Tests/Unit/MSFT_ADGroup.Tests.ps1
Import-Module -Name (Join-Path -Path $PSScriptRoot -ChildPath '..\TestHelpers\ActiveDirectoryDsc.TestHelper.psm1') if (-not (Test-RunForCITestCategory -Type 'Unit' -Category 'Tests')) { return } $script:dscModuleName = 'ActiveDirectoryDsc' $script:dscResourceName = 'MSFT_ADGroup' #region HEADER # Unit Test Template Version: 1.2.4 $script:moduleRoot = Split-Path -Parent (Split-Path -Parent $PSScriptRoot) if ( (-not (Test-Path -Path (Join-Path -Path $script:moduleRoot -ChildPath 'DSCResource.Tests'))) -or ` (-not (Test-Path -Path (Join-Path -Path $script:moduleRoot -ChildPath 'DSCResource.Tests\TestHelper.psm1'))) ) { & git @('clone', 'https://github.com/PowerShell/DscResource.Tests.git', (Join-Path -Path $script:moduleRoot -ChildPath 'DscResource.Tests')) } Import-Module -Name (Join-Path -Path $script:moduleRoot -ChildPath (Join-Path -Path 'DSCResource.Tests' -ChildPath 'TestHelper.psm1')) -Force $TestEnvironment = Initialize-TestEnvironment ` -DSCModuleName $script:dscModuleName ` -DSCResourceName $script:dscResourceName ` -ResourceType 'Mof' ` -TestType Unit #endregion HEADER function Invoke-TestSetup { } function Invoke-TestCleanup { Restore-TestEnvironment -TestEnvironment $TestEnvironment } # Begin Testing try { Invoke-TestSetup InModuleScope $script:dscResourceName { # Load stub cmdlets and classes. Import-Module (Join-Path -Path $PSScriptRoot -ChildPath 'Stubs\ActiveDirectory_2019.psm1') -Force $testPresentParams = @{ GroupName = 'TestGroup' GroupScope = 'Global' Category = 'Security' Path = 'OU=Fake,DC=contoso,DC=com' Description = 'Test AD group description' DisplayName = 'Test display name' Ensure = 'Present' Notes = 'This is a test AD group' ManagedBy = 'CN=User 1,CN=Users,DC=contoso,DC=com' } $testAbsentParams = $testPresentParams.Clone() $testAbsentParams['Ensure'] = 'Absent' $testPresentParamsMultiDomain = $testPresentParams.Clone() $testPresentParamsMultiDomain.MembershipAttribute = 'DistinguishedName' $fakeADGroup = @{ Name = $testPresentParams.GroupName Identity = $testPresentParams.GroupName GroupScope = $testPresentParams.GroupScope GroupCategory = $testPresentParams.Category DistinguishedName = "CN=$($testPresentParams.GroupName),$($testPresentParams.Path)" Description = $testPresentParams.Description DisplayName = $testPresentParams.DisplayName ManagedBy = $testPresentParams.ManagedBy Info = $testPresentParams.Notes } $fakeADUser1 = [PSCustomObject] @{ DistinguishedName = 'CN=User 1,CN=Users,DC=contoso,DC=com' ObjectGUID = 'a97cc867-0c9e-4928-8387-0dba0c883b8e' SamAccountName = 'USER1' SID = 'S-1-5-21-1131554080-2861379300-292325817-1106' } $fakeADUser2 = [PSCustomObject] @{ DistinguishedName = 'CN=User 2,CN=Users,DC=contoso,DC=com' ObjectGUID = 'a97cc867-0c9e-4928-8387-0dba0c883b8f' SamAccountName = 'USER2' SID = 'S-1-5-21-1131554080-2861379300-292325817-1107' } $fakeADUser3 = [PSCustomObject] @{ DistinguishedName = 'CN=User 3,CN=Users,DC=contoso,DC=com' ObjectGUID = 'a97cc867-0c9e-4928-8387-0dba0c883b90' SamAccountName = 'USER3' SID = 'S-1-5-21-1131554080-2861379300-292325817-1108' } $fakeADUser4 = [PSCustomObject] @{ DistinguishedName = 'CN=User 4,CN=Users,DC=sub,DC=contoso,DC=com' ObjectGUID = 'ebafa34e-b020-40cd-8652-ee7286419869' SamAccountName = 'USER4' SID = 'S-1-5-21-1131554080-2861379300-292325817-1109' } $testDomainController = 'TESTDC' $testCredentials = New-Object -TypeName 'System.Management.Automation.PSCredential' -ArgumentList @( 'DummyUser', (ConvertTo-SecureString -String 'DummyPassword' -AsPlainText -Force) ) #region Function Get-TargetResource Describe 'ADGroup\Get-TargetResource' { Mock -CommandName Assert-Module -ParameterFilter { $ModuleName -eq 'ActiveDirectory' } It 'Calls "Assert-Module" to check