. $PSScriptRoot\..\..\Load-PesterModules.ps1
$here = Split-Path -Parent $MyInvocation.MyCommand.Path
$sut = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -replace '\.tests\.', '.'
$functionPath = Join-Path -Path $here -ChildPath $sut
Write-Host "Overriding SUT: $functionPath"
Import-Module $functionPath -Force
$moduleForMock = ""

Describe "Move-AccountToDisabledOU" {

    $fakeAccountName = "FakeyMcFakeAccount"

    Mock -CommandName Get-LogLeadName -ModuleName $moduleForMock -MockWith { return 'Move-AccountToDisabledOU.tests' }
    Mock -CommandName Move-ADObject   -ModuleName $moduleForMock -MockWith { }
    Mock -CommandName Write-Warning   -ModuleName $moduleForMock -MockWith { }

    Context "User Permissions" {

        It "Writes a Warning and Exits Early if the User Does Not Have Domain Admin Rights" {

            Mock Test-IsUserDomainAdmin -ModuleName $moduleForMock -MockWith { return $false }

            Move-AccountToDisabledOU -AccountDistinguishedName "CN=$fakeAccountName,CN=Managed Service Accounts,OU=Disabled Accounts,DC=fh,DC=local"

            Assert-MockCalled -ModuleName $moduleForMock -CommandName Write-Warning `
                -ParameterFilter { $Message -match "You must have domain administrative privileges" } -Times 1 -Exactly -Scope It
            Assert-MockCalled -ModuleName $moduleForMock -CommandName Move-ADObject -Times 0 -Exactly -Scope It
        }
    }

    Context "Logic" {

        Mock Test-IsUserDomainAdmin -ModuleName $moduleForMock -MockWith { return $true }

        It "Writes a Warning and Does Not Move the User if it is already in the Disabled Users OU" {

            Move-AccountToDisabledOU -AccountDistinguishedName "CN=$fakeAccountName,CN=Managed Service Accounts,OU=Disabled Accounts,DC=fh,DC=local"
            Assert-MockCalled -ModuleName $moduleForMock -CommandName Write-Warning `
                -ParameterFilter { $Message -match "is already in Disabled Accounts OU" } -Times 1 -Exactly -Scope It
            Assert-MockCalled -ModuleName $moduleForMock -CommandName Move-ADObject -Times 0 -Exactly -Scope It
        }

        It "Moves the User to the Disabled Users OU" {

            Move-AccountToDisabledOU -AccountDistinguishedName "CN=$fakeAccountName,CN=Managed Service Accounts,OU=Active Accounts,DC=foo,DC=bar"
            Assert-MockCalled -ModuleName $moduleForMock -CommandName Move-ADObject -Times 1 -Exactly -Scope It `
                -ParameterFilter { ($Identity -match "$fakeAccountName") -and ($TargetPath -eq "OU=Disabled Accounts,DC=fh,DC=local") }
        }
    }

    Context "Parameter Validation" {

        Mock Test-IsUserDomainAdmin -ModuleName $moduleForMock -MockWith { return $true }

        It "Uses the Supplied Domain and OU for the Disabled OU" {

            Move-AccountToDisabledOU -AccountDistinguishedName "CN=$fakeAccountName,CN=Managed Service Accounts,DC=foo,DC=bar" -DisabledAccountOU "Foobar" -DomainName "foo.bar"
            Assert-MockCalled -ModuleName $moduleForMock -CommandName Move-ADObject -Times 1 -Exactly -Scope It `
                -ParameterFilter { ($Identity -match "$fakeAccountName") -and ($TargetPath -eq "OU=Foobar,DC=foo,DC=bar") }
        }
    }
}