383 lines
16 KiB
PowerShell
383 lines
16 KiB
PowerShell
|
. $PSScriptRoot\..\..\Load-PesterModules.ps1
|
||
|
$here = Split-Path -Parent $MyInvocation.MyCommand.Path
|
||
|
$sut = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -replace '\.tests\.', '.'
|
||
|
$global:functionPath = Join-Path -Path $here -ChildPath $sut
|
||
|
Write-Host "InModuleScope - Overriding SUT: $global:functionPath"
|
||
|
Import-Module $global:functionPath -Force
|
||
|
$moduleForMock = ''
|
||
|
|
||
|
Describe 'Get-ACMCertificateBindingList' {
|
||
|
|
||
|
Mock -CommandName Get-AlkamiAwsProfileList -ModuleName $moduleForMock -MockWith { return @( 'temp-test1', 'temp-test2' ) }
|
||
|
Mock -CommandName Get-SupportedAwsRegions -ModuleName $moduleForMock -MockWith { return @( 'us-fake-1', 'us-fake-2' ) }
|
||
|
Mock -CommandName Get-AWSRegion -ModuleName $moduleForMock -MockWith { return @( @{ 'Region' = 'us-fake-1' }, @{ 'Region' = 'us-fake-2' } ) }
|
||
|
Mock -CommandName Get-LogLeadName -ModuleName $moduleForMock -MockWith { return 'Get-ACMCertificateBindingList.tests' }
|
||
|
Mock -CommandName Import-AWSModule -ModuleName $moduleForMock -MockWith {}
|
||
|
Mock -CommandName Write-Warning -ModuleName $moduleForMock -MockWith {}
|
||
|
Mock -CommandName Test-IsCollectionNullOrEmpty -ModuleName $moduleForMock -MockWith { return $false }
|
||
|
|
||
|
Mock -CommandName Get-ELB2ListenerCertificate -ModuleName $moduleForMock -MockWith {
|
||
|
$testObject = @{
|
||
|
CertificateArn = 'TestCertificateArn'
|
||
|
}
|
||
|
|
||
|
return @($testObject)
|
||
|
}
|
||
|
|
||
|
Mock -CommandName Get-ACMCertificateDetailsListByName -ModuleName $moduleForMock -MockWith {
|
||
|
$testObject = @{
|
||
|
DomainName = 'TestDomainName'
|
||
|
CertificateArn = 'TestCertificateArn'
|
||
|
InUseBy = @(
|
||
|
'TestCertificateUser',
|
||
|
'TestCertificateUser-loadbalancer'
|
||
|
)
|
||
|
NotAfter = @{
|
||
|
Date = 'TestDate'
|
||
|
}
|
||
|
RenewalEligibility = @{
|
||
|
Value = 'TestRenewalEligibility'
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return @($testObject)
|
||
|
}
|
||
|
|
||
|
Mock -CommandName Get-AG2DomainNameList -ModuleName $moduleForMock -MockWith {
|
||
|
$testObject = @{
|
||
|
Name = 'TestApi'
|
||
|
DomainNameConfigurations = @{
|
||
|
CertificateArn = 'TestCertificateArn'
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return @($testObject)
|
||
|
}
|
||
|
|
||
|
Mock -CommandName Get-ELB2Listener -ModuleName $moduleForMock -MockWith {
|
||
|
|
||
|
$testObject = @{
|
||
|
ListenerArn = 'TestListenerArn'
|
||
|
}
|
||
|
|
||
|
return @($testObject)
|
||
|
}
|
||
|
|
||
|
Mock -CommandName Get-AG2ApiMappingList -ModuleName $moduleForMock -MockWith {
|
||
|
$testObject = @{
|
||
|
ApiId = 'TestApiId'
|
||
|
Stage = 'TestStage'
|
||
|
}
|
||
|
|
||
|
return @($testObject)
|
||
|
}
|
||
|
|
||
|
Context 'Parameter Validation' {
|
||
|
|
||
|
It 'Throws if DomainName is Null' {
|
||
|
{ Get-ACMCertificateBindingList -DomainName $null } | Should -Throw
|
||
|
}
|
||
|
|
||
|
It 'Throws if DomainName is Empty' {
|
||
|
{ Get-ACMCertificateBindingList -DomainName '' } | Should -Throw
|
||
|
}
|
||
|
|
||
|
It 'Throws if Profile is Not In Approved List' {
|
||
|
{ Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-localtest' } | Should -Throw
|
||
|
}
|
||
|
|
||
|
It 'Throws if Region is Not In Approved List' {
|
||
|
{ Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-test-2' } | Should -Throw
|
||
|
}
|
||
|
}
|
||
|
|
||
|
Context 'Logic Validation' {
|
||
|
|
||
|
