Tests/Unit/SecurityPolicyResourceHelper.tests.ps1

$resourceModuleRootPath = Split-Path -Path (Split-Path $PSScriptRoot -Parent) -Parent
$modulesRootPath = Join-Path -Path $resourceModuleRootPath -ChildPath 'Modules'
Import-Module -Name (Join-Path -Path $modulesRootPath  `
        -ChildPath 'SecurityPolicyResourceHelper\SecurityPolicyResourceHelper.psm1') `
    -Force

#region HEADER

# Begin Testing
InModuleScope 'SecurityPolicyResourceHelper' {
    Describe 'Test helper functions' {

        Context 'Test ConvertTo-LocalFriendlyName' {
            $sid = 'S-1-5-32-544'
            It 'Should be BUILTIN\Administrators' {
                ConvertTo-LocalFriendlyName -Identity $sid | should be 'BUILTIN\Administrators'
            }

            It "Should return $env:COMPUTERNAME\administrator" {
                ConvertTo-LocalFriendlyName -Identity 'administrator' | Should be "$env:COMPUTERNAME\administrator"
            }

            It "Should not Throw when Scope is 'GET'" {
                {ConvertTo-LocalFriendlyName -Identity 'S-1-5-32-600' -Scope 'Get'} | Should Not throw
            }

            It "Should not Throw when Scope is Get and Identity is a unresolvable name" {
                {ConvertTo-LocalFriendlyName -Identity 'badName' -Scope 'Get'} | Should Not throw
            }

            It "Should Throw when Scope is Set and Identity is an unresolvable name" {
                {ConvertTo-LocalFriendlyName -Identity 'badName' -Scope 'Set'} | Should throw
            }
            It "Should Throw when Scope is 'SET'" {
                {ConvertTo-LocalFriendlyName -Identity 'S-1-5-32-600' -Scope 'Set'} | Should throw
            }
        }
        Context 'Test Invoke-Secedit' {
            Mock Start-Process

            $invokeSeceditParameters = @{
                InfPath       = 'temp.inf'
                SeceditOutput = 'output.txt'
                OverWrite     = $true
            }

            It 'Should not throw' {
                {Invoke-Secedit @invokeSeceditParameters} | Should not throw
            }

            It 'Should call Start-Process' {
                Assert-MockCalled -CommandName Start-Process -Exactly 1 -Scope Context
            }
        }
        Context 'Test Get-UserRightsAssignment' {
            $ini = "$PSScriptRoot..\..\..\Misc\TestHelpers\TestIni.txt"
            Mock -CommandName ConvertTo-LocalFriendlyName -MockWith {'Value1'}

            $result = Get-UserRightsAssignment $ini

            It 'Should match INI Section' {
                $result.Keys | Should Be 'section'
            }

            It 'Should match INI Comment' {
                $result.section.Comment1 | Should Be '; this is a comment'
            }

            It 'Should be Value1' {
                $result.section.Key1 | Should be 'Value1'
            }
        }
        Context 'Test Test-IdentityIsNull' {

            It 'Should return true when Identity is null' {
                $IdentityIsNull = Test-IdentityIsNull -Identity $null
                $IdentityIsNull | Should Be $true
            }
            It 'Should return true when Identity is empty' {
                $IdentityIsNull = Test-IdentityIsNull -Identity ''
                $IdentityIsNull | Should Be $true
            }
            It 'Should return false when Identity is Guest' {
                $IdentityIsNull = Test-IdentityIsNull -Identity 'Guest'
                $IdentityIsNull | Should Be $false
            }
        }
        Context 'Get-SecurityPolicy' {
            $ini = "$PSScriptRoot..\..\..\Misc\TestHelpers\sample.inf"
            $iniPath = Get-Item -Path $ini
            Mock -CommandName Join-Path -MockWith {$iniPath.FullName}
            Mock -CommandName Remove-Item -MockWith {}
            $securityPolicy = Get-SecurityPolicy -Area 'USER_RIGHTS'

            It 'Should return Builtin\Administrators' {
                $securityPolicy.SeLoadDriverPrivilege | Should Be 'BUILTIN\Administrators'
            }
        }
        Context 'Add-PolicyOption' {
            It 'Should have [System Access]' {
                [string[]]$testString = "EnableAdminAccount=1"
                [string]$addOptionResult = Add-PolicyOption -SystemAccessPolicies $testString

                $addOptionResult | Should Match '[System Access]'
            }
            It 'Should have [Kerberos Policy]' {
                [string[]]$testString = "MaxClockSkew=5"
                [string]$addOptionResult = Add-PolicyOption -KerberosPolicies $testString

                $addOptionResult | Should Match '[Kerberos Policy]'
            }
        }
    }
}