Updated Set-RsDatabase and Set-RsDatabaseCredentials scripts to suppo…

…rt new parameters of Invoke-Sqlcmd. (#401)

* Added new parameters to Set-RsDatabase script according to SQL Strict Connection Encryption update.

* Improved Set-RsDatabase script compatibility with different versions of Invoke-Sqlcmd cmdlet.

* Applied the changes from Set-RsDatabase script to Set-RsDatabaseCredentials.

* Moved Invoke-Sqlcmd general parameters composition to a separated region.

* Enhanced -Encrypt parameter description.

---------

Co-authored-by: Alexander Sholokhov <v-asholokhov@microsoft.com>

ReportingServicesTools/Functions/Admin/Set-RsDatabase.ps1

@@ -38,6 +38,20 @@ function Set-RsDatabase
         .PARAMETER DatabaseServerName
             Specify the database server name. (e.g. localhost, MyMachine\Sql2016, etc.)
 
+        .PARAMETER Encrypt
+            Specify the encryption type to use when connecting to SQL Server.
+            Accepted values: Mandatory, Optional, Strict.
+            IMPORTANT: If supported by the Invoke-Sqlcmd cmdlet version in use, but not specified, the default value is Mandatory.
+            Using this parameter requires PowerShell SQLServer module version 22 or higher.
+
+        .PARAMETER TrustServerCertificate
+            Specify this switch to bypass the server certificate validation.
+            Using this parameter requires PowerShell SQLServer module version 22 or higher.
+
+        .PARAMETER HostNameInCertificate
+            Specify the host name to be used in validating the SQL Server TLS/SSL certificate.
+            Using this parameter requires PowerShell SQLServer module version 22 or higher.
+
         .PARAMETER IsRemoteDatabaseServer
             Specify this switch if the database server is on a different machine than the machine Reporting Services is running on.
 
@@ -86,6 +100,16 @@ function Set-RsDatabase
         [string]
         $DatabaseServerName,
 
+        [ValidateSet("Mandatory", "Optional", "Strict")]
+        [string]
+        $Encrypt,
+
+        [switch]
+        $TrustServerCertificate,
+
+        [string]
+        $HostNameInCertificate,
+
         [switch]
         $IsRemoteDatabaseServer,
 
@@ -133,6 +157,14 @@ function Set-RsDatabase
     {
         $rsWmiObject = New-RsConfigurationSettingObjectHelper -BoundParameters $PSBoundParameters
 
+        $supportSQLServerV22Parameters = (Get-InstalledModule -Name "SQLServer" -MinimumVersion 22.0 -ErrorAction SilentlyContinue) -ne $null
+        $containsSQLServerV22Parameters = $PSBoundParameters.ContainsKey("Encrypt") -or $TrustServerCertificate -or $PSBoundParameters.ContainsKey("HostNameInCertificate")
+
+        if ($containsSQLServerV22Parameters -and -not $supportSQLServerV22Parameters)
+        {
+            throw "The current version of Invoke-Sqlcmd cmdlet used in this script doesn't support -Encrypt, -TrustServerCertificate and -HostNameInCertificate parameters. Consider installing SQLServer module version 22 or higher and restarting PowerShell to use the script with these parameters."
+        }
+
         #region Validating authentication and normalizing credentials
         $username = ''
         $password = $null
@@ -178,6 +210,37 @@ function Set-RsDatabase
         }
         #endregion Validating admin authentication and normalizing credentials
 
+        #region Composing general parameters for Invoke-Sqlcmd cmdlet
+        $generalParameters = @{
+            ServerInstance = $DatabaseServerName
+            QueryTimeout = $QueryTimeout
+            ErrorAction = "Stop"
+        }
+
+        if ($isSQLAdminAccount)
+        {
+            $generalParameters.add("Username", $adminUsername)
+            $generalParameters.add("Password", $adminPassword)
+        }
+
+        if ($containsSQLServerV22Parameters)
+        {
+            if ($PSBoundParameters.ContainsKey("Encrypt"))
+            {
+                $generalParameters.add("Encrypt", $Encrypt)
+            }
+
+            if ($TrustServerCertificate)
+            {
+                $generalParameters.add("TrustServerCertificate", $true)
+            }
+
+            if ($PSBoundParameters.ContainsKey("HostNameInCertificate"))
+            {
+                $generalParameters.add("HostNameInCertificate", $HostNameInCertificate)
+            }
+        }
+        #endregion Composing general parameters for Invoke-Sqlcmd cmdlet
 
