search

dataplat / dbatools

🚀 SQL Server automation and instance migrations have never been safer, faster or freer
https://dbatools.io
MIT License
2.39k stars 787 forks source link

New-DbaCredential doesn't respect -ProviderName #9265

Closed george-palacios-sb closed 1 month ago

george-palacios-sb commented 4 months ago

Verified issue does not already exist?

I have searched and found no existing issue

What error did you receive?

No explicit error returned.

The issue is that when running the command, the parameter $ProviderName does not seem to be used, so after the credential is created it is not set to use the provider specified.

Steps to Reproduce

# provide your command(s) executed pertaining to dbatools
# please include variable values (redacted or fake if needed) for reference
$SqlServer = Connect-DbaInstance 'SomeInstance'
$TDEVaultKeyName = "SomeKeyVaultName"
$SecurePassword = (ConvertTo-SecureString -String "SomeString" -AsPlainText -Force)

New-DbaCredential -SqlInstance $SqlServer -Name 'sysadmin_ekm_cred' -Identity $TDEKeyVaultName -SecurePassword $FinalTDESecret -ProviderName 'AzureKeyVault_EKM'

 Get-DbaCredential -SqlInstance $SqlServer -Credential sysadmin_ekm_cred

The provider has previously been set up and appears correctly within SQL Server itself.

The results returned from Get-DbaCredential then include a blank provider, which is mirrored within SQL Server itself.

Please confirm that you are running the most recent version of dbatools

2.1.8

Other details or mentions

No response

What PowerShell host was used when producing this error

PowerShell Core (pwsh.exe)

PowerShell Host Version

Name Value

PSVersion 7.4.0 PSEdition Core GitCommitId 7.4.0 OS Microsoft Windows 10.0.17763 Platform Win32NT PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…} PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 WSManStackVersion 3.0

SQL Server Edition and Build number

Microsoft SQL Server 2016 (SP3-GDR) (KB5029186) - 13.0.6435.1 (X64) Jul 30 2023 19:53:42 Copyright (c) Microsoft Corporation Enterprise Edition: Core-based Licensing (64-bit) on Windows Server 2019 Datacenter 10.0 (Build 17763: ) (Hypervisor)

.NET Framework Version

PSChildName Version

v2.0.50727 2.0.50727.4927 v3.0 3.0.30729.4926 Windows Communication Foundation 3.0.4506.4926 Windows Presentation Foundation 3.0.6920.4902 v3.5 3.5.30729.4926 Client 4.8.03761 Full 4.8.03761 Client 4.0.0.0

andreasjordan commented 3 months ago

Let me copy the relevant code to show where "ProviderName" is use:

$server = Connect-DbaInstance -SqlInstance $instance -SqlCredential $SqlCredential
$instancecredential = New-Object Microsoft.SqlServer.Management.Smo.Credential -ArgumentList $server, $Name
try {
    $instancecredential.MappedClassType = $mappedClass
} catch {
    Add-Member -Force -InputObject $instancecredential -MemberType NoteProperty -Name MappedClassType -Value $mappedClass
}
$instancecredential.ProviderName = $ProviderName
$instancecredential.Create($Identity, $SecurePassword)

So $ProviderName is set to the property of the object.

May you can use this code to do a deeper analysis - as I don't have a lab with that provider set up.

There might be a bug in the SMO code, I will try to link the relevant code here later.

andreasjordan commented 3 months ago

This should be the related class: https://github.com/microsoft/sqlmanagementobjects/blob/main/src/Microsoft/SqlServer/Management/Smo/CredentialBase.cs

Maybe you can also trace the SQL Server to get the actual sql command that the SMO is running to create the credential.

You could also move $instancecredential.ProviderName = $ProviderName up some lines to have this set first.

For now, that's all the help I can provide.

andreasjordan commented 3 months ago

@george-palacios-sb - are you able to further analyse the problem with the code I provided?

andreasjordan commented 1 month ago

Will close this now, but can reopen if needed.