diff --git a/test/module/Entra/Integration/Add-EntraGroupMember.Tests.ps1 b/test/module/Entra/Integration/Add-EntraGroupMember.Tests.ps1 new file mode 100644 index 0000000000..87c2f031b8 --- /dev/null +++ b/test/module/Entra/Integration/Add-EntraGroupMember.Tests.ps1 @@ -0,0 +1,44 @@ +Describe "The Add-EntraGroupMember command executing unmocked" { + + Context "When getting user and group" { + BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + $thisTestInstanceId = New-Guid | select -expandproperty guid + $testName = 'SimpleTest' + $thisTestInstanceId + + #create test user + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:newUser = New-EntraUser -AccountEnabled $true -DisplayName $testName -PasswordProfile $PasswordProfile -MailNickName $testName -UserPrincipalName "SimpleTestUser@M365x99297270.OnMicrosoft.com" + + #create test group + $global:newGroup = New-EntraGroup -DisplayName $testName -MailEnabled $false -SecurityEnabled $true -MailNickName $testName + } + + It "should successfully add user to new created group" { + $user = Get-EntraUser -ObjectId $newUser.Id + $user.Id | Should -Be $newUser.Id + $user.DisplayName | Should -Be $testName + + $group = Get-EntraGroup -ObjectId $newGroup.Id + $group.Id | Should -Be $newGroup.Id + $group.DisplayName | Should -Be $testName + + Add-EntraGroupMember -ObjectId $group.Id -RefObjectId $user.Id + $result = Get-EntraGroupMember -ObjectId $group.Id + $result.Id | Should -Contain $user.Id + } + + AfterAll { + Remove-EntraGroupMember -ObjectId $newGroup.Id -MemberId $newUser.Id + Remove-EntraUser -ObjectId $newUser.Id + Remove-EntraGroup -ObjectId $newGroup.Id + } + } +} diff --git a/test/module/Entra/Integration/Get-EntraApplication.Tests.ps1 b/test/module/Entra/Integration/Get-EntraApplication.Tests.ps1 new file mode 100644 index 0000000000..199acea382 --- /dev/null +++ b/test/module/Entra/Integration/Get-EntraApplication.Tests.ps1 @@ -0,0 +1,36 @@ +Describe "The Get-EntraApplication command executing unmocked" { + + Context "When getting applications" { + BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + $thisTestInstanceId = New-Guid | select -expandproperty guid + $testAppName = 'SimpleTestAppRead' + $thisTestInstanceId + $testApp = New-EntraApplication -DisplayName $testAppName + } + + It "should successfully read the application with expected properties when the application ID parameter is used" { + $app = Get-EntraApplication -ObjectId $testApp.Id + $app.Id | Should -Be $testApp.Id + $app.DisplayName | Should -Be $testAppName + } + + It "should throw an exception if a nonexistent object ID parameter is specified" { + $Id = (New-Guid).Guid + Get-EntraApplication -ObjectId $Id -ErrorAction Stop + $Error[0] | Should -match "Resource '([^']+)' does not exist" + } + + AfterAll { + foreach ($app in (Get-EntraApplication -All $true | Where-Object { $_.DisplayName -eq $testAppName})) { + Remove-EntraApplication -ObjectId $app.Id | Out-Null + } + + } + } +} diff --git a/test/module/Entra/Integration/New-EntraApplication.Tests.ps1 b/test/module/Entra/Integration/New-EntraApplication.Tests.ps1 new file mode 100644 index 0000000000..ce3951bac2 --- /dev/null +++ b/test/module/Entra/Integration/New-EntraApplication.Tests.ps1 @@ -0,0 +1,28 @@ +Describe "The Get-EntraApplication command executing unmocked" { + + Context "When creating applications" { + BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + $thisTestInstanceId = New-Guid | select -expandproperty guid + } + + It "should succeed when creating a new application" { + $testAppName = 'SimpleTestApp' + $thisTestInstanceId + $newApp = New-EntraApplication -DisplayName $testAppName + $newApp.DisplayName | Should -Be $testAppName + { Get-EntraApplication -ObjectId $newApp.Id } | Should -Not -BeNullOrEmpty + } + + AfterAll { + foreach ($app in (Get-EntraApplication -All $true | Where-Object { $_.DisplayName -eq $testAppName})) { + Remove-EntraApplication -ObjectId $app.Id | Out-Null + } + } + } +} diff --git a/test/module/Entra/Integration/New-EntraApplicationscenario.Tests.ps1 b/test/module/Entra/Integration/New-EntraApplicationscenario.Tests.ps1 