AD module is installed' { Mock -CommandName Get-ADGroup -MockWith { return $fakeADGroup } Mock -CommandName Get-ADGroupMember -MockWith { return @( $fakeADUser1, $fakeADUser2 ) } $null = Get-TargetResource @testPresentParams Assert-MockCalled -CommandName Assert-Module -ParameterFilter { $ModuleName -eq 'ActiveDirectory' } -Scope It } It 'Returns the correct values when group exists' { Mock -CommandName Get-ADGroup -MockWith { return $fakeADGroup } Mock -CommandName Get-ADGroupMember -MockWith { return @( $fakeADUser1, $fakeADUser2 ) } $result = Get-TargetResource @testPresentParams $result.Ensure | Should -Be 'Present' $result.GroupName | Should -Be $fakeADGroup.Name $result.GroupScope | Should -Be $fakeADGroup.GroupScope $result.Category | Should -Be $fakeADGroup.GroupCategory $result.Path | Should -Be 'OU=Fake,DC=contoso,DC=com' $result.Description | Should -Be $fakeADGroup.Description $result.DisplayName | Should -Be $fakeADGroup.DisplayName $result.Members | Should -HaveCount 2 $result.Members | Should -Contain $fakeADUser1.SamAccountName $result.Members | Should -Contain $fakeADUser2.SamAccountName $result.MembersToInclude | Should -BeNullOrEmpty $result.MembersToExclude | Should -BeNullOrEmpty $result.MembershipAttribute | Should -Be 'SamAccountName' $result.ManagedBy | Should -Be $fakeADGroup.ManagedBy $result.Notes | Should -Be $fakeADGroup.Info $result.DistinguishedName | Should -Be $fakeADGroup.DistinguishedName } It 'Returns the correct values when group does not exist' { Mock -CommandName Get-ADGroup -MockWith { throw New-Object Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException } $result = Get-TargetResource @testPresentParams $result.Ensure | Should -Be 'Absent' $result.GroupName | Should -Be $testPresentParams.GroupName $result.GroupScope | Should -BeNullOrEmpty $result.Category | Should -BeNullOrEmpty $result.Path | Should -BeNullOrEmpty $result.Description | Should -BeNullOrEmpty $result.DisplayName | Should -BeNullOrEmpty $result.Members | Should -BeNullOrEmpty $result.MembersToInclude | Should -BeNullOrEmpty $result.MembersToExclude | Should -BeNullOrEmpty $result.MembershipAttribute | Should -Be 'SamAccountName' $result.ManagedBy | Should -BeNullOrEmpty $result.Notes | Should -BeNullOrEmpty $result.DistinguishedName | Should -BeNullOrEmpty } It "Calls 'Get-ADGroup' with 'Server' parameter when 'DomainController' specified" { Mock -CommandName Get-ADGroup -ParameterFilter { $Server -eq $testDomainController } -MockWith { return $fakeADGroup } Mock -CommandName Get-ADGroupMember -MockWith { return @( $fakeADUser1, $fakeADUser2 ) } Get-TargetResource @testPresentParams -DomainController $testDomainController Assert-MockCalled -CommandName Get-ADGroup -ParameterFilter { $Server -eq $testDomainController } -Scope It } It "Calls 'Get-ADGroup' with 'Credential' parameter when specified" { Mock -CommandName Get-ADGroup -ParameterFilter { $Credential -eq $testCredentials } -MockWith { return $fakeADGroup } Mock -CommandName Get-ADGroupMember -MockWith { return @( $fakeADUser1, $fakeADUser2 ) } Get-TargetResource @testPresentParams -Credential $testCredentials Assert-MockCalled -CommandName Get-ADGroup -ParameterFilter { $Credential -eq $testCredentials } -Scope It } It "Calls 'Get-ADGroupMember' with 'Server' parameter when 'DomainController' specified" { Mock -CommandName Get-ADGroup -MockWith { return $fakeADGroup } Mock -CommandName Get-ADGroupMember -ParameterFilter { $Server -eq $testDomainController } -MockWith { return @( $fakeADUser1, $fakeADUser2 ) } Get-TargetResource @testPresentParams -DomainController $testDomainController Assert-MockCalled -CommandName Get-ADGroupMember -ParameterFilter { $Server -eq $testDomainController } -Scope It } It "Calls 'Get-ADGroupMember' with 'Credential' parameter when specified" { Mock -CommandName Get-ADGroup -MockWith { return $fakeADGroup } Mock -CommandName Get-ADGroupMember -ParameterFilter { $Credential -eq $testCredentials } -MockWith { return @( $fakeADUser1, $fakeADUser2 ) } Get-TargetResource @testPresentParams -Credential $testCredentials Assert-MockCalled -CommandName Get-ADGroupMember -ParameterFilter { $Credential -eq $testCredentials } -Scope It } } #end region #region Function Test-TargetResource Describe 'ADGroup\Test-TargetResource' { Mock -CommandName Assert-Module -ParameterFilter { $ModuleName -eq 'ActiveDirectory' } foreach ($attribute in @('SamAccountName','DistinguishedName','ObjectGUID','SID')) { It "Passes when group 'Members' match using '$attribute'" { Mock -CommandName Get-ADGroup -MockWith { return $fakeADGroup } Mock -CommandName Get-ADGroupMember -MockWith { return @( $fakeADUser1, $fakeADUser2 ) } $targetResource = Test-TargetResource @testPresentParams -Members $fakeADUser1.$attribute, $fakeADUser2.$attribute -MembershipAttribute $attribute $targetResource | Should -BeTrue } It "Fails when group membership counts do not match using '$attribute'" { Mock -CommandName Get-ADGroup -MockWith { return $fakeADGroup } Mock -CommandName Get-ADGroupMember -MockWith { return @( $fakeADUser1 ) } $targetResource = Test-TargetResource @testPresentParams -Members $fakeADUser2.$attribute, $fakeADUser3.$attribute -MembershipAttribute $attribute $targetResource | Should -BeFalse } It "Fails when group 'Members' do not match using '$attribute'" { Mock -CommandName Get-ADGroup -MockWith { return $fakeADGroup } Mock -CommandName Get-ADGroupMember -MockWith { return @( $fakeADUser1, $fakeADUser2 ) } $targetResource = Test-TargetResource @testPresentParams -Members $fakeADUser2.$attribute, $fakeADUser3.$attribute -MembershipAttribute $attribute $targetResource | Should -BeFalse } It "Passes when specified 'MembersToInclude' match using '$attribute'" { Mock -CommandName Get-ADGroup -MockWith { return $fakeADGroup } Mock -CommandName Get-ADGroupMember -MockWith { return @( $fakeADUser1, $fakeADUser2 ) } $targetResource = Test-TargetResource @testPresentParams -MembersToInclude $fakeADUser2.$attribute -MembershipAttribute $attribute $targetResource | Should -BeTrue } It "Fails when specified 'MembersToInclude' are missing using '$attribute'" { Mock -CommandName Get-ADGroup -MockWith { return $fakeADGroup } Mock -CommandName Get-ADGroupMember -MockWith { return @( $fakeADUser1, $fakeADUser2 ) } $targetResource = Test-TargetResource @testPresentParams -MembersToInclude $fakeADUser3.$attribute -MembershipAttribute $attribute $targetResource | Should -BeFalse } It "Passes when specified 'MembersToExclude' are missing using '$attribute'" { Mock -CommandName Get-ADGroup -MockWith { return $fakeADGroup } Mock -CommandName Get-ADGroupMember -MockWith { return @( $fakeADUser1, $fakeADUser2 ) } $targetResource = Test-TargetResource @testPresentParams -MembersToExclude $fakeADUser3.$attribute -MembershipAttribute $attribute $targetResource | Should -BeTrue } It "Fails when when specified 'MembersToExclude' match using '$attribute'" { Mock -CommandName Get-ADGroup -MockWith { return $fakeADGroup } Mock -CommandName Get-ADGroupMember -MockWith { return @( $fakeADUser1, $fakeADUser2 ) } $targetResource = Test-TargetResource @testPresentParams -MembersToExclude $fakeADUser2.