It 'Uses ProfileName Parameter if Provided' {
|
||
|
|
||
|
Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' | Out-Null
|
||
|
|
||
|
Assert-MockCalled -CommandName Get-ACMCertificateDetailsListByName -Times 1 -Exactly -Scope It `
|
||
|
-ParameterFilter { $ProfileName -ceq 'temp-test1' }
|
||
|
}
|
||
|
|
||
|
It 'Uses All Supported Profiles if ProfileName Parameter is Not Provided' {
|
||
|
|
||
|
$validProfiles = Get-AlkamiAwsProfileList
|
||
|
Get-ACMCertificateBindingList -DomainName 'TestDomainName' -Region 'us-fake-1' -Verbose | Out-Null
|
||
|
|
||
|
Assert-MockCalled -CommandName Get-ACMCertificateDetailsListByName -Times $validProfiles.Length -Exactly -Scope It `
|
||
|
-ParameterFilter { $ProfileName -in $validProfiles }
|
||
|
}
|
||
|
|
||
|
It 'Uses Region Parameter if Provided' {
|
||
|
|
||
|
Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' | Out-Null
|
||
|
|
||
|
Assert-MockCalled -CommandName Get-ACMCertificateDetailsListByName -Times 1 -Exactly -Scope It `
|
||
|
-ParameterFilter { $Region -ceq 'us-fake-1' }
|
||
|
}
|
||
|
|
||
|
It 'Uses All Supported Regions if Region Parameter is Not Provided' {
|
||
|
|
||
|
$validRegions = Get-SupportedAwsRegions
|
||
|
Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Verbose | Out-Null
|
||
|
|
||
|
Assert-MockCalled -CommandName Get-ACMCertificateDetailsListByName -Times $validRegions.Length -Exactly -Scope It `
|
||
|
-ParameterFilter { $Region -in $validRegions }
|
||
|
}
|
||
|
|
||
|
It 'Aborts Processing in Current Region if Get-ACMCertificateDetailsListByName Throws' {
|
||
|
|
||
|
Mock -CommandName Get-ACMCertificateDetailsListByName -ModuleName $moduleForMock -MockWith { throw 'This is an exception.' }
|
||
|
|
||
|
Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose | Out-Null
|
||
|
|
||
|
Assert-MockCalled -CommandName Get-ACMCertificateDetailsListByName -Times 1 -Exactly -Scope It
|
||
|
Assert-MockCalled -CommandName Test-IsCollectionNullOrEmpty -Times 0 -Exactly -Scope It
|
||
|
|
||
|
Assert-MockCalled -CommandName Write-Warning -Times 1 -Exactly -Scope It `
|
||
|
-ParameterFilter { $Message -match 'Unable to retrieve ACM certificate details by name' }
|
||
|
|
||
|
Mock -CommandName Get-ACMCertificateDetailsListByName -ModuleName $moduleForMock -MockWith {
|
||
|
$testObject = @{
|
||
|
DomainName = 'TestDomainName'
|
||
|
CertificateArn = 'TestCertificateArn'
|
||
|
InUseBy = @(
|
||
|
'TestCertificateUser',
|
||
|
'TestCertificateUser-loadbalancer'
|
||
|
)
|
||
|
NotAfter = @{
|
||
|
Date = 'TestDate'
|
||
|
}
|
||
|
RenewalEligibility = @{
|
||
|
Value = 'TestRenewalEligibility'
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return @($testObject)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
It 'Aborts Processing in Current Region if Get-ACMCertificateDetailsListByName Throws' {
|
||
|
|
||
|
Mock -CommandName Test-IsCollectionNullOrEmpty -ModuleName $moduleForMock -MockWith { return $true }
|
||
|
|
||
|
Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose | Out-Null
|
||
|
|
||
|
Assert-MockCalled -CommandName Test-IsCollectionNullOrEmpty -Times 1 -Exactly -Scope It
|
||
|
Assert-MockCalled -CommandName Get-AG2DomainNameList -Times 0 -Exactly -Scope It
|
||
|
|
||
|
Assert-MockCalled -CommandName Write-Warning -Times 1 -Exactly -Scope It `
|
||
|
-ParameterFilter { $Message -match 'No certificates found with a domain name of' }
|
||
|
|
||
|
Mock -CommandName Test-IsCollectionNullOrEmpty -ModuleName $moduleForMock -MockWith { return $false }
|
||
|
}
|
||
|
|
||
|
