Happypath.tests.ps1
|
BeforeAll { #Install-Module EntraIDAccessToken -Scope CurrentUser -Confirm:$false #Install-Module Fortytwo.IAM.Core.Connector -Scope CurrentUser -Confirm:$false Add-EntraIDExternalAccessTokenProfile -AccessToken "dummy" -Name "pester" -WarningAction SilentlyContinue $Script:Module = Import-Module "$([string]::IsNullOrEmpty($PSScriptRoot) ? '.' : $PSScriptRoot)/" -Force -PassThru -Global $Global:Users = @( [PSCustomObject] @{ distinguishedName = "CN=user1,OU=Default created users,DC=example,DC=com" sAMAccountName = "user1" displayName = "something" givenName = "Marius" extensionAttribute15 = "test" enabled = $false objectGUID = [Guid]::Parse("813f7217-6802-48dd-8cd8-4a2f96d8af3a") "msDs-cloudExtensionAttribute20" = @{ identifier = "user1" } | ConvertTo-Json -Compress } [PSCustomObject] @{ distinguishedName = "CN=user100,OU=Default created users,DC=example,DC=com" sAMAccountName = "user100" enabled = $false objectGUID = [Guid]::Parse("93a85190-ed89-4908-bf30-a64b1726da8c") "msDs-cloudExtensionAttribute20" = @{ identifier = "user100" } | ConvertTo-Json -Compress } [PSCustomObject] @{ distinguishedName = "CN=user101,OU=Default created users,DC=example,DC=com" sAMAccountName = "user101" enabled = $true objectGUID = [Guid]::Parse("d66649ea-f11c-4171-bf18-5790c89d2935") "msDs-cloudExtensionAttribute20" = @{ identifier = "user101" disabled = (get-date).AddDays(-90).ToString("o") } | ConvertTo-Json -Compress } [PSCustomObject] @{ distinguishedName = "CN=user102,OU=Default created users,DC=example,DC=com" sAMAccountName = "user102" enabled = $false objectGUID = [Guid]::Parse("ae585876-14b4-4617-8347-28620e45c25c") "msDs-cloudExtensionAttribute20" = @{ identifier = "user102" disabled = (get-date).AddDays(-181).ToString("o") } | ConvertTo-Json -Compress } ) $Global:UsersMap = $Global:Users | Group-Object -AsHashTable -Property SamAccountName # Mocking Active Directory module with stubs, which will be overridden by mocks $MockupModule = New-Module -ScriptBlock { function Get-ADUser { [CmdletBinding()] Param( [Parameter()] [string] $SearchBase, [Parameter()] [string] $LDAPFilter, [Parameter()] [string] $Filter, [Parameter()] [string[]] $Properties ) } function New-ADUser { [CmdletBinding()] Param( [Parameter(Mandatory = $true, Position = 0)] [string] $Name, [Parameter(Mandatory = $true, Position = 1)] [string] $SamAccountName, [Parameter(Mandatory = $false, Position = 2)] [hashtable] $OtherAttributes ) } } -Name "FakeActiveDirectory" $MockupModule | Import-Module -Global Mock -ModuleName $Script:Module.Name -CommandName Connect-Connector -MockWith {} Mock -ModuleName $Script:Module.Name -CommandName Write-ConnectorVerbose -MockWith {} Mock -ModuleName $Script:Module.Name -CommandName Write-ConnectorError -MockWith {} <# Mock -ModuleName $Script:Module.Name -CommandName Get-ADUser -ParameterFilter {$_.Filter} -MockWith { Write-HOst "CALL" } #> Mock -ModuleName $Script:Module.Name -CommandName Get-ADUser -ParameterFilter { $LDAPFilter -like "(sAMAccountName=*)" } -MockWith { $lookingfor = ($LDAPFilter -split "=" | select -last 1).Trim(")") $Global:Users | Where-Object SamAccountName -eq $lookingfor } Mock -ModuleName $Script:Module.Name -CommandName Get-ADUser -ParameterFilter { $LDAPFilter -like "(msDs-cloudExtensionAttribute20=*)" -and $SearchBase -eq 'OU=Default created users,DC=example,DC=com' } -MockWith { $Global:Users | Where-Object DistinguishedName -like "*$SerachBase" | Where-Object { $_.'msDs-cloudExtensionAttribute20' } } } Describe "the happy path" { BeforeAll { Connect-UserProvisioning ` -DefaultDestinationOU "OU=Default created users,DC=example,DC=com" ` -AccessTokenProfile "pester" ` -IncludedOUs @( "OU=Default created users,DC=example,DC=com" "OU=Other created users,DC=example,DC=com" ) ` -ConnectorId "10000000-0000-0000-0000-000000000001" ` -SkipAllTests ` -WarningAction SilentlyContinue } It "Should be able to populate sync session objects" { { Start-UserProvisioningSyncSession Add-UserProvisioningSyncSessionObject -Identifier "user1" -InputObject @{ enabled = $true displayName = "Marius Solbakken" givenName = "Marius" sn = "Solbakken" extensionAttribute15 = $null } Add-UserProvisioningSyncSessionObject -Identifier "user2" -InputObject @{ enabled = $true displayName = "Ole