From 1cf2384c0261b5fe6f7f8bb4cb7875bd9ee0525c Mon Sep 17 00:00:00 2001 From: Ashwini Karke Date: Fri, 23 Aug 2024 22:07:31 +0530 Subject: [PATCH 01/20] added Integration test cases --- .../Entra/Integration/Scenario1.Tests.ps1 | 283 ++++++++++++++++++ test/module/Entra/Integration/setenv.ps1 | 3 + 2 files changed, 286 insertions(+) create mode 100644 test/module/Entra/Integration/Scenario1.Tests.ps1 create mode 100644 test/module/Entra/Integration/setenv.ps1 diff --git a/test/module/Entra/Integration/Scenario1.Tests.ps1 b/test/module/Entra/Integration/Scenario1.Tests.ps1 new file mode 100644 index 0000000000..d8d078a6a8 --- /dev/null +++ b/test/module/Entra/Integration/Scenario1.Tests.ps1 @@ -0,0 +1,283 @@ +Describe "The Get-EntraApplication command executing unmocked" { + + Context "When creating applications" { + BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + + } + It "Scen1: Creating Applications and attaching secrets to that newly created application " { + # Create New application + $thisTestInstanceId = New-Guid | select -expandproperty guid + $global:testAppName = 'SimpleTestApp' + $thisTestInstanceId + $global:newApp = New-EntraApplication -DisplayName $testAppName -AvailableToOtherTenants $true -ReplyUrls @("https://yourapp.com") + $newApp.DisplayName | Should -Be $testAppName + + $Result = New-EntraApplicationPasswordCredential -ObjectId $newApp.Id -CustomKeyIdentifier "MySecret" + + # Retrive application password credentials and verify keyId is present or not + # $Result1 = Get-EntraApplicationPasswordCredential -ObjectId $newApp.Id + # $Result1.KeyId | Should -be $Result.KeyId + + # Retrive new created application + $global:application = Get-EntraApplication -ObjectId $newApp.Id + + # verify keyId + $application.PasswordCredentials.KeyId | Should -be $Result.KeyId + } + It "Scen3: Create Service Principal to the newly created application" { + + # Create service Principal for new application + $global:NewServicePrincipal = New-EntraServicePrincipal -AppId $application.AppId -AppRoleAssignmentRequired $true + + # store service principal objectId + $global:servicePrincipalObjectId = $NewServicePrincipal.ObjectId + + # Get created service principal + $ServicePrincipal = Get-EntraServicePrincipal -ObjectId $servicePrincipalObjectId + $ServicePrincipal.AppId | Should -Be $application.AppId + + } + It "Scen4: Configure App ID URI and Redirect URIs on the newly created application" { + + # configure application fot ID URI + $configureApp = Set-EntraApplication -ObjectId $newApp.Id -IdentifierUris @("IdM365x992972766.onmicrosoft.com") -ReplyUrls "https://contoso.com" + + # Retrive new application and verifying ID URI + $updatedApp = Get-EntraApplication -ObjectId $newApp.Id | ConvertTo-json | ConvertFrom-json + $updatedApp.IdentifierUris | Should -Be "IdM365x992972766.onmicrosoft.com" + $updatedApp.Web.RedirectUris | Should -Be "https://contoso.com" + } + It "Scen5: Create AppRoles to the Application" { + + # create approles + $types += 'User' + $approle = New-Object Microsoft.Open.AzureAD.Model.AppRole + $approle.AllowedMemberTypes = $types + $approle.Description = 'msiam_access' + $approle.DisplayName = 'msiam_access' + $approle.Id = '643985ce-3eaf-4a67-9550-ecca25cb6814' + $approle.Value = 'Application' + $approle.IsEnabled = $true + + # Assign approles to existing applictaion + $global:AppUpdate = Set-EntraApplication -ObjectId $newApp.Id -AppRoles $approle + + # Retrive new application and verifying AppRoles + $updatedApp = Get-EntraApplication -ObjectId $newApp.Id + $updatedApp.AppRoles.DisplayName | Should -Be 'msiam_access' + $updatedApp.AppRoles.Id | Should -Be '643985ce-3eaf-4a67-9550-ecca25cb6814' + $updatedApp.AppRoles.Value | Should -Be 'Application' + } + It "Scen6: Assign user and groups to the newly created Service Principal and set right AppRole to it" { + $global:existUser = Get-EntraUser -Top 1 + # write-host "existUser" $existUser.Id + $global:existGroup = Get-EntraGroup -Top 1 + # write-host "servicePrincipalObjectId" $servicePrincipalObjectId + # Add user to group + $userToServicePrincipal = Add-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -RefObjectId $existUser.ObjectId + $PrincipalOwners= Get-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId | ConvertTo-json | ConvertFrom-json + $PrincipalOwners.Id | Should -Contain $existUser.Id + # $userToServicePrincipal = Add-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -RefObjectId $existGroup.ObjectId + + + # Add group to service pricipal + # $GrpToServicePrincipal = Add-EntraGroupMember -ObjectId $existGroup.ObjectId -RefObjectId $servicePrincipalObjectId + # $A = Get-EntraGroupMember -ObjectId $existGroup.ObjectId + # $A.Id | should -Contain $servicePrincipalObjectId + + # Set app role to service principal + $existingServicePrincipal = Get-EntraServicePrincipal -ObjectId $servicePrincipalObjectId | ConvertTo-json | ConvertFrom-json + + $global:AppROletoServicePrincipal = New-EntraServiceAppRoleAssignment -ObjectId $existingServicePrincipal.ObjectId -ResourceId $existingServicePrincipal.ObjectId -Id $existingServicePrincipal.AppRoles.Id -PrincipalId $existingServicePrincipal.ObjectId + # Verifying app role assignment + $RoleAssignment = Get-EntraServiceAppRoleAssignment -ObjectId $existingServicePrincipal.ObjectId + $RoleAssignment.AppRoleId | Should -Be $AppROletoServicePrincipal.AppRoleId + } + It "Scen7: Create a new user and add that user to an existing group"{ + # Create new User + $thisTestInstanceId = New-Guid | select -expandproperty guid + $user = 'SimpleTestUser' + $thisTestInstanceId + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser = New-EntraUser -AccountEnabled $true -DisplayName $user -PasswordProfile $PasswordProfile -MailNickName $user -UserPrincipalName "$user@M365x99297270.OnMicrosoft.com" + # write-host "User:" $NewUser.Id + # Retrive existing group + $global:ExistGroup = Get-EntraGroup -top 1 + + # Add Group member + $NewMem = Add-EntraGroupMember -ObjectId $ExistGroup.ObjectId -RefObjectId $NewUser.ObjectId + + # Get group member + $GetMemb = Get-EntraGroupMember -ObjectId $ExistGroup.ObjectId + $GetMemb.Id | Should -Contain $NewUser.Id + + } + It "Scen8:Create a new group and add existing user to that group"{ + # Create new Group + $testGrpName = 'SimpleTestGrp' + $thisTestInstanceId + $global:NewGroup = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" | ConvertTo-json | ConvertFrom-json + # Retrive existing User + $User = Get-EntraUser -top 1 + + # Add group member + $NewMem = Add-EntraGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $User.ObjectId + + # Get group member + $GetMember = Get-EntraGroupMember -ObjectId $NewGroup.ObjectId + $GetMember.Id | Should -Contain $User.Id + + } + It "Scen9: Create a new user and create a new group and add that new user to the new group"{ + + $thisTestInstanceId = New-Guid | select -expandproperty guid + $testGrpName = 'SimpleGroup' + $thisTestInstanceId + $testUserName = 'SimpleTestUser' + $thisTestInstanceId + # Create new User + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser1 = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" + # write-host "User1:" $NewUser1.Id + # Create new Group + $global:NewGroup1 = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" | ConvertTo-json | ConvertFrom-json + + # Add group member + $NewMem = Add-EntraGroupMember -ObjectId $NewGroup1.ObjectId -RefObjectId $NewUser1.ObjectId + + # Get group member + # $GetMember = Get-EntraGroupMember -ObjectId $NewGroup1.ObjectId + # $GetMember.Id | Should -Be $NewUser1.Id + + } + It "Scen10: Create a new user and add the user to the newly created group and check that user is Member of the group"{ + + $thisTestInstanceId = New-Guid | select -expandproperty guid + $testGrpName = 'SimpleGroup' + $thisTestInstanceId + $testUserName = 'SimpleTestUser' + $thisTestInstanceId + # Create new User + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser2 = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" + # write-host "User2:" $NewUser2.Id + # Create new Group + $global:NewGroup2 = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" | ConvertTo-json | ConvertFrom-json + + # Add group member + $NewMem = Add-EntraGroupMember -ObjectId $NewGroup2.ObjectId -RefObjectId $NewUser2.ObjectId + + # User is member of the new group + $GetMember = Get-EntraGroupMember -ObjectId $NewGroup2.ObjectId + $GetMember.Id | Should -Be $NewUser2.Id + } + It "Scen11: Create a new user and assign that user to the existing Service Principal"{ + # Create new User + $thisTestInstanceId = New-Guid | select -expandproperty guid + $Tuser = 'SimpleTestUser' + $thisTestInstanceId + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser3 = New-EntraUser -AccountEnabled $true -DisplayName $Tuser -PasswordProfile $PasswordProfile -MailNickName $Tuser -UserPrincipalName "$Tuser@M365x99297270.OnMicrosoft.com" + $NewOwner= Add-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -RefObjectId $NewUser3.ObjectId + + # Get group member + $GetOwner = Get-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId + $GetOwner.ObjectId | Should -Contain $NewUser3.Id + + } + It "Scen12: Create a new conditional access policy and attach that policy to the Service Principal" { + # Create conditional access policy + $thisTestInstanceId = New-Guid | select -expandproperty guid + $testpolicyName = 'Simplepolicy' + $thisTestInstanceId + + $Condition = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet + $Condition.clientAppTypes = @("mobileAppsAndDesktopClients","browser") + $Condition.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition + $Condition.Applications.IncludeApplications = $NewServicePrincipal.AppId + $Condition.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition + $Condition.Users.IncludeUsers = "all" + + $Controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls + $Controls._Operator = "AND" + $Controls.BuiltInControls = @("mfa") + + $SessionControls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessSessionControls + $ApplicationEnforcedRestrictions = New-Object Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationEnforcedRestrictions + $ApplicationEnforcedRestrictions.IsEnabled = $true + $SessionControls.applicationEnforcedRestrictions = $ApplicationEnforcedRestrictions + + $global:NewConditionalAccessPolicy = New-EntraMSConditionalAccessPolicy -DisplayName $testpolicyName -State enabled -Conditions $Condition -GrantControls $Controls -SessionControls $SessionControls + $result = Get-EntraMSConditionalAccessPolicy -policyid $NewConditionalAccessPolicy.Id + $result.Conditions.Applications.IncludeApplications | should -Be $NewServicePrincipal.AppId + } + # It "Scen13: Create new claims issuance policy and attach that to the Service Principal" { + + # # $global:NewClaimsIssuancePolicy = New-EntraBetaPolicy -Definition $policyDefinition -DisplayName $testpolicyName -Type "ClaimsIssuancePolicy" + # $global:NewClaimsIssuancePolicy = New-EntraBetaPolicy -Definition @('{ "definition": [ "{\"ClaimsMappingPolicy\":{\"Version\":1,\"IncludeBasicClaimSet\":\"true\",\"ClaimsSchema\":[{\"Source\":\"user\",\"ID\":\"userPrincipalName\",\"SAMLClaimType\":\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\"JwtClaimType\":\"upn\"},{\"Source\":\"user\",\"ID\":\"displayName\",\"SAMLClaimType\":\"http://schemas.microsoft.com/identity/claims/displayname\",\"JwtClaimType\":\"name\"}]}}" ], "displayName": "Custom Claims Issuance Policy", "isOrganizationDefault": false }') -DisplayName $testpolicyName -Type "claimsMappingPolicies" -IsOrganizationDefault $false -AlternativeIdentifier "1f587daa-d6fc-433f-88ee-48afa8daebe4" + + # $A = Get-EntraBetaPolicy - + # write-host $A + # # Write-Host "NewClaimsIssuancePolicy" $NewClaimsIssuancePolicy + # write-host "ServicePrincipalID" $servicePrincipalObjectId + + # $ClaimsIssuancePolicyToServicePrincipal = Add-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId -RefObjectId $NewClaimsIssuancePolicy.Id + # # $A = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId + # # write-host "EntraBetaServicePrincipalPolicy" $A + # } + It "Scen14: Remove the policy attached to the existing Service Principal" { + $Policy = Get-EntraBetaPolicy -Top 1 + + # Add existing policy to service principal + Add-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId -RefObjectId $Policy.Id + $policyOfservicePrincipal = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId + + # Remove policy attached to existing service principal + Remove-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId -PolicyId $policyOfservicePrincipal.Id + $retrivePolicy = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId + $retrivePolicy.Id | should -Not -Contain $Policy.Id + + } + + AfterAll { + + # Remove-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId -PolicyId $NewClaimsIssuancePolicy.Id + # Remove-EntraMSConditionalAccessPolicy -PolicyId $NewClaimsIssuancePolicy.Id + Remove-EntraMSConditionalAccessPolicy -PolicyId $NewConditionalAccessPolicy.Id + Remove-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -OwnerId $NewUser3.ObjectId + Remove-EntraUser -ObjectId $NewUser3.ObjectId | Out-Null + + Remove-EntraGroupMember -ObjectId $NewGroup2.ObjectId -MemberId $NewUser2.ObjectId + Remove-EntraGroup -ObjectId $NewGroup2.ObjectId | Out-Null + Remove-EntraUser -ObjectId $NewUser2.ObjectId | Out-Null + + Remove-EntraGroupMember -ObjectId $NewGroup1.ObjectId -MemberId $NewUser1.ObjectId + Remove-EntraUser -ObjectId $NewUser1.ObjectId | Out-Null + Remove-EntraGroup -ObjectId $NewGroup1.ObjectId | Out-Null + + Remove-EntraGroupMember -ObjectId $ExistGroup.ObjectId -MemberId $NewUser.ObjectId + Remove-EntraUser -ObjectId $NewUser.ObjectId | Out-Null + Remove-EntraGroup -ObjectId $NewGroup.ObjectId | Out-Null + + # Scenario 6 + + Remove-EntraServiceAppRoleAssignment -ObjectId $servicePrincipalObjectId -AppRoleAssignmentId $AppROletoServicePrincipal.Id + # Remove-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -OwnerId $existGroup.ObjectId + Remove-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -OwnerId $existUser.ObjectId + # Remove-EntraGroupMember -ObjectId $existGroup.ObjectId -MemberId $servicePrincipalObjectId + + # Remove-EntraGroupMember -ObjectId $NewGroup.ObjectId -MemberId $User.ObjectId + Remove-EntraServicePrincipal -ObjectId $NewServicePrincipal.ObjectId + Remove-EntraApplication -ObjectId $newApp.Id | Out-Null + + # foreach ($app in (Get-EntraUser -SearchString "SimpleTestUser")) { + # write-host $app.ObjectId + # Remove-EntraUser -ObjectId $app.ObjectId | Out-Null + # } + + } + + } +} diff --git a/test/module/Entra/Integration/setenv.ps1 b/test/module/Entra/Integration/setenv.ps1 new file mode 100644 index 0000000000..f29697816a --- /dev/null +++ b/test/module/Entra/Integration/setenv.ps1 @@ -0,0 +1,3 @@ +$env:TEST_APPID = "8886ad7b-1795-4542-9808-c85859d97f23" +$env:TEST_TENANTID = "d5aec55f-2d12-4442-8d2f-ccca95d4390e" +$env:CERTIFICATETHUMBPRINT = "305D4F33E153980E2451F6E068426FC2BCAF683E" From 570f88b7e29ca807a2fd77cf13b35e9ddc11cb34 Mon Sep 17 00:00:00 2001 From: Ashwini Karke Date: Tue, 27 Aug 2024 13:01:17 +0530 Subject: [PATCH 02/20] added Integration Testing --- .../Entra/Integration/Scenario1.Tests.ps1 | 401 ++++++++---------- .../Entra/Integration/Scenario2.Tests.ps1 | 92 ++++ .../EntraBeta/Integration/Scenario1.Tests.ps1 | 237 +++++++++++ .../EntraBeta/Integration/Scenario2.Tests.ps1 | 92 ++++ test/module/EntraBeta/Integration/setenv.ps1 | 3 + 5 files changed, 602 insertions(+), 223 deletions(-) create mode 100644 test/module/Entra/Integration/Scenario2.Tests.ps1 create mode 100644 test/module/EntraBeta/Integration/Scenario1.Tests.ps1 create mode 100644 test/module/EntraBeta/Integration/Scenario2.Tests.ps1 create mode 100644 test/module/EntraBeta/Integration/setenv.ps1 diff --git a/test/module/Entra/Integration/Scenario1.Tests.ps1 b/test/module/Entra/Integration/Scenario1.Tests.ps1 index d8d078a6a8..f74fc28c0f 100644 --- a/test/module/Entra/Integration/Scenario1.Tests.ps1 +++ b/test/module/Entra/Integration/Scenario1.Tests.ps1 @@ -1,283 +1,238 @@ -Describe "The Get-EntraApplication command executing unmocked" { - - Context "When creating applications" { - BeforeAll { - $testReportPath = join-path $psscriptroot "\setenv.ps1" - Import-Module -Name $testReportPath - $appId = $env:TEST_APPID - $tenantId = $env:TEST_TENANTID - $cert = $env:CERTIFICATETHUMBPRINT - Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert +BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert +} +Describe "Integration Testing" { - - } - It "Scen1: Creating Applications and attaching secrets to that newly created application " { - # Create New application - $thisTestInstanceId = New-Guid | select -expandproperty guid + Context "Scen1: Creating Applications and attaching secrets to that newly created application"{ + It "Creating New Application"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid $global:testAppName = 'SimpleTestApp' + $thisTestInstanceId - $global:newApp = New-EntraApplication -DisplayName $testAppName -AvailableToOtherTenants $true -ReplyUrls @("https://yourapp.com") + $global:newApp = New-EntraApplication -DisplayName $testAppName $newApp.DisplayName | Should -Be $testAppName - - $Result = New-EntraApplicationPasswordCredential -ObjectId $newApp.Id -CustomKeyIdentifier "MySecret" - - # Retrive application password credentials and verify keyId is present or not - # $Result1 = Get-EntraApplicationPasswordCredential -ObjectId $newApp.Id - # $Result1.KeyId | Should -be $Result.KeyId - - # Retrive new created application + } + It "Attaching a Secret to the Application"{ + $global:Result = New-EntraApplicationPasswordCredential -ObjectId $newApp.Id -CustomKeyIdentifier "MySecret" + } + It "Verification of Application Creation"{ $global:application = Get-EntraApplication -ObjectId $newApp.Id - - # verify keyId + $application.DisplayName | Should -Be $testAppName + } + It "Verification of Attached Secret"{ $application.PasswordCredentials.KeyId | Should -be $Result.KeyId } - It "Scen3: Create Service Principal to the newly created application" { - - # Create service Principal for new application - $global:NewServicePrincipal = New-EntraServicePrincipal -AppId $application.AppId -AppRoleAssignmentRequired $true - - # store service principal objectId - $global:servicePrincipalObjectId = $NewServicePrincipal.ObjectId - - # Get created service principal - $ServicePrincipal = Get-EntraServicePrincipal -ObjectId $servicePrincipalObjectId - $ServicePrincipal.AppId | Should -Be $application.AppId - + } + Context "Scen3: Create Service Principal to the newly created application"{ + It "Creation of the Service Principal"{ + $global:newServicePrincipal = New-EntraServicePrincipal -AppId $newApp.AppId + $newServicePrincipal.AppId | Should -Be $application.AppId } - It "Scen4: Configure App ID URI and Redirect URIs on the newly created application" { - - # configure application fot ID URI - $configureApp = Set-EntraApplication -ObjectId $newApp.Id -IdentifierUris @("IdM365x992972766.onmicrosoft.com") -ReplyUrls "https://contoso.com" - - # Retrive new application and verifying ID URI + } + Context "Scen2: Create Gallery application and setup PreferredSingleSignOn Mode to the application"{ + It "Setting PreferredSingleSignOn Mode to the application"{ + Set-EntraServicePrincipal -ObjectId $newServicePrincipal.ObjectId -PreferredSingleSignOnMode 'password' + } + It "Verification of ServicePricipal Creation and Updated PreferredSingleSignOn"{ + $global:servicePrincipal= Get-EntraServicePrincipal -ObjectId $newServicePrincipal.ObjectId + $servicePrincipal.DisplayName | Should -Be $testAppName + $servicePrincipal.PreferredSingleSignOnMode | Should -Be 'password' + } + } + Context "Scen4: Configure App ID URI and Redirect URIs on the newly created application"{ + It "Configuring the App ID URI and Redirect URI"{ + Set-EntraApplication -ObjectId $newApp.Id -IdentifierUris @("IdM365x992972766.onmicrosoft.com") -Web @{RedirectUris = 'https://contoso.com'} + } + It "Verifying the App ID URI configuration and Redirect URI"{ $updatedApp = Get-EntraApplication -ObjectId $newApp.Id | ConvertTo-json | ConvertFrom-json $updatedApp.IdentifierUris | Should -Be "IdM365x992972766.onmicrosoft.com" $updatedApp.Web.RedirectUris | Should -Be "https://contoso.com" } - It "Scen5: Create AppRoles to the Application" { - - # create approles - $types += 'User' - $approle = New-Object Microsoft.Open.AzureAD.Model.AppRole + } + Context "Scen5: Create AppRoles to the Application"{ + It "Create Approles"{ + $types = @() + $types += 'Application' + $approle = New-Object Microsoft.Open.MSGraph.Model.AppRole $approle.AllowedMemberTypes = $types $approle.Description = 'msiam_access' $approle.DisplayName = 'msiam_access' $approle.Id = '643985ce-3eaf-4a67-9550-ecca25cb6814' $approle.Value = 'Application' $approle.IsEnabled = $true + $approle.Origin = "Application" # Assign approles to existing applictaion $global:AppUpdate = Set-EntraApplication -ObjectId $newApp.Id -AppRoles $approle - - # Retrive new application and verifying AppRoles - $updatedApp = Get-EntraApplication -ObjectId $newApp.Id + } + It "Verification of created Approles"{ + $global:updatedApp = Get-EntraApplication -ObjectId $newApp.Id $updatedApp.AppRoles.DisplayName | Should -Be 'msiam_access' $updatedApp.AppRoles.Id | Should -Be '643985ce-3eaf-4a67-9550-ecca25cb6814' $updatedApp.AppRoles.Value | Should -Be 'Application' } - It "Scen6: Assign user and groups to the newly created Service Principal and set right AppRole to it" { + } + Context "Scen6: Assign user and groups to the newly created Service Principal and set right AppRole to it"{ + It "Assigning users to the Service Principal and setting the correct AppRole for the Service Principal"{ $global:existUser = Get-EntraUser -Top 1 - # write-host "existUser" $existUser.Id - $global:existGroup = Get-EntraGroup -Top 1 - # write-host "servicePrincipalObjectId" $servicePrincipalObjectId - # Add user to group - $userToServicePrincipal = Add-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -RefObjectId $existUser.ObjectId - $PrincipalOwners= Get-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId | ConvertTo-json | ConvertFrom-json - $PrincipalOwners.Id | Should -Contain $existUser.Id - # $userToServicePrincipal = Add-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -RefObjectId $existGroup.ObjectId - + Add-EntraServicePrincipalOwner -ObjectId $servicePrincipal.Id -RefObjectId $existUser.Id - # Add group to service pricipal - # $GrpToServicePrincipal = Add-EntraGroupMember -ObjectId $existGroup.ObjectId -RefObjectId $servicePrincipalObjectId - # $A = Get-EntraGroupMember -ObjectId $existGroup.ObjectId - # $A.Id | should -Contain $servicePrincipalObjectId + $global:AppRoletoServicePrincipal = New-EntraServiceAppRoleAssignment -ObjectId $servicePrincipal.Id -ResourceId $servicePrincipal.Id -Id $updatedApp.AppRoles.Id -PrincipalId $existUser.ObjectId + } + It "Verification of assigned group to service principal"{ + $PrincipalOwners= Get-EntraServicePrincipalOwner -ObjectId $servicePrincipal.Id + $PrincipalOwners.Id | Should -Contain $existUser.Id - # Set app role to service principal - $existingServicePrincipal = Get-EntraServicePrincipal -ObjectId $servicePrincipalObjectId | ConvertTo-json | ConvertFrom-json - - $global:AppROletoServicePrincipal = New-EntraServiceAppRoleAssignment -ObjectId $existingServicePrincipal.ObjectId -ResourceId $existingServicePrincipal.ObjectId -Id $existingServicePrincipal.AppRoles.Id -PrincipalId $existingServicePrincipal.ObjectId - # Verifying app role assignment - $RoleAssignment = Get-EntraServiceAppRoleAssignment -ObjectId $existingServicePrincipal.ObjectId - $RoleAssignment.AppRoleId | Should -Be $AppROletoServicePrincipal.AppRoleId - } - It "Scen7: Create a new user and add that user to an existing group"{ - # Create new User - $thisTestInstanceId = New-Guid | select -expandproperty guid - $user = 'SimpleTestUser' + $thisTestInstanceId + $RoleAssignment = Get-EntraServiceAppRoleAssignment -ObjectId $servicePrincipal.Id + $RoleAssignment.AppRoleId | Should -Be $AppRoletoServicePrincipal.AppRoleId + } + } + Context "Scen7: Create a new user and add that user to an existing group"{ + It "Creating the user"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $user = 'SimpleTestUserss' + $thisTestInstanceId $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = "Pass@1234" $global:NewUser = New-EntraUser -AccountEnabled $true -DisplayName $user -PasswordProfile $PasswordProfile -MailNickName $user -UserPrincipalName "$user@M365x99297270.OnMicrosoft.com" - # write-host "User:" $NewUser.Id - # Retrive existing group + } + It "Adding the user to an existing group"{ $global:ExistGroup = Get-EntraGroup -top 1 - - # Add Group member - $NewMem = Add-EntraGroupMember -ObjectId $ExistGroup.ObjectId -RefObjectId $NewUser.ObjectId - - # Get group member + Add-EntraGroupMember -ObjectId $ExistGroup.ObjectId -RefObjectId $NewUser.ObjectId + } + It "Verification of new user's addition to the existing group"{ $GetMemb = Get-EntraGroupMember -ObjectId $ExistGroup.ObjectId $GetMemb.Id | Should -Contain $NewUser.Id - } - It "Scen8:Create a new group and add existing user to that group"{ - # Create new Group - $testGrpName = 'SimpleTestGrp' + $thisTestInstanceId - $global:NewGroup = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" | ConvertTo-json | ConvertFrom-json - # Retrive existing User + } + Context "Scen8:Create a new group and add existing user to that group"{ + It "Creating a new Group"{ + $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId + $global:NewGroup = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" + } + It "Adding existing user to new group"{ + $User = Get-EntraUser -top 1 + Add-EntraGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $User.ObjectId + } + It "Verification of exixting user's addition to the new group"{ $User = Get-EntraUser -top 1 - - # Add group member - $NewMem = Add-EntraGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $User.ObjectId - - # Get group member $GetMember = Get-EntraGroupMember -ObjectId $NewGroup.ObjectId $GetMember.Id | Should -Contain $User.Id - } - It "Scen9: Create a new user and create a new group and add that