diff --git a/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 b/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 new file mode 100644 index 000000000..22bfff3bc --- /dev/null +++ b/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 @@ -0,0 +1,109 @@ +Describe "The EntraGroupAppRoleAssignment command executing unmocked" { + + Context "When getting GroupAppRoleAssignment" { + BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $global:displayName = 'DemoName' + $thisTestInstanceId + + $global:newGroup = New-EntraGroup -DisplayName $displayName -MailEnabled $false -SecurityEnabled $true -MailNickName $displayName + } + + It "should successfully get a specific group by using an Id" { + $group = Get-EntraGroup -ObjectId $newGroup.Id + $group.Id | Should -Be $newGroup.Id + $group.DisplayName | Should -Be $displayName + } + + It "should successfully update a group display name" { + $global:updatedDisplayName = "Demo Name 2" + Set-EntraGroup -ObjectId $newGroup.Id -DisplayName $updatedDisplayName + $result = Get-EntraGroup -ObjectId $newGroup.Id + $result.Id | Should -Contain $newGroup.Id + } + + It "should successfully create application" { + $types = @() + $types += 'User' + $approle = New-Object Microsoft.Open.AzureAD.Model.AppRole + $approle.AllowedMemberTypes = $types + $approle.Description = 'msiam_access' + $approle.DisplayName = 'msiam_access' + $approle.Id = '643985ce-3eaf-4a67-9550-ecca25cb6814' + $approle.Value = 'Application' + $approle.IsEnabled = $true + $applicationDisplayName = "Demo new application" + $global:createdApplication = New-EntraApplication -DisplayName $applicationDisplayName -AppRoles $approle + $createdApplication.DisplayName | Should -Be $applicationDisplayName + } + + It "should successfully get application" { + $global:getCreatedApplication = Get-EntraApplication -ObjectId $createdApplication.Id + $getCreatedApplication.DisplayName | Should -Be $createdApplication.DisplayName + $getCreatedApplication.Id | Should -Be $createdApplication.Id + $getCreatedApplication.AppId | Should -Be $createdApplication.AppId + } + + It "should successfully update application display name" { + $global:updateApplicationDisplayName = "Update demo application" + Set-EntraApplication -ObjectId $getCreatedApplication.Id -DisplayName $updateApplicationDisplayName + + $global:getUpdatedCreatedApplication = Get-EntraApplication -ObjectId $getCreatedApplication.Id + $getUpdatedCreatedApplication.DisplayName | Should -Be $updateApplicationDisplayName + $getUpdatedCreatedApplication.Id | Should -Be $getCreatedApplication.Id + $getUpdatedCreatedApplication.AppId | Should -Be $getCreatedApplication.AppId + } + + It "should successfully create and get service principal" { + $global:MyApp = Get-EntraApplication -Filter "DisplayName eq '$($getUpdatedCreatedApplication.DisplayName)'" + + New-EntraServicePrincipal -AccountEnabled $true -AppId $MyApp.AppId -AppRoleAssignmentRequired $true -DisplayName $MyApp.DisplayName -Tags {"WindowsAzureActiveDirectoryIntegratedApp"} + $global:createdServicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '$($MyApp.DisplayName)'" + $createdServicePrincipal.AppId | Should -Be $MyApp.AppId + $createdServicePrincipal.DisplayName | Should -Be $MyApp.DisplayName + } + + It "should successfully update the account of a service principal" { + Set-EntraServicePrincipal -ObjectId $createdServicePrincipal.Id -AccountEnabled $False + $disableServicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '$($MyApp.DisplayName)'" + $disableServicePrincipal.AppId | Should -Be $MyApp.AppId + $disableServicePrincipal.DisplayName | Should -Be $MyApp.DisplayName + + Set-EntraServicePrincipal -ObjectId $createdServicePrincipal.Id -AccountEnabled $True + $global:updatedServicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '$($MyApp.DisplayName)'" + $updatedServicePrincipal.AppId | Should -Be $MyApp.AppId + $updatedServicePrincipal.DisplayName | Should -Be $MyApp.DisplayName + } + + It "should successfully assign a group of users to an application" { + New-EntraGroupAppRoleAssignment -ObjectId $newGroup.ObjectId -PrincipalId $newGroup.ObjectId -ResourceId $updatedServicePrincipal.ObjectId -Id $updatedServicePrincipal.Approles[0].id + } + + It "should successfully retrieve application role assignments of a group" { + $global:getGroupAppRoleAssignment = Get-EntraGroupAppRoleAssignment -ObjectId $newGroup.Id + $getGroupAppRoleAssignment.ResourceDisplayName | Should -Be $createdServicePrincipal.DisplayName + $getGroupAppRoleAssignment.PrincipalDisplayName | Should -Be $updatedDisplayName + } + + AfterAll { + if ( $getGroupAppRoleAssignment) { + Remove-EntraGroupAppRoleAssignment -ObjectId $newGroup.Id -AppRoleAssignmentId $getGroupAppRoleAssignment.Id | Out-Null + } + if ( $updatedServicePrincipal) { + Remove-EntraServicePrincipal -ObjectId $updatedServicePrincipal.Id | Out-Null + } + if ( $getUpdatedCreatedApplication) { + Remove-EntraApplication -ObjectId $getUpdatedCreatedApplication.Id | Out-Null + } + if ($newGroup) { + Remove-EntraGroup -ObjectId $newGroup.Id | Out-Null + } + } + } +} \ No newline at end of file diff --git a/test/module/Entra/Integration/EntraGroupOwner.Tests.ps1 b/test/module/Entra/Integration/EntraGroupOwner.Tests.ps1 new file mode 100644 index 000000000..eac1dee82 --- /dev/null +++ b/test/module/Entra/Integration/EntraGroupOwner.Tests.ps1 @@ -0,0 +1,96 @@ +Describe "The EntraGroupOwner command executing unmocked" { + + Context "When getting user and group" { + BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $global:displayName = 'DemoName' + $thisTestInstanceId + + $global:newGroup = New-EntraGroup -DisplayName $displayName -MailEnabled $false -SecurityEnabled $true -MailNickName $displayName + } + + It "should successfully get a specific group by using an Id" { + $group = Get-EntraGroup -ObjectId $newGroup.Id + $group.Id | Should -Be $newGroup.Id + $group.DisplayName | Should -Be $displayName + } + + It "should successfully update a group display name" { + $global:updatedDisplayName = "DemoNameUpdated" + Set-EntraGroup -ObjectId $newGroup.Id -DisplayName $updatedDisplayName + $result = Get-EntraGroup -ObjectId $newGroup.Id + $result.Id | Should -Contain $newGroup.Id + $result.DisplayName | Should -Contain $updatedDisplayName + } + + It "should successfully create user" { + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@12345" + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $Username = 'DemoName' + $thisTestInstanceId + $UserPrincipalName = "$Username@M365x99297270.OnMicrosoft.com" + $global:newUser = New-EntraUser -DisplayName $updatedDisplayName -PasswordProfile $PasswordProfile -UserPrincipalName $UserPrincipalName -AccountEnabled $true -MailNickName $updatedDisplayName + } + + It "should successfully get created user" { + $user = Get-EntraUser -ObjectId $newUser.Id + $user.Id | Should -Be $newUser.Id + $user.DisplayName | Should -Be $updatedDisplayName + } + + It "should successfully update created user" { + $user = Get-EntraUser -ObjectId $newUser.Id + $user.Id | Should -Be $newUser.Id + $user.DisplayName | Should -Be $updatedDisplayName + $updatedDisplayNameInCreatedUser = 'YetAnotherTestUser' + Set-EntraUser -ObjectId $newUser.Id -Displayname $updatedDisplayNameInCreatedUser + $global:updatedUser = Get-EntraUser -ObjectId $newUser.Id + $updatedUser.Id | Should -Be $newUser.Id + $updatedUser.DisplayName | Should -Be $updatedDisplayNameInCreatedUser + } + + It "should successfully create and get group owner" { + Add-EntraGroupOwner -ObjectId $newGroup.Id -RefObjectId $updatedUser.Id + $global:getCreatedGroupOwner = Get-EntraGroupOwner -ObjectId $newGroup.Id + $getCreatedGroupOwner.Id | Should -Be $updatedUser.Id + } + + It "should successfully create second user" { + $PasswordProfile1 = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile1.Password = "Pass@12345" + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $Username1 = 'DemoName2' + $thisTestInstanceId + $UserPrincipalName1 = "$Username1@M365x99297270.OnMicrosoft.com" + $global:newUser1 = New-EntraUser -DisplayName $updatedDisplayName -PasswordProfile $PasswordProfile1 -UserPrincipalName $UserPrincipalName1 -AccountEnabled $true -MailNickName $updatedDisplayName + } + + It "should successfully create and get group owner for second user" { + Add-EntraGroupOwner -ObjectId $newGroup.Id -RefObjectId $newUser1.Id + $getCreatedGroupOwner1 = Get-EntraGroupOwner -ObjectId $newGroup.Id + $retrievedIds = $getCreatedGroupOwner1.Id | Sort-Object -Unique + $retrievedIds.Count | Should -BeExactly 2 + $retrievedIds | should -Contain $newUser1.Id + } + + AfterAll { + if ($getCreatedGroupOwner) { + Remove-EntraGroupOwner -ObjectId $newGroup.Id -OwnerId $getCreatedGroupOwner.Id | Out-Null + } + if ($updatedUser) { + Remove-EntraUser -ObjectId $updatedUser.Id | Out-Null + } + if ($newGroup) { + Remove-EntraGroup -ObjectId $newGroup.Id | Out-Null + } + if ($newUser1) { + Remove-EntraUser -ObjectId $newUser1.Id | Out-Null + } + } + } +} \ No newline at end of file diff --git a/test/module/Entra/Integration/EntraMSApplicationExtensionProperty.Tests.ps1 b/test/module/Entra/Integration/EntraMSApplicationExtensionProperty.Tests.ps1 new file mode 100644 index 000000000..c8e749dd5 --- /dev/null +++ b/test/module/Entra/Integration/EntraMSApplicationExtensionProperty.Tests.ps1 @@ -0,0 +1,59 @@ +Describe "The EntraMSApplicationExtensionProperty command executing unmocked" { + + Context "When getting ApplicationExtensionProperty" { + BeforeAll { + $testReportPath = Join-Path $PSScriptRoot "\setenv.ps1" + Import-Module -Name $testReportPath + + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + + if (-not $appId -or -not $tenantId -or -not $cert) { + throw "Required environment variables are not set." + } + + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $testApplicationName = 'Test Demo Name' + $thisTestInstanceId + $global:newMSApplication = New-EntraMSApplication -DisplayName $testApplicationName + } + + It "should successfully get an application by display name" { + $application = Get-EntraMSApplication -Filter "DisplayName eq '$($newMSApplication.DisplayName)'" + $application.ObjectId | Should -Be $newMSApplication.Id + $application.AppId | Should -Be $newMSApplication.AppId + $application.DisplayName | Should -Be $newMSApplication.DisplayName + } + + It "should successfully update a application display name" { + $updatedDisplayName = "Update Application Name" + Set-EntraMSApplication -ObjectId $newMSApplication.ObjectId -DisplayName $updatedDisplayName + $result = Get-EntraMSApplication -Filter "AppId eq '$($newMSApplication.AppId)'" + $result.ObjectId | Should -Be $newMSApplication.Id + $result.AppId | Should -Be $newMSApplication.AppId + $result.DisplayName | Should -Be "Update Application Name" + } + + It "should successfully create application extension property" { + $global:newMSApplicationExtensionProperty = New-EntraMSApplicationExtensionProperty -ObjectId $newMSApplication.Id -DataType "string" -Name "NewAttribute" -TargetObjects "Application" + } + + It "should successfully get application extension property" { + $applicationExtensionProperty = Get-EntraMSApplicationExtensionProperty -ObjectId $newMSApplication.Id + $applicationExtensionProperty.ObjectId | Should -Be $newMSApplicationExtensionProperty.Id + $applicationExtensionProperty.Name | Should -Be $newMSApplicationExtensionProperty.Name + + } + + AfterAll { + if ($newMSApplicationExtensionProperty) { + Remove-EntraMSApplicationExtensionProperty -ObjectId $newMSApplication.Id -ExtensionPropertyId $newMSApplicationExtensionProperty.Id | Out-Null + } + if ($newMSApplication) { + Remove-EntraMSApplication -ObjectId $newMSApplication.Id | Out-Null + } + } + } +} diff --git a/test/module/Entra/Integration/EntraMSLifecyclePolicyGroup.Tests.ps1 b/test/module/Entra/Integration/EntraMSLifecyclePolicyGroup.Tests.ps1 new file mode 100644 index 000000000..c4a32486e --- /dev/null +++ b/test/module/Entra/Integration/EntraMSLifecyclePolicyGroup.Tests.ps1 @@ -0,0 +1,88 @@ +Describe "The EntraMSLifecyclePolicyGroup command executing unmocked" { + + Context "When getting LifecyclePolicyGroup" { + BeforeAll { + $testReportPath = Join-Path $PSScriptRoot "\setenv.ps1" + Import-Module -Name $testReportPath + + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + + if (-not $appId -or -not $tenantId -or -not $cert) { + throw "Required environment variables are not set." + } + + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + $thisTestInstanceId = New-Guid | Select-Object -ExpandProperty Guid + $global:displayName = 'Demo Help Group' + $thisTestInstanceId + $testNickname = "testhelpDeskAdminGroup" + $global:newMSGroup = New-EntraMSGroup -DisplayName $displayName -MailEnabled $false -MailNickname $testNickname -SecurityEnabled $true -GroupTypes "unified" + Start-Sleep -Seconds 10 + } + + It "should successfully get a specific group by using an group Id" { + $group = Get-EntraMSGroup -Id $newMSGroup.Id + $group.ObjectId | Should -Be $newMSGroup.Id + $group.DisplayName | Should -Be $displayName + } + + It "should successfully update a group display name" { + $updatedDisplayName = "Update Help Group Name" + Set-EntraMSGroup -Id $newMSGroup.Id -DisplayName $updatedDisplayName + $result = Get-EntraGroup -ObjectId $newMSGroup.Id + $result.Id | Should -Contain $newMSGroup.Id + } + + It "should successfully Create a lifecycle policy" { + $global:testGroupPolicy = New-EntraMSGroupLifecyclePolicy -GroupLifetimeInDays 99 -ManagedGroupTypes "Selected" -AlternateNotificationEmails "example@contoso.un" + } + + It "should successfully retrieve properties of an groupLifecyclePolicy" { + $groupLifecyclePolicy = Get-EntraMSGroupLifecyclePolicy -Id $testGroupPolicy.Id + + $groupLifecyclePolicy.Id | Should -Be $testGroupPolicy.Id + $groupLifecyclePolicy.GroupLifetimeInDays | Should -Be 99 + $groupLifecyclePolicy.ManagedGroupTypes | Should -Contain "Selected" + $groupLifecyclePolicy.AlternateNotificationEmails | Should -Contain "example@contoso.un" + } + + It "should successfully update groupLifecyclePolicy" { + $alternateNotificationEmails = "admingroup@contoso.en" + $global:updatedGroupLifecyclePolicy = Set-EntraMSGroupLifecyclePolicy -Id $testGroupPolicy.Id -GroupLifetimeInDays 200 -AlternateNotificationEmails $alternateNotificationEmails -ManagedGroupTypes "Selected" + Start-Sleep -Seconds 10 + + $updatedGroupLifecyclePolicy.Id | Should -Be $testGroupPolicy.Id + $updatedGroupLifecyclePolicy.GroupLifetimeInDays | Should -Be 200 + $updatedGroupLifecyclePolicy.ManagedGroupTypes | Should -Contain "Selected" + $updatedGroupLifecyclePolicy.AlternateNotificationEmails | Should -Contain $alternateNotificationEmails + } + + It "should successfully associate the group with the lifecycle policy" { + $testLifePolicyGroup = Add-EntraMSLifecyclePolicyGroup -Id $testGroupPolicy.Id -GroupId $newMSGroup.Id + $testLifePolicyGroup.ObjectId | Should -BeNullOrEmpty + Start-Sleep -Seconds 10 + } + + It "should successfully retrieve details of a LifecyclePolicyGroup" { + $global:lifecyclePolicyGroup = Get-EntraMSLifecyclePolicyGroup -Id $newMSGroup.Id + $lifecyclePolicyGroup.ObjectId | Should -Be $testGroupPolicy.Id + $lifecyclePolicyGroup.GroupLifetimeInDays | Should -Be 200 + $lifecyclePolicyGroup.ManagedGroupTypes | Should -Contain "Selected" + $lifecyclePolicyGroup.AlternateNotificationEmails | Should -Contain $updatedGroupLifecyclePolicy.AlternateNotificationEmails + } + + AfterAll { + if ($lifecyclePolicyGroup) { + Remove-EntraMSLifecyclePolicyGroup -Id $lifecyclePolicyGroup.Id -GroupId $newMSGroup.Id | Out-Null + } + if ($updatedGroupLifecyclePolicy) { + Remove-EntraMSGroupLifecyclePolicy -Id $updatedGroupLifecyclePolicy.Id | Out-Null + } + if ($newMSGroup) { + Remove-EntraMSGroup -Id $newMSGroup.Id | Out-Null + } + } + } +} diff --git a/test/module/Entra/Integration/setenv.ps1 b/test/module/Entra/Integration/setenv.ps1 new file mode 100644 index 000000000..627531ad0 --- /dev/null +++ b/test/module/Entra/Integration/setenv.ps1 @@ -0,0 +1,3 @@ +$env:TEST_APPID = "8886ad7b-1795-4542-9808-c85859d97f23" +$env:TEST_TENANTID = "d5aec55f-2d12-4442-8d2f-ccca95d4390e" +$env:CERTIFICATETHUMBPRINT = "6CAEA8F6CEF8C5F8642F1F9AABE0237DB3D0C424" \ No newline at end of file