Scrub the existing cmdlets and make sure the all offer the -Encrypt, -AccessToken, -TrustServerCertificate, ... parameters

microsoft / SQLServerPSModule

This repo is the home of SQL Server PowerShell Module development.

MIT License

51 stars 1 forks source link

Scrub the existing cmdlets and make sure the all offer the -Encrypt, -AccessToken, -TrustServerCertificate, ... parameters #33

Open Matteo-T opened 1 year ago

Matteo-T commented 1 year ago

In v22.0.57, I may have missed a few (e.g. Enable-SqlAlwaysOn and Disable-SqlAlwaysOn).

It would be nice to complete the list in some v22 update.

potatoqualitee commented 1 year ago

We handle this through a config system. Seems like that'd be a more maintainable solution for you all.

Matteo-T commented 1 year ago

What's the definition of "config system"?

potatoqualitee commented 1 year ago

In our module, we use Get-DbatoolsConfig and Set-DbatoolsConfig and Register-DbatoolsConfig which saves to a JSON file or the registry. @FriedrichWeinmann created it for us and it's now included in his PSFramework module and is all in C#

We allow users to save the config in their current session (Set) or for all sessions (Register)

Set-DbatoolsConfig -Name Import.EncryptionMessageCheck -Value $false -PassThru | Register-DbatoolsConfig

Oh, looks like we have way more commands than that, like import and export 😅

https://dbatools.io/configuration/

HTH

potatoqualitee commented 1 year ago

omg where can i report this bot

Edit: reported as malware

potatoqualitee commented 1 year ago

This is how we handle it @Matteo-T

https://blog.netnerds.net/2023/03/new-defaults-for-sql-server-connections-encryption-trust-certificate/

# Set defaults just for this session
Set-DbatoolsConfig -FullName sql.connection.trustcert -Value $true
Set-DbatoolsConfig -FullName sql.connection.encrypt -Value $false

# Set these defaults for all future sessions on this machine
Set-DbatoolsConfig -FullName sql.connection.trustcert -Value $true -Register
Set-DbatoolsConfig -FullName sql.connection.encrypt -Value $false -Register

Matteo-T commented 1 year ago

Yeah - I was thinking about having something like that while talking to the go-sqcmd folks. Maybe I'll revisit and add it.

potatoqualitee commented 1 year ago

bravo GH and Microsoft, that bot is gone 🙌🏼

potatoqualitee commented 1 year ago

feel free to take our design, @Matteo-T. We also include the things found in the SSMS connection panel.

Matteo-T commented 1 year ago

bravo GH and Microsoft, that bot is gone 🙌🏼

Actually, I just deleted those bot-things myself. :-)

SQLDBAWithABeard commented 1 year ago

feel free to take our design, @Matteo-T. We also include the things found in the SSMS connection panel.

I'm pretty sure that this goes for any dbatools/dbachecks code @Matteo-T - No need to reinvent the wheel.

Pxtl commented 1 year ago

This would be glorious. Being able to register "okay, for this database, use these connection settings going forwards" would be wonderful.

I just updated my team's internal devops infrastructure powershell module that we use for all our standard devops operations. Properly exposing the new -TrustServerCertificate param required a change that's -170 +270. Being able to just say "okay, these are internal development machines and failovers and don't have public certs, they have to be trusted" vs "this is the public prod server, you should verify the cert chain before connecting" in a single config site would be ideal.