dataplat
diff --git a/‎Perf Testing pesterv5.ps1
Lines changed: 4 additions & 4 deletions b/‎Perf Testing pesterv5.ps1
Lines changed: 4 additions & 4 deletions
diff --git a/‎Validate v4 adn v5.ps1
Lines changed: 15 additions & 2 deletions b/‎Validate v4 adn v5.ps1
Lines changed: 15 additions & 2 deletions
diff --git a/‎checks/Databasev5.Tests.ps1
Lines changed: 66 additions & 57 deletions b/‎checks/Databasev5.Tests.ps1
Lines changed: 66 additions & 57 deletions
diff --git a/‎checks/Instancev5.Tests.ps1
Lines changed: 30 additions & 1 deletion b/‎checks/Instancev5.Tests.ps1
Lines changed: 30 additions & 1 deletion
@@ -14,8 +14,8 @@ ipmo ./dbachecks.psd1
 
 #
 
-$Checks = 'TraceFlagsExpected','TwoDigitYearCutoff','MaxDopInstance','ErrorLogCount','ModelDbGrowth','DefaultBackupCompression','SaExist','SaDisabled','SaRenamed','DefaultFilePath','AdHocDistributedQueriesEnabled','AdHocWorkload',  'DefaultTrace', 'OleAutomationProceduresDisabled', 'CrossDBOwnershipChaining', 'ScanForStartupProceduresDisabled', 'RemoteAccessDisabled', 'SQLMailXPsDisabled', 'DAC', 'OLEAutomation'
-
+$Checks = 'XpCmdShellDisabled','WhoIsActiveInstalled','CLREnabled','TraceFlagsNotExpected','TraceFlagsExpected','TwoDigitYearCutoff','MaxDopInstance','ErrorLogCount','ModelDbGrowth','DefaultBackupCompression','SaExist','SaDisabled','SaRenamed','DefaultFilePath','AdHocDistributedQueriesEnabled','AdHocWorkload',  'DefaultTrace', 'OleAutomationProceduresDisabled', 'CrossDBOwnershipChaining', 'ScanForStartupProceduresDisabled', 'RemoteAccessDisabled', 'SQLMailXPsDisabled', 'DAC', 'OLEAutomation'
+$Checks = 'XpCmdShellDisabled'
 
 <#
 When there are default skips (some of the CIS checks) we need to set the configs and check
@@ -64,7 +64,7 @@ function Compare-CheckRuns {
 param($Checks)
 $password = ConvertTo-SecureString "dbatools.IO" -AsPlainText -Force
 $cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "sqladmin", $password
-$Sqlinstances = 'localhost,14333', 'localhost,14334' #'localhost,7401', 'localhost,7402', 'localhost,7403'
+$Sqlinstances = 'localhost,7401', 'localhost,7402', 'localhost,7403'
 
 $originalCode = {
     Invoke-DbcCheck -SqlInstance $Sqlinstances -Check $Checks -SqlCredential $cred -legacy $true -Show None
@@ -101,5 +101,5 @@ Write-PSFMessage -Message $savingMessage -Level Output
 }
 
 
-$Checks = 'DbaOperator'
+# $Checks = 'DbaOperator'
 Compare-CheckRuns -Checks $checks
@@ -15,8 +15,8 @@ RUN THIS SECTION MANUALLY IF YOU JUST IMPORT THE FUNCTION BELOW!
 
     ipmo ./dbachecks.psd1
 
-$Checks = 'TraceFlagsExpected','TwoDigitYearCutoff','MaxDopInstance','ErrorLogCount','ModelDbGrowth','DefaultBackupCompression','SaExist','SaDisabled','SaRenamed','DefaultFilePath','AdHocDistributedQueriesEnabled','AdHocWorkload',  'DefaultTrace', 'OleAutomationProceduresDisabled', 'CrossDBOwnershipChaining', 'ScanForStartupProceduresDisabled', 'RemoteAccessDisabled', 'SQLMailXPsDisabled', 'DAC', 'OLEAutomation'
-$Checks = 'DatabaseMailEnabled'
+$Checks = 'WhoIsActiveInstalled','CLREnabled','TraceFlagsNotExpected','TraceFlagsExpected','TwoDigitYearCutoff','MaxDopInstance','ErrorLogCount','ModelDbGrowth','DefaultBackupCompression','SaExist','SaDisabled','SaRenamed','DefaultFilePath','AdHocDistributedQueriesEnabled','AdHocWorkload',  'DefaultTrace', 'OleAutomationProceduresDisabled', 'CrossDBOwnershipChaining', 'ScanForStartupProceduresDisabled', 'RemoteAccessDisabled', 'SQLMailXPsDisabled', 'DAC', 'OLEAutomation'
+$Checks = 'WhoIsActiveInstalled'
 Compare-v4andv5Results -Checks $Checks 
 
