130 lines
6.5 KiB
PowerShell
130 lines
6.5 KiB
PowerShell
. $PSScriptRoot\..\..\Load-PesterModules.ps1
|
|
$here = Split-Path -Parent $MyInvocation.MyCommand.Path
|
|
$sut = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -replace '\.tests\.', '.'
|
|
$global:functionPath = Join-Path -Path $here -ChildPath $sut
|
|
Write-Host "Overriding SUT: $functionPath"
|
|
Import-Module $functionPath -Force
|
|
$moduleForMock = ""
|
|
|
|
$exportPassword = "Test"
|
|
$exportPath = "c:\temp\CertificateTest"
|
|
$usersWhoNeedRights = @("testuser1", "testuser2")
|
|
|
|
Remove-FileSystemItem -Path $exportPath -Force -Recurse -ErrorAction SilentlyContinue | Out-Null
|
|
New-Item -ItemType Directory $exportPath -Force | Out-Null
|
|
|
|
InModuleScope -ModuleName Alkami.DevOps.Certificates -ScriptBlock {
|
|
Write-Host "InModuleScope - Overriding SUT: $($global:functionPath)"
|
|
Import-Module $global:functionPath -Force
|
|
$inScopeModuleForAssert = "Alkami.DevOps.Certificates"
|
|
$moduleForMock = ""
|
|
$exportPassword = "Test"
|
|
$exportPath = "c:\temp\CertificateTest"
|
|
$usersWhoNeedRights = @("testuser1", "testuser2")
|
|
|
|
|
|
Describe "Import-Certificates" {
|
|
|
|
Mock -CommandName Write-Host -ModuleName $moduleForMock -MockWith {}
|
|
Mock -CommandName Write-Warning -ModuleName $moduleForMock -MockWith {}
|
|
Mock -CommandName Get-AppSetting -ModuleName $moduleForMock -MockWith { return $null }
|
|
|
|
Context "When there are bad inputs when calling Import-Certificates" {
|
|
|
|
It "Throws Exception if all skip flags set" {
|
|
|
|
{ Import-Certificates $exportPassword -skipPersonalCert -skipRootCerts -skipTrustedCert -skipIACert -securityGroup "pod1" } | Should -Throw
|
|
}
|
|
|
|
It "Throws Exception if path doesn't exist" {
|
|
|
|
{ Import-Certificates $exportPassword -importPath 'C:\BadPath' -securityGroup "pod1" } | Should -Throw
|
|
}
|
|
|
|
It "Throws Exception if securityGroup is not supplied and it is not found in machine.config" {
|
|
|
|
{ Import-Certificates $exportPassword } | Should -Throw
|
|
}
|
|
}
|
|
|
|
Context "When Inputs are correct" {
|
|
|
|
Mock -ModuleName $moduleForMock Join-Path { return "C:\temp\testpath" }
|
|
Mock -ModuleName $moduleForMock Test-Path { return $true }
|
|
Mock -ModuleName $moduleForMock -CommandName Import-Cert { }
|
|
Mock -ModuleName $moduleForMock Confirm-Cert { } -Verifiable
|
|
Mock -ModuleName $moduleForMock Get-ChildItem { return @{ FullName = "c:\temp\testpath\Test.pfx"; Name = "Test.pfx"; Extension = ".pfx"} }
|
|
Mock -ModuleName $moduleForMock Get-AlkamiServices { @{ Name = "Alkami.Radium"} }
|
|
Mock -ModuleName $moduleForMock Get-CIMInstance { @{ StartName = "podtest.user"} }
|
|
Mock -ModuleName $moduleForMock Set-CertPermissions {}
|
|
Mock -ModuleName $moduleForMock New-Object { @{ Thumbprint = "ABCDEFG"} }
|
|
|
|
It "Doesnt Require Password if not exporting Personal Certificates" {
|
|
|
|
{ Import-Certificates -skipPersonalCerts -securityGroup "pod1" } | Should -Not -Throw
|
|
}
|
|
|
|
It "Calls Import-Cert when importing personal certs" {
|
|
|
|
Import-Certificates $exportPassword -skipRootCerts -skipTrustedCerts -skipIACerts -securityGroup "pod1"
