. $PSScriptRoot\..\..\Load-PesterModules.ps1 $here = Split-Path -Parent $MyInvocation.MyCommand.Path $sut = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -replace '\.tests\.', '.' $global:functionPath = Join-Path -Path $here -ChildPath $sut InModuleScope -ModuleName Alkami.DevOps.SystemEngineering -ScriptBlock { Write-Host "InModuleScope - Overriding SUT: $global:functionPath" Import-Module $global:functionPath -Force Describe "Get-ServerlessServiceAccountIamPolicyString" { Context "Parameter Validation" { It "Throws if SecretArns is Null" { { Get-ServerlessServiceAccountIamPolicyString -SecretArns $null } | Should -Throw } It "Throws if SecretArns is Empty" { { Get-ServerlessServiceAccountIamPolicyString -SecretArns @() } | Should -Throw } } Context "Logic" { It "Returns a String" { (Get-Command Get-ServerlessServiceAccountIamPolicyString).OutputType.Type.ToString() | Should -BeExactly "System.String" } It "Returns a String With a Valid JSON Conversion" { { ConvertFrom-Json (Get-ServerlessServiceAccountIamPolicyString -SecretArns @('test')) } | Should -Not -Throw } It "Allows DescribeSecret Action" { $result = ConvertFrom-Json (Get-ServerlessServiceAccountIamPolicyString -SecretArns @('test')) $result.Statement[0].Action | Should -Contain 'secretsmanager:DescribeSecret' } It "Allows GetSecretValue Action" { $result = ConvertFrom-Json (Get-ServerlessServiceAccountIamPolicyString -SecretArns @('test')) $result.Statement[0].Action | Should -Contain 'secretsmanager:GetSecretValue' } It "Grants Access To Specified Resource(s)" { $result = ConvertFrom-Json (Get-ServerlessServiceAccountIamPolicyString -SecretArns @('test1', 'test2')) $result.Statement[0].Resource | Should -HaveCount 2 $result.Statement[0].Resource | Should -Contain 'test1' $result.Statement[0].Resource | Should -Contain 'test2' } } } }