170 lines
9.7 KiB
PowerShell
170 lines
9.7 KiB
PowerShell
. $PSScriptRoot\..\..\Load-PesterModules.ps1
|
|
$here = Split-Path -Parent $MyInvocation.MyCommand.Path
|
|
$sut = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -replace '\.tests\.', '.'
|
|
$global:functionPath = Join-Path -Path $here -ChildPath $sut
|
|
|
|
InModuleScope -ModuleName Alkami.DevOps.SystemEngineering -ScriptBlock {
|
|
Write-Host "InModuleScope - Overriding SUT: $global:functionPath"
|
|
Import-Module $global:functionPath -Force
|
|
$inScopeModule = "Alkami.DevOps.SystemEngineering"
|
|
|
|
Describe "New-ServerlessServiceAccountSecret" {
|
|
|
|
Mock -CommandName Get-LogLeadName -ModuleName $inScopeModule -MockWith { return 'New-ServerlessServiceAccountSecret.tests' }
|
|
Mock -CommandName Get-AWSRegion -ModuleName $inScopeModule -MockWith { return @( @{ 'Region' = 'us-east-1' } ) }
|
|
Mock -CommandName Import-AWSModule -ModuleName $inScopeModule -MockWith {}
|
|
Mock -CommandName New-SECSecret -ModuleName $inScopeModule -MockWith { return @{ ARN = 'TestSecretArn' } }
|
|
Mock -CommandName Write-SECSecretValue -ModuleName $inScopeModule -MockWith {}
|
|
Mock -CommandName Add-SECSecretToRegion -ModuleName $inScopeModule -MockWith { return @{ ARN = 'TestSecretArn' } }
|
|
|
|
$testList = @()
|
|
$testList += ( New-Object 'Management.Automation.PsCredential' 'test1', ( ConvertTo-SecureString -AsPlainText -Force -String 'test1' ))
|
|
$testList += ( New-Object 'Management.Automation.PsCredential' 'test2', ( ConvertTo-SecureString -AsPlainText -Force -String 'test2' ))
|
|
|
|
Context "Parameter Validation" {
|
|
|
|
It "Throws if SecretName Is Null" {
|
|
{ New-ServerlessServiceAccountSecret -SecretName $Null } | Should -Throw
|
|
}
|
|
|
|
It "Throws if SecretName Is Empty" {
|
|
{ New-ServerlessServiceAccountSecret -SecretName '' } | Should -Throw
|
|
}
|
|
|
|
It "Throws if UserDataList has too few elements" {
|
|
{ New-ServerlessServiceAccountSecret -SecretName 'Test' -UserDataList @() } | Should -Throw
|
|
}
|
|
|
|
It "Throws if UserDataList has too many elements" {
|
|
$badTestList = @()
|
|
$badTestList += ( New-Object 'Management.Automation.PsCredential' 'test1', ( ConvertTo-SecureString -AsPlainText -Force -String 'test1' ))
|
|
$badTestList += ( New-Object 'Management.Automation.PsCredential' 'test2', ( ConvertTo-SecureString -AsPlainText -Force -String 'test2' ))
|
|
$badTestList += ( New-Object 'Management.Automation.PsCredential' 'test3', ( ConvertTo-SecureString -AsPlainText -Force -String 'test3' ))
|
|
|
|
{ New-ServerlessServiceAccountSecret -SecretName 'Test' -UserDataList $badTestList } | Should -Throw
|
|
}
|
|
|
|
It "Throws if EnvironmentTag Is Null" {
|
|
{ New-ServerlessServiceAccountSecret -SecretName 'Test' -UserDataList $testList -EnvironmentTag $null } | Should -Throw
|
|
}
|
|
|
|
It "Throws if EnvironmentTag Is Empty" {
|
|
{ New-ServerlessServiceAccountSecret -SecretName 'Test' -UserDataList $testList -EnvironmentTag '' } | Should -Throw
|
|
}
|
|
|
|
It "Throws if ProfileName Is Null" {
|
|
{ New-ServerlessServiceAccountSecret -SecretName 'Test' -UserDataList $testList -EnvironmentTag 'test' -ProfileName $null } | Should -Throw
|
|
}
|
|
|
|
It "Throws if ProfileName Is Empty" {
|
|
{ New-ServerlessServiceAccountSecret -SecretName 'Test' -UserDataList $testList -EnvironmentTag 'test' -ProfileName '' } | Should -Throw
|
|
}
|
|
|
|
It "Throws if Region Is Not In Allowable List" {
|
|
{ New-ServerlessServiceAccountSecret -SecretName 'Test' -UserDataList $testList -EnvironmentTag 'test' -ProfileName 'temp-test' -Region 'Test' } | Should -Throw
|
|
}
|
|
|
|
It "Throws if ReplicationRegion Is Not In Allowable List" {
|
|
{ New-ServerlessServiceAccountSecret -SecretName 'Test' -UserDataList $testList -EnvironmentTag 'test' -ProfileName 'temp-test' -Region 'us-east-1' `
|
|
-ReplicationRegion 'Test' } | Should -Throw
|
|
}
|
|
|
|
It "Throws if Description Is Null" {
|
|
{ New-ServerlessServiceAccountSecret -SecretName 'Test' -UserDataList $testList -EnvironmentTag 'test' -ProfileName 'temp-test' -Region 'us-east-1' `
|
|
-ReplicationRegion 'us-east-1' -Description $null } | Should -Throw
|
|
}
|
|
|
|
It "Throws if Description Is Empty" {
|
|