|
|
|
|
Assert-MockCalled -ModuleName $inScopeModuleForAssert -CommandName Import-Cert -Times 1 -Exactly -Scope It
|
|
}
|
|
|
|
It "Calls Confirm-Cert when importing personal certs" {
|
|
|
|
Import-Certificates $exportPassword -skipRootCerts -skipTrustedCerts -skipIACerts -securityGroup "pod1"
|
|
|
|
Assert-MockCalled -ModuleName $inScopeModuleForAssert -CommandName Confirm-Cert -Times 1 -Exactly -Scope It
|
|
}
|
|
|
|
It "Calls Set-CertPermissions for default users + test WMI user when usersWhoNeedRights is not supplied" {
|
|
|
|
Import-Certificates $exportPassword -skipRootCerts -skipTrustedCerts -skipIACerts -securityGroup "pod1"
|
|
|
|
Assert-MockCalled -ModuleName $inScopeModuleForAssert -CommandName Set-CertPermissions -Times 5 -Exactly -Scope It
|
|
}
|
|
|
|
It "Calls Set-CertPermissions for supplied users + test WMI user when usersWhoNeedRights is supplied" {
|
|
Import-Certificates $exportPassword -skipRootCerts -skipTrustedCerts -skipIACerts -usersWhoNeedRights $usersWhoNeedRights -securityGroup "pod1"
|
|
|
|
Assert-MockCalled -ModuleName $inScopeModuleForAssert -CommandName Set-CertPermissions -Times 2 -Exactly -Scope It
|
|
}
|
|
|
|
It "Calls Set-CertPermissions for default users + test WMI user when usersWhoNeedRights is not supplied and additional users found in services" {
|
|
Mock -ModuleName $moduleForMock Get-CIMInstance { @( @{StartName = "pod1.user"}, @{StartName = "podtest.user"} ) }
|
|
Import-Certificates $exportPassword -skipRootCerts -skipTrustedCerts -skipIACerts -securityGroup "pod1"
|
|
|
|
Assert-MockCalled -ModuleName $inScopeModuleForAssert -CommandName Set-CertPermissions -Times 6 -Exactly -Scope It
|
|
}
|
|
|
|
It "Calls Set-CertPermissions for supplied users + test WMI user when usersWhoNeedRights is supplied and additional users found in services" {
|
|
Mock -ModuleName $moduleForMock Get-CIMInstance { @( @{StartName = "pod1.user"}, @{StartName = "podtest.user"} ) }
|
|
Import-Certificates $exportPassword -skipRootCerts -skipTrustedCerts -skipIACerts -usersWhoNeedRights $usersWhoNeedRights -securityGroup "pod1"
|
|
|
|
Assert-MockCalled -ModuleName $inScopeModuleForAssert -CommandName Set-CertPermissions -Times 3 -Exactly -Scope It
|
|
}
|
|
|
|
It "Calls Import-Cert when importing root certs" {
|
|
|
|
Import-Certificates $exportPassword -skipPersonalCerts -skipTrustedCerts -skipIACerts -securityGroup "pod1"
|
|
|
|
Assert-MockCalled -ModuleName $inScopeModuleForAssert -CommandName Import-Cert -Times 1 -Exactly -Scope It
|
|
}
|
|
|
|
It "Calls Import-Cert when importing trusted certs" {
|
|
|
|
Import-Certificates $exportPassword -skipPersonalCerts -skipRootCerts -skipIACerts -securityGroup "pod1"
|
|
|
|
Assert-MockCalled -ModuleName $inScopeModuleForAssert -CommandName Import-Cert -Times 1 -Exactly -Scope It
|
|
}
|
|
|
|
It "Calls Import-Cert when importing IA certs" {
|
|
|
|
Import-Certificates $exportPassword -skipPersonalCerts -skipRootCerts -skipTrustedCerts -securityGroup "pod1"
|
|
|
|
Assert-MockCalled -ModuleName $inScopeModuleForAssert -CommandName Import-Cert -Times 1 -Exactly -Scope It
|
|
}
|
|
}
|
|
}
|
|
} |