Functions/Connect-GSuiteAdminAccount.Tests.ps1

Describe "GSuite/Connect-GSuiteAdminAccount" -Tag "task", "unit" {

    # Import the function to test
    . "$($PSScriptRoot)\Connect-GSuiteAdminAccount.ps1"

    # Declare external functions and mocks
    function Invoke-RestMethod {
        param ($Uri, $Headers, $Body, $Method)
        return @{
            expires_in   = 3600
            access_token = "token"
        }
    }

    # Declare the endpoint
    $GSuiteEndpoint = [PSCustomObject]@{
        Name       = "GoogleCredentials"
        Credential = [PSCredential]::new(
            'id',
            ('ClientSecret:secret User:userRefreshToken Group:groupRefreshToken Domain:domainRefreshToken' | ConvertTo-SecureString -AsPlainText -Force)
        )
    }

    context "when there are no issues" {
        # Declare mocks
        mock Invoke-RestMethod {
            param ($Uri, $Headers, $Body, $Method)
            return @{
                expires_in   = 3600
                access_token = "token"
            }
        }

        it "retrieves all the authentication tokens using the refresh tokens stored in the endpoint" {
            # Call the function
            $output = Connect-GSuiteAdminAccount -Endpoint $GSuiteEndpoint -ErrorAction SilentlyContinue -ErrorVariable errorVariable

            # Construct the expected request bodies
            $UserBody = @{
                client_id     = "id"
                client_secret = "secret"
                grant_type    = "refresh_token"
                refresh_token = "groupRefreshToken"
            } | ConvertTo-Json
            $GroupBody = @{
                client_id     = "id"
                client_secret = "secret"
                grant_type    = "refresh_token"
                refresh_token = "userRefreshToken"
            } | ConvertTo-Json
            $DomainBody = @{
                client_id     = "id"
                client_secret = "secret"
                grant_type    = "refresh_token"
                refresh_token = "domainRefreshToken"
            } | ConvertTo-Json

            # Verify the mocks
            Assert-MockCalled Invoke-RestMethod -Times 1 -Exactly -ParameterFilter {
                $Uri -eq "https://www.googleapis.com/oauth2/v4/token" -and
                $Headers.'Content-Type' -eq "application/json" -and
                $Method -eq "POST" -and
                $Body -eq $UserBody
            } -Scope it
            Assert-MockCalled Invoke-RestMethod -Times 1 -Exactly -ParameterFilter {
                $Uri -eq "https://www.googleapis.com/oauth2/v4/token" -and
                $Headers.'Content-Type' -eq "application/json" -and
                $Method -eq "POST" -and
                $Body -eq $GroupBody
            } -Scope it
            Assert-MockCalled Invoke-RestMethod -Times 1 -Exactly -ParameterFilter {
                $Uri -eq "https://www.googleapis.com/oauth2/v4/token" -and
                $Headers.'Content-Type' -eq "application/json" -and
                $Method -eq "POST" -and
                $Body -eq $DomainBody
            } -Scope it

            # Verify the output
            $output | Should Be $true
            $errorVariable | Should BeNullOrEmpty
        }

        it "only retrieves the specified authentication tokens" {
            # Call the function
            $output = Connect-GSuiteAdminAccount -Endpoint $GSuiteEndpoint -User -ErrorAction SilentlyContinue -ErrorVariable errorVariable

            # Verify the mocks
            Assert-MockCalled Invoke-RestMethod -Times 1 -Exactly -ParameterFilter {
                $Uri -eq "https://www.googleapis.com/oauth2/v4/token" -and
                $Headers.'Content-Type' -eq "application/json" -and
                $Method -eq "POST" -and
                $Body -eq @{
                    client_id     = "id"
                    client_secret = "secret"
                    grant_type    = "refresh_token"
                    refresh_token = "userRefreshToken"
                } | ConvertTo-Json
            } -Scope it

            # Verify the output
            $output | Should Be $true
            $errorVariable | Should BeNullOrEmpty
        }
    }

    context "when the endpoint does not contain the refresh token of the specified scope" {
        # Declare the endpoint
        $GSuiteEndpoint = [PSCustomObject]@{
            Name       = "GoogleCredentials"
            Credential = [PSCredential]::new(
                'id',
                ('ClientSecret:secret User: Group:groupRefreshToken Domain:domainRefreshToken' | ConvertTo-SecureString -AsPlainText -Force)
            )
        }

        it "outputs an error and returns false" {
            # Call the function
            $output = Connect-GSuiteAdminAccount -Endpoint $GSuiteEndpoint -ErrorAction SilentlyContinue -ErrorVariable errorVariable

            # Verify the output
            $output | Should Be $false
            $errorVariable | Should Not BeNullOrEmpty
        }
    }

    context "when Invoke-RestMethod throws an exception" {
        # Declare mocks
        mock Invoke-RestMethod {
            throw "error"
        }

        it "outputs an error and returns false" {
            # Call the function
            $output = Connect-GSuiteAdminAccount -Endpoint $GSuiteEndpoint -ErrorAction SilentlyContinue -ErrorVariable errorVariable

            # Verify the output
            $output | Should Be $false
            $errorVariable | Should Not BeNullOrEmpty
        }
    }

    context "when Invoke-RestMethod does not return the token" {
        # Declare mocks
        mock Invoke-RestMethod {
            return @{
                expires_in = 3600
            }
        }

        it "outputs an error and returns false" {
            # Call the function
            $output = Connect-GSuiteAdminAccount -Endpoint $GSuiteEndpoint -ErrorAction SilentlyContinue -ErrorVariable errorVariable

            # Verify the output
            $output | Should Be $false
            $errorVariable | Should Not BeNullOrEmpty
        }
    }
}