 # if you need to see the details to see why the results are different
@@ -54,6 +54,18 @@ Enable-DbaTraceFlag -SqlInstance $Sqlinstances -SqlCredential $cred -TraceFlag 1
 Disable-DbaTraceFlag -SqlInstance $Sqlinstances -SqlCredential $cred -TraceFlag 1117,1118
 Disable-DbaTraceFlag -SqlInstance $Sqlinstances -SqlCredential $cred -TraceFlag 1118
 
+Get-DbcConfigValue policy.traceflags.expected
+Get-DbcConfigValue policy.traceflags.notexpected
+Get-DbaTraceFlag -SqlInstance $Sqlinstances -SqlCredential $cred
+Set-DbcConfig policy.traceflags.expected -Value 1117,1118
+Set-DbcConfig policy.traceflags.notexpected -Value 1117,1118
+Set-DbcConfig policy.traceflags.expected -Value $null
+Set-DbcConfig policy.traceflags.notexpected -Value $null
+
+Enable-DbaTraceFlag -SqlInstance $Sqlinstances -SqlCredential $cred -TraceFlag 1117,1118
+Disable-DbaTraceFlag -SqlInstance $Sqlinstances -SqlCredential $cred -TraceFlag 1117,1118
+Disable-DbaTraceFlag -SqlInstance $Sqlinstances -SqlCredential $cred -TraceFlag 1118
+
 #>
 
 # Load the function below and then you can keep running the checks defined above in v4 and v5 and compare the performance
@@ -117,6 +129,7 @@ and
 For v5 we ran
 {1} tests
 The MOST COMMON REASON IS you have used Tags instead of Tag in your Describe block
+but TraceFlagsNotExpected will change that also
     " -f $v4code.TotalCount, ($v5code.TotalCount - $v5code.NotRunCount)
         Write-PSFMessage -Message $Message -Level Warning
     }
 
@@ -1,33 +1,6 @@
 # So the v5 files need to be handled differently.
-# Ww will start with a BeforeDiscovery which for the Database Checks will need to gather the Instances up front
+# Ww will start with a BeforeDiscovery , $Filename which for the Database Checks will need to gather the Instances up front
 BeforeDiscovery {
-    <#
-    . $PSScriptRoot/../internal/assertions/Database.Assertions.ps1
-    [array]$ExcludedDatabases = Get-DbcConfigValue command.invokedbccheck.excludedatabases
-    $ExcludedDatabases += $ExcludeDatabase
-    [string[]]$NotContactable = (Get-PSFConfig -Module dbachecks -Name global.notcontactable).Value
-    
-    $InstancesToTest = @(Get-Instance).ForEach{
-        # just add it to the Not Contactable list
-        if ($NotContactable -notcontains $psitem) {
-            $Instance = $psitem
-            try {
-                $InstanceSMO = Connect-DbaInstance  -SqlInstance $Instance -ErrorAction SilentlyContinue -ErrorVariable errorvar
-            } catch {
-                $NotContactable += $Instance
-            }
-            if ($NotContactable -notcontains $psitem) {
-                if ($null -eq $InstanceSMO.version) {
-                    $NotContactable += $Instance
-                } else {
-                    $InstanceSMO
-                }
-            }
-        }
-    }
-    Write-PSFMessage -Message "Instances = $InstancesToTest" -Level Significant
-    Set-PSFConfig -Module dbachecks -Name global.notcontactable -Value $NotContactable
-    #>
 
         # Gather the instances we know are not contactable
         [string[]]$NotContactable = (Get-PSFConfig -Module dbachecks -Name global.notcontactable).Value
@@ -62,52 +35,88 @@ BeforeDiscovery {
 
 # Each Test will have a -ForEach for the Instances and the InstancesToTest object will have a 
 # lot of information gathered up front to reduce trips and connections to the database
+
+
 <#
 
