. $PSScriptRoot\..\..\Load-PesterModules.ps1 $here = Split-Path -Parent $MyInvocation.MyCommand.Path $sut = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -replace '\.tests\.', '.' $global:functionPath = Join-Path -Path $here -ChildPath $sut InModuleScope -ModuleName Alkami.DevOps.SystemEngineering -ScriptBlock { Write-Host "InModuleScope - Overriding SUT: $global:functionPath" Import-Module $global:functionPath -Force $inScopeModule = "Alkami.DevOps.SystemEngineering" Describe "New-ServerlessServiceAccountActiveDirectoryUserPair" { Mock -CommandName Get-LogLeadName -ModuleName $inScopeModule -MockWith { return 'New-ServerlessServiceAccountActiveDirectoryUserPair.tests' } Mock -CommandName Get-DomainNameDistinguishedName -ModuleName $inScopeModule -MockWith { return 'DC=fh,DC=local' } Mock -CommandName Write-Error -ModuleName $inScopeModule -MockWith {} Mock -CommandName Add-ADGroupMember -ModuleName $inScopeModule -MockWith {} $testCredential = New-Object 'Management.Automation.PsCredential' 'Test', ( ConvertTo-SecureString -AsPlainText -Force -String 'Test' ) $testList = @() $testList += ( New-Object 'Management.Automation.PsCredential' 'test1', ( ConvertTo-SecureString -AsPlainText -Force -String 'test1' )) $testList += ( New-Object 'Management.Automation.PsCredential' 'test2', ( ConvertTo-SecureString -AsPlainText -Force -String 'test2' )) Context "Parameter Validation" { It "Throws if UserDataList has too few elements" { { New-ServerlessServiceAccountActiveDirectoryUserPair -Cred $testCredential -UserDataList @() } | Should -Throw } It "Throws if UserDataList has too many elements" { $badTestList = @() $badTestList += ( New-Object 'Management.Automation.PsCredential' 'test1', ( ConvertTo-SecureString -AsPlainText -Force -String 'test1' )) $badTestList += ( New-Object 'Management.Automation.PsCredential' 'test2', ( ConvertTo-SecureString -AsPlainText -Force -String 'test2' )) $badTestList += ( New-Object 'Management.Automation.PsCredential' 'test3', ( ConvertTo-SecureString -AsPlainText -Force -String 'test3' )) { New-ServerlessServiceAccountActiveDirectoryUserPair -Cred $testCredential -UserDataList $badTestList } | Should -Throw } It "Throws if UserOuPathCommon Is Null" { { New-ServerlessServiceAccountActiveDirectoryUserPair -Cred $testCredential -UserDataList $testList -UserOuPathCommon $null } | Should -Throw } It "Throws if UserOuPathCommon Is Empty" { { New-ServerlessServiceAccountActiveDirectoryUserPair -Cred $testCredential -UserDataList $testList -UserOuPathCommon '' } | Should -Throw } It "Throws if Environment Is Not In Approved List" { { New-ServerlessServiceAccountActiveDirectoryUserPair -Cred $testCredential -UserDataList $testList -UserOuPathCommon 'Test' -Environment 'Test' } | Should -Throw } It "Throws if TicketNumber Does Not Match Regex" { { New-ServerlessServiceAccountActiveDirectoryUserPair -Cred $testCredential -UserDataList $testList -UserOuPathCommon 'Test' -Environment 'Dev' -TicketNumber 'Test!' } | Should -Throw } } Context "Logic" { It "Writes Error and Throws if SQL Group Not Found" { Mock -CommandName Get-ADGroup -ModuleName $inScopeModule -MockWith { return $null } Mock -CommandName Get-ADUser -ModuleName $inScopeModule -MockWith { return $null } Mock -CommandName New-ADUser -ModuleName $inScopeModule -MockWith {} { New-ServerlessServiceAccountActiveDirectoryUserPair -Cred $testCredential -UserDataList $testList -UserOuPathCommon 'Test' ` -Environment 'Dev' -TicketNumber 'Test-123' } | Should -Throw "Unable to find Active Directory group" Assert-MockCalled -ModuleName $inScopeModule -CommandName Write-Error -Times 1 -Exactly -Scope It ` -ParameterFilter { $Message -match 'Unable to find Active Directory group named' } Assert-MockCalled -ModuleName $inScopeModule -CommandName Get-ADGroup -Times 1 -Exactly -Scope It Assert-MockCalled -ModuleName $inScopeModule -CommandName Get-ADUser -Times 0 -Exactly -Scope It Assert-MockCalled -ModuleName $inScopeModule -CommandName New-ADUser -Times 0 -Exactly -Scope It Assert-MockCalled -ModuleName $inScopeModule -CommandName Add-ADGroupMember -Times 0 -Exactly -Scope It } It "Writes Error and Throws if User Already Exists" { Mock -CommandName Get-ADGroup -ModuleName $inScopeModule -MockWith { return $true } Mock -CommandName Get-ADUser -ModuleName $inScopeModule -MockWith { return $true } Mock -CommandName New-ADUser -ModuleName $inScopeModule -MockWith {} { New-ServerlessServiceAccountActiveDirectoryUserPair -Cred $testCredential -UserDataList $testList -UserOuPathCommon 'Test' ` -Environment 'Dev' -TicketNumber 'Test-123' } | Should -Throw "Found pre-existing user" Assert-MockCalled -ModuleName $inScopeModule -CommandName Write-Error -Times 1 -Exactly -Scope It ` -ParameterFilter { $Message -match 'Found pre-existing user named' } Assert-MockCalled -ModuleName $inScopeModule -CommandName Get-ADGroup -Times 1 -Exactly -Scope It Assert-MockCalled -ModuleName $inScopeModule -CommandName Get-ADUser -Times 1 -Exactly -Scope It Assert-MockCalled -ModuleName $inScopeModule -CommandName New-ADUser -Times 0 -Exactly -Scope It Assert-MockCalled -ModuleName $inScopeModule -CommandName Add-ADGroupMember -Times 0 -Exactly -Scope It } It "Writes Error and Throws if User Creation Fails" { Mock -CommandName Get-ADGroup -ModuleName $inScopeModule -MockWith { return $true } Mock -CommandName Get-ADUser -ModuleName $inScopeModule -MockWith { return $null } Mock -CommandName New-ADUser -ModuleName $inScopeModule -MockWith { throw "Test" } { New-ServerlessServiceAccountActiveDirectoryUserPair -Cred $testCredential -UserDataList $testList -UserOuPathCommon 'Test' ` -Environment 'Dev' -TicketNumber 'Test-123' } | Should -Throw "Creation of user 'test1' failed" Assert-MockCalled -ModuleName $inScopeModule -CommandName Write-Error -Times 1 -Exactly -Scope It ` -ParameterFilter { $Message -match "Creation of user 'test1' failed" } Assert-MockCalled -ModuleName $inScopeModule -CommandName Get-ADGroup -Times 1 -Exactly -Scope It Assert-MockCalled -ModuleName $inScopeModule -CommandName Get-ADUser -Times 2 -Exactly -Scope It Assert-MockCalled -ModuleName $inScopeModule -CommandName New-ADUser -Times 1 -Exactly -Scope It Assert-MockCalled -ModuleName $inScopeModule -CommandName Add-ADGroupMember -Times 0 -Exactly -Scope It } It "Creates Users and Adds Users to Group" { Mock -CommandName Get-ADGroup -ModuleName $inScopeModule -MockWith { return New-Object Microsoft.ActiveDirectory.Management.ADPrincipal } Mock -CommandName Get-ADUser -ModuleName $inScopeModule -MockWith { return $null } Mock -CommandName New-ADUser -ModuleName $inScopeModule -MockWith {} New-ServerlessServiceAccountActiveDirectoryUserPair -Cred $testCredential -UserDataList $testList -UserOuPathCommon 'Test' -Environment 'Dev' -TicketNumber 'Test-123' Assert-MockCalled -ModuleName $inScopeModule -CommandName Write-Error -Times 0 -Exactly -Scope It Assert-MockCalled -ModuleName $inScopeModule -CommandName Get-ADGroup -Times 1 -Exactly -Scope It Assert-MockCalled -ModuleName $inScopeModule -CommandName Get-ADUser -Times 2 -Exactly -Scope It Assert-MockCalled -ModuleName $inScopeModule -CommandName New-ADUser -Times 2 -Exactly -Scope It Assert-MockCalled -ModuleName $inScopeModule -CommandName Add-ADGroupMember -Times 4 -Exactly -Scope It } } } }