From 043addbc90cf5d78ab464e1142723b8c87ed0d19 Mon Sep 17 00:00:00 2001 From: Ali Alvi <137436351+alalvi00@users.noreply.github.com> Date: Wed, 28 Feb 2024 15:36:00 -0500 Subject: [PATCH] Created test cases for GR1 (#100) * Created first unit test case * Created second test case * Added beforeAll condition to declare vars and added another unit test case --- ...AccountIdentityProtectionLicense.Tests.ps1 | 33 ++++++++++++++ ...eakGlassAccountOwnersInformation.Tests.ps1 | 33 ++++++++++++++ .../Audit/Get-AzureADLicenseType.Tests.ps1 | 45 +++++++++++++++++++ 3 files changed, 111 insertions(+) create mode 100644 tests/GUARDRAIL 1 PROTECT ROOT GLOBAL ADMINS ACCOUNT/Audit/Check-BreakGlassAccountIdentityProtectionLicense.Tests.ps1 create mode 100644 tests/GUARDRAIL 1 PROTECT ROOT GLOBAL ADMINS ACCOUNT/Audit/Check-BreakGlassAccountOwnersInformation.Tests.ps1 create mode 100644 tests/GUARDRAIL 1 PROTECT ROOT GLOBAL ADMINS ACCOUNT/Audit/Get-AzureADLicenseType.Tests.ps1 diff --git a/tests/GUARDRAIL 1 PROTECT ROOT GLOBAL ADMINS ACCOUNT/Audit/Check-BreakGlassAccountIdentityProtectionLicense.Tests.ps1 b/tests/GUARDRAIL 1 PROTECT ROOT GLOBAL ADMINS ACCOUNT/Audit/Check-BreakGlassAccountIdentityProtectionLicense.Tests.ps1 new file mode 100644 index 00000000..4be43962 --- /dev/null +++ b/tests/GUARDRAIL 1 PROTECT ROOT GLOBAL ADMINS ACCOUNT/Audit/Check-BreakGlassAccountIdentityProtectionLicense.Tests.ps1 @@ -0,0 +1,33 @@ +Import-Module ".\src\GUARDRAIL 1 PROTECT ROOT GLOBAL ADMINS ACCOUNT\Audit\Check-BreakGlassAccountIdentityProtectionLicense.psm1" + +Describe "Get-BreakGlassAccountLicense Function" { + BeforeAll { + $FirstBreakGlassUPN = "bga1@163cspmdev.onmicrosoft.com" + $SecondBreakGlassUPN = "bga2@163CSPMDEV.onmicrosoft.com" + $ControlName = "Guardrails1" + $ItemName = "Break Glass Microsoft Entra ID P2" + $itsgcode = "AC2(7)" + + $msgTable = @{ + firstBgAccount = "First BG Account" + secondBgAccount = "Second BG Account" + bgValidLicenseAssigned = "has a valid license assigned" + bgNoValidLicenseAssigned = "does not have a valid license assigned" + } + } + + It "Should return compliant results when both accounts have a valid license" { + $result = Get-BreakGlassAccountLicense -FirstBreakGlassUPN $FirstBreakGlassUPN -SecondBreakGlassUPN $SecondBreakGlassUPN -ControlName $ControlName -ItemName $ItemName -itsgcode $itsgcode -msgTable $msgTable -ReportTime "2024-01-01" + $result.ComplianceResults.ComplianceStatus | Should -Be $true + } + + It "Should return non-compliant results when the first account does not have a valid license" { + $result = Get-BreakGlassAccountLicense -FirstBreakGlassUPN $FirstBreakGlassUPN -SecondBreakGlassUPN $SecondBreakGlassUPN -ControlName $ControlName -ItemName $ItemName -itsgcode $itsgcode -msgTable $msgTable -ReportTime "2024-01-01" + $result.ComplianceResults.ComplianceStatus | Should -Be $false + } + + It "Should return non-compliant results when the second account does not have a valid license" { + $result = Get-BreakGlassAccountLicense -FirstBreakGlassUPN $FirstBreakGlassUPN -SecondBreakGlassUPN $SecondBreakGlassUPN -ControlName $ControlName -ItemName $ItemName -itsgcode $itsgcode -msgTable $msgTable -ReportTime "2024-01-01" + $result.ComplianceResults.ComplianceStatus | Should -Be $false + } +} \ No newline at end of file diff --git a/tests/GUARDRAIL 1 PROTECT ROOT GLOBAL ADMINS ACCOUNT/Audit/Check-BreakGlassAccountOwnersInformation.Tests.ps1 b/tests/GUARDRAIL 1 PROTECT ROOT GLOBAL ADMINS ACCOUNT/Audit/Check-BreakGlassAccountOwnersInformation.Tests.ps1 new file mode 100644 index 00000000..8403a4f4 --- /dev/null +++ b/tests/GUARDRAIL 1 PROTECT ROOT GLOBAL ADMINS ACCOUNT/Audit/Check-BreakGlassAccountOwnersInformation.Tests.ps1 @@ -0,0 +1,33 @@ +Import-Module '.