-Describe "Database Collation" -Tag DatabaseCollation, High, Database -ForEach $InstancesToTest {
-    BeforeAll {
-        $Wrongcollation = Get-DbcConfigValue policy.database.wrongcollation
-        $exclude = "ReportingServer", "ReportingServerTempDB"
-        $exclude += $Wrongcollation
-        $exclude += $ExcludedDatabases
+- copy in test
+- add skip  after describe
+    $skip = Get-DbcConfigValue skip.database.databasecollation
+    add to IT -Skip:$skip
+#>
+
 
+
+Describe "Suspect Page" -Tag SuspectPage, High , Database -ForEach $InstancesToTest {
+    $skip = Get-DbcConfigValue skip.database.suspectpage
+    Context "Testing suspect pages on <_.Name>" {
+        It "Database <_.Name> should return 0 suspect pages on <_.SqlInstance>" -Skip:$skip -ForEach $psitem.Databases.Where{ if ($Database) { $_.Name -in $Database } else { $psitem.ConfigValues.suspectpageexclude -notcontains $PsItem.Name } } {
+            $psitem.SuspectPage | Should -Be 0 -Because "You do not want any suspect pages"
+        }
     }
+}
 
+Describe "Database Collation" -Tag DatabaseCollation, High, Database -ForEach $InstancesToTest {
     Context "Testing database collation on <_.Name>" {
-        It "Database <_.Database> collation <_.DatabaseCollation> should match server collation <_.ServerCollation> on <_.SqlInstance>" -ForEach @(Test-DbaDbCollation -SqlInstance $psitem -Database $Database -ExcludeDatabase $exclude) {
-            $psitem.ServerCollation | Should -Be $psitem.DatabaseCollation -Because "You will get collation conflict errors in tempdb"
+        $skip = Get-DbcConfigValue skip.database.databasecollation
+        It "Database <_.Name> collation <_.Collation> should match server collation <_.ServerCollation> on <_.SqlInstance>" -Skip:$skip -ForEach $psitem.Databases.Where{ if ($Database) { $_.Name -in $Database } else { $psitem.ConfigValues.wrongcollation -notcontains $PsItem.Name } } {
+            $psitem.ServerCollation | Should -Be $psitem.Collation -Because "You will get collation conflict errors in tempdb"
         }
-        if ($Wrongcollation) {
-            @(Test-DbaDbCollation -SqlInstance $psitem -Database $Wrongcollation ).ForEach{
-                It "Database $($psitem.Database) collation ($($psitem.DatabaseCollation)) should not match server collation ($($psitem.ServerCollation)) on $($psitem.SqlInstance)" {
-                    $psitem.ServerCollation | Should -Not -Be $psitem.DatabaseCollation -Because "You have defined the database to have another collation then the server. You will get collation conflict errors in tempdb"
-                }
-            }
+
+        # wrong collation set
+        It "Database <_.Name> collation <_.Collation> should not match server collation <_.ServerCollation> on <_.SqlInstance>" -ForEach $psitem.Databases.Where{ $_.Name -in $psitem.ConfigValues.wrongcollation } {
+            $psitem.ServerCollation | Should -Not -Be $psitem.Collation -Because "You have defined the database to have another collation then the server. You will get collation conflict errors in tempdb"
         }
+
     }
 }
 
-Describe "Suspect Page" -Tag SuspectPage, High , Database -ForEach $InstancesToTest {
-    Context "Testing suspect pages on <_.Name>" {
-        It "Database <_.Name> should return 0 suspect pages on <_.Parent.Name>" -ForEach $psitem.Databases.Where{ if ($Database) { $_.Name -in $Database }else { $ExcludedDatabases -notcontains $PsItem.Name } } {
-            $results = Get-DbaSuspectPage -SqlInstance $psitem.Parent -Database $psitem.Name
-            @($results).Count | Should -Be 0 -Because "You do not want suspect pages - $results"
+
+Describe "Valid Database Owner" -Tag ValidDatabaseOwner, Medium, Database -ForEach $InstancesToTest {
+    $skip = Get-DbcConfigValue skip.database.validdatabaseowner
+    Context "Testing Database Owners on <_.Name>" {
+        #TODO fix the it text - needs commas --> should be in this list ( sqladmin sa ) )
+            It "Database <_.Name> - owner '<_.Owner>' should be in this list ( <_.ConfigValues.validdbownername> ) ) on <_.SqlInstance>" -Skip:$skip -ForEach $psitem.Databases.Where{ if ($Database) { $_.Name -in $Database } else { $psitem.ConfigValues.validdbownerexclude -notcontains $PsItem.Name } } {
+            $psitem.Owner | Should -BeIn $psitem.ConfigValues.validdbownername -Because "The account that is the database owner is not what was expected"
         }
     }
 }
-#>
 
