. $PSScriptRoot\..\..\Load-PesterModules.ps1 $here = Split-Path -Parent $MyInvocation.MyCommand.Path $sut = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -replace '\.tests\.', '.' $functionPath = Join-Path -Path $here -ChildPath $sut Write-Host "Overriding SUT: $functionPath" Import-Module $functionPath -Force $moduleForMock = "" Describe "Update-AWSProfile" { Mock -CommandName Get-LogLeadName -ModuleName $moduleForMock -MockWith { return 'Update-AWSProfile.tests' } Mock -CommandName Write-Error -ModuleName $moduleForMock -MockWith {} Mock -CommandName Import-AWSModule -ModuleName $moduleForMock -MockWith {} Context "Logic" { Mock -CommandName Read-Host -ModuleName $moduleForMock -MockWith { return '123456' } It "Returns Early If Credential Is Still Valid" { Mock -CommandName Get-STSCallerIdentity -ModuleName $moduleForMock -MockWith {} Mock -CommandName Use-STSRole -ModuleName $moduleForMock -MockWith {} Mock -CommandName Get-AWSCredential -ModuleName $moduleForMock -MockWith { return @() } Update-AWSProfile -Profile "Test" Assert-MockCalled -CommandName Get-STSCallerIdentity ` -ParameterFilter { $ProfileName -eq "temp-test" } -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Get-AWSCredential -Times 0 -Exactly -Scope It Assert-MockCalled -CommandName Use-STSRole -Times 0 -Exactly -Scope It } It "Writes Error and Aborts if Default Profile Location Not Found" { Mock -CommandName Get-STSCallerIdentity -ModuleName $moduleForMock -MockWith { throw "Test Error" } Mock -CommandName Use-STSRole -ModuleName $moduleForMock -MockWith {} Mock -CommandName Get-AWSCredential -ModuleName $moduleForMock -MockWith { return @() } Update-AWSProfile -Profile "Test" Assert-MockCalled -CommandName Write-Error ` -ParameterFilter { $Message -match "Unable to locate default profile location" } -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Get-AWSCredential -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Use-STSRole -Times 0 -Exactly -Scope It } It "Writes Error and Aborts if Profile Not Found" { Mock -CommandName Get-STSCallerIdentity -ModuleName $moduleForMock -MockWith { throw "Test Error" } Mock -CommandName Use-STSRole -ModuleName $moduleForMock -MockWith {} Mock -CommandName Get-AWSCredential -ModuleName $moduleForMock -MockWith { return @( @{ProfileLocation = "C:\Temp\test.txt"; ProfileName = "default"}) } ` -ParameterFilter { $PSBoundParameters.ContainsKey( 'ListProfileDetail' ) } Mock -CommandName Get-AWSCredential -ModuleName $moduleForMock -MockWith { return $null} ` -ParameterFilter { $PSBoundParameters.ContainsKey( 'ProfileName' ) } Update-AWSProfile -Profile "Test" Assert-MockCalled -CommandName Write-Error ` -ParameterFilter { $Message -match "Unable to locate the profile named \[Test\]" } -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Get-AWSCredential -Times 2 -Exactly -Scope It Assert-MockCalled -CommandName Use-STSRole -Times 0 -Exactly -Scope It } It "Writes Error and Aborts if Profile ARN Not Found" { Mock -CommandName Get-STSCallerIdentity -ModuleName $moduleForMock -MockWith { throw "Test Error" } Mock -CommandName Use-STSRole -ModuleName $moduleForMock -MockWith {} Mock -CommandName Get-AWSCredential -ModuleName $moduleForMock -MockWith { return @( @{ProfileLocation = "C:\Temp\test.txt"; ProfileName = "default"}) } ` -ParameterFilter { $PSBoundParameters.ContainsKey( 'ListProfileDetail' ) } Mock -CommandName Get-AWSCredential -ModuleName $moduleForMock -MockWith { return @{}} ` -ParameterFilter { $PSBoundParameters.ContainsKey( 'ProfileName' ) } Update-AWSProfile -Profile "Test" Assert-MockCalled -CommandName Write-Error ` -ParameterFilter { $Message -match "Unable to locate the role ARN for \[Test\]" } -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Get-AWSCredential -Times 2 -Exactly -Scope It Assert-MockCalled -CommandName Use-STSRole -Times 0 -Exactly -Scope It } It "Writes Error and Aborts if Profile MFA Serial Number Not Found" { Mock -CommandName Get-STSCallerIdentity -ModuleName $moduleForMock -MockWith { throw "Test Error" } Mock -CommandName Use-STSRole -ModuleName $moduleForMock -MockWith {} Mock -CommandName Get-AWSCredential -ModuleName $moduleForMock -MockWith { return @( @{ProfileLocation = "C:\Temp\test.txt"; ProfileName = "default"}) } ` -ParameterFilter { $PSBoundParameters.ContainsKey( 'ListProfileDetail' ) } Mock -CommandName Get-AWSCredential -ModuleName $moduleForMock -MockWith { return @{ RoleArn = "TestRole" }} ` -ParameterFilter { $PSBoundParameters.ContainsKey( 'ProfileName' ) } Update-AWSProfile -Profile "Test" Assert-MockCalled -CommandName Write-Error ` -ParameterFilter { $Message -match "Unable to locate the MFA serial number for \[Test\]" } -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Get-AWSCredential -Times 2 -Exactly -Scope It Assert-MockCalled -CommandName Use-STSRole -Times 0 -Exactly -Scope It } It "Writes Error and Aborts if Assume Role Fails" { Mock -CommandName Get-STSCallerIdentity -ModuleName $moduleForMock -MockWith { throw "Test Error" } Mock -CommandName Use-STSRole -ModuleName $moduleForMock -MockWith {} Mock -CommandName Get-AWSCredential -ModuleName $moduleForMock -MockWith { return @( @{ProfileLocation = "C:\Temp\test.txt"; ProfileName = "default"}) } ` -ParameterFilter { $PSBoundParameters.ContainsKey( 'ListProfileDetail' ) } Mock -CommandName Get-AWSCredential -ModuleName $moduleForMock -MockWith { return @{ RoleArn = "TestRole"; Options = @{ MfaSerialNumber = "TestMfa" } } } ` -ParameterFilter { $PSBoundParameters.ContainsKey( 'ProfileName' ) } Update-AWSProfile -Profile "Test" Assert-MockCalled -CommandName Write-Error ` -ParameterFilter { $Message -match "Unable to assume role \[TestRole\]" } -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Get-AWSCredential -Times 2 -Exactly -Scope It Assert-MockCalled -CommandName Use-STSRole -Times 1 -Exactly -Scope It } It "Writes Error and Aborts if Assume Role Credential Lacks Access Key" { Mock -CommandName Get-STSCallerIdentity -ModuleName $moduleForMock -MockWith { throw "Test Error" } Mock -CommandName Get-AWSCredential -ModuleName $moduleForMock -MockWith { return @( @{ProfileLocation = "C:\Temp\test.txt"; ProfileName = "default"}) } ` -ParameterFilter { $PSBoundParameters.ContainsKey( 'ListProfileDetail' ) } Mock -CommandName Get-AWSCredential -ModuleName $moduleForMock -MockWith { return @{ RoleArn = "TestRole"; Options = @{ MfaSerialNumber = "TestMfa" } } } ` -ParameterFilter { $PSBoundParameters.ContainsKey( 'ProfileName' ) } Mock -CommandName Use-STSRole -ModuleName $moduleForMock -MockWith {@{Credentials = @{}}} Mock -CommandName Set-AWSCredential -ModuleName $moduleForMock -MockWith {} Update-AWSProfile -Profile "Test" Assert-MockCalled -CommandName Write-Error ` -ParameterFilter { $Message -match "No access key provided by \[TestRole\] credential." } -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Get-AWSCredential -Times 2 -Exactly -Scope It Assert-MockCalled -CommandName Use-STSRole -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Set-AWSCredential -Times 0 -Exactly -Scope It } It "Writes Error and Aborts if Assume Role Credential Lacks Secret Access Key" { Mock -CommandName Get-STSCallerIdentity -ModuleName $moduleForMock -MockWith { throw "Test Error" } Mock -CommandName Get-AWSCredential -ModuleName $moduleForMock -MockWith { return @( @{ProfileLocation = "C:\Temp\test.txt"; ProfileName = "default"}) } ` -ParameterFilter { $PSBoundParameters.ContainsKey( 'ListProfileDetail' ) } Mock -CommandName Get-AWSCredential -ModuleName $moduleForMock -MockWith { return @{ RoleArn = "TestRole"; Options = @{ MfaSerialNumber = "TestMfa" } } } ` -ParameterFilter { $PSBoundParameters.ContainsKey( 'ProfileName' ) } Mock -CommandName Use-STSRole -ModuleName $moduleForMock -MockWith {@{Credentials = @{AccessKeyId = "TestAccess"}}} Mock -CommandName Set-AWSCredential -ModuleName $moduleForMock -MockWith {} Update-AWSProfile -Profile "Test" Assert-MockCalled -CommandName Write-Error ` -ParameterFilter { $Message -match "No secret access key provided by \[TestRole\] credential." } -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Get-AWSCredential -Times 2 -Exactly -Scope It Assert-MockCalled -CommandName Use-STSRole -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Set-AWSCredential -Times 0 -Exactly -Scope It } It "Writes Error and Aborts if Assume Role Credential Lacks Secret