{ New-ServerlessServiceAccountSecret -SecretName 'Test' -UserDataList $testList -EnvironmentTag 'test' -ProfileName 'temp-test' -Region 'us-east-1' `
|
|
-ReplicationRegion 'us-east-1' -Description '' } | Should -Throw
|
|
}
|
|
}
|
|
|
|
Context "Logic" {
|
|
|
|
It "Returns an Array of Strings" {
|
|
|
|
(Get-Command New-ServerlessServiceAccountSecret).OutputType.Type.ToString() | Should -BeExactly "System.String[]"
|
|
}
|
|
|
|
It "Creates Secret Using Supplied Arguments" {
|
|
|
|
New-ServerlessServiceAccountSecret -SecretName 'TestName' -UserDataList $testList -EnvironmentTag 'test' -ProfileName 'temp-test' -Region 'us-east-1' `
|
|
-ReplicationRegion '' -Description 'TestDescription' | Out-Null
|
|
|
|
Assert-MockCalled -ModuleName $inScopeModule -CommandName New-SECSecret -Times 1 -Exactly -Scope It `
|
|
-ParameterFilter { (($Name -ceq 'TestName') -and ($Description -ceq 'TestDescription') -and `
|
|
($ProfileName -ceq 'temp-test') -and ($Region -ceq 'us-east-1')) }
|
|
}
|
|
|
|
It "Applies Tags to the Created Secret" {
|
|
|
|
New-ServerlessServiceAccountSecret -SecretName 'TestName' -UserDataList $testList -EnvironmentTag 'test' -ProfileName 'temp-test' -Region 'us-east-1' `
|
|
-ReplicationRegion '' -Description 'TestDescription' | Out-Null
|
|
|
|
Assert-MockCalled -ModuleName $inScopeModule -CommandName New-SECSecret -Times 1 -Exactly -Scope It `
|
|
-ParameterFilter { $Tag.Count -gt 0 }
|
|
}
|
|
|
|
It "Creates Secret Using First User's Data" {
|
|
|
|
New-ServerlessServiceAccountSecret -SecretName 'Test' -UserDataList $testList -EnvironmentTag 'test' -ProfileName 'temp-test' -Region 'us-east-1' `
|
|
-ReplicationRegion '' -Description 'Test' | Out-Null
|
|
|
|
Assert-MockCalled -ModuleName $inScopeModule -CommandName New-SECSecret -Times 1 -Exactly -Scope It `
|
|
-ParameterFilter { $SecretString -match "test1" }
|
|
}
|
|
|
|
It "Updates Secret Value Using Second User's Data" {
|
|
|
|
New-ServerlessServiceAccountSecret -SecretName 'Test' -UserDataList $testList -EnvironmentTag 'test' -ProfileName 'temp-test' -Region 'us-east-1' `
|
|
-ReplicationRegion '' -Description 'Test' | Out-Null
|
|
|
|
Assert-MockCalled -ModuleName $inScopeModule -CommandName Write-SECSecretValue -Times 1 -Exactly -Scope It `
|
|
-ParameterFilter { $SecretString -match "test2" }
|
|
}
|
|
|
|
It "Applies Replication Policy If Replication Region Supplied" {
|
|
|
|
New-ServerlessServiceAccountSecret -SecretName 'Test' -UserDataList $testList -EnvironmentTag 'test' -ProfileName 'temp-test' -Region 'us-east-1' `
|
|
-ReplicationRegion 'us-east-1' -Description 'Test' | Out-Null
|
|
|
|
Assert-MockCalled -ModuleName $inScopeModule -CommandName Add-SECSecretToRegion -Times 1 -Exactly -Scope It `
|
|
-ParameterFilter { $AddReplicaRegion[0].Region -ceq 'us-east-1' }
|
|
}
|
|
|
|
It "Returns Two ARNs If Replication Region Supplied" {
|
|
|
|
$result = New-ServerlessServiceAccountSecret -SecretName 'Test' -UserDataList $testList -EnvironmentTag 'test' -ProfileName 'temp-test' -Region 'us-east-1' `
|
|
-ReplicationRegion 'us-east-1' -Description 'Test'
|
|
|
|
$result | Should -HaveCount 2
|
|
}
|
|
|
|
It "Does Not Apply Replication Policy If Replication Region Is Null" {
|
|
|
|
New-ServerlessServiceAccountSecret -SecretName 'Test' -UserDataList $testList -EnvironmentTag 'test' -ProfileName 'temp-test' -Region 'us-east-1' `
|
|
-ReplicationRegion $null -Description 'Test' | Out-Null
|
|
|
|
Assert-MockCalled -ModuleName $inScopeModule -CommandName Add-SECSecretToRegion -Times 0 -Exactly -Scope It
|
|
}
|
|
|
|
It "Does Not Apply Replication Policy If Replication Region Is Empty" {
|
|
|
|
New-ServerlessServiceAccountSecret -SecretName 'Test' -UserDataList $testList -EnvironmentTag 'test' -ProfileName 'temp-test' -Region 'us-east-1' `
|
|
-ReplicationRegion '' -Description 'Test' | Out-Null
|
|
|
|
Assert-MockCalled -ModuleName $inScopeModule -CommandName Add-SECSecretToRegion -Times 0 -Exactly -Scope It
|
|
}
|
|
|
|
It "Returns One ARN If Replication Region Not Supplied" {
|
|
|
|
$result = New-ServerlessServiceAccountSecret -SecretName 'Test' -UserDataList $testList -EnvironmentTag 'test' -ProfileName 'temp-test' -Region 'us-east-1' `
|
|
-ReplicationRegion '' -Description 'Test'
|
|
|
|
$result | Should -HaveCount 1
|
|
}
|
|
}
|
|
}
|
|
}
|