\src\GUARDRAIL 1 PROTECT ROOT GLOBAL ADMINS ACCOUNT\Audit\Check-BreakGlassAccountOwnersInformation.psm1' + +Describe "Get-BreakGlassOwnerinformation Function" { + BeforeAll{ + $FirstBreakGlassUPNOwner = "test123@gmail.com" + $SecondBreakGlassUPNOwner = "test321@gmail.com" + $ControlName = "Guardrails1" + $ItemName = "Break Glass Account Owners Contact information" + $itsgcode = "AC2" + + + $msgTable = @{ + bgAccountHasManager = "{0} has a manager listed in the directory." + bgAccountNoManager = "{0} doesn't have a manager listed in the directory." + bgBothHaveManager = "Both Break Glass Accounts have a manager listed in the directory." + } + } + + It "Should return compliant results when both accounts have a manager listed" { + $result = Get-BreakGlassOwnerinformation -FirstBreakGlassUPNOwner $FirstBreakGlassUPNOwner -SecondBreakGlassUPNOwner $SecondBreakGlassUPNOwner -ControlName $ControlName -ItemName $ItemName -itsgcode $itsgcode -msgTable $msgTable -ReportTime "2024-01-01" + $result.ComplianceResults.ComplianceStatus | Should -Be $true + } + + It "Should return non-compliant results when the first account doesn't have a manager listed" { + $result = Get-BreakGlassOwnerinformation -FirstBreakGlassUPNOwner "noncompliant1@contoso.com" -SecondBreakGlassUPNOwner $SecondBreakGlassUPNOwner -ControlName $ControlName -ItemName $ItemName -itsgcode $itsgcode -msgTable $msgTable -ReportTime "2024-01-01" + $result.ComplianceResults.ComplianceStatus | Should -Be $false + } + + It "Should return non-compliant results when the second account doesn't have a manager listed" { + $result = Get-BreakGlassOwnerinformation -FirstBreakGlassUPNOwner $FirstBreakGlassUPNOwner -SecondBreakGlassUPNOwner $SecondBreakGlassUPNOwner -ControlName $ControlName -ItemName $ItemName -itsgcode $itsgcode -msgTable $msgTable -ReportTime "2024-01-01" + $result.ComplianceResults.ComplianceStatus | Should -Be $false + } +} diff --git a/tests/GUARDRAIL 1 PROTECT ROOT GLOBAL ADMINS ACCOUNT/Audit/Get-AzureADLicenseType.Tests.ps1 b/tests/GUARDRAIL 1 PROTECT ROOT GLOBAL ADMINS ACCOUNT/Audit/Get-AzureADLicenseType.Tests.ps1 new file mode 100644 index 00000000..05913bbf --- /dev/null +++ b/tests/GUARDRAIL 1 PROTECT ROOT GLOBAL ADMINS ACCOUNT/Audit/Get-AzureADLicenseType.Tests.ps1 @@ -0,0 +1,45 @@ +Describe "Get-ADLicenseType Function Tests" { + Context "When AAD_PREMIUM_P2 license is found" { + BeforeAll { + $ControlName = "GUARDRAIL 1 PROTECT ROOT GLOBAL ADMINS ACCOUNT" + $ItemName = "Microsoft Entra ID License Type" + $itsgcode = "AC2(7)" + $msgTable = @{ + MSEntIDLicenseTypeNotFound = "Required Microsoft Entra ID license type not found" + MSEntIDLicenseTypeFound = "Found correct license type" + } + $ReportTime = Get-Date + + # Mocking Invoke-GraphQuery function + Mock Invoke-GraphQuery { + return @{ + Content = @{ + "value" = @( + @{ + "servicePlans" = @( + @{ + "ServicePlanName" = "AAD_PREMIUM_P2" + } + ) + } + ) + } + } + } + } + It "Should return compliant status" { + $result = Get-ADLicenseType -ControlName $ControlName -itsgcode $itsgcode -msgTable $msgTable -ItemName $ItemName -ReportTime $ReportTime + $result.ComplianceResults.ComplianceStatus | Should -Be $true + } + + It "Should return correct license type" { + $result = Get-ADLicenseType -ControlName $ControlName -itsgcode $itsgcode -msgTable $msgTable -ItemName $ItemName -ReportTime $ReportTime + $result.ComplianceResults.ADLicenseType | Should -Be "AAD_PREMIUM_P2" + } + + It "Should return correct comments" { + $result = Get-ADLicenseType -ControlName $ControlName -itsgcode $itsgcode -msgTable $msgTable -ItemName $ItemName -ReportTime $ReportTime + $result.ComplianceResults.Comments | Should -Be $msgTable.MSEntIDLicenseTypeFound + } + } +} \ No newline at end of file