Tests/Unit/UserRightsAssignment.Tests.ps1
$DSCResourceName = 'UserRightsAssignment' $DSCModuleName = 'cSecurityOptions' $Splat = @{ Path = $PSScriptRoot ChildPath = "..\..\DSCResources\$DSCResourceName\$DSCResourceName.psm1" Resolve = $true ErrorAction = 'Stop' } $DSCResourceModuleFile = Get-Item -Path (Join-Path @Splat) $moduleRoot = "${env:ProgramFiles}\WindowsPowerShell\Modules\$DSCModuleName" if(-not (Test-Path -Path $moduleRoot)) { $null = New-Item -Path $moduleRoot -ItemType Directory } else { # Copy the existing folder out to the temp directory to hold until the end of the run # Delete the folder to remove the old files. $tempLocation = Join-Path -Path $env:Temp -ChildPath $DSCModuleName Copy-Item -Path $moduleRoot -Destination $tempLocation -Recurse -Force Remove-Item -Path $moduleRoot -Recurse -Force $null = New-Item -Path $moduleRoot -ItemType Directory } Copy-Item -Path $PSScriptRoot\..\..\* -Destination $moduleRoot -Recurse -Force -Exclude '.git' if (Get-Module -Name $DSCResourceName) { Remove-Module -Name $DSCResourceName } Import-Module -Name $DSCResourceModuleFile.FullName -Force InModuleScope UserRightsAssignment { ####################################################################################### Describe 'Get-TargetResource' { Context 'ServerCore' { #region Mocks Mock TestServerCore { $true } #endregion $NonServerCoreConformantAssignments = @( 'SeChangeNotifyPrivilege', 'SeIncreaseWorkingSetPrivilege' ) foreach ($nonServerCoreConformantAssignment in $nonServerCoreConformantAssignments) { It "$nonServerCoreConformantAssignment Privilege should return return Absent" { (get-targetresource -Privilege $nonServerCoreConformantAssignment).Ensure | should be 'Absent' } } } Context '0 Users' { Mock 'GetAccountsWithUserRight' { @{ 'Account' = '' } } It 'should return ensure Absent' { (get-targetresource -Privilege 'SeIncreaseQuotaPrivilege').Ensure | should be 'Absent' } } Context '1 Users' { Mock 'GetAccountsWithUserRight' { @{ 'Account' = 'a' } } It 'should return ensure Present' { (get-targetresource -Privilege 'SeIncreaseQuotaPrivilege').Ensure | should be 'Present' } It 'should return proper account' { (get-targetresource -Privilege 'SeIncreaseQuotaPrivilege').Identity | should be 'a' } } Context 'Many Users' { Mock 'GetAccountsWithUserRight' { @{ 'Account' = 'b', 'c', 'd' } } It 'should return ensure Present' { (get-targetresource -Privilege 'SeIncreaseQuotaPrivilege').Ensure | should be 'Present' } It 'should return proper account' { (get-targetresource -Privilege 'SeIncreaseQuotaPrivilege').Identity | should be 'b', 'c', 'd' } } } Describe 'Test-TargetResource' { Mock GetUserRightsAssignment { @{ 'Privilege' = $Privilege 'Identity' = '' 'Ensure' = 'Absent' } } -ParameterFilter { $Privilege -eq 'SeNetworkLogonRight' } Mock GetUserRightsAssignment { @{ 'Privilege' = $Privilege 'Identity' = 'a' 'Ensure' = 'Present' } } -ParameterFilter { $Privilege -eq 'SeTcbPrivilege' } Mock FilterIdentity { $Identity } Context 'ServerCore' { #region Mocks Mock TestServerCore { $true } #endregion $NonServerCoreConformantAssignments = @( 'SeChangeNotifyPrivilege', 'SeIncreaseWorkingSetPrivilege' ) foreach ($nonServerCoreConformantAssignment in $nonServerCoreConformantAssignments) { $Parameters = @{ 'Privilege' = $NonServerCoreConformantAssignment 'Identity' = 'a' 'Ensure' = 'Present' } It "$nonServerCoreConformantAssignment test for Ensure should be false" { test-targetresource @Parameters | should be $false } } It 'Should return true if Privilege Exists' { $Parameters = @{ 'Privilege' = 'SeTcbPrivilege' 'Identity' = 'a' 'Ensure' = 'Present' } test-targetresource @Parameters | should be $True } It 'Should return false if Privilege Does not Exists' { $Parameters = @{ 'Privilege' = 'SeNetworkLogonRight' 'Identity' = 'a' 'Ensure' = 'Present' } test-targetresource @Parameters | should be $False } It 'Should return false if input identity does not match current identity list (more account than specified)' { $Parameters = @{ 'Privilege' = 'SeTcbPrivilege' 'Identity' = 'a','b' 'Ensure' = 'Present' } test-targetresource @Parameters | should be $False } It 'Should return false if input identity does not match current identity list (no accounts specified)' { $Parameters = @{ 'Privilege' = 'SeTcbPrivilege' 'Identity' = '' 'Ensure' = 'Present' } test-targetresource @Parameters | should be $False } } } } |