Access Key" { Mock -CommandName Get-STSCallerIdentity -ModuleName $moduleForMock -MockWith { throw "Test Error" } Mock -CommandName Get-AWSCredential -ModuleName $moduleForMock -MockWith { return @( @{ProfileLocation = "C:\Temp\test.txt"; ProfileName = "default"}) } ` -ParameterFilter { $PSBoundParameters.ContainsKey( 'ListProfileDetail' ) } Mock -CommandName Get-AWSCredential -ModuleName $moduleForMock -MockWith { return @{ RoleArn = "TestRole"; Options = @{ MfaSerialNumber = "TestMfa" } } } ` -ParameterFilter { $PSBoundParameters.ContainsKey( 'ProfileName' ) } Mock -CommandName Use-STSRole -ModuleName $moduleForMock -MockWith {@{Credentials = @{AccessKeyId = "TestAccess"; SecretAccessKey = "TestSecret"}}} Mock -CommandName Set-AWSCredential -ModuleName $moduleForMock -MockWith {} Update-AWSProfile -Profile "Test" Assert-MockCalled -CommandName Write-Error ` -ParameterFilter { $Message -match "No session token provided by \[TestRole\] credential." } -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Get-AWSCredential -Times 2 -Exactly -Scope It Assert-MockCalled -CommandName Use-STSRole -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Set-AWSCredential -Times 0 -Exactly -Scope It } It "Saves AWS Credential Upon Success" { Mock -CommandName Get-STSCallerIdentity -ModuleName $moduleForMock -MockWith { throw "Test Error" } Mock -CommandName Get-AWSCredential -ModuleName $moduleForMock -MockWith { return @( @{ProfileLocation = "C:\Temp\test.txt"; ProfileName = "default"}) } ` -ParameterFilter { $PSBoundParameters.ContainsKey( 'ListProfileDetail' ) } Mock -CommandName Get-AWSCredential -ModuleName $moduleForMock -MockWith { return @{ RoleArn = "TestRole"; Options = @{ MfaSerialNumber = "TestMfa" } } } ` -ParameterFilter { $PSBoundParameters.ContainsKey( 'ProfileName' ) } Mock -CommandName Use-STSRole -ModuleName $moduleForMock -MockWith {@{Credentials = @{AccessKeyId = "TestAccess"; SecretAccessKey = "TestSecret"; SessionToken = "TestSession"}}} Mock -CommandName Set-AWSCredential -ModuleName $moduleForMock -MockWith {} Update-AWSProfile -Profile "Test" Assert-MockCalled -CommandName Write-Error -Times 0 -Exactly -Scope It Assert-MockCalled -CommandName Get-AWSCredential -Times 2 -Exactly -Scope It Assert-MockCalled -CommandName Use-STSRole -Times 1 -Exactly -Scope It Assert-MockCalled -CommandName Set-AWSCredential -Times 1 -Exactly -Scope It } } Context "Input" { Mock -CommandName Get-STSCallerIdentity -ModuleName $moduleForMock -MockWith { throw "Test Error" } Mock -CommandName Get-AWSCredential -ModuleName $moduleForMock -MockWith { return @( @{ProfileLocation = "C:\Temp\test.txt"; ProfileName = "default"}) } ` -ParameterFilter { $PSBoundParameters.ContainsKey( 'ListProfileDetail' ) } Mock -CommandName Get-AWSCredential -ModuleName $moduleForMock -MockWith { return @{ RoleArn = "TestRole"; Options = @{ MfaSerialNumber = "TestMfa" } } } ` -ParameterFilter { $PSBoundParameters.ContainsKey( 'ProfileName' ) } Mock -CommandName Use-STSRole -ModuleName $moduleForMock -MockWith {@{Credentials = @{AccessKeyId = "TestAccess"; SecretAccessKey = "TestSecret"; SessionToken = "TestSession"}}} Mock -CommandName Set-AWSCredential -ModuleName $moduleForMock -MockWith {} Mock -CommandName Read-Host -ModuleName $moduleForMock -MockWith { return '123456' } It "Does Not Prompt For MFA Code If Parameter Provided" { Update-AWSProfile -Profile "Test" -MfaCode '123456' | Out-Null Assert-MockCalled -CommandName Read-Host -Times 0 -Exactly -Scope It } It "Prompts For MFA Code If Parameter Not Provided" { Update-AWSProfile -Profile "Test" | Out-Null Assert-MockCalled -CommandName Read-Host -Times 1 -Exactly -Scope It } It "Uses Default Value for Session Duration If Parameter Not Provided" { Update-AWSProfile -Profile "Test" -MfaCode '123456' | Out-Null Assert-MockCalled -CommandName Use-STSRole -Times 1 -Exactly -Scope It ` -ParameterFilter { $DurationInSeconds -eq 43200 } } It "Uses Provided Value for Session Duration" { Update-AWSProfile -Profile "Test" -MfaCode '123456' -SessionDurationSeconds 4321 | Out-Null Assert-MockCalled -CommandName Use-STSRole -Times 1 -Exactly -Scope It ` -ParameterFilter { $DurationInSeconds -eq 4321 } } } }