-Describe "Valid Database Owner" -Tag ValidDatabaseOwner, Medium, Database -ForEach $InstancesToTest {
-    BeforeAll {
-        $ExcludedDatabases += Get-DbcConfigValue policy.validdbowner.excludedb
-    }
-    #add skip but where
-    #$skip = Get-DbcConfigValue skip.instance.scanforstartupproceduresdisabled
 
+Describe "Invalid Database Owner" -Tag InvalidDatabaseOwner, Medium, Database -ForEach $InstancesToTest {
+    $skip = Get-DbcConfigValue skip.database.invaliddatabaseowner
     Context "Testing Database Owners on <_.Name>" {
-        #TODO fix the it text - needs commas --> should be in this list ( sqladmin sa ) )
-            It "Database <_.Name> - owner '<_.Owner>' should be in this list ( <_.ConfigValues.validdbownername> ) ) on  <_.Parent.Name>" -ForEach $psitem.Databases.Where{ if ($Database) { $_.Name -in $Database }else { $ExcludedDatabases -notcontains $PsItem.Name } } {
-            $psitem.Owner | Should -BeIn $psitem.ConfigValues.validdbownername -Because "The account that is the database owner is not what was expected"
+
+        It "Database <_.Name> - owner '<_.Owner>' should not be in this list ( <_.ConfigValues.invaliddbownername> ) ) on <_.SqlInstance>" -Skip:$skip -ForEach $psitem.Databases.Where{ if ($Database) { $_.Name -in $Database } else { $psitem.ConfigValues.invaliddbownerexclude -notcontains $PsItem.Name } } {
+            $psitem.Owner | Should -Not -BeIn $psitem.ConfigValues.invaliddbownername -Because "The database owner was one specified as incorrect"
         }
     }
 }
+
+Describe "AsymmetricKeySize" -Tag AsymmetricKeySize, CIS, Database -ForEach $InstancesToTest {
+    $skip = Get-DbcConfigValue skip.security.asymmetrickeysize
+    Context "Testing Asymmetric Key Size is 2048 or higher on <_.Name>" {
+        It "Database <_.Name> asymmetric key size should be at least 2048 on <_.SqlInstance>" -Skip:$skip -ForEach $psitem.Databases.Where{ if ($Database) { $_.Name -in $Database } else { $psitem.ConfigValues.asymmetrickeysizeexclude -notcontains $PsItem.Name } } {
+            $psitem.AsymmetricKeySize | Should -Be 0 -Because "Asymmetric keys should have a key length greater than or equal to 2048"
+            #$psitem.AsymmetricKeySize | Should -BeGreaterOrEqual 2048 -Because "Asymmetric keys should have a key length greater than or equal to 2048"
+        }
+    }
+}
+
+Describe "Auto Close" -Tag AutoClose, High, Database -ForEach $InstancesToTest {
+    $skip = Get-DbcConfigValue skip.database.autoclose
+    Context "Testing Auto Close on <_.Name>" {
+        It "Database <_.Name> should have Auto Close set to <_.ConfigValues.autoclose> on <_.SqlInstance>" -Skip:$skip -ForEach $psitem.Databases.Where{ if ($Database) { $_.Name -in $Database } else { $psitem.ConfigValues.autocloseexclude -notcontains $PsItem.Name } } {
+            $psitem.AutoClose | Should -Be $psitem.ConfigValues.autoclose -Because "Because!"
+        }
+    }
+}
+
+Describe "Auto Shrink" -Tag AutoShrink, High, Database -ForEach $InstancesToTest {
+    $skip = Get-DbcConfigValue skip.database.autoshrink
+    Context "Testing Auto Shrink on <_.Name>" {
+        It "Database <_.Name> should have Auto Shrink set to <_.ConfigValues.autoshrink> on <_.SqlInstance>" -Skip:$skip -ForEach $psitem.Databases.Where{ if ($Database) { $_.Name -in $Database } else { $psitem.ConfigValues.autoshrinkexclude -notcontains $PsItem.Name } } {
+            $psitem.AutoShrink | Should -Be $psitem.ConfigValues.autoshrink -Because "Shrinking databases causes fragmentation and performance issues"
+        }
+    }
+}
@@ -225,8 +225,37 @@ Describe "Trace Flags Expected" -Tag TraceFlagsExpected, TraceFlag, High, Instan
             $PsItem.ExpectedTraceFlags.ActualTraceFlags.TraceFlag | Should -BeNullOrEmpty -Because "We expect that there will be no Trace Flags set on $($Psitem.Name) "
         }
         It "Expected Trace Flags <_.ExpectedTraceFlag> to exist on <_.InstanceName>" -Skip:$skip -ForEach ($PsItem.ExpectedTraceFlags | Where-Object { $psitem.ExpectedTraceFlag -ne 'null' }) {
-            $PsItem.ActualTraceFlags.TraceFlag | Should -Contain $PsItem.ExpectedTraceFlag -Because "We expect that Trace Flag $($PsItem.ExpectedTraceFlag)  will be set on $($Psitem.InstanceName) "
+            $PsItem.ActualTraceFlags.TraceFlag | Should -Contain $PsItem.ExpectedTraceFlag -Because "We expect that Trace Flag $($PsItem.ExpectedTraceFlag) will be set on $($Psitem.InstanceName) "
         }
     }
 }
 
