. $PSScriptRoot\..\..\Load-PesterModules.ps1 $here = Split-Path -Parent $MyInvocation.MyCommand.Path $sut = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -replace '\.tests\.', '.' $global:functionPath = Join-Path -Path $here -ChildPath $sut Write-Host "InModuleScope - Overriding SUT: $global:functionPath" Import-Module $global:functionPath -Force $moduleForMock = '' Describe 'Get-ACMCertificateBindingList' { Mock -CommandName Get-AlkamiAwsProfileList -ModuleName $moduleForMock -MockWith { return @( 'temp-test1', 'temp-test2' ) } Mock -CommandName Get-SupportedAwsRegions -ModuleName $moduleForMock -MockWith { return @( 'us-fake-1', 'us-fake-2' ) } Mock -CommandName Get-AWSRegion -ModuleName $moduleForMock -MockWith { return @( @{ 'Region' = 'us-fake-1' }, @{ 'Region' = 'us-fake-2' } ) } Mock -CommandName Get-LogLeadName -ModuleName $moduleForMock -MockWith { return 'Get-ACMCertificateBindingList.tests' } Mock -CommandName Import-AWSModule -ModuleName $moduleForMock -MockWith {} Mock -CommandName Write-Warning -ModuleName $moduleForMock -MockWith {} Mock -CommandName Test-IsCollectionNullOrEmpty -ModuleName $moduleForMock -MockWith { return $false } Mock -CommandName Get-ELB2ListenerCertificate -ModuleName $moduleForMock -MockWith { $testObject = @{ CertificateArn = 'TestCertificateArn' } return @($testObject) } Mock -CommandName Get-ACMCertificateDetailsListByName -ModuleName $moduleForMock -MockWith { $testObject = @{ DomainName = 'TestDomainName' CertificateArn = 'TestCertificateArn' InUseBy = @( 'TestCertificateUser', 'TestCertificateUser-loadbalancer' ) NotAfter = @{ Date = 'TestDate' } RenewalEligibility = @{ Value = 'TestRenewalEligibility' } } return @($testObject) } Mock -CommandName Get-AG2DomainNameList -ModuleName $moduleForMock -MockWith { $testObject = @{ Name = 'TestApi' DomainNameConfigurations = @{ CertificateArn = 'TestCertificateArn' } } return @($testObject) } Mock -CommandName Get-ELB2Listener -ModuleName $moduleForMock -MockWith { $testObject = @{ ListenerArn = 'TestListenerArn' } return @($testObject) } Mock -CommandName Get-AG2ApiMappingList -ModuleName $moduleForMock -MockWith { $testObject = @{ ApiId = 'TestApiId' Stage = 'TestStage' } return @($testObject) } Context 'Parameter Validation' { It 'Throws if DomainName is Null' { { Get-ACMCertificateBindingList -DomainName $null } | Should -Throw } It 'Throws if DomainName is Empty' { { Get-ACMCertificateBindingList -DomainName '' } | Should -Throw } It 'Throws if Profile is Not In Approved List' { { Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-localtest' } | Should -Throw } It 'Throws if Region is Not In Approved List' { { Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-test-2' } | Should -Throw } } Context 'Logic Validation' { It 'Uses ProfileName Parameter if Provided' { Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' | Out-Null Assert-MockCalled -CommandName Get-ACMCertificateDetailsListByName -Times 1 -Exactly -Scope It ` -ParameterFilter { $ProfileName -ceq 'temp-test1' } } It 'Uses All Supported Profiles if ProfileName Parameter is Not Provided' { $validProfiles = Get-AlkamiAwsProfileList Get-ACMCertificateBindingList -DomainName 'TestDomainName' -Region 'us-fake-1' -Verbose | Out-Null Assert-MockCalled -CommandName Get-ACMCertificateDetailsListByName -Times $validProfiles.Length -Exactly -Scope It ` -ParameterFilter { $ProfileName -in $validProfiles } } It 'Uses Region Parameter if Provided' { Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' | Out-Null Assert-MockCalled -CommandName Get-ACMCertificateDetailsListByName -Times 1 -Exactly -Scope It ` -ParameterFilter { $Region -ceq 'us-fake-1' } } It 'Uses All Supported Regions if Region Parameter