new file mode 100644 index 0000000000..d8d078a6a8 --- /dev/null +++ b/test/module/Entra/Integration/New-EntraApplicationscenario.Tests.ps1 @@ -0,0 +1,283 @@ +Describe "The Get-EntraApplication command executing unmocked" { + + Context "When creating applications" { + BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + + } + It "Scen1: Creating Applications and attaching secrets to that newly created application " { + # Create New application + $thisTestInstanceId = New-Guid | select -expandproperty guid + $global:testAppName = 'SimpleTestApp' + $thisTestInstanceId + $global:newApp = New-EntraApplication -DisplayName $testAppName -AvailableToOtherTenants $true -ReplyUrls @("https://yourapp.com") + $newApp.DisplayName | Should -Be $testAppName + + $Result = New-EntraApplicationPasswordCredential -ObjectId $newApp.Id -CustomKeyIdentifier "MySecret" + + # Retrive application password credentials and verify keyId is present or not + # $Result1 = Get-EntraApplicationPasswordCredential -ObjectId $newApp.Id + # $Result1.KeyId | Should -be $Result.KeyId + + # Retrive new created application + $global:application = Get-EntraApplication -ObjectId $newApp.Id + + # verify keyId + $application.PasswordCredentials.KeyId | Should -be $Result.KeyId + } + It "Scen3: Create Service Principal to the newly created application" { + + # Create service Principal for new application + $global:NewServicePrincipal = New-EntraServicePrincipal -AppId $application.AppId -AppRoleAssignmentRequired $true + + # store service principal objectId + $global:servicePrincipalObjectId = $NewServicePrincipal.ObjectId + + # Get created service principal + $ServicePrincipal = Get-EntraServicePrincipal -ObjectId $servicePrincipalObjectId + $ServicePrincipal.AppId | Should -Be $application.AppId + + } + It "Scen4: Configure App ID URI and Redirect URIs on the newly created application" { + + # configure application fot ID URI + $configureApp = Set-EntraApplication -ObjectId $newApp.Id -IdentifierUris @("IdM365x992972766.onmicrosoft.com") -ReplyUrls "https://contoso.com" + + # Retrive new application and verifying ID URI + $updatedApp = Get-EntraApplication -ObjectId $newApp.Id | ConvertTo-json | ConvertFrom-json + $updatedApp.IdentifierUris | Should -Be "IdM365x992972766.onmicrosoft.com" + $updatedApp.Web.RedirectUris | Should -Be "https://contoso.com" + } + It "Scen5: Create AppRoles to the Application" { + + # create approles + $types += 'User' + $approle = New-Object Microsoft.Open.AzureAD.Model.AppRole + $approle.AllowedMemberTypes = $types + $approle.Description = 'msiam_access' + $approle.DisplayName = 'msiam_access' + $approle.Id = '643985ce-3eaf-4a67-9550-ecca25cb6814' + $approle.Value = 'Application' + $approle.IsEnabled = $true + + # Assign approles to existing applictaion + $global:AppUpdate = Set-EntraApplication -ObjectId $newApp.Id -AppRoles $approle + + # Retrive new application and verifying AppRoles + $updatedApp = Get-EntraApplication -ObjectId $newApp.Id + $updatedApp.AppRoles.DisplayName | Should -Be 'msiam_access' + $updatedApp.AppRoles.Id | Should -Be '643985ce-3eaf-4a67-9550-ecca25cb6814' + $updatedApp.AppRoles.Value | Should -Be 'Application' + } + It "Scen6: Assign user and groups to the newly created Service Principal and set right AppRole to it" { + $global:existUser = Get-EntraUser -Top 1 + # write-host "existUser" $existUser.Id + $global:existGroup = Get-EntraGroup -Top 1 + # write-host "servicePrincipalObjectId" $servicePrincipalObjectId + # Add user to group + $userToServicePrincipal = Add-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -RefObjectId $existUser.ObjectId + $PrincipalOwners= Get-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId | ConvertTo-json | ConvertFrom-json + $PrincipalOwners.Id | Should -Contain $existUser.Id + # $userToServicePrincipal = Add-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -RefObjectId $existGroup.ObjectId + + + # Add group to service pricipal + # $GrpToServicePrincipal = Add-EntraGroupMember -ObjectId $existGroup.ObjectId -RefObjectId $servicePrincipalObjectId + # $A = Get-EntraGroupMember -ObjectId $existGroup.ObjectId + # $A.Id | should -Contain $servicePrincipalObjectId + + # Set app role to service principal + $existingServicePrincipal = Get-EntraServicePrincipal -ObjectId $servicePrincipalObjectId | ConvertTo-json | ConvertFrom-json + + $global:AppROletoServicePrincipal = New-EntraServiceAppRoleAssignment -ObjectId $existingServicePrincipal.ObjectId -ResourceId $existingServicePrincipal.ObjectId -Id $existingServicePrincipal.AppRoles.Id -PrincipalId $existingServicePrincipal.ObjectId + # Verifying app role assignment + $RoleAssignment = Get-EntraServiceAppRoleAssignment -ObjectId $existingServicePrincipal.ObjectId + $RoleAssignment.AppRoleId | Should -Be $AppROletoServicePrincipal.AppRoleId + } + It "Scen7: Create a new user and add that user to an existing group"{ + # Create new User + $thisTestInstanceId = New-Guid | select -expandproperty guid + $user = 'SimpleTestUser' + $thisTestInstanceId + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser = New-EntraUser -AccountEnabled $true -DisplayName $user -PasswordProfile $PasswordProfile -MailNickName $user -UserPrincipalName "$user@M365x99297270.OnMicrosoft.com" + # write-host "User:" $NewUser.Id + # Retrive existing group + $global:ExistGroup = Get-EntraGroup -top 1 + + # Add Group member + $NewMem = Add-EntraGroupMember -ObjectId $ExistGroup.ObjectId -RefObjectId $NewUser.ObjectId + + # Get group member + $GetMemb = Get-EntraGroupMember -ObjectId $ExistGroup.ObjectId + $GetMemb.Id | Should -Contain $NewUser.Id + + } + It "Scen8:Create a new group and add existing user to that group"{ + # Create new Group + $testGrpName = 'SimpleTestGrp' + $thisTestInstanceId + $global:NewGroup = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" | ConvertTo-json | ConvertFrom-json + # Retrive existing User + $User = Get-EntraUser -top 1 + + # Add group member + $NewMem = Add-EntraGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $User.ObjectId + + # Get group member + $GetMember = Get-EntraGroupMember -ObjectId $NewGroup.ObjectId + $GetMember.Id | Should -Contain $User.Id + + } + It "Scen9: Create a new user and create a new group and add that new user to the new group"{ + + $thisTestInstanceId = New-Guid | select -expandproperty guid + $testGrpName = 'SimpleGroup' + $thisTestInstanceId + $testUserName = 'SimpleTestUser' + $thisTestInstanceId + # Create new User + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser1 = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" + # write-host "User1:" $NewUser1.Id + # Create new Group + $global:NewGroup1 = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" | ConvertTo-json | ConvertFrom-json + + # Add group member + $NewMem = Add-EntraGroupMember -ObjectId $NewGroup1.ObjectId -RefObjectId $NewUser1.ObjectId + + # Get group member + # $GetMember = Get-EntraGroupMember -ObjectId $NewGroup1.ObjectId + # $GetMember.Id | Should -Be $NewUser1.Id + + } + It "Scen10: Create a new user and add the user to the newly created group and check that user is Member of the group"{ + + $thisTestInstanceId = New-Guid | select -expandproperty guid + $testGrpName = 'SimpleGroup' + $thisTestInstanceId + $testUserName = 'SimpleTestUser' + $thisTestInstanceId + # Create new User + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser2 = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" + # write-host "User2:" $NewUser2.Id + # Create new Group + $global:NewGroup2 = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" | ConvertTo-json | ConvertFrom-json + + # Add group member + $NewMem = Add-EntraGroupMember -ObjectId $NewGroup2.ObjectId -RefObjectId $NewUser2.ObjectId + + # User is member of the new group + $GetMember = Get-EntraGroupMember -ObjectId $NewGroup2.ObjectId + $GetMember.Id | Should -Be $NewUser2.Id + } + It "Scen11: Create a new user and assign that user to the existing Service Principal"{ + # Create new User + $thisTestInstanceId = New-Guid | select -expandproperty guid + $Tuser = 'SimpleTestUser' + $thisTestInstanceId + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser3 = New-EntraUser -AccountEnabled $true -DisplayName $Tuser -PasswordProfile $PasswordProfile -MailNickName $Tuser -UserPrincipalName "$Tuser@M365x99297270.OnMicrosoft.com" + $NewOwner= Add-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -RefObjectId $NewUser3.ObjectId + + # Get group member + $GetOwner = Get-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId + $GetOwner.ObjectId | Should -Contain $NewUser3.Id + + } + It "Scen12: Create a new conditional access policy and attach that policy to the Service Principal" { + # Create conditional access policy + $thisTestInstanceId = New-Guid | select -expandproperty guid + $testpolicyName = 'Simplepolicy' + $thisTestInstanceId + + $Condition = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet + $Condition.clientAppTypes = @("mobileAppsAndDesktopClients","browser") + $Condition.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition + $Condition.Applications.IncludeApplications = $NewServicePrincipal.AppId + $Condition.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition + $Condition.Users.IncludeUsers = "all" + + $Controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls + $Controls._Operator = "AND" + $Controls.BuiltInControls = @("mfa") + + $SessionControls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessSessionControls + $ApplicationEnforcedRestrictions = New-Object Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationEnforcedRestrictions + $ApplicationEnforcedRestrictions.IsEnabled = $true + $SessionControls.applicationEnforcedRestrictions = $ApplicationEnforcedRestrictions + + $global:NewConditionalAccessPolicy = New-EntraMSConditionalAccessPolicy -DisplayName $testpolicyName -State enabled -Conditions $Condition -GrantControls $Controls -SessionControls $SessionControls + $result = Get-EntraMSConditionalAccessPolicy -policyid $NewConditionalAccessPolicy.Id + $result.Conditions.Applications.IncludeApplications | should -Be $NewServicePrincipal.AppId + } + # It "Scen13: Create new claims issuance policy and attach that to the Service Principal" { + + # # $global:NewClaimsIssuancePolicy = New-EntraBetaPolicy -Definition $policyDefinition -DisplayName $testpolicyName -Type "ClaimsIssuancePolicy" + # $global:NewClaimsIssuancePolicy = New-EntraBetaPolicy -Definition @('{ "definition": [ "{\"ClaimsMappingPolicy\":{\"Version\":1,\"IncludeBasicClaimSet\":\"true\",\"ClaimsSchema\":[{\"Source\":\"user\",\"ID\":\"userPrincipalName\",\"SAMLClaimType\":\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\"JwtClaimType\":\"upn\"},{\"Source\":\"user\",\"ID\":\"displayName\",\"SAMLClaimType\":\"http://schemas.microsoft.com/identity/claims/displayname\",\"JwtClaimType\":\"name\"}]}}" ], "displayName": "Custom Claims Issuance Policy", "isOrganizationDefault": false }') -DisplayName $testpolicyName -Type "claimsMappingPolicies" -IsOrganizationDefault $false -AlternativeIdentifier "1f587daa-d6fc-433f-88ee-48afa8daebe4" + + # $A = Get-EntraBetaPolicy - + # write-host $A + # # Write-Host "NewClaimsIssuancePolicy" $NewClaimsIssuancePolicy + # write-host "ServicePrincipalID" $servicePrincipalObjectId + + # $ClaimsIssuancePolicyToServicePrincipal = Add-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId -RefObjectId $NewClaimsIssuancePolicy.Id + # # $A = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId + # # write-host "EntraBetaServicePrincipalPolicy" $A + # } + It "Scen14: Remove the policy attached to the existing Service Principal" { + $Policy = Get-EntraBetaPolicy -Top 1 + + # Add existing policy to service principal + Add-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId -RefObjectId $Policy.Id + $policyOfservicePrincipal = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId + + # Remove policy attached to existing service principal + Remove-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId -PolicyId $policyOfservicePrincipal.Id + $retrivePolicy = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId + $retrivePolicy.Id | should -Not -Contain $Policy.Id + + } + + AfterAll { + + # Remove-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId -PolicyId $NewClaimsIssuancePolicy.Id + # Remove-EntraMSConditionalAccessPolicy -PolicyId $NewClaimsIssuancePolicy.Id + Remove-EntraMSConditionalAccessPolicy -PolicyId $NewConditionalAccessPolicy.Id + Remove-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -OwnerId $NewUser3.ObjectId + Remove-EntraUser -ObjectId $NewUser3.ObjectId | Out-Null + + Remove-EntraGroupMember -ObjectId $NewGroup2.ObjectId -MemberId $NewUser2.ObjectId + Remove-EntraGroup -ObjectId $NewGroup2.ObjectId | Out-Null + Remove-EntraUser -ObjectId $NewUser2.ObjectId | Out-Null + + Remove-EntraGroupMember -ObjectId $NewGroup1.ObjectId -MemberId $NewUser1.ObjectId + Remove-EntraUser -ObjectId $NewUser1.ObjectId | Out-Null + Remove-EntraGroup -ObjectId $NewGroup1.ObjectId | Out-Null + + Remove-EntraGroupMember -ObjectId $ExistGroup.ObjectId -MemberId $NewUser.ObjectId + Remove-EntraUser -ObjectId $NewUser.ObjectId | Out-Null + Remove-EntraGroup -ObjectId $NewGroup.ObjectId | Out-Null + + # Scenario 6 + + Remove-EntraServiceAppRoleAssignment -ObjectId $servicePrincipalObjectId -AppRoleAssignmentId $AppROletoServicePrincipal.Id + # Remove-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -OwnerId $existGroup.ObjectId + Remove-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -OwnerId $existUser.ObjectId + # Remove-EntraGroupMember -ObjectId $existGroup.ObjectId -MemberId $servicePrincipalObjectId + + # Remove-EntraGroupMember -ObjectId $NewGroup.ObjectId -MemberId $User.ObjectId + Remove-EntraServicePrincipal -ObjectId $NewServicePrincipal.ObjectId + Remove-EntraApplication -ObjectId $newApp.Id | Out-Null + + # foreach ($app in (Get-EntraUser -SearchString "SimpleTestUser")) { + # write-host $app.ObjectId + # Remove-EntraUser -ObjectId $app.ObjectId | Out-Null + # } + + } + + } +} diff --git a/test/module/Entra/Integration/Set-EntraApplication.Tests.ps1 b/test/module/Entra/Integration/Set-EntraApplication.Tests.ps1 new file mode 100644 index 0000000000..54574437c5 --- /dev/null +++ b/test/module/Entra/Integration/Set-EntraApplication.Tests.ps1 @@ -0,0 +1,34 @@ +Describe "The Get-EntraApplication command executing unmocked" { + + Context "When getting applications" { + BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + $thisTestInstanceId = New-Guid | select -expandproperty guid + $testAppName = 'SimpleTestAppRead' + $thisTestInstanceId + $testApp = New-EntraApplication -DisplayName $testAppName + } + + It "should successfully update the application with expected properties when the application ID parameter is used" { + $thisTestInstanceId = New-Guid | select -expandproperty guid + $newAppName = 'SimpleTestAppUpdate' + $thisTestInstanceId + Set-EntraApplication -ObjectId $testApp.Id -DisplayName $newAppName | Should -BeNullOrEmpty + + $app = Get-EntraApplication -ObjectId $testApp.Id + $app.Id | Should -Be $testApp.Id + $app.DisplayName | Should -Be $newAppName + } + + AfterAll { + foreach ($app in (Get-EntraApplication -All $true | Where-Object { $_.DisplayName -eq $newAppName})) { + Remove-EntraApplication -ObjectId $app.Id | Out-Null + } + + } + } +} diff --git a/test/module/Entra/Integration/Set-EntraMSRoleAssignment.Tests.ps1 b/test/module/Entra/Integration/Set-EntraMSRoleAssignment.Tests.ps1 new file mode 100644 index 0000000000..c5954d05e4 --- /dev/null +++ b/test/module/Entra/Integration/Set-EntraMSRoleAssignment.Tests.ps1 @@ -0,0 +1,61 @@ +Describe "The Set-EntraMSRoleAssignment command executing unmocked" { + + Context "When getting MSRoleAssignment" { + BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + } + #create new user + It "should successfully create new user " { + $thisTestInstanceId = New-Guid | select -expandproperty guid + $testName = 'SampleUser' + $thisTestInstanceId + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:newUser = New-EntraUser -AccountEnabled $true -DisplayName $testName -PasswordProfile $PasswordProfile -MailNickName $testName -UserPrincipalName $testName"@M365x99297270.OnMicrosoft.com" + } + #create new role defination + It "should successfully create new ms role defination " { + $thisTestInstanceId = New-Guid | select -expandproperty guid + $testName = 'SampleRoleDefination' + $thisTestInstanceId + $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission + $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") + $global:newmsRoleDefinition = New-EntraMSRoleDefinition -RolePermissions $RolePermissions -IsEnabled $false -DisplayName $testName + } + + #create new role assignment + It "should successfully create new ms role assignment " { + $thisTestInstanceId = New-Guid | select -expandproperty guid + $testName = 'SampleRoleDefination' + $thisTestInstanceId + $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission + $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") + $global:newmsRoleAssignment = New-EntraMSRoleAssignment -RoleDefinitionId $newmsRoleDefinition.Id -PrincipalId $newUser.Id -DirectoryScopeId '/' + } + It "should successfully get the msrole assignment " { + $PrincipalId = $newUser.Id + $assignment = Get-EntraMSRoleAssignment -Filter "principalId eq '$PrincipalId'" + $assignment.Id | Should -Be $newmsRoleAssignment.Id + $assignment.PrincipalId | Should -Be $newmsRoleAssignment.PrincipalId + $assignment.RoleDefinitionId | Should -Be $newmsRoleAssignment.RoleDefinitionId + + } + It "should throw an exception if a nonexistent object ID parameter is specified" { + $Id = (New-Guid).Guid + Get-EntraMSRoleAssignment -Filter "principalId eq '$Id'" -ErrorAction Stop + $Error[0] | Should -match "Resource '([^']+)' does not exist" + } + + AfterAll { + + Remove-EntraMSRoleAssignment -Id $newmsRoleAssignment.Id | Out-Null + Remove-EntraMSRoleDefinition -Id $newmsRoleDefinition.Id | Out-Null + Remove-EntraUser -ObjectId $newUser.ObjectId | Out-Null + } + + } + + +} \ No newline at end of file diff --git a/test/module/Entra/Integration/Set-EntraMSRoleDefinition.Tests.ps1 b/test/module/Entra/Integration/Set-EntraMSRoleDefinition.Tests.ps1 new file mode 100644 index 0000000000..74268205f3 --- /dev/null +++ b/test/module/Entra/Integration/Set-EntraMSRoleDefinition.Tests.ps1 @@ -0,0 +1,46 @@ +Describe "The Set-EntraMSRoleDefination command executing unmocked" { + + Context "When getting MSRoleDefination" { + BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + } + #create new role defination + It "should successfully create new ms role defination " { + $thisTestInstanceId = New-Guid | select -expandproperty guid + $testName = 'SimpleRoleDefination' + $thisTestInstanceId + $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission + $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") + $global:newmsRoleDefinition = New-EntraMSRoleDefinition -RolePermissions $RolePermissions -IsEnabled $false -DisplayName $testName + + } + It "should successfully update the msrole defination with expected properties when the msrole defination ID parameter is used" { + $thisTestInstanceId = New-Guid | select -expandproperty guid + $global:newmsrolename = 'SimpleRoleDefinationUpdated' + $thisTestInstanceId + Set-EntraMSRoleDefinition -Id $newmsRoleDefinition.Id -DisplayName $newmsrolename | Should -BeNullOrEmpty + } + It "should successfully retrieve details of a MS role defination" { + $app = Get-EntraMSRoleDefinition -Id $newmsRoleDefinition.Id + $app | Should -Not -BeNullOrEmpty + $app.Id | Should -Be $newmsRoleDefinition.Id + $app.DisplayName | Should -Be $newmsrolename + } + It "should throw an exception if a nonexistent object ID parameter is specified" { + $Id = (New-Guid).Guid + Get-EntraMSRoleDefinition -Id $Id -ErrorAction Stop + $Error[0] | Should -match "Resource '([^']+)' does not exist" + } + + AfterAll { + Remove-EntraMSRoleDefinition -Id $newmsRoleDefinition.Id | Out-Null + } + + } + + +} + diff --git a/test/module/Entra/Integration/setenv.ps1 b/test/module/Entra/Integration/setenv.ps1 new file mode 100644 index 0000000000..aea770b781 --- /dev/null +++ b/test/module/Entra/Integration/setenv.ps1 @@ -0,0 +1,3 @@ +$env:TEST_APPID = "8886ad7b-1795-4542-9808-c85859d97f23" +$env:TEST_TENANTID = "d5aec55f-2d12-4442-8d2f-ccca95d4390e" +$env:CERTIFICATETHUMBPRINT = "70FE8FCE6AD12B194D34951863872D103B0434A9" \ No newline at end of file