+Describe "Trace Flags Not Expected" -Tag TraceFlagsNotExpected, TraceFlag, Medium, Instance -ForEach $InstancesToTest {
+    $skip = Get-DbcConfigValue skip.instance.TraceFlagsNotExpected
+    Context "Testing Not Expected Trace Flags on <_.Name>" {
+        It "Expected No Trace Flags except for <_.ConfigValues.TraceFlagsExpected> to exist on <_.Name>" -Skip:$skip -ForEach ($Psitem | Where-Object { $null -eq $psitem.ConfigValues.TraceFlagsNotExpected }) {
+            $PsItem.NotExpectedTraceFlags.ActualTraceFlags.TraceFlag | Should -BeNullOrEmpty -Because "We expect that there will be no Trace Flags set on $($Psitem.Name) except for $($psitem.ConfigValues.ExpectedTraceFlag)"
+        }
+        It "Expected <_.NotExpectedTraceFlag> Trace Flag to not exist on <_.InstanceName>" -Skip:$skip -ForEach ($PsItem.NotExpectedTraceFlags | Where-Object { $psitem.NotExpectedTraceFlag -ne 'null' }) {
+            $PsItem.ActualTraceFlags.TraceFlag | Should -Not -Contain $PsItem.NotExpectedTraceFlag -Because "We expect that Trace Flag $($PsItem.NotExpectedTraceFlag) will not be set on $($Psitem.InstanceName) except for $($psitem.ConfigValues.ExpectedTraceFlag)"
+        }
+    }
+}
+
+Describe "CLR Enabled" -Tag CLREnabled, security, CIS, High, Instance -ForEach $InstancesToTest {
+    $skip = Get-DbcConfigValue skip.instance.CLREnabled
+    Context "Testing CLR Enabled on <_.Name>" {
+        It "CLR Enabled is set to <_.ConfigValues.CLREnabled> on <_.Name>"  -Skip:$skip {
+            $PSItem.Configuration.IsSqlClrEnabled.ConfigValue -eq 1 | Should -Be $psitem.ConfigValues.CLREnabled -Because 'This is the setting you have chosen for CLR Enabled'
+        }
+    }
+}
+
+Describe "sp_whoisactive is Installed" -Tag WhoIsActiveInstalled, Low, Instance -ForEach $InstancesToTest {
+    $skip = Get-DbcConfigValue skip.instance.WhoIsActiveInstalled
+    Context "Testing WhoIsActive exists on <_.Name>" {
+        It "WhoIsActive should exist on <_.ConfigValues.whoisactivedatabase> on <_.Name>"  -Skip:$skip {
+            $Psitem.ConfigValues.WhoIsActiveInstalled |  Should -Be 1 -Because "The sp_WhoIsActive stored procedure should be installed in $($psitem.ConfigValues.whoisactivedatabase)"
+        }
+    }
+}