It 'Prints Warning if Get-ELB2Listener Throws' {
|
||
|
|
||
|
Mock -CommandName Get-ELB2Listener -ModuleName $moduleForMock -MockWith { throw 'This is an exception.' }
|
||
|
|
||
|
Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose | Out-Null
|
||
|
|
||
|
Assert-MockCalled -CommandName Get-ELB2Listener -Times 1 -Exactly -Scope It
|
||
|
Assert-MockCalled -CommandName Get-ELB2ListenerCertificate -Times 0 -Exactly -Scope It
|
||
|
Assert-MockCalled -CommandName Write-Warning -Times 1 -Exactly -Scope It `
|
||
|
-ParameterFilter { $Message -match 'Encountered an error retrieving ELB Listener details for' }
|
||
|
|
||
|
Mock -CommandName Get-ELB2Listener -ModuleName $moduleForMock -MockWith {
|
||
|
|
||
|
$testObject = @{
|
||
|
ListenerArn = 'TestListenerArn'
|
||
|
}
|
||
|
|
||
|
return @($testObject)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
It 'Prints Warning if Get-ELB2ListenerCertificate Throws' {
|
||
|
|
||
|
Mock -CommandName Get-ELB2ListenerCertificate -ModuleName $moduleForMock -MockWith { throw 'This is an exception.' }
|
||
|
|
||
|
Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose | Out-Null
|
||
|
|
||
|
Assert-MockCalled -CommandName Get-ELB2ListenerCertificate -Times 1 -Exactly -Scope It
|
||
|
Assert-MockCalled -CommandName Write-Warning -Times 1 -Exactly -Scope It `
|
||
|
-ParameterFilter { $Message -match 'Error encountered while retrieving ELB Listener certificate list' }
|
||
|
|
||
|
Mock -CommandName Get-ELB2ListenerCertificate -ModuleName $moduleForMock -MockWith {
|
||
|
$testObject = @{
|
||
|
CertificateArn = 'TestCertificateArn'
|
||
|
}
|
||
|
|
||
|
return @($testObject)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
It 'Skips API Gateway Domain Stage Mapping if Certificate Does Not Match' {
|
||
|
|
||
|
Mock -CommandName Get-AG2DomainNameList -ModuleName $moduleForMock -MockWith {
|
||
|
$testObject = @{
|
||
|
Name = 'TestApi'
|
||
|
DomainNameConfigurations = @{
|
||
|
CertificateArn = 'TestCertificateArnNotMatch'
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return @($testObject)
|
||
|
}
|
||
|
|
||
|
Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose | Out-Null
|
||
|
|
||
|
Assert-MockCalled -CommandName Get-AG2DomainNameList -Times 1 -Exactly -Scope It
|
||
|
Assert-MockCalled -CommandName Get-AG2ApiMappingList -Times 0 -Exactly -Scope It
|
||
|
|
||
|
Mock -CommandName Get-AG2DomainNameList -ModuleName $moduleForMock -MockWith {
|
||
|
$testObject = @{
|
||
|
Name = 'TestApi'
|
||
|
DomainNameConfigurations = @{
|
||
|
CertificateArn = 'TestCertificateArn'
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return @($testObject)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
It 'Processes all InUseBy Entries for a Certificate' {
|
||
|
|
||
|
Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose | Out-Null
|
||
|
|
||
|
Assert-MockCalled -CommandName Get-AG2DomainNameList -Times 1 -Exactly -Scope It
|
||
|
Assert-MockCalled -CommandName Get-ELB2Listener -Times 1 -Exactly -Scope It
|
||
|
Assert-MockCalled -CommandName Get-ELB2ListenerCertificate -Times 1 -Exactly -Scope It
|
||
|
Assert-MockCalled -CommandName Get-AG2ApiMappingList -Times 1 -Exactly -Scope It
|
||
|
Assert-MockCalled -CommandName Write-Warning -Times 0 -Exactly -Scope It
|
||
|
}
|
||
|
}
|
||
|
|
||
|
Context 'Output Validation' {
|
||
|
|
||
|
It 'Returns a Single Entry When A Single Certificate Is Found' {
|
||
|
|
||
|
$result = Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose
|
||
|
$result | Should -HaveCount 1
|
||
|
}
|
||
|
|
||
