Tests/Unit/MSFT_xADDomainDefaultPasswordPolicy.Tests.ps1
[System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingConvertToSecureStringWithPlainText', '')] param() $Global:DSCModuleName = 'xActiveDirectory' # Example xNetworking $Global:DSCResourceName = 'MSFT_xADDomainDefaultPasswordPolicy' # Example MSFT_xFirewall #region HEADER [String] $moduleRoot = Split-Path -Parent (Split-Path -Parent (Split-Path -Parent $Script:MyInvocation.MyCommand.Path)) Write-Host $moduleRoot -ForegroundColor Green; if ( (-not (Test-Path -Path (Join-Path -Path $moduleRoot -ChildPath 'DSCResource.Tests'))) -or ` (-not (Test-Path -Path (Join-Path -Path $moduleRoot -ChildPath 'DSCResource.Tests\TestHelper.psm1'))) ) { & git @('clone','https://github.com/PowerShell/DscResource.Tests.git',(Join-Path -Path $moduleRoot -ChildPath '\DSCResource.Tests\')) } Import-Module (Join-Path -Path $moduleRoot -ChildPath 'DSCResource.Tests\TestHelper.psm1') -Force $TestEnvironment = Initialize-TestEnvironment ` -DSCModuleName $Global:DSCModuleName ` -DSCResourceName $Global:DSCResourceName ` -TestType Unit #endregion # Begin Testing try { #region Pester Tests # The InModuleScope command allows you to perform white-box unit testing on the internal # (non-exported) code of a Script Module. InModuleScope $Global:DSCResourceName { #region Pester Test Initialization $testDomainName = 'contoso.com'; $testDefaultParams = @{ DomainName = $testDomainName; } $testDomainController = 'testserver.contoso.com'; $testPassword = (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force); $testCredential = New-Object System.Management.Automation.PSCredential 'Safemode', $testPassword; $fakePasswordPolicy = @{ ComplexityEnabled = $true; LockoutDuration = New-TimeSpan -Minutes 30; LockoutObservationWindow = New-TimeSpan -Minutes 30; LockoutThreshold = 3; MinPasswordAge = New-TimeSpan -Days 1; MaxPasswordAge = New-TimeSpan -Days 42; MinPasswordLength = 7; PasswordHistoryCount = 12; ReversibleEncryptionEnabled = $false; } #endregion #region Function Get-TargetResource Describe "$($Global:DSCResourceName)\Get-TargetResource" { Mock -CommandName Assert-Module -ParameterFilter { $ModuleName -eq 'ActiveDirectory' } It 'Calls "Assert-Module" to check "ActiveDirectory" module is installed' { Mock -CommandName Get-ADDefaultDomainPasswordPolicy { return $fakePasswordPolicy; } $result = Get-TargetResource @testDefaultParams; Assert-MockCalled Assert-Module -ParameterFilter { $ModuleName -eq 'ActiveDirectory' } -Scope It } It 'Returns "System.Collections.Hashtable" object type' { Mock -CommandName Get-ADDefaultDomainPasswordPolicy { return $fakePasswordPolicy; } $result = Get-TargetResource @testDefaultParams; $result -is [System.Collections.Hashtable] | Should Be $true; } It 'Calls "Get-ADDefaultDomainPasswordPolicy" without credentials by default' { Mock -CommandName Get-ADDefaultDomainPasswordPolicy -ParameterFilter { $Credential -eq $null } -MockWith { return $fakePasswordPolicy; } $result = Get-TargetResource @testDefaultParams; Assert-MockCalled Get-ADDefaultDomainPasswordPolicy -ParameterFilter { $Credential -eq $null } -Scope It } It 'Calls "Get-ADDefaultDomainPasswordPolicy" with credentials when specified' { Mock -CommandName Get-ADDefaultDomainPasswordPolicy -ParameterFilter { $Credential -eq $testCredential } -MockWith { return $fakePasswordPolicy; } $result = Get-TargetResource @testDefaultParams -Credential $testCredential; Assert-MockCalled Get-ADDefaultDomainPasswordPolicy -ParameterFilter { $Credential -eq $testCredential } -Scope It } It 