$attribute -MembershipAttribute $attribute $targetResource | Should -BeFalse } } #end foreach attribute It "Fails when group does not exist and 'Ensure' is 'Present'" { Mock -CommandName Get-TargetResource -MockWith { return $testAbsentParams } Test-TargetResource @testPresentParams | Should -BeFalse } It "Fails when group exists, 'Ensure' is 'Present' but 'Scope' is wrong" { Mock -CommandName Get-TargetResource -MockWith { $duffADGroup = $testPresentParams.Clone() $duffADGroup['GroupScope'] = 'Universal' return $duffADGroup } Test-TargetResource @testPresentParams | Should -BeFalse } It "Fails when group exists, 'Ensure' is 'Present' but 'Category' is wrong" { Mock -CommandName Get-TargetResource -MockWith { $duffADGroup = $testPresentParams.Clone() $duffADGroup['Category'] = 'Distribution' return $duffADGroup } Test-TargetResource @testPresentParams | Should -BeFalse } It "Fails when group exists, 'Ensure' is 'Present' but 'Path' is wrong" { Mock -CommandName Get-TargetResource -MockWith { $duffADGroup = $testPresentParams.Clone() $duffADGroup['Path'] = 'OU=WrongPath,DC=contoso,DC=com' return $duffADGroup } Test-TargetResource @testPresentParams | Should -BeFalse } It "Fails when group exists, 'Ensure' is 'Present' but 'Description' is wrong" { Mock -CommandName Get-TargetResource -MockWith { $duffADGroup = $testPresentParams.Clone() $duffADGroup['Description'] = 'Test AD group description is wrong' return $duffADGroup } Test-TargetResource @testPresentParams | Should -BeFalse } It "Fails when group exists, 'Ensure' is 'Present' but 'DisplayName' is wrong" { Mock -CommandName Get-TargetResource -MockWith { $duffADGroup = $testPresentParams.Clone() $duffADGroup['DisplayName'] = 'Wrong display name' return $duffADGroup } Test-TargetResource @testPresentParams | Should -BeFalse } It "Fails when group exists, 'Ensure' is 'Present' but 'ManagedBy' is wrong" { Mock -CommandName Get-TargetResource -MockWith { $duffADGroup = $testPresentParams.Clone() $duffADGroup['ManagedBy'] = $fakeADUser3.DistinguishedName return $duffADGroup } Test-TargetResource @testPresentParams | Should -BeFalse } It "Fails when group exists, 'Ensure' is 'Present' but 'Notes' is wrong" { Mock -CommandName Get-TargetResource -MockWith { $duffADGroup = $testPresentParams.Clone() $duffADGroup['Notes'] = 'These notes are clearly wrong' return $duffADGroup } Test-TargetResource @testPresentParams | Should -BeFalse } It "Fails when group exists and 'Ensure' is 'Absent'" { Mock -CommandName Get-TargetResource -MockWith { return $testPresentParams } Test-TargetResource @testAbsentParams | Should -BeFalse } It "Passes when group exists, target matches and 'Ensure' is 'Present'" { Mock -CommandName Get-TargetResource -MockWith { return $testPresentParams } Test-TargetResource @testPresentParams | Should -BeTrue } It "Passes when group does not exist and 'Ensure' is 'Absent'" { Mock -CommandName Get-TargetResource -MockWith { return $testAbsentParams } Test-TargetResource @testAbsentParams | Should -BeTrue } } #end region #region Function Set-TargetResource Describe 'ADGroup\Set-TargetResource' { Mock -CommandName Assert-Module -ParameterFilter { $ModuleName -eq 'ActiveDirectory' } Mock -CommandName Assert-MemberParameters It "Calls 'New-ADGroup' when 'Ensure' is 'Present' and the group does not exist" { Mock -CommandName Get-ADGroup -MockWith { throw New-Object Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException } Mock -CommandName Set-ADGroup Mock -CommandName New-ADGroup -MockWith { return [PSCustomObject] $fakeADGroup } Set-TargetResource @testPresentParams Assert-MockCalled -CommandName New-ADGroup -Scope It } $testProperties = @{ Description = 'Test AD Group description is wrong' ManagedBy = $fakeADUser3.DistinguishedName DisplayName = 'Test DisplayName' } foreach ($property in $testProperties.Keys) { It "Calls 'Set-ADGroup' when 'Ensure' is 'Present' and '$property' is specified" { Mock -CommandName Set-ADGroup Mock -CommandName Get-ADGroupMember Mock -CommandName Get-ADGroup -MockWith { $duffADGroup = $fakeADGroup.Clone() $duffADGroup[$property] = $testProperties.