75 lines
3.6 KiB
PowerShell
75 lines
3.6 KiB
PowerShell
|
. $PSScriptRoot\..\..\Load-PesterModules.ps1
|
||
|
$here = Split-Path -Parent $MyInvocation.MyCommand.Path
|
||
|
$sut = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -replace '\.tests\.', '.'
|
||
|
$global:functionPath = Join-Path -Path $here -ChildPath $sut
|
||
|
|
||
|
InModuleScope -ModuleName Alkami.DevOps.SystemEngineering -ScriptBlock {
|
||
|
Write-Host "InModuleScope - Overriding SUT: $global:functionPath"
|
||
|
Import-Module $global:functionPath -Force
|
||
|
$inScopeModule = "Alkami.DevOps.SystemEngineering"
|
||
|
|
||
|
Describe "New-ServerlessServiceAccountIamPolicy" {
|
||
|
|
||
|
Mock -CommandName Get-AWSRegion -ModuleName $inScopeModule -MockWith { return @( @{ 'Region' = 'us-east-1' } ) }
|
||
|
Mock -CommandName Import-AWSModule -ModuleName $inScopeModule -MockWith {}
|
||
|
Mock -CommandName Get-ServerlessServiceAccountIamPolicyString -ModuleName $inScopeModule -MockWith { return 'testInlinePolicy' }
|
||
|
Mock -CommandName Write-IAMRolePolicy -ModuleName $inScopeModule -MockWith {}
|
||
|
|
||
|
Context "Parameter Validation" {
|
||
|
|
||
|
It "Throws if RoleArn Is Null" {
|
||
|
{ New-ServerlessServiceAccountIamPolicy -RoleArn $null } | Should -Throw
|
||
|
}
|
||
|
|
||
|
It "Throws if RoleArn Is Empty" {
|
||
|
{ New-ServerlessServiceAccountIamPolicy -RoleArn '' } | Should -Throw
|
||
|
}
|
||
|
|
||
|
It "Throws if ProfileName Is Null" {
|
||
|
{ New-ServerlessServiceAccountIamPolicy -RoleArn 'TestRole' -ProfileName $null } | Should -Throw
|
||
|
}
|
||
|
|
||
|
It "Throws if ProfileName Is Empty" {
|
||
|
{ New-ServerlessServiceAccountIamPolicy -RoleArn 'TestRole' -ProfileName '' } | Should -Throw
|
||
|
}
|
||
|
|
||
|
It "Throws if Region Is Not In Allowable List" {
|
||
|
{ New-ServerlessServiceAccountIamPolicy -RoleArn 'TestRole' -ProfileName 'TestProfile' -Region 'Test' } | Should -Throw
|
||
|
}
|
||
|
|
||
|
It "Throws if SecretArns Is Null" {
|
||
|
{ New-ServerlessServiceAccountIamPolicy -RoleArn 'TestRole' -ProfileName 'TestProfile' -Region 'us-east-1' `
|
||
|
-SecretArns $null } | Should -Throw
|
||
|
}
|
||
|
|
||
|
It "Throws if SecretArns Is Empty" {
|
||
|
{ New-ServerlessServiceAccountIamPolicy -RoleArn 'TestRole' -ProfileName 'TestProfile' -Region 'us-east-1' `
|
||
|
-SecretArns @() } | Should -Throw
|
||
|
}
|
||
|
}
|
||
|
|
||
|
Context "Logic" {
|
||
|
|
||
|
It "Proxies Supplied Secret Arns to Handling Function" {
|
||
|
|
||
|
$testArns = @( 'TestArn1', 'TestArn2')
|
||
|
|
||
|
New-ServerlessServiceAccountIamPolicy -RoleArn 'arn:aws::iam/thisisanarn/TestName' -ProfileName 'TestProfile' -Region 'us-east-1' `
|
||
|
-SecretArns $testArns
|
||
|
|
||
|
Assert-MockCalled -ModuleName $inScopeModule -CommandName Get-ServerlessServiceAccountIamPolicyString -Times 1 -Exactly -Scope It `
|
||
|
-ParameterFilter { ($null -eq (Compare-Object $SecretArns $testArns)) }
|
||
|
}
|
||
|
|
||
|
It "Applies Inline Policy to the Supplied Role" {
|
||
|
|
||
|
New-ServerlessServiceAccountIamPolicy -RoleArn 'arn:aws::iam/thisisanarn/TestName' -ProfileName 'TestProfile' -Region 'us-east-1' `
|
||
|
-SecretArns @( 'TestArn' )
|
||
|
|
||
|
Assert-MockCalled -ModuleName $inScopeModule -CommandName Write-IAMRolePolicy -Times 1 -Exactly -Scope It `
|
||
|
-ParameterFilter { $RoleName -ceq 'TestName' }
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|