Public/AuthorizationPolicy/Add-AuthPolicy.Tests.ps1

Set-StrictMode -Version Latest

BeforeAll {
    . "$PSScriptRoot\Add-AuthPolicy.ps1"
    . "$PSScriptRoot\..\Utility\Invoke-ApiRequest.ps1"
}

Describe "Add-AuthPolicy" {
    BeforeAll {
        [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignment', '', Justification='pester supported')]
        $rootPath = "/authorize/access/Policy"
        [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignment', '', Justification='pester supported')]
        $ExpectedName = "foo"
        $ExpectedPolicySetId = "9dc0d79e-eb5f-4fea-806d-254faf60d20d"
        $ExpectedOrg = @{id = "c500438e-4abd-42ec-8dc6-84b6cd241417"}
        $ExpectedResources = @("https://*:*/service/practitioner*?*")
        $ExpectedActions = @{ POST=$true; GET=$true; DELETE=$false }
        $ExpectedSubjectType = "Permission"
        $ExpectedSubjects = @("PRACTITIONER.ANY")
        $ExpectedConditions = @("openid", "mail", "read_only")
        [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignment', '', Justification='pester supported')]
        $ExpectedBody = @{
            "name" = $ExpectedName
            "policySetId"= $ExpectedPolicySetId
            "managingOrganization" = $ExpectedOrg.Id
            "resources" = $ExpectedResources
            "actions" = $ExpectedActions
            "subject" =  @{
                type = $ExpectedSubjectType
                value = @{
                    anyOf = $ExpectedSubjects
                }
            }
            "condition" = @{
                type = "Scope"
                value = @{
                    allOf = $ExpectedConditions
                }
            }
        }
        $response = $null
        Mock Invoke-ApiRequest { $response }
    }
    Context "api" {
        It "invoke request" {
            Add-AuthPolicy -Org $ExpectedOrg -Name $ExpectedName -PolicySetId $ExpectedPolicySetId -Resources $ExpectedResources `
                -Actions $ExpectedActions -SubjectType $ExpectedSubjectType -Subjects $ExpectedSubjects -Conditions $ExpectedConditions
            Should -Invoke Invoke-ApiRequest -ParameterFilter {
                Write-Debug ($Body | ConvertTo-Json -Depth 100)
                Write-Debug ($ExpectedBody | ConvertTo-Json -Depth 100)
                $Path -eq $rootPath -and `
                $Version -eq 1 -and `
                $Method -eq "Post" -and `
                ((Compare-Object $ValidStatusCodes @(201)) -eq $null) -and `
                ($ExpectedBody, $Body | Test-Equality)
            }
        }
        It "does not add subjects for subject type AuthenticatedUsers" {
            $ExpectedSubjectType = "AuthenticatedUsers"
            $ExpectedBody = @{
                "name" = $ExpectedName
                "policySetId"= $ExpectedPolicySetId
                "managingOrganization" = $ExpectedOrg.Id
                "resources" = $ExpectedResources
                "actions" = $ExpectedActions
                "subject" =  @{
                    type = $ExpectedSubjectType
                }
                "condition" = @{
                    type = "Scope"
                    value = @{
                        allOf = $ExpectedConditions
                    }
                }
            }
            Add-AuthPolicy -Org $ExpectedOrg -Name $ExpectedName -PolicySetId $ExpectedPolicySetId -Resources $ExpectedResources `
                -Actions $ExpectedActions -SubjectType $ExpectedSubjectType -Subjects $ExpectedSubjects -Conditions $ExpectedConditions
            Should -Invoke Invoke-ApiRequest -ParameterFilter {
                Write-Debug ($Body | ConvertTo-Json -Depth 100)
                Write-Debug ($ExpectedBody | ConvertTo-Json -Depth 100)
                $Path -eq $rootPath -and `
                $Version -eq 1 -and `
                $Method -eq "Post" -and `
                ((Compare-Object $ValidStatusCodes @(201)) -eq $null) -and `
                ($ExpectedBody, $Body | Test-Equality)
            }
        }

        It "does not add subjects for subject type AuthenticatedPermissions" {
            $ExpectedSubjectType = "AuthenticatedPermissions"
            $ExpectedBody = @{
                "name" = $ExpectedName
                "policySetId"= $ExpectedPolicySetId
                "managingOrganization" = $ExpectedOrg.Id
                "resources" = $ExpectedResources
                "actions" = $ExpectedActions
                "subject" =  @{
                    type = $ExpectedSubjectType
                }
                "condition" = @{
                    type = "Scope"
                    value = @{
                        allOf = $ExpectedConditions
                    }
                }
            }
            Add-AuthPolicy -Org $ExpectedOrg -Name $ExpectedName -PolicySetId $ExpectedPolicySetId -Resources $ExpectedResources `
                -Actions $ExpectedActions -SubjectType $ExpectedSubjectType -Subjects $ExpectedSubjects -Conditions $ExpectedConditions
            Should -Invoke Invoke-ApiRequest -ParameterFilter {
                Write-Debug ($Body | ConvertTo-Json -Depth 100)
                Write-Debug ($ExpectedBody | ConvertTo-Json -Depth 100)
                $Path -eq $rootPath -and `
                $Version -eq 1 -and `
                $Method -eq "Post" -and `
                ((Compare-Object $ValidStatusCodes @(201)) -eq $null) -and `
                ($ExpectedBody, $Body | Test-Equality)
            }
        }