new user to the new group"{ - - $thisTestInstanceId = New-Guid | select -expandproperty guid - $testGrpName = 'SimpleGroup' + $thisTestInstanceId - $testUserName = 'SimpleTestUser' + $thisTestInstanceId + } + Context "Scen9: Create a new user and create a new group and add that new user to the new group"{ + It "Creating a new user and group"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $testUserName = 'SimpleTestUsers' + $thisTestInstanceId # Create new User $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = "Pass@1234" $global:NewUser1 = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" - # write-host "User1:" $NewUser1.Id - # Create new Group - $global:NewGroup1 = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" | ConvertTo-json | ConvertFrom-json - - # Add group member - $NewMem = Add-EntraGroupMember -ObjectId $NewGroup1.ObjectId -RefObjectId $NewUser1.ObjectId - - # Get group member - # $GetMember = Get-EntraGroupMember -ObjectId $NewGroup1.ObjectId - # $GetMember.Id | Should -Be $NewUser1.Id + $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId + $global:NewGroup1 = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" } - It "Scen10: Create a new user and add the user to the newly created group and check that user is Member of the group"{ - - $thisTestInstanceId = New-Guid | select -expandproperty guid - $testGrpName = 'SimpleGroup' + $thisTestInstanceId - $testUserName = 'SimpleTestUser' + $thisTestInstanceId + It "Adding New User to New group"{ + Add-EntraGroupMember -ObjectId $NewGroup1.ObjectId -RefObjectId $NewUser1.ObjectId + } + } + Context "Scen10: Create a new user and add the user to the newly created group and check that user is Member of the group"{ + It "Creating a new user and group"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $testUserName = 'SimpleTestUsers' + $thisTestInstanceId # Create new User $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = "Pass@1234" $global:NewUser2 = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" - # write-host "User2:" $NewUser2.Id - # Create new Group - $global:NewGroup2 = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" | ConvertTo-json | ConvertFrom-json - # Add group member - $NewMem = Add-EntraGroupMember -ObjectId $NewGroup2.ObjectId -RefObjectId $NewUser2.ObjectId - - # User is member of the new group - $GetMember = Get-EntraGroupMember -ObjectId $NewGroup2.ObjectId - $GetMember.Id | Should -Be $NewUser2.Id + $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId + $global:NewGroup2 = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" } - It "Scen11: Create a new user and assign that user to the existing Service Principal"{ - # Create new User - $thisTestInstanceId = New-Guid | select -expandproperty guid - $Tuser = 'SimpleTestUser' + $thisTestInstanceId + It "Adding New User to New group"{ + Add-EntraGroupMember -ObjectId $NewGroup2.ObjectId -RefObjectId $NewUser2.ObjectId + } + It "Verification of User is Member of the group"{ + $GetMember = Get-EntraUserMembership -ObjectId $NewUser2.Id + $GetMember.Id | Should -Contain $NewGroup2.Id + } + } + Context "Scen11: Create a new user and assign that user to the existing Service Principal"{ + It "Creating a new user and assign that user to the existing Service Principal"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $Tuser = 'SimpleTestUsers' + $thisTestInstanceId $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = "Pass@1234" $global:NewUser3 = New-EntraUser -AccountEnabled $true -DisplayName $Tuser -PasswordProfile $PasswordProfile -MailNickName $Tuser -UserPrincipalName "$Tuser@M365x99297270.OnMicrosoft.com" - $NewOwner= Add-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -RefObjectId $NewUser3.ObjectId - - # Get group member - $GetOwner = Get-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId - $GetOwner.ObjectId | Should -Contain $NewUser3.Id - + Add-EntraServicePrincipalOwner -ObjectId $servicePrincipal.Id -RefObjectId $NewUser3.Id } - It "Scen12: Create a new conditional access policy and attach that policy to the Service Principal" { - # Create conditional access policy - $thisTestInstanceId = New-Guid | select -expandproperty guid + It "Verfication of assigned User"{ + $GetOwner = Get-EntraServicePrincipalOwner -ObjectId $servicePrincipal.Id + $GetOwner.Id | Should -Contain $NewUser3.Id + } + } + # Context "Scen12: Create a new conditional access policy and attach that policy to the Service Principal"{ + # It "Creating a new conditional access policy and attach that policy to the Service Principal"{ + # $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + # $testpolicyName = 'Simplepolicy' + $thisTestInstanceId + + # $Condition = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet + # $Condition.clientAppTypes = @("mobileAppsAndDesktopClients","browser") + # $Condition.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition + # $Condition.Applications.IncludeApplications = $NewServicePrincipal.AppId + # $Condition.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition + # $Condition.Users.IncludeUsers = "all" + + # $Controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls + # $Controls._Operator = "AND" + # $Controls.BuiltInControls = @("mfa") + + # $SessionControls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessSessionControls + # $ApplicationEnforcedRestrictions = New-Object Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationEnforcedRestrictions + # $ApplicationEnforcedRestrictions.IsEnabled = $true + # $SessionControls.applicationEnforcedRestrictions = $ApplicationEnforcedRestrictions + + # $global:NewConditionalAccessPolicy = New-EntraConditionalAccessPolicy -DisplayName $testpolicyName -State enabled -Conditions $Condition -GrantControls $Controls -SessionControls $SessionControls + # } + # It "Verification of attached policy"{ + # $result = Get-EntraConditionalAccessPolicy -policyid $NewConditionalAccessPolicy.Id + # $result.Conditions.Applications.IncludeApplications | should -Be $NewServicePrincipal.AppId + # } + # } + Context "Scen13: Create new claims issuance policy and attach that to the Service Principal"{ + It "Creating policy"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid $testpolicyName = 'Simplepolicy' + $thisTestInstanceId - - $Condition = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet - $Condition.clientAppTypes = @("mobileAppsAndDesktopClients","browser") - $Condition.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition - $Condition.Applications.IncludeApplications = $NewServicePrincipal.AppId - $Condition.