$property return $duffADGroup } Set-TargetResource @testPresentParams Assert-MockCalled -CommandName Set-ADGroup -Scope It -Exactly 1 } } It "Calls 'Set-ADGroup' when 'Ensure' is 'Present' and 'Category' is specified" { Mock -CommandName Set-ADGroup -ParameterFilter { $GroupCategory -eq $testPresentParams.Category } Mock -CommandName Get-ADGroupMember Mock -CommandName Get-ADGroup -MockWith { $duffADGroup = $fakeADGroup.Clone() $duffADGroup['GroupCategory'] = 'Distribution' return $duffADGroup } Set-TargetResource @testPresentParams Assert-MockCalled -CommandName Set-ADGroup -ParameterFilter { $GroupCategory -eq $testPresentParams.Category } -Scope It -Exactly 1 } It "Calls 'Set-ADGroup' when 'Ensure' is 'Present' and 'Notes' is specified" { Mock -CommandName Set-ADGroup -ParameterFilter { $Replace -ne $null } Mock -CommandName Get-ADGroupMember Mock -CommandName Get-ADGroup { $duffADGroup = $fakeADGroup.Clone() $duffADGroup['Info'] = 'My test note..' return $duffADGroup } Set-TargetResource @testPresentParams Assert-MockCalled -CommandName Set-ADGroup -ParameterFilter { $Replace -ne $null } -Scope It -Exactly 1 } It "Calls 'Set-ADGroup' twice when 'Ensure' is 'Present', the group exists but the 'Scope' has changed" { Mock -CommandName Set-ADGroup Mock -CommandName Get-ADGroupMember Mock -CommandName Get-ADGroup -MockWith { $duffADGroup = $fakeADGroup.Clone() $duffADGroup['GroupScope'] = 'DomainLocal' return $duffADGroup } Set-TargetResource @testPresentParams Assert-MockCalled -CommandName Set-ADGroup -Scope It -Exactly 2 } It "Adds group members when 'Ensure' is 'Present', the group exists and 'Members' are specified" { Mock -CommandName Get-ADGroup -MockWith { throw New-Object Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException } Mock -CommandName Set-ADGroup Mock -CommandName Add-ADCommonGroupMember Mock -CommandName New-ADGroup -MockWith { return [PSCustomObject] $fakeADGroup } Set-TargetResource @testPresentParams -Members @($fakeADUser1.SamAccountName, $fakeADUser2.SamAccountName) Assert-MockCalled -CommandName Add-ADCommonGroupMember -Scope It } It "Tries to resolve the domain names for all groups in the same domain when the 'MembershipAttribute' property is set to distinguishedName" { Mock -CommandName Get-ADGroup -MockWith { throw New-Object Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException } Mock -CommandName Set-ADGroup Mock -CommandName Add-ADCommonGroupMember Mock -CommandName New-ADGroup -MockWith { return [PSCustomObject] $fakeADGroup } Mock -CommandName Get-DomainName -MockWith { return 'contoso.com' } Mock -CommandName Get-ADDomainNameFromDistinguishedName -MockWith { return 'contoso.com' } Mock -CommandName Write-Verbose -ParameterFilter { $Message -and $Message -match 'Group membership objects are in .* different AD Domains.' } Set-TargetResource @testPresentParamsMultiDomain -Members @($fakeADUser1.distinguishedName, $fakeADUser2.distinguishedName) Assert-MockCalled -CommandName Get-ADDomainNameFromDistinguishedName Assert-MockCalled -CommandName Add-ADCommonGroupMember -Scope It Assert-MockCalled -CommandName Write-Verbose -ParameterFilter { $Message -and $Message -match 'Group membership objects are in .* different AD Domains.' } -Exactly -Times 0 } It "Tries to resolve the domain names for all groups in different domains when the 'MembershipAttribute' property is set to distinguishedName" { Mock -CommandName Get-ADGroup -MockWith { throw New-Object Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException } Mock -CommandName Set-ADGroup Mock -CommandName Add-ADCommonGroupMember Mock -CommandName New-ADGroup -MockWith { return [PSCustomObject] $fakeADGroup } Mock -CommandName Get-DomainName -MockWith { return 'contoso.com' } Mock -CommandName Get-ADDomainNameFromDistinguishedName -MockWith { param ( [Parameter()] [System.String] $DistinguishedName ) if ($DistinguishedName -match 'DC=sub') { return 'sub.contoso.com' } else { return 'contoso.com' } } Mock -CommandName Write-Verbose -ParameterFilter { $Message -and $Message -match 'Group membership objects are in .