         #region Create Database if necessary
         if (-not $IsExistingDatabase)
@@ -202,13 +265,13 @@ function Set-RsDatabase
             Write-Verbose "Executing database creation script..."
             try
             {
-                if ($isSQLAdminAccount)
+                if ($supportSQLServerV22Parameters)
                 {
-                    Invoke-Sqlcmd -ServerInstance $DatabaseServerName -Query $SQLScript -QueryTimeout $QueryTimeout -ErrorAction Stop -Username $adminUsername -Password $adminPassword
+                    SQLServer\Invoke-Sqlcmd @generalParameters -Query $SQLScript
                 }
                 else
                 {
-                    Invoke-Sqlcmd -ServerInstance $DatabaseServerName -Query $SQLScript -QueryTimeout $QueryTimeout -ErrorAction Stop
+                    Invoke-Sqlcmd @generalParameters -Query $SQLScript
                 }
             }
             catch
@@ -240,13 +303,13 @@ function Set-RsDatabase
         Write-Verbose "Executing database rights script..."
         try
         {
-            if ($isSQLAdminAccount)
+            if ($supportSQLServerV22Parameters)
             {
-                Invoke-Sqlcmd -ServerInstance $DatabaseServerName -Query $SQLScript -QueryTimeout $QueryTimeout -ErrorAction Stop -Username $adminUsername -Password $adminPassword
+                SQLServer\Invoke-Sqlcmd @generalParameters -Query $SQLScript
             }
             else
             {
-                Invoke-Sqlcmd -ServerInstance $DatabaseServerName -Query $SQLScript -QueryTimeout $QueryTimeout -ErrorAction Stop
+                Invoke-Sqlcmd @generalParameters -Query $SQLScript
             }
         }
         catch

ReportingServicesTools/Functions/Admin/Set-RsDatabaseCredentials.ps1

@@ -17,6 +17,20 @@ function Set-RsDatabaseCredentials
             Specify the credentials to use when connecting to the SQL Server.
             Note: This parameter will be ignored whenever DatabaseCredentialType is set to ServiceAccount!
 
+        .PARAMETER Encrypt
+            Specify the encryption type to use when connecting to SQL Server.
+            Accepted values: Mandatory, Optional, Strict.
+            If supported, but not specified, the default value is Mandatory.
+            Using this parameter requires PowerShell SQLServer module version 22 or higher.
+
+        .PARAMETER TrustServerCertificate
+            Specify this switch to bypass the server certificate validation.
+            Using this parameter requires PowerShell SQLServer module version 22 or higher.
+
+        .PARAMETER HostNameInCertificate
+            Specify the host name to be used in validating the SQL Server TLS/SSL certificate.
+            Using this parameter requires PowerShell SQLServer module version 22 or higher.
+
         .PARAMETER IsRemoteDatabaseServer
             Specify this parameter when the database server is on a different machine than the machine Reporting Services is on.
 
@@ -67,6 +81,16 @@ function Set-RsDatabaseCredentials
         [System.Management.Automation.PSCredential]
         $DatabaseCredential,
 
+        [ValidateSet("Mandatory", "Optional", "Strict")]
+        [string]
+        $Encrypt,
+
+        [switch]
+        $TrustServerCertificate,
+
+        [string]
+        $HostNameInCertificate,
+
         [switch]
         $IsRemoteDatabaseServer,
 
@@ -92,6 +116,14 @@ function Set-RsDatabaseCredentials
     {
         $rsWmiObject = New-RsConfigurationSettingObjectHelper -BoundParameters $PSBoundParameters
 
+        $supportSQLServerV22Parameters = (Get-InstalledModule -Name "SQLServer" -MinimumVersion 22.0 -ErrorAction SilentlyContinue) -ne $null
+        $containsSQLServerV22Parameters = $PSBoundParameters.ContainsKey("Encrypt") -or $TrustServerCertificate -or $PSBoundParameters.ContainsKey("HostNameInCertificate")
+
+        if ($containsSQLServerV22Parameters -and -not $supportSQLServerV22Parameters)
+        {
+            throw "The current version of Invoke-Sqlcmd cmdlet used in this script doesn't support -Encrypt, -TrustServerCertificate and -HostNameInCertificate parameters. Consider installing SQLServer module version 22 or higher and restarting PowerShell to use the script with these parameters."
+        }
+
         #region Validating authentication and normalizing credentials
         $username = ''
         $password = $null
@@ -135,7 +167,39 @@ function Set-RsDatabaseCredentials
         Write-Verbose "Executing database rights script..."
         try
         {
-            Invoke-Sqlcmd -ServerInstance $DatabaseServerName -Query $SQLscript -QueryTimeout $QueryTimeout -ErrorAction Stop
+            $parameters = @{
+                ServerInstance = $DatabaseServerName
+                Query = $SQLScript
+                QueryTimeout = $QueryTimeout
+                ErrorAction = "Stop"
+            }
+
+            if ($containsSQLServerV22Parameters)
+            {
+                if ($PSBoundParameters.ContainsKey("Encrypt"))
+                {
+                    $parameters.add("Encrypt", $Encrypt)
+                }
+
+                if ($TrustServerCertificate)
+                {
+                    $parameters.add("TrustServerCertificate", $true)
+                }
+
+                if ($PSBoundParameters.ContainsKey("HostNameInCertificate"))
+                {
+                    $parameters.add("HostNameInCertificate", $HostNameInCertificate)
+                }
+            }
+
+            if ($supportSQLServerV22Parameters)
+            {
+                SQLServer\Invoke-Sqlcmd @parameters
+            }
+            else
+            {
+                Invoke-Sqlcmd @parameters
+            }
         }
         catch
         {