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition - $Condition.Users.IncludeUsers = "all" - - $Controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls - $Controls._Operator = "AND" - $Controls.BuiltInControls = @("mfa") - - $SessionControls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessSessionControls - $ApplicationEnforcedRestrictions = New-Object Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationEnforcedRestrictions - $ApplicationEnforcedRestrictions.IsEnabled = $true - $SessionControls.applicationEnforcedRestrictions = $ApplicationEnforcedRestrictions - - $global:NewConditionalAccessPolicy = New-EntraMSConditionalAccessPolicy -DisplayName $testpolicyName -State enabled -Conditions $Condition -GrantControls $Controls -SessionControls $SessionControls - $result = Get-EntraMSConditionalAccessPolicy -policyid $NewConditionalAccessPolicy.Id - $result.Conditions.Applications.IncludeApplications | should -Be $NewServicePrincipal.AppId - } - # It "Scen13: Create new claims issuance policy and attach that to the Service Principal" { - - # # $global:NewClaimsIssuancePolicy = New-EntraBetaPolicy -Definition $policyDefinition -DisplayName $testpolicyName -Type "ClaimsIssuancePolicy" - # $global:NewClaimsIssuancePolicy = New-EntraBetaPolicy -Definition @('{ "definition": [ "{\"ClaimsMappingPolicy\":{\"Version\":1,\"IncludeBasicClaimSet\":\"true\",\"ClaimsSchema\":[{\"Source\":\"user\",\"ID\":\"userPrincipalName\",\"SAMLClaimType\":\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\"JwtClaimType\":\"upn\"},{\"Source\":\"user\",\"ID\":\"displayName\",\"SAMLClaimType\":\"http://schemas.microsoft.com/identity/claims/displayname\",\"JwtClaimType\":\"name\"}]}}" ], "displayName": "Custom Claims Issuance Policy", "isOrganizationDefault": false }') -DisplayName $testpolicyName -Type "claimsMappingPolicies" -IsOrganizationDefault $false -AlternativeIdentifier "1f587daa-d6fc-433f-88ee-48afa8daebe4" - - # $A = Get-EntraBetaPolicy - - # write-host $A - # # Write-Host "NewClaimsIssuancePolicy" $NewClaimsIssuancePolicy - # write-host "ServicePrincipalID" $servicePrincipalObjectId - - # $ClaimsIssuancePolicyToServicePrincipal = Add-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId -RefObjectId $NewClaimsIssuancePolicy.Id - # # $A = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId - # # write-host "EntraBetaServicePrincipalPolicy" $A - # } - It "Scen14: Remove the policy attached to the existing Service Principal" { - $Policy = Get-EntraBetaPolicy -Top 1 - - # Add existing policy to service principal - Add-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId -RefObjectId $Policy.Id - $policyOfservicePrincipal = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId - - # Remove policy attached to existing service principal - Remove-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId -PolicyId $policyOfservicePrincipal.Id - $retrivePolicy = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId - $retrivePolicy.Id | should -Not -Contain $Policy.Id - + $global:NewPolicy = New-EntraPolicy -Definition @('{ "definition": [ "{\"ClaimsMappingPolicy\":{\"Version\":1,\"IncludeBasicClaimSet\":\"true\",\"ClaimsSchema\":[{\"Source\":\"user\",\"ID\":\"userPrincipalName\",\"SAMLClaimType\":\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\"JwtClaimType\":\"upn\"},{\"Source\":\"user\",\"ID\":\"displayName\",\"SAMLClaimType\":\"http://schemas.microsoft.com/identity/claims/displayname\",\"JwtClaimType\":\"name\"}]}}" ], "displayName": "Custom Claims Issuance Policy", "isOrganizationDefault": false }') -DisplayName $testpolicyName -Type "claimsMappingPolicies" -IsOrganizationDefault $false } - - AfterAll { - - # Remove-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId -PolicyId $NewClaimsIssuancePolicy.Id - # Remove-EntraMSConditionalAccessPolicy -PolicyId $NewClaimsIssuancePolicy.Id - Remove-EntraMSConditionalAccessPolicy -PolicyId $NewConditionalAccessPolicy.Id - Remove-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -OwnerId $NewUser3.ObjectId - Remove-EntraUser -ObjectId $NewUser3.ObjectId | Out-Null - - Remove-EntraGroupMember -ObjectId $NewGroup2.ObjectId -MemberId $NewUser2.ObjectId - Remove-EntraGroup -ObjectId $NewGroup2.ObjectId | Out-Null - Remove-EntraUser -ObjectId $NewUser2.ObjectId | Out-Null - - Remove-EntraGroupMember -ObjectId $NewGroup1.ObjectId -MemberId $NewUser1.ObjectId - Remove-EntraUser -ObjectId $NewUser1.ObjectId | Out-Null - Remove-EntraGroup -ObjectId $NewGroup1.ObjectId | Out-Null - - Remove-EntraGroupMember -ObjectId $ExistGroup.ObjectId -MemberId $NewUser.ObjectId - Remove-EntraUser -ObjectId $NewUser.ObjectId | Out-Null - Remove-EntraGroup -ObjectId $NewGroup.ObjectId | Out-Null - - # Scenario 6 - - Remove-EntraServiceAppRoleAssignment -ObjectId $servicePrincipalObjectId -AppRoleAssignmentId $AppROletoServicePrincipal.Id - # Remove-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -OwnerId $existGroup.ObjectId - Remove-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -OwnerId $existUser.ObjectId - # Remove-EntraGroupMember -ObjectId $existGroup.ObjectId -MemberId $servicePrincipalObjectId - - # Remove-EntraGroupMember -ObjectId $NewGroup.ObjectId -MemberId $User.ObjectId - Remove-EntraServicePrincipal -ObjectId $NewServicePrincipal.ObjectId - Remove-EntraApplication -ObjectId $newApp.Id | Out-Null - - # foreach ($app in (Get-EntraUser -SearchString "SimpleTestUser")) { - # write-host $app.ObjectId - # Remove-EntraUser -ObjectId $app.ObjectId | Out-Null - # } - + It "Attaching Policy to service principal"{ + Add-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id -RefObjectId $NewPolicy.Id + } + It "Verification of added policy to service principal"{ + $result = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id + $result.Id | should -Contain $NewPolicy.Id + } + } + Context "Scene14: Remove the policy attached to the existing Service Principal"{ + It "Removing the policy attached"{ + Remove-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id -PolicyId $NewPolicy.Id + $retrivePolicy = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id + $retrivePolicy.Id | should -Not -Contain $NewPolicy.Id } + } + AfterAll { + foreach ($app in (Get-EntraApplication -SearchString "SimpleTestApp")) { + Remove-EntraApplication -ObjectId $app.Id | Out-Null + } + foreach ($user in (Get-EntraUser -SearchString "SimpleTestUsers")) { + Remove-EntraUser -ObjectId $user.Id | Out-Null + } + foreach ($group in (Get-EntraGroup -SearchString "SimpleTestGroup")) { + Remove-EntraGroup -ObjectId $group.Id | Out-Null + } + # Remove-EntraConditionalAccessPolicy -PolicyId $NewConditionalAccessPolicy.Id + Remove-EntraPolicy -Id $NewPolicy.Id } } diff --git a/test/module/Entra/Integration/Scenario2.Tests.ps1 b/test/module/Entra/Integration/Scenario2.Tests.ps1 new file mode 100644 index 0000000000..b79a46f242 --- /dev/null +++ b/test/module/Entra/Integration/Scenario2.Tests.ps1 @@ -0,0 +1,92 @@ +BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert +} +Describe "Integration Testing" { + + Context "Scen1: Assign Entra roles including assign roles with different scopes"{ + It "Get user and role"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $testUserName = 'SimpleTestUsers' + $thisTestInstanceId + # Create new User + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" + + $global:role = Get-EntraDirectoryRole | Where-Object {$_.DisplayName -eq "Application Administrator"} + } + It "Assign Entra roles"{ + $scope = "/" + # Assign the role to the user with the defined scope + $params = @{ + RoleDefinitionId = $role.Id + PrincipalId = $NewUser.Id + DirectoryScopeId = $scope + } + $global:newRole=New-EntraRoleAssignment @params + } + It "Verification of assigned role Creation"{ + $global:assignedRole = Get-EntraRoleAssignment -Filter "PrincipalId eq '$($NewUser.Id)'" + $assignedRole.Id | Should -Be $newRole.Id + } + } + Context "Create custom roles"{ + It "Creating custom roles"{ + $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission + $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") + $params = @{ + RolePermissions = $RolePermissions + IsEnabled = $false + DisplayName = 'SimpleTestRoleDefinition' + ResourceScopes = '/' + } + $global:customRole=New-EntraRoleDefinition @params + } + It "Verification of custom role created"{ + $global:getRole = Get-EntraRoleDefinition -Filter "DisplayName eq 'SimpleTestRoleDefinition'" + $getRole.Id | Should -Contain $customRole.Id + } + } + Context "Add or deactivate custom security attribute definitions in Microsoft Entra ID"{ + It "Adding custom security attribute definitions"{ + $thisTestInstanceId = Get-Random -Minimum 10000 -Maximum 100000 + $testName = 'TestDefinition' + $thisTestInstanceId + $AttributeSet = Get-EntraAttributeSet -Id 'Testing' + $params = @{ + Name = $testName + Description = 'Target completion' + Type = 'String' + Status = 'Available' + AttributeSet = $AttributeSet.Id + IsCollection = $False + IsSearchable = $True + UsePreDefinedValuesOnly = $True + } + $global:Definition = New-EntraCustomSecurityAttributeDefinition @params + } + It "Deactivate custom security attribute definition"{ + $params = @{ + Id = $Definition.Id + Description = 'Target completion' + Status = 'Deprecated' + } + Set-EntraCustomSecurityAttributeDefinition @params + } + It "Verification of deactivation of custom security attribute definition"{ + $global:getDefinition = Get-EntraCustomSecurityAttributeDefinition -Id $Definition.Id + $getDefinition.Status | Should -Be 'Deprecated' + } + } + AfterAll { + Remove-EntraRoleAssignment -Id $assignedRole.Id + foreach ($user in (Get-EntraUser -SearchString "SimpleTestUsers")) { + Remove-EntraUser -ObjectId $user.Id | Out-Null + } + Remove-EntraRoleDefinition -Id $getRole.Id + + } +} diff --git a/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 b/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 new file mode 100644 index 0000000000..0febeb5af8 --- /dev/null +++ b/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 @@ -0,0 +1,237 @@ +BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert +} +Describe "Integration Testing" { + + Context "Scen1: Creating Applications and attaching secrets to that newly created application"{ + It "Creating New Application"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $global:testAppName = 'SimpleTestApp' + $thisTestInstanceId + $global:newApp = New-EntraBetaApplication -DisplayName $testAppName + $newApp.DisplayName | Should -Be $testAppName + } + It "Attaching a Secret to the Application"{ + $global:Result = New-EntraBetaApplicationPasswordCredential -ObjectId $newApp.Id -CustomKeyIdentifier "MySecret" + } + It "Verification of Application Creation"{ + $global:application = Get-EntraBetaApplication -ObjectId $newApp.Id + $application.DisplayName | Should -Be $testAppName + } + It "Verification of Attached Secret"{ + $application.PasswordCredentials.KeyId | Should -be $Result.KeyId + } + } + Context "Scen3: Create Service Principal to the newly created application"{ + It "Creation of the Service Principal"{ + $global:newServicePrincipal = New-EntraBetaServicePrincipal -AppId $newApp.AppId + $newServicePrincipal.AppId | Should -Be $application.AppId + } + } + Context "Scen2: Create Gallery application and setup PreferredSingleSignOn Mode to the application"{ + It "Setting PreferredSingleSignOn Mode to the application"{ + Set-EntraBetaServicePrincipal -ObjectId $newServicePrincipal.ObjectId -PreferredSingleSignOnMode 'password' + } + It "Verification of ServicePricipal Creation and Updated PreferredSingleSignOn"{ + $global:servicePrincipal= Get-EntraBetaServicePrincipal -ObjectId $newServicePrincipal.ObjectId + $servicePrincipal.DisplayName | Should -Be $testAppName + $servicePrincipal.PreferredSingleSignOnMode | Should -Be 'password' + } + } + Context "Scen4: Configure App ID URI and Redirect URIs on the newly created application"{ + It "Configuring the App ID URI and Redirect URI"{ + Set-EntraBetaApplication -ObjectId $newApp.Id -IdentifierUris @("IdM365x992972766.onmicrosoft.com") -Web @{RedirectUris = 'https://contoso.com'} + } + It "Verifying the App ID URI configuration and Redirect URI"{ + $updatedApp = Get-EntraBetaApplication -ObjectId $newApp.Id | ConvertTo-json | ConvertFrom-json + $updatedApp.IdentifierUris | Should -Be "IdM365x992972766.onmicrosoft.com" + $updatedApp.Web.RedirectUris | Should -Be "https://contoso.com" + } + } + Context "Scen5: Create AppRoles to the Application"{ + It "Create Approles"{ + $types = @() + $types += 'Application' + $approle = New-Object Microsoft.Open.MSGraph.Model.AppRole + $approle.AllowedMemberTypes = $types + $approle.Description = 'msiam_access' + $approle.DisplayName = 'msiam_access' + $approle.Id = '643985ce-3eaf-4a67-9550-ecca25cb6814' + $approle.Value = 'Application' + $approle.IsEnabled = $true + + # Assign approles to existing applictaion + $global:AppUpdate = Set-EntraBetaApplication -ObjectId $newApp.Id -AppRoles $approle + } + It "Verification of created Approles"{ + $global:updatedApp = Get-EntraBetaApplication -ObjectId $newApp.Id + $updatedApp.AppRoles.DisplayName | Should -Be 