppVeyor says: Get-LoginPasswordHash.ps1 is not compliant with the OTBS formatting style

[wsmelton]

The Set command runs fine on local instances for piping support. I'm giving up fixing tests at this point because it would be to many changes on this PR>

[potatoqualitee]

if its 100% failure every time, that usually does point to something. could some sort of use of "localhost" be an issue?

[wsmelton]

Why would splatting affect piping?

[wsmelton]

Yeah, what I figured. I removed my changes to the command and it still fails just like the snapshot command (that isn't touched in this PR).

[potatoqualitee]

k, rerunning just the fialed commands! I got a new code signing cert and will be margining singing this today.

[potatoqualitee]

aw nooo, there are conflicts 😭 i will hae to return to this one later but i do very much want the changes in there

[potatoqualitee]

lol this is getting worse, ill fix it when i have a chunk of time <3

[andreasjordan]

There are so many changes in this PR that are not replated to the titel "Sync-DbaLoginPassword - command to sync passwords based on hashed value". @wsmelton : Maybe you can split this PR and move all the formatting stoff in a new PR?

[wsmelton]

The fault is our testing so all the changes in this PR are related to the PR context where I attempt to have the tests pass for the branch.

[potatoqualitee]

hey @wsmelton -- i got most things fixed except this one

Describe : Set-DbaDbOwner Integration Tests
Context  : Sets multiple database owners
Name     : It Sets the database owner on multiple databases
Result   : Failed
Message  : Expected 1, but got $null.

Any idea whats up?

[wsmelton]

Yeah that's the one that won't run correctly in Appeyor. That test runs fine locally.

[wsmelton]

I'm trying to figure out where I can get a lab spun up and will start working on this one again...