. $PSScriptRoot\..\..\Load-PesterModules.ps1 $here = Split-Path -Parent $MyInvocation.MyCommand.Path $sut = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -replace '\.tests\.', '.' $global:functionPath = Join-Path -Path $here -ChildPath $sut Write-Host "Overriding SUT: $functionPath" Import-Module $functionPath -Force $moduleForMock = "" $exportPassword = "Test" $exportPath = "c:\temp\CertificateTest" $usersWhoNeedRights = @("testuser1", "testuser2") Remove-FileSystemItem -Path $exportPath -Force -Recurse -ErrorAction SilentlyContinue | Out-Null New-Item -ItemType Directory $exportPath -Force | Out-Null InModuleScope -ModuleName Alkami.DevOps.Certificates -ScriptBlock { Write-Host "InModuleScope - Overriding SUT: $($global:functionPath)" Import-Module $global:functionPath -Force $inScopeModuleForAssert = "Alkami.DevOps.Certificates" $moduleForMock = "" $exportPassword = "Test" $exportPath = "c:\temp\CertificateTest" $usersWhoNeedRights = @("testuser1", "testuser2") Describe "Import-Certificates" { Mock -CommandName Write-Host -ModuleName $moduleForMock -MockWith {} Mock -CommandName Write-Warning -ModuleName $moduleForMock -MockWith {} Mock -CommandName Get-AppSetting -ModuleName $moduleForMock -MockWith { return $null } Context "When there are bad inputs when calling Import-Certificates" { It "Throws Exception if all skip flags set" { { Import-Certificates $exportPassword -skipPersonalCert -skipRootCerts -skipTrustedCert -skipIACert -securityGroup "pod1" } | Should -Throw } It "Throws Exception if path doesn't exist" { { Import-Certificates $exportPassword -importPath 'C:\BadPath' -securityGroup "pod1" } | Should -Throw } It "Throws Exception if securityGroup is not supplied and it is not found in machine.config" { { Import-Certificates $exportPassword } | Should -Throw } } Context "When Inputs are correct" { Mock -ModuleName $moduleForMock Join-Path { return "C:\temp\testpath" } Mock -ModuleName $moduleForMock Test-Path { return $true } Mock -ModuleName $moduleForMock -CommandName Import-Cert { } Mock -ModuleName $moduleForMock Confirm-Cert { } -Verifiable Mock -ModuleName $moduleForMock Get-ChildItem { return @{ FullName = "c:\temp\testpath\Test.pfx"; Name = "Test.pfx"; Extension = ".pfx"} } Mock -ModuleName $moduleForMock Get-AlkamiServices { @{ Name = "Alkami.Radium"} } Mock -ModuleName $moduleForMock Get-CIMInstance { @{ StartName = "podtest.user"} } Mock -ModuleName $moduleForMock Set-CertPermissions {} Mock -ModuleName $moduleForMock New-Object { @{ Thumbprint = "ABCDEFG"} } It "Doesnt Require Password if not exporting Personal Certificates" { { Import-Certificates -skipPersonalCerts -securityGroup "pod1" } | Should -Not -Throw } It "Calls Import-Cert when importing personal certs" { Import-Certificates $exportPassword -skipRootCerts -skipTrustedCerts -skipIACerts -securityGroup "pod1" Assert-MockCalled -ModuleName $inScopeModuleForAssert -CommandName Import-Cert -Times 1 -Exactly -Scope It } It "Calls Confirm-Cert when importing personal certs" { Import-Certificates $exportPassword -skipRootCerts -skipTrustedCerts -skipIACerts -securityGroup "pod1" Assert-MockCalled -ModuleName $inScopeModuleForAssert -CommandName Confirm-Cert -Times 1 -Exactly -Scope It } It "Calls Set-CertPermissions for default users + test WMI user when usersWhoNeedRights is not supplied" { Import-Certificates $exportPassword -skipRootCerts -skipTrustedCerts -skipIACerts -securityGroup "pod1" Assert-MockCalled -ModuleName $inScopeModuleForAssert -CommandName Set-CertPermissions -Times 5 -Exactly -Scope It } It "Calls Set-CertPermissions for supplied users + test WMI user when usersWhoNeedRights is supplied" { Import-Certificates $exportPassword -skipRootCerts -skipTrustedCerts -skipIACerts -usersWhoNeedRights $usersWhoNeedRights -securityGroup "pod1" Assert-MockCalled -ModuleName $inScopeModuleForAssert -CommandName Set-CertPermissions -Times 2 -Exactly -Scope It } It "Calls Set-CertPermissions for default users + test WMI user when usersWhoNeedRights is not supplied and additional users found in services" { Mock -ModuleName $moduleForMock Get-CIMInstance { @( @{StartName = "pod1.user"}, @{StartName = "podtest.user"} ) } Import-Certificates $exportPassword -skipRootCerts -skipTrustedCerts -skipIACerts -securityGroup "pod1" Assert-MockCalled -ModuleName $inScopeModuleForAssert -CommandName Set-CertPermissions -Times 6 -Exactly -Scope It } It "Calls Set-CertPermissions for supplied users + test WMI user when usersWhoNeedRights is supplied and additional users found in services" { Mock -ModuleName $moduleForMock Get-CIMInstance { @( @{StartName = "pod1.user"}, @{StartName = "podtest.user"} ) } Import-Certificates $exportPassword -skipRootCerts -skipTrustedCerts -skipIACerts -usersWhoNeedRights $usersWhoNeedRights -securityGroup "pod1" Assert-MockCalled -ModuleName $inScopeModuleForAssert -CommandName Set-CertPermissions -Times 3 -Exactly -Scope It } It "Calls Import-Cert when importing root certs" { Import-Certificates $exportPassword -skipPersonalCerts -skipTrustedCerts -skipIACerts -securityGroup "pod1" Assert-MockCalled -ModuleName $inScopeModuleForAssert -CommandName Import-Cert -Times 1 -Exactly -Scope It } It "Calls Import-Cert when importing trusted certs" { Import-Certificates $exportPassword -skipPersonalCerts -skipRootCerts -skipIACerts -securityGroup "pod1" Assert-MockCalled -ModuleName $inScopeModuleForAssert -CommandName Import-Cert -Times 1 -Exactly -Scope It } It "Calls Import-Cert when importing IA certs" { Import-Certificates $exportPassword -skipPersonalCerts -skipRootCerts -skipTrustedCerts -securityGroup "pod1" Assert-MockCalled -ModuleName $inScopeModuleForAssert -CommandName Import-Cert -Times 1 -Exactly -Scope It } } } }