'Calls "Get-ADDefaultDomainPasswordPolicy" without server by default' { Mock -CommandName Get-ADDefaultDomainPasswordPolicy -ParameterFilter { $Server -eq $null } -MockWith { return $fakePasswordPolicy; } $result = Get-TargetResource @testDefaultParams; Assert-MockCalled Get-ADDefaultDomainPasswordPolicy -ParameterFilter { $Server -eq $null } -Scope It } It 'Calls "Get-ADDefaultDomainPasswordPolicy" with server when specified' { Mock -CommandName Get-ADDefaultDomainPasswordPolicy -ParameterFilter { $Server -eq $testDomainController } -MockWith { return $fakePasswordPolicy; } $result = Get-TargetResource @testDefaultParams -DomainController $testDomainController; Assert-MockCalled Get-ADDefaultDomainPasswordPolicy -ParameterFilter { $Server -eq $testDomainController } -Scope It } } #endregion #region Function Test-TargetResource Describe "$($Global:DSCResourceName)\Test-TargetResource" { $testDomainName = 'contoso.com'; $testDefaultParams = @{ DomainName = $testDomainName; } $testDomainController = 'testserver.contoso.com'; $testPassword = (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force); $testCredential = New-Object System.Management.Automation.PSCredential 'Safemode', $testPassword; $stubPasswordPolicy = @{ ComplexityEnabled = $true; LockoutDuration = (New-TimeSpan -Minutes 30).TotalMinutes; LockoutObservationWindow = (New-TimeSpan -Minutes 30).TotalMinutes; LockoutThreshold = 3; MinPasswordAge = (New-TimeSpan -Days 1).TotalMinutes; MaxPasswordAge = (New-TimeSpan -Days 42).TotalMinutes; MinPasswordLength = 7; PasswordHistoryCount = 12; ReversibleEncryptionEnabled = $true; } It 'Returns "System.Boolean" object type' { Mock -CommandName Get-TargetResource -MockWith { return $stubPasswordPolicy; } $result = Test-TargetResource @testDefaultParams; $result -is [System.Boolean] | Should Be $true; } It 'Calls "Get-TargetResource" with "Credential" parameter when specified' { Mock -CommandName Get-TargetResource -ParameterFilter { $Credential -eq $testCredential } { return $stubPasswordPolicy; } $result = Test-TargetResource @testDefaultParams -Credential $testCredential; Assert-MockCalled Get-TargetResource -ParameterFilter { $Credential -eq $testCredential } -Scope It } It 'Calls "Get-TargetResource" with "DomainController" parameter when specified' { Mock -CommandName Get-TargetResource -ParameterFilter { $DomainController -eq $testDomainController } { return $stubPasswordPolicy; } $result = Test-TargetResource @testDefaultParams -DomainController $testDomainController; Assert-MockCalled Get-TargetResource -ParameterFilter { $DomainController -eq $testDomainController } -Scope It } foreach ($propertyName in $stubPasswordPolicy.Keys) { It "Passes when '$propertyName' parameter matches resource property value" { Mock -CommandName Get-TargetResource -MockWith { return $stubPasswordPolicy; } $propertyDefaultParams = $testDefaultParams.Clone(); $propertyDefaultParams[$propertyName] = $stubPasswordPolicy[$propertyName]; $result = Test-TargetResource @propertyDefaultParams; $result | Should Be $true; } It "Fails when '$propertyName' parameter does not match resource property value" { Mock -CommandName Get-TargetResource -MockWith { return $stubPasswordPolicy; } $propertyDefaultParams = $testDefaultParams.Clone(); switch ($stubPasswordPolicy[$propertyName].GetType()) { 'bool' { $propertyDefaultParams[$propertyName] = -not $stubPasswordPolicy[$propertyName]; } 'string' { $propertyDefaultParams[$propertyName] = 'not{0}' -f $stubPasswordPolicy[$propertyName]; } default { $propertyDefaultParams[$propertyName] = $stubPasswordPolicy[$propertyName] + 1; } } $result = Test-TargetResource @propertyDefaultParams; $result | Should Be $false; } } #end foreach property } #endregion #region Function Set-TargetResource Describe "$($Global:DSCResourceName)\Set-TargetResource" { $testDomainName = 'contoso.com'; $testDefaultParams = @{ DomainName = $testDomainName; } $testDomainController = 'testserver.contoso.com'; $testPassword = (ConvertTo-SecureString 'DummyPassword' -AsPlainText -Force); $testCredential = New-Object System.Management.Automation.PSCredential 'Safemode', $testPassword; $stubPasswordPolicy = @{ ComplexityEnabled = $true; LockoutDuration = (New-TimeSpan -Minutes 30).TotalMinutes; LockoutObservationWindow = (New-TimeSpan -Minutes 30).TotalMinutes; LockoutThreshold = 3; MinPasswordAge = (New-TimeSpan -Days 1).TotalMinutes; MaxPasswordAge = (New-TimeSpan -Days 42).TotalMinutes; MinPasswordLength = 7; PasswordHistoryCount = 12; ReversibleEncryptionEnabled = $true; } Mock -CommandName Assert-Module -ParameterFilter { $ModuleName -eq 'ActiveDirectory' } It 'Calls "Assert-Module" to check "ActiveDirectory" module is installed' { Mock -CommandName Set-ADDefaultDomainPasswordPolicy $result = Set-TargetResource @testDefaultParams; Assert-MockCalled Assert-Module -ParameterFilter { $ModuleName -eq 'ActiveDirectory' } -Scope It } It 'Calls "Set-ADDefaultDomainPasswordPolicy" without "Credential" parameter by default' { Mock -CommandName Set-ADDefaultDomainPasswordPolicy -ParameterFilter { $Credential -eq $null } $result = Set-TargetResource @testDefaultParams; Assert-MockCalled Set-ADDefaultDomainPasswordPolicy -ParameterFilter { $Credential -eq $null } -Scope It } It 'Calls "Set-ADDefaultDomainPasswordPolicy" with "Credential" parameter when specified' { Mock -CommandName Set-ADDefaultDomainPasswordPolicy -ParameterFilter { $Credential -eq $testCredential } $result = Set-TargetResource @testDefaultParams -Credential $testCredential; Assert-MockCalled Set-ADDefaultDomainPasswordPolicy -ParameterFilter { $Credential -eq $testCredential } -Scope It } It 'Calls "Set-ADDefaultDomainPasswordPolicy" without "Server" parameter by default' { Mock -CommandName Set-ADDefaultDomainPasswordPolicy -ParameterFilter { $Server -eq $null } $result = Set-TargetResource @testDefaultParams; Assert-MockCalled Set-ADDefaultDomainPasswordPolicy -ParameterFilter { $Server -eq $null } -Scope It } It 'Calls "Set-ADDefaultDomainPasswordPolicy" with "Server" parameter when specified' { Mock -CommandName Set-ADDefaultDomainPasswordPolicy -ParameterFilter { $Server -eq $testDomainController } $result = Set-TargetResource @testDefaultParams -DomainController $testDomainController; Assert-MockCalled Set-ADDefaultDomainPasswordPolicy -ParameterFilter { $Server -eq $testDomainController } -Scope It } foreach ($propertyName in $stubPasswordPolicy.Keys) { It "Calls 'Set-ADDefaultDomainPasswordPolicy' with '$propertyName' parameter when specified" { $propertyDefaultParams = $testDefaultParams.Clone(); $propertyDefaultParams[$propertyName] = $stubPasswordPolicy[$propertyName]; Mock -CommandName Set-ADDefaultDomainPasswordPolicy -ParameterFilter { $PSBoundParameters.ContainsKey($propertyName) } $result = Set-TargetResource @propertyDefaultParams; Assert-MockCalled Set-ADDefaultDomainPasswordPolicy -ParameterFilter { $PSBoundParameters.ContainsKey($propertyName) } -Scope It } } #end foreach property name } #endregion } #endregion } finally { #region FOOTER Restore-TestEnvironment -TestEnvironment $TestEnvironment #endregion } |