    }
    Context "param" {
        It "accepts value from pipeline " {
            $ExpectedOrg | Add-AuthPolicy -Name $ExpectedName -PolicySetId $ExpectedPolicySetId -Resources $ExpectedResources `
                -Actions $ExpectedActions -SubjectType $ExpectedSubjectType -Subjects $ExpectedSubjects -Conditions $ExpectedConditions
            Should -Invoke Invoke-ApiRequest
        }
        It "ensures -Org not null" {
            { Add-AuthPolicy -Org $null -Name $ExpectedName -PolicySetId $ExpectedPolicySetId -Resources $ExpectedResources `
                -Actions $ExpectedActions -SubjectType $ExpectedSubjectType -Subjects $ExpectedSubjects -Conditions $ExpectedConditions  } | Should -Throw "*'Org'. The argument is null or empty*"
        }
        It "ensures -Name not null" {
            { Add-AuthPolicy -Org $ExpectedOrg -Name $null -PolicySetId $ExpectedPolicySetId -Resources $ExpectedResources `
                -Actions $ExpectedActions -SubjectType $ExpectedSubjectType -Subjects $ExpectedSubjects -Conditions $ExpectedConditions  } | Should -Throw "*'Name'. The character length (0) of the argument is too short*"
        }
        It "ensures -PolicySetId not null" {
            { Add-AuthPolicy -Org $ExpectedOrg -Name $ExpectedName -PolicySetId $null -Resources $ExpectedResources `
                -Actions $ExpectedActions -SubjectType $ExpectedSubjectType -Subjects $ExpectedSubjects -Conditions $ExpectedConditions  } | Should -Throw "*'PolicySetId'. The character length (0) of the argument is too short*"
        }
        It "ensures -Resources not null" {
            { Add-AuthPolicy -Org $ExpectedOrg -Name $ExpectedName -PolicySetId $ExpectedPolicySetId -Resources $null `
                -Actions $ExpectedActions -SubjectType $ExpectedSubjectType -Subjects $ExpectedSubjects -Conditions $ExpectedConditions  } | Should -Throw "*'Resources'. The argument is null or empty*"
        }
        It "ensures -Resources not empty" {
            { Add-AuthPolicy -Org $ExpectedOrg -Name $ExpectedName -PolicySetId $ExpectedPolicySetId -Resources @() `
                -Actions $ExpectedActions -SubjectType $ExpectedSubjectType -Subjects $ExpectedSubjects -Conditions $ExpectedConditions  } | Should -Throw "*'Resources'. The argument is null, empty*"
        }

        It "ensures -Actions not null" {
            { Add-AuthPolicy -Org $ExpectedOrg -Name $ExpectedName -PolicySetId $ExpectedPolicySetId -Resources $ExpectedResources `
                -Actions $null -SubjectType $ExpectedSubjectType -Subjects $ExpectedSubjects -Conditions $ExpectedConditions  } | Should -Throw "*'Actions'. The argument is null or empty*"
        }
        It "ensures -Actions not empty" {
            { Add-AuthPolicy -Org $ExpectedOrg -Name $ExpectedName -PolicySetId $ExpectedPolicySetId -Resources $ExpectedResources `
                -Actions @{} -SubjectType $ExpectedSubjectType -Subjects $ExpectedSubjects -Conditions $ExpectedConditions  } | Should -Throw "*'Actions'. The argument is null, empty*"
        }

        It "ensures -SubjectType is valid value" {
            { Add-AuthPolicy -Org $ExpectedOrg -Name $ExpectedName -PolicySetId $ExpectedPolicySetId -Resources $ExpectedResources `
                -Actions $ExpectedActions -SubjectType "foo" -Subjects $ExpectedSubjects -Conditions $ExpectedConditions  } | Should -Throw "*The argument `"foo`" does not belong to the set `"AuthenticatedUsers,AuthenticatedPermissions,Permission,Group`"*"
        }

        It "ensures -Conditions not null" {
            { Add-AuthPolicy -Org $ExpectedOrg -Name $ExpectedName -PolicySetId $ExpectedPolicySetId -Resources $ExpectedResources `
                -Actions $ExpectedActions -SubjectType $ExpectedSubjectType -Subjects $ExpectedSubjects -Conditions $null  } | Should -Throw "*'Conditions'. The argument is null or empty*"
        }
        It "ensures -Conditions not empty" {
            { Add-AuthPolicy -Org $ExpectedOrg -Name $ExpectedName -PolicySetId $ExpectedPolicySetId -Resources $ExpectedResources `
                -Actions $ExpectedActions -SubjectType $ExpectedSubjectType -Subjects $ExpectedSubjects -Conditions @()  } | Should -Throw "*'Conditions'. The argument is null, empty*"
        }
        It "supports positional parameters" {
            Add-AuthPolicy $ExpectedOrg $ExpectedName $ExpectedPolicySetId $ExpectedResources $ExpectedActions $ExpectedSubjectType $ExpectedSubjects $ExpectedConditions
            Should -Invoke Invoke-ApiRequest -ParameterFilter { $ExpectedBody, $Body | Test-Equality }
        }
    }

}