cSecurityOptions

3.1.3

DSCResources/Tests/Unit/UserRightsAssignment.Tests.ps1

                                $DSCResourceName = 'UserRightsAssignment'

$DSCModuleName   = 'cSecurityOptions'

$Splat = @{

    Path = $PSScriptRoot

    ChildPath = "..\..\DSCResources\$DSCResourceName\$DSCResourceName.psm1"

    Resolve = $true

    ErrorAction = 'Stop'

}

$DSCResourceModuleFile = Get-Item -Path (Join-Path @Splat)

$moduleRoot = "${env:ProgramFiles}\WindowsPowerShell\Modules\$DSCModuleName"

if(-not (Test-Path -Path $moduleRoot))

{

    $null = New-Item -Path $moduleRoot -ItemType Directory

}

else

{

    # Copy the existing folder out to the temp directory to hold until the end of the run

    # Delete the folder to remove the old files.

    $tempLocation = Join-Path -Path $env:Temp -ChildPath $DSCModuleName

    Copy-Item -Path $moduleRoot -Destination $tempLocation -Recurse -Force

    Remove-Item -Path $moduleRoot -Recurse -Force

    $null = New-Item -Path $moduleRoot -ItemType Directory

}

Copy-Item -Path $PSScriptRoot\..\..\* -Destination $moduleRoot -Recurse -Force -Exclude '.git'

if (Get-Module -Name $DSCResourceName)

{

    Remove-Module -Name $DSCResourceName

}

Import-Module -Name $DSCResourceModuleFile.FullName -Force

InModuleScope UserRightsAssignment {

    #######################################################################################

    Describe 'Get-TargetResource' {

        Context 'ServerCore' {

            #region Mocks

            Mock TestServerCore {

                $true

            }

            #endregion

            $NonServerCoreConformantAssignments = @(

                'SeChangeNotifyPrivilege',

                'SeIncreaseWorkingSetPrivilege'

            )

            foreach ($nonServerCoreConformantAssignment in $nonServerCoreConformantAssignments) {

                It "$nonServerCoreConformantAssignment Privilege should return return Absent" {

                    (get-targetresource -Privilege $nonServerCoreConformantAssignment).Ensure | should be 'Absent'

                }

            }

        }

        Context '0 Users' {

            Mock 'GetAccountsWithUserRight' {

                @{

                    'Account' = ''

                }

            }

            It 'should return ensure Absent' {

                (get-targetresource -Privilege 'SeIncreaseQuotaPrivilege').Ensure | should be 'Absent'

            }

        }

        Context '1 Users' {

            Mock 'GetAccountsWithUserRight' {

                @{

                    'Account' = 'a'

                }

            }

            It 'should return ensure Present' {

                (get-targetresource -Privilege 'SeIncreaseQuotaPrivilege').Ensure | should be 'Present'

            }

            It 'should return proper account' {

                (get-targetresource -Privilege 'SeIncreaseQuotaPrivilege').Identity | should be 'a'

            }

        }

        Context 'Many Users' {

            Mock 'GetAccountsWithUserRight' {

                @{

                    'Account' = 'b', 'c', 'd'

                }

            }

            It 'should return ensure Present' {

                (get-targetresource -Privilege 'SeIncreaseQuotaPrivilege').Ensure | should be 'Present'

            }

            It 'should return proper account' {

                (get-targetresource -Privilege 'SeIncreaseQuotaPrivilege').Identity | should be 'b', 'c', 'd'

            }

        }

}

    Describe 'Test-TargetResource' {

        Mock GetUserRightsAssignment {

             @{

                'Privilege' = $Privilege

                'Identity' = ''

                'Ensure' = 'Absent'

            }

        } -ParameterFilter { $Privilege -eq 'SeNetworkLogonRight' }

        Mock GetUserRightsAssignment {

             @{

                'Privilege' = $Privilege

                'Identity' = 'a'

                'Ensure' = 'Present'

            }

        } -ParameterFilter { $Privilege -eq 'SeTcbPrivilege' }

        Mock FilterIdentity {

            $Identity

        }

        Context 'ServerCore' {

            #region Mocks

            Mock TestServerCore {

                $true

            }

            #endregion

            $NonServerCoreConformantAssignments = @(

                'SeChangeNotifyPrivilege',

                'SeIncreaseWorkingSetPrivilege'

            )

            foreach ($nonServerCoreConformantAssignment in $nonServerCoreConformantAssignments) {

                $Parameters = @{

                    'Privilege' = $NonServerCoreConformantAssignment

                    'Identity' = 'a'

                    'Ensure' = 'Present'

                }

                It "$nonServerCoreConformantAssignment test for Ensure should be false" {

                    test-targetresource @Parameters | should be $false

                }

            }

            It 'Should return true if Privilege Exists' {

                $Parameters = @{

                    'Privilege' = 'SeTcbPrivilege'

                    'Identity' = 'a'

                    'Ensure' = 'Present'

                }

                test-targetresource @Parameters | should be $True

            }

            It 'Should return false if Privilege Does not Exists' {

                $Parameters = @{

                    'Privilege' = 'SeNetworkLogonRight'

                    'Identity' = 'a'

                    'Ensure' = 'Present'

                }

                test-targetresource @Parameters | should be $False

            }

            It 'Should return false if input identity does not match current identity list (more account than specified)' {

                $Parameters = @{

                    'Privilege' = 'SeTcbPrivilege'

                    'Identity' = 'a','b'

                    'Ensure' = 'Present'

                }

                test-targetresource @Parameters | should be $False

            }

            It 'Should return false if input identity does not match current identity list (no accounts specified)' {

                $Parameters = @{

                    'Privilege' = 'SeTcbPrivilege'

                    'Identity' = ''

                    'Ensure' = 'Present'

                }

                test-targetresource @Parameters | should be $False

            }

        }

    }

}