Brumm" givenName = "Ole" sn = "Brumm" } Add-UserProvisioningSyncSessionObject -Identifier "user3" -InputObject @{ enabled = $true displayName = "Tussilago Farfara" givenName = "Tussilago" sn = "Farfara" ou = "OU=Other created users,DC=example,DC=com" } } | Should -Not -Throw } Context "Get operations" { BeforeAll { $Script:Operations = Get-UserProvisioningSyncSessionOperation $Script:Operations | ConvertTo-Json -Depth 5 | Write-Verbose -Verbose } It "Should have a set-aduser operation for user1" { $OP = $Script:Operations | Where-Object Identity -eq "813f7217-6802-48dd-8cd8-4a2f96d8af3a" $OP | Should -HaveCount 1 $OP.Action | Should -Be "Set-ADUser" $OP.Parameters.Enabled | Should -Be $true $OP.Parameters.Replace.Keys | Should -Not -Contain "givenName" $OP.Parameters.Replace.sn | Should -Be "Solbakken" $OP.Parameters.Replace.displayName | Should -Be "Marius Solbakken" $OP.Parameters.Replace.Keys | Should -Not -Contain "sAMAccountName" $OP.Parameters.Clear | Should -Contain "extensionAttribute15" } It "Should have a new-aduser operation for user2" { $OP = $Script:Operations | Where-Object Identity -eq "user2" $OP | Should -HaveCount 1 $OP.Action | Should -Be "New-ADUser" $OP.Parameters.SamAccountName | Should -Be "olebru" $OP.Parameters.Enabled | Should -Be $true $OP.Parameters.Name | Should -Be "olebru" $OP.Parameters.Path | Should -Be "OU=Default created users,DC=example,DC=com" $OP.Parameters.OtherAttributes.sn | Should -Be "Brumm" $OP.Parameters.OtherAttributes.givenName | Should -Be "Ole" $OP.Parameters.OtherAttributes.displayName | Should -Be "Ole Brumm" $OP.Parameters.OtherAttributes."msDS-cloudExtensionAttribute20" | ConvertFrom-Json | select-object -ExpandProperty identifier | Should -Be user2 } It "Should have a new-aduser operation for user3" { $OP = $Script:Operations | Where-Object Identity -eq "user3" $OP | Should -HaveCount 1 $OP.Action | Should -Be "New-ADUser" $OP.Parameters.SamAccountName | Should -Be "tusfar" $OP.Parameters.Enabled | Should -Be $true $OP.Parameters.Name | Should -Be "tusfar" $OP.Parameters.Path | Should -Be "OU=Other created users,DC=example,DC=com" $OP.Parameters.OtherAttributes.sn | Should -Be "Farfara" $OP.Parameters.OtherAttributes.givenName | Should -Be "Tussilago" $OP.Parameters.OtherAttributes.displayName | Should -Be "Tussilago Farfara" $OP.Parameters.OtherAttributes."msDS-cloudExtensionAttribute20" | ConvertFrom-Json | select-object -ExpandProperty identifier | Should -Be user3 } It "Should have a set-aduser operation for user100" { $OP = $Script:Operations | Where-Object Identity -eq "CN=user100,OU=Default created users,DC=example,DC=com" $OP | Should -HaveCount 1 $OP.Action | Should -Be "Set-ADUser" $OP.Parameters.Replace."msDS-cloudExtensionAttribute20" | Should -Not -BeNullOrEmpty $OP.Parameters.Replace."msDS-cloudExtensionAttribute20" | ConvertFrom-Json | select-object -ExpandProperty identifier | Should -Be user100 $OP.Parameters.Replace."msDS-cloudExtensionAttribute20" | ConvertFrom-Json | select-object -ExpandProperty disabled | Should -BeGreaterThan (Get-Date).AddDays(-1) $OP.Parameters.Replace."msDS-cloudExtensionAttribute20" | ConvertFrom-Json | select-object -ExpandProperty disabled | Should -BeLessThan (Get-Date).AddDays(1) } It "Should have a disable operation for user101" { $OP = $Script:Operations | Where-Object Identity -eq "CN=user101,OU=Default created users,DC=example,DC=com" $OP | Should -HaveCount 1 $OP.Action | Should -Be "Set-ADUser" $OP.Parameters.Enabled | Should -Be $false $OP.Parameters.Replace."msDS-cloudExtensionAttribute20" | Should -Not -BeNullOrEmpty $OP.Parameters.Replace."msDS-cloudExtensionAttribute20" | ConvertFrom-Json | select-object -ExpandProperty identifier | Should -Be user101 $OP.Parameters.Replace."msDS-cloudExtensionAttribute20" | ConvertFrom-Json | select-object -ExpandProperty disabled | Should -BeGreaterThan (Get-Date).AddDays(-1) $OP.Parameters.Replace."msDS-cloudExtensionAttribute20" | ConvertFrom-Json | select-object -ExpandProperty disabled | Should -BeLessThan (Get-Date).AddDays(1) } It "Should have a remove operation for user102" { $OP = $Script:Operations | Where-Object Identity -eq "CN=user102,OU=Default created users,DC=example,DC=com" $OP | Should -HaveCount 1 $OP.Action | Should -Be "Remove-ADObject" } } } |