is Not Provided' { $validRegions = Get-SupportedAwsRegions Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Verbose | Out-Null Assert-MockCalled -CommandName Get-ACMCertificateDetailsListByName -Times $validRegions.Length -Exactly -Scope It ` -ParameterFilter { $Region -in $validRegions } } It 'Aborts Processing in Current Region if Get-ACMCertificateDetailsListByName Throws' { Mock -CommandName Get-ACMCertificateDetailsListByName -ModuleName $moduleForMock -MockWith { throw 'This is an exception.' } Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose | Out-Null Assert-MockCalled -CommandName Get-ACMCertificateDetailsListByName -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Test-IsCollectionNullOrEmpty -Times 0 -Exactly -Scope It Assert-MockCalled -CommandName Write-Warning -Times 1 -Exactly -Scope It ` -ParameterFilter { $Message -match 'Unable to retrieve ACM certificate details by name' } Mock -CommandName Get-ACMCertificateDetailsListByName -ModuleName $moduleForMock -MockWith { $testObject = @{ DomainName = 'TestDomainName' CertificateArn = 'TestCertificateArn' InUseBy = @( 'TestCertificateUser', 'TestCertificateUser-loadbalancer' ) NotAfter = @{ Date = 'TestDate' } RenewalEligibility = @{ Value = 'TestRenewalEligibility' } } return @($testObject) } } It 'Aborts Processing in Current Region if Get-ACMCertificateDetailsListByName Throws' { Mock -CommandName Test-IsCollectionNullOrEmpty -ModuleName $moduleForMock -MockWith { return $true } Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose | Out-Null Assert-MockCalled -CommandName Test-IsCollectionNullOrEmpty -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Get-AG2DomainNameList -Times 0 -Exactly -Scope It Assert-MockCalled -CommandName Write-Warning -Times 1 -Exactly -Scope It ` -ParameterFilter { $Message -match 'No certificates found with a domain name of' } Mock -CommandName Test-IsCollectionNullOrEmpty -ModuleName $moduleForMock -MockWith { return $false } } It 'Prints Warning if Get-ELB2Listener Throws' { Mock -CommandName Get-ELB2Listener -ModuleName $moduleForMock -MockWith { throw 'This is an exception.' } Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose | Out-Null Assert-MockCalled -CommandName Get-ELB2Listener -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Get-ELB2ListenerCertificate -Times 0 -Exactly -Scope It Assert-MockCalled -CommandName Write-Warning -Times 1 -Exactly -Scope It ` -ParameterFilter { $Message -match 'Encountered an error retrieving ELB Listener details for' } Mock -CommandName Get-ELB2Listener -ModuleName $moduleForMock -MockWith { $testObject = @{ ListenerArn = 'TestListenerArn' } return @($testObject) } } It 'Prints Warning if Get-ELB2ListenerCertificate Throws' { Mock -CommandName Get-ELB2ListenerCertificate -ModuleName $moduleForMock -MockWith { throw 'This is an exception.' } Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose | Out-Null Assert-MockCalled -CommandName Get-ELB2ListenerCertificate -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Write-Warning -Times 1 -Exactly -Scope It ` -ParameterFilter { $Message -match 'Error encountered while retrieving ELB Listener certificate list' } Mock -CommandName Get-ELB2ListenerCertificate -ModuleName $moduleForMock -MockWith { $testObject = @{ CertificateArn = 'TestCertificateArn' } return @($testObject) } } It 'Skips API Gateway Domain Stage Mapping if Certificate Does Not Match' { Mock -CommandName Get-AG2DomainNameList -ModuleName $moduleForMock -MockWith { $testObject = @{ Name = 'TestApi' DomainNameConfigurations = @{ CertificateArn = 'TestCertificateArnNotMatch' } } return @($testObject) } Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose | Out-Null Assert-MockCalled -CommandName Get-AG2DomainNameList -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Get-AG2ApiMappingList -Times 0 -Exactly -Scope It Mock -CommandName Get-AG2DomainNameList -ModuleName $moduleForMock -MockWith { $testObject = @{ Name = 'TestApi' DomainNameConfigurations = @{ CertificateArn = 'TestCertificateArn' } } return @($testObject) } } It 'Processes all InUseBy Entries for a Certificate' { Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose | Out-Null Assert-MockCalled -CommandName Get-AG2DomainNameList -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Get-ELB2Listener -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Get-ELB2ListenerCertificate -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Get-AG2ApiMappingList -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Write-Warning -Times 0 -Exactly -Scope It } } Context 'Output Validation' { It 'Returns a Single Entry When A Single Certificate Is Found' { $result = Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose $result | Should -HaveCount 1 } It 'Returns an Array of InUseBy For Each Certificate User' { $result = Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose $result[0].InUseBy | Should -HaveCount 3 } It 'Returned InUseBy Array Contains ELB ARN if Listener Query Throws' { Mock -CommandName Get-ELB2Listener -ModuleName $moduleForMock -MockWith { throw 'This is a test.' } $result = Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose Assert-MockCalled -CommandName Get-ELB2ListenerCertificate -Times 0 -Exactly -Scope It $result | Should -Not -BeNullOrEmpty $result[0].InUseBy | Should -HaveCount 3 $result[0].InUseBy | Should -Contain 'TestCertificateUser-loadbalancer' Mock -CommandName Get-ELB2Listener -ModuleName $moduleForMock -MockWith { $testObject = @{ ListenerArn = 'TestListenerArn' } return @($testObject) } } It 'Returns Multiple Entries When Multiple Certificates Are Found' { Mock -CommandName Get-ACMCertificateDetailsListByName -ModuleName $moduleForMock -MockWith { $testObject1 = @{ DomainName = 'TestDomainName' CertificateArn = 'TestCertificateArn' InUseBy = @( 'TestCertificateUser', 'TestCertificateUser-loadbalancer' ) NotAfter = @{ Date = 'TestDate' } RenewalEligibility = @{ Value = 'TestRenewalEligibility' } } $testObject2 = @{ DomainName = 'TestDomainName' CertificateArn = 'TestCertificateArn2' InUseBy = @( 'TestCertificateUser2', 'TestCertificateUser2-loadbalancer' ) NotAfter = @{ Date = 'TestDate' } RenewalEligibility = @{ Value = 'TestRenewalEligibility' } } return @($testObject, $testObject2) } $result = Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose $result | Should -HaveCount 2 Mock -CommandName Get-ACMCertificateDetailsListByName -ModuleName $moduleForMock -MockWith { $testObject = @{ DomainName = 'TestDomainName' CertificateArn = 'TestCertificateArn' InUseBy = @( 'TestCertificateUser', 'TestCertificateUser-loadbalancer' ) NotAfter = @{ Date = 'TestDate' } RenewalEligibility = @{ Value = 'TestRenewalEligibility' } } return @($testObject) } } It 'Returns An Empty Array When No Certificates Are Found' { Mock -CommandName Get-ACMCertificateDetailsListByName -ModuleName $moduleForMock -MockWith { return @() } $result = Get-ACMCertificateBindingList -DomainName 'TestDomainName' -ProfileName 'temp-test1' -Region 'us-fake-1' -Verbose $result | Should -HaveCount 0 Mock -CommandName Get-ACMCertificateDetailsListByName -ModuleName $moduleForMock -MockWith { $testObject = @{ DomainName = 'TestDomainName' CertificateArn = 'TestCertificateArn' InUseBy = @( 'TestCertificateUser', 'TestCertificateUser-loadbalancer' ) NotAfter = @{ Date = 'TestDate' } RenewalEligibility = @{ Value = 'TestRenewalEligibility' } } return @($testObject) } } } }