|
It 'Returns an Array of InUseBy For Each Certificate User' {
|
||
|
|
||
|
$result = Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose
|
||
|
$result[0].InUseBy | Should -HaveCount 3
|
||
|
}
|
||
|
|
||
|
It 'Returned InUseBy Array Contains ELB ARN if Listener Query Throws' {
|
||
|
|
||
|
Mock -CommandName Get-ELB2Listener -ModuleName $moduleForMock -MockWith { throw 'This is a test.' }
|
||
|
|
||
|
$result = Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose
|
||
|
|
||
|
Assert-MockCalled -CommandName Get-ELB2ListenerCertificate -Times 0 -Exactly -Scope It
|
||
|
|
||
|
$result | Should -Not -BeNullOrEmpty
|
||
|
$result[0].InUseBy | Should -HaveCount 3
|
||
|
$result[0].InUseBy | Should -Contain 'TestCertificateUser-loadbalancer'
|
||
|
|
||
|
Mock -CommandName Get-ELB2Listener -ModuleName $moduleForMock -MockWith {
|
||
|
|
||
|
$testObject = @{
|
||
|
ListenerArn = 'TestListenerArn'
|
||
|
}
|
||
|
|
||
|
return @($testObject)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
It 'Returns Multiple Entries When Multiple Certificates Are Found' {
|
||
|
|
||
|
Mock -CommandName Get-ACMCertificateDetailsListByName -ModuleName $moduleForMock -MockWith {
|
||
|
$testObject1 = @{
|
||
|
DomainName = 'TestDomainName'
|
||
|
CertificateArn = 'TestCertificateArn'
|
||
|
InUseBy = @(
|
||
|
'TestCertificateUser',
|
||
|
'TestCertificateUser-loadbalancer'
|
||
|
)
|
||
|
NotAfter = @{
|
||
|
Date = 'TestDate'
|
||
|
}
|
||
|
RenewalEligibility = @{
|
||
|
Value = 'TestRenewalEligibility'
|
||
|
}
|
||
|
}
|
||
|
|
||
|
$testObject2 = @{
|
||
|
DomainName = 'TestDomainName'
|
||
|
CertificateArn = 'TestCertificateArn2'
|
||
|
InUseBy = @(
|
||
|
'TestCertificateUser2',
|
||
|
'TestCertificateUser2-loadbalancer'
|
||
|
)
|
||
|
NotAfter = @{
|
||
|
Date = 'TestDate'
|
||
|
}
|
||
|
RenewalEligibility = @{
|
||
|
Value = 'TestRenewalEligibility'
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return @($testObject, $testObject2)
|
||
|
}
|
||
|
|
||
|
$result = Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose
|
||
|
$result | Should -HaveCount 2
|
||
|
|
||
|
Mock -CommandName Get-ACMCertificateDetailsListByName -ModuleName $moduleForMock -MockWith {
|
||
|
$testObject = @{
|
||
|
DomainName = 'TestDomainName'
|
||
|
CertificateArn = 'TestCertificateArn'
|
||
|
InUseBy = @(
|
||
|
'TestCertificateUser',
|
||
|
'TestCertificateUser-loadbalancer'
|
||
|
)
|
||
|
NotAfter = @{
|
||
|
Date = 'TestDate'
|
||
|
}
|
||
|
RenewalEligibility = @{
|
||
|
Value = 'TestRenewalEligibility'
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return @($testObject)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
It 'Returns An Empty Array When No Certificates Are Found' {
|
||
|
|
||
|
Mock -CommandName Get-ACMCertificateDetailsListByName -ModuleName $moduleForMock -MockWith {
|
||
|
return @()
|
||
|
}
|
||
|
|
||
|
$result = Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose
|
||
|
$result | Should -HaveCount 0
|
||
|
|
||
|
Mock -CommandName Get-ACMCertificateDetailsListByName -ModuleName $moduleForMock -MockWith {
|
||
|
$testObject = @{
|
||
|
DomainName = 'TestDomainName'
|
||
|
CertificateArn = 'TestCertificateArn'
|
||
|
InUseBy = @(
|
||
|
'TestCertificateUser',
|
||
|
'TestCertificateUser-loadbalancer'
|
||
|
)
|
||
|
NotAfter = @{
|
||
|
Date = 'TestDate'
|
||
|
}
|
||
|
RenewalEligibility = @{
|
||
|
Value = 'TestRenewalEligibility'
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return @($testObject)
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|