* different AD Domains.' } Set-TargetResource @testPresentParamsMultiDomain -Members @($fakeADUser1.distinguishedName, $fakeADUser4.distinguishedName) Assert-MockCalled -CommandName Get-ADDomainNameFromDistinguishedName Assert-MockCalled -CommandName Add-ADCommonGroupMember -Scope It Assert-MockCalled -CommandName Write-Verbose -ParameterFilter { $Message -and $Message -match 'Group membership objects are in .* different AD Domains.' } } It "Adds group members when 'Ensure' is 'Present', the group exists and 'MembersToInclude' are specified" { Mock -CommandName Get-ADGroup -MockWith { throw New-Object Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException } Mock -CommandName Set-ADGroup Mock -CommandName Add-ADCommonGroupMember Mock -CommandName New-ADGroup -MockWith { return [PSCustomObject] $fakeADGroup } Set-TargetResource @testPresentParams -MembersToInclude @($fakeADUser1.SamAccountName, $fakeADUser2.SamAccountName) Assert-MockCalled -CommandName Add-ADCommonGroupMember -Scope It } It "Moves group when 'Ensure' is 'Present', the group exists but the 'Path' has changed" { Mock -CommandName Set-ADGroup Mock -CommandName Get-ADGroupMember Mock -CommandName Move-ADObject Mock -CommandName Get-ADGroup -MockWith { $duffADGroup = $fakeADGroup.Clone() $duffADGroup['DistinguishedName'] = "CN=$($testPresentParams.GroupName),OU=WrongPath,DC=contoso,DC=com" return $duffADGroup } Set-TargetResource @testPresentParams Assert-MockCalled -CommandName Move-ADObject -Scope It } It "Resets group membership when 'Ensure' is 'Present' and 'Members' is incorrect" { Mock -CommandName Get-ADGroup -MockWith { return [PSCustomObject] $fakeADGroup } Mock -CommandName Set-ADGroup Mock -CommandName Get-ADGroupMember -MockWith { return @( $fakeADUser1, $fakeADUser2 ) } Mock -CommandName Add-ADCommonGroupMember Mock -CommandName Remove-ADGroupMember Set-TargetResource @testPresentParams -Members $fakeADUser1.SamAccountName Assert-MockCalled -CommandName Remove-ADGroupMember -Scope It -Exactly 1 Assert-MockCalled -CommandName Add-ADCommonGroupMember -Scope It -Exactly 1 } It "Does not reset group membership when 'Ensure' is 'Present' and existing group is empty" { Mock -CommandName Get-ADGroup -MockWith { return [PSCustomObject] $fakeADGroup } Mock -CommandName Set-ADGroup Mock -CommandName Get-ADGroupMember Mock -CommandName Remove-ADGroupMember Set-TargetResource @testPresentParams -MembersToExclude $fakeADUser1.SamAccountName Assert-MockCalled -CommandName Remove-ADGroupMember -Scope It -Exactly 0 } It "Removes members when 'Ensure' is 'Present' and 'MembersToExclude' is incorrect" { Mock -CommandName Get-ADGroup -MockWith { return [PSCustomObject] $fakeADGroup } Mock -CommandName Set-ADGroup Mock -CommandName Get-ADGroupMember -MockWith { return @( $fakeADUser1, $fakeADUser2 ) } Mock -CommandName Remove-ADGroupMember Set-TargetResource @testPresentParams -MembersToExclude $fakeADUser1.SamAccountName Assert-MockCalled -CommandName Remove-ADGroupMember -Scope It -Exactly 1 } It "Adds members when 'Ensure' is 'Present' and 'MembersToInclude' is incorrect" { Mock -CommandName Get-ADGroup -MockWith { return [PSCustomObject] $fakeADGroup } Mock -CommandName Set-ADGroup Mock -CommandName Get-ADGroupMember -MockWith { return @( $fakeADUser1, $fakeADUser2 ) } Mock -CommandName Add-ADCommonGroupMember Set-TargetResource @testPresentParams -MembersToInclude $fakeADUser3.SamAccountName Assert-MockCalled -CommandName Add-ADCommonGroupMember -Scope It -Exactly 1 } It "Removes group when 'Ensure' is 'Absent' and group exists" { Mock -CommandName Get-ADGroup -MockWith { return $fakeADGroup } Mock -CommandName Remove-ADGroup Set-TargetResource @testAbsentParams Assert-MockCalled -CommandName Remove-ADGroup -Scope It } It "Calls 'Set-ADGroup' with credentials when 'Ensure' is 'Present' and the group exists (#106)" { Mock -CommandName Get-ADGroup -MockWith { return $fakeADGroup } Mock -CommandName New-ADGroup -MockWith { return [PSCustomObject] $fakeADGroup } Mock -CommandName Get-ADGroupMember Mock -CommandName Set-ADGroup -ParameterFilter { $Credential -eq $testCredentials } Set-TargetResource @testPresentParams -Credential $testCredentials Assert-MockCalled -CommandName Set-ADGroup -ParameterFilter { $Credential -eq $testCredentials } -Scope It } It "Calls 'Set-ADGroup' with credentials when 'Ensure' is 'Present' and the group does not exist (#106)" { Mock -CommandName Get-ADGroup -MockWith { throw New-Object Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException } Mock -CommandName Set-ADGroup -ParameterFilter { $Credential -eq $testCredentials } Mock -CommandName New-ADGroup -MockWith { return [PSCustomObject] $fakeADGroup } Set-TargetResource @testPresentParams -Credential $testCredentials Assert-MockCalled -CommandName Set-ADGroup -ParameterFilter { $Credential -eq $testCredentials } -Scope It } It "Calls 'Move-ADObject' with credentials when specified (#106)" { Mock -CommandName Set-ADGroup Mock -CommandName Get-ADGroupMember Mock -CommandName Move-ADObject -ParameterFilter { $Credential -eq $testCredentials } Mock -CommandName Get-ADGroup -MockWith { $duffADGroup = $fakeADGroup.Clone() $duffADGroup['DistinguishedName'] = "CN=$($testPresentParams.GroupName),OU=WrongPath,DC=contoso,DC=com" return $duffADGroup } Set-TargetResource @testPresentParams -Credential $testCredentials Assert-MockCalled -CommandName Move-ADObject -ParameterFilter { $Credential -eq $testCredentials } -Scope It } # tests for issue 183 It "Doesn't reset to 'Global' when not specifying a 'Scope' and updating group membership" { $testUniversalPresentParams = $testPresentParams.Clone() $testUniversalPresentParams['GroupScope'] = 'Universal' $fakeADUniversalGroup = $fakeADGroup.Clone() $fakeADUniversalGroup['GroupScope'] = 'Universal' Mock -CommandName Get-ADGroup -MockWith { return [PSCustomObject] $fakeADUniversalGroup } Mock -CommandName Set-ADGroup -ParameterFilter { $Identity -eq $fakeADUniversalGroup.Identity -and -not $PSBoundParameters.ContainsKey('GroupScope') } Mock -CommandName Add-ADCommonGroupMember Set-TargetResource -GroupName $testUniversalPresentParams.GroupName -Members @($fakeADUser1.SamAccountName, $fakeADUser2.SamAccountName) Assert-MockCalled -CommandName Set-ADGroup -Times 1 -Scope It } # tests for issue 183 It "Doesn't reset to 'Security' when not specifying a 'Category' and updating group membership" { $testUniversalPresentParams = $testPresentParams.Clone() $testUniversalPresentParams['Category'] = 'Distribution' $fakeADUniversalGroup = $fakeADGroup.Clone() $fakeADUniversalGroup['GroupCategory'] = 'Distribution' Mock -CommandName Get-ADGroup -MockWith { return [PSCustomObject] $fakeADUniversalGroup } Mock -CommandName Set-ADGroup -ParameterFilter { $Identity -eq $fakeADUniversalGroup.Identity -and -not $PSBoundParameters.ContainsKey('GroupCategory') } Mock -CommandName Add-ADCommonGroupMember Set-TargetResource -GroupName $testUniversalPresentParams.GroupName -Members @($fakeADUser1.SamAccountName, $fakeADUser2.SamAccountName) Assert-MockCalled -CommandName Set-ADGroup -Times 1 -Scope It } # tests for issue 183 It "Doesn't reset to 'Global' when not specifying a 'Scope' and testing display name" { $testUniversalPresentParams = $testPresentParams.Clone() $testUniversalPresentParams['GroupScope'] = 'Universal' $fakeADUniversalGroup = $fakeADGroup.Clone() $fakeADUniversalGroup['GroupScope'] = 'Universal' Mock -CommandName Get-ADGroup -MockWith { return [PSCustomObject] $fakeADUniversalGroup } Mock -CommandName Set-ADGroup -ParameterFilter { $Identity -eq $fakeADUniversalGroup.Identity -and -not $PSBoundParameters.ContainsKey('GroupScope') } Mock -CommandName Add-ADCommonGroupMember $universalGroupInCompliance = Test-TargetResource -GroupName $testUniversalPresentParams.GroupName -DisplayName $testUniversalPresentParams.DisplayName $universalGroupInCompliance | Should -BeTrue } # tests for issue 183 It "Doesn't reset to 'Security' when not specifying a 'Category' and testing display name" { $testUniversalPresentParams = $testPresentParams.Clone() $testUniversalPresentParams['Category'] = 'Distribution' $fakeADUniversalGroup = $fakeADGroup.Clone() $fakeADUniversalGroup['GroupCategory'] = 'Distribution' Mock -CommandName Get-ADGroup -MockWith { return [PSCustomObject] $fakeADUniversalGroup } Mock -CommandName Set-ADGroup -ParameterFilter { $Identity -eq $fakeADUniversalGroup.Identity -and -not $PSBoundParameters.ContainsKey('GroupScope') } Mock -CommandName Add-ADCommonGroupMember $universalGroupInCompliance = Test-TargetResource -GroupName $testUniversalPresentParams.GroupName -DisplayName $testUniversalPresentParams.DisplayName $universalGroupInCompliance | Should -BeTrue } It "Calls Restore-AdCommonObject when RestoreFromRecycleBin is used" { $restoreParam = $testPresentParams.Clone() $restoreParam.RestoreFromRecycleBin = $true Mock -CommandName Get-ADGroup -MockWith { throw New-Object Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException } Mock -CommandName Set-ADGroup Mock -CommandName New-ADGroup -MockWith { return [PSCustomObject] $fakeADGroup } Mock -CommandName Restore-ADCommonObject -MockWith { return [PSCustomObject] $fakeADGroup } Set-TargetResource @restoreParam Assert-MockCalled -CommandName Restore-AdCommonObject -Scope It Assert-MockCalled -CommandName New-ADGroup -Scope It -Exactly -Times 0 Assert-MockCalled -CommandName Set-ADGroup -Scope It } It "Calls New-ADGroup when RestoreFromRecycleBin is used and if no object was found in the recycle bin" { $restoreParam = $testPresentParams.Clone() $restoreParam.RestoreFromRecycleBin = $true Mock -CommandName Get-ADGroup -MockWith { throw New-Object Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException } Mock -CommandName Set-ADGroup Mock -CommandName New-ADGroup -MockWith { return [PSCustomObject] $fakeADGroup } Mock -CommandName Restore-ADCommonObject Set-TargetResource @restoreParam Assert-MockCalled -CommandName Restore-AdCommonObject -Scope It Assert-MockCalled -CommandName New-ADGroup -Scope It } It "Throws if the object cannot be restored" { $restoreParam = $testPresentParams.Clone() $restoreParam.RestoreFromRecycleBin = $true Mock -CommandName Get-ADGroup -MockWith { throw New-Object Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException } Mock -CommandName Set-ADGroup Mock -CommandName New-ADGroup -MockWith { return [PSCustomObject] $fakeADGroup } Mock -CommandName Restore-ADCommonObject -MockWith { throw (New-Object -TypeName System.InvalidOperationException) } {Set-TargetResource @restoreParam} | Should -Throw Assert-MockCalled -CommandName Restore-AdCommonObject -Scope It Assert-MockCalled -CommandName New-ADGroup -Scope It -Exactly -Times 0 Assert-MockCalled -CommandName Set-ADGroup -Scope It -Exactly -Times 0 } } #end region } #end region } finally { Invoke-TestCleanup } |