'msiam_access' + $updatedApp.AppRoles.Id | Should -Be '643985ce-3eaf-4a67-9550-ecca25cb6814' + $updatedApp.AppRoles.Value | Should -Be 'Application' + } + } + Context "Scen6: Assign user and groups to the newly created Service Principal and set right AppRole to it"{ + It "Assigning users to the Service Principal and setting the correct AppRole for the Service Principal"{ + $global:existUser = Get-EntraBetaUser -Top 1 + Add-EntraBetaServicePrincipalOwner -ObjectId $servicePrincipal.Id -RefObjectId $existUser.Id + + $global:AppRoletoServicePrincipal = New-EntraBetaServiceAppRoleAssignment -ObjectId $servicePrincipal.Id -ResourceId $servicePrincipal.Id -Id $updatedApp.AppRoles.Id -PrincipalId $existUser.ObjectId + } + It "Verification of assigned group to service principal"{ + $PrincipalOwners= Get-EntraBetaServicePrincipalOwner -ObjectId $servicePrincipal.Id + $PrincipalOwners.Id | Should -Contain $existUser.Id + + $RoleAssignment = Get-EntraBetaServiceAppRoleAssignment -ObjectId $servicePrincipal.Id + $RoleAssignment.AppRoleId | Should -Be $AppRoletoServicePrincipal.AppRoleId + } + } + Context "Scen7: Create a new user and add that user to an existing group"{ + It "Creating the user"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $user = 'SimpleTestUserss' + $thisTestInstanceId + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser = New-EntraBetaUser -AccountEnabled $true -DisplayName $user -PasswordProfile $PasswordProfile -MailNickName $user -UserPrincipalName "$user@M365x99297270.OnMicrosoft.com" + } + It "Adding the user to an existing group"{ + $global:ExistGroup = Get-EntraBetaGroup -top 1 + Add-EntraBetaGroupMember -ObjectId $ExistGroup.ObjectId -RefObjectId $NewUser.ObjectId + } + It "Verification of new user's addition to the existing group"{ + $GetMemb = Get-EntraBetaGroupMember -ObjectId $ExistGroup.ObjectId + $GetMemb.Id | Should -Contain $NewUser.Id + } + } + Context "Scen8:Create a new group and add existing user to that group"{ + It "Creating a new Group"{ + $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId + $global:NewGroup = New-EntraBetaGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" + } + It "Adding existing user to new group"{ + $User = Get-EntraBetaUser -top 1 + Add-EntraBetaGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $User.ObjectId + } + It "Verification of exixting user's addition to the new group"{ + $User = Get-EntraBetaUser -top 1 + $GetMember = Get-EntraBetaGroupMember -ObjectId $NewGroup.ObjectId + $GetMember.Id | Should -Contain $User.Id + } + } + Context "Scen9: Create a new user and create a new group and add that new user to the new group"{ + It "Creating a new user and group"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $testUserName = 'SimpleTestUsers' + $thisTestInstanceId + # Create new User + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser1 = New-EntraBetaUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" + + $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId + $global:NewGroup1 = New-EntraBetaGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" + } + It "Adding New User to New group"{ + Add-EntraBetaGroupMember -ObjectId $NewGroup1.ObjectId -RefObjectId $NewUser1.ObjectId + } + } + Context "Scen10: Create a new user and add the user to the newly created group and check that user is Member of the group"{ + It "Creating a new user and group"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $testUserName = 'SimpleTestUsers' + $thisTestInstanceId + # Create new User + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser2 = New-EntraBetaUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" + + $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId + $global:NewGroup2 = New-EntraBetaGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" + } + It "Adding New User to New group"{ + Add-EntraBetaGroupMember -ObjectId $NewGroup2.ObjectId -RefObjectId $NewUser2.ObjectId + } + It "Verification of User is Member of the group"{ + $GetMember = Get-EntraBetaUserMembership -ObjectId $NewUser2.Id + $GetMember.Id | Should -Contain $NewGroup2.Id + } + } + Context "Scen11: Create a new user and assign that user to the existing Service Principal"{ + It "Creating a new user and assign that user to the existing Service Principal"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $Tuser = 'SimpleTestUsers' + $thisTestInstanceId + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser3 = New-EntraBetaUser -AccountEnabled $true -DisplayName $Tuser -PasswordProfile $PasswordProfile -MailNickName $Tuser -UserPrincipalName "$Tuser@M365x99297270.OnMicrosoft.com" + Add-EntraBetaServicePrincipalOwner -ObjectId $servicePrincipal.Id -RefObjectId $NewUser3.Id + } + It "Verfication of assigned User"{ + $GetOwner = Get-EntraBetaServicePrincipalOwner -ObjectId $servicePrincipal.Id + $GetOwner.Id | Should -Contain $NewUser3.Id + } + } + # Context "Scen12: Create a new conditional access policy and attach that policy to the Service Principal"{ + # It "Creating a new conditional access policy and attach that policy to the Service Principal"{ + # $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + # $testpolicyName = 'Simplepolicy' + $thisTestInstanceId + + # $Condition = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet + # $Condition.clientAppTypes = @("mobileAppsAndDesktopClients","browser") + # $Condition.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition + # $Condition.Applications.IncludeApplications = $NewServicePrincipal.AppId + # $Condition.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition + # $Condition.Users.IncludeUsers = "all" + + # $Controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls + # $Controls._Operator = "AND" + # $Controls.BuiltInControls = @("mfa") + + # $SessionControls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessSessionControls + # $ApplicationEnforcedRestrictions = New-Object Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationEnforcedRestrictions + # $ApplicationEnforcedRestrictions.IsEnabled = $true + # $SessionControls.applicationEnforcedRestrictions = $ApplicationEnforcedRestrictions + + # $global:NewConditionalAccessPolicy = New-EntraBetaConditionalAccessPolicy -DisplayName $testpolicyName -State enabled -Conditions $Condition -GrantControls $Controls -SessionControls $SessionControls + # } + # It "Verification of attached policy"{ + # $result = Get-EntraBetaConditionalAccessPolicy -policyid $NewConditionalAccessPolicy.Id + # $result.Conditions.Applications.IncludeApplications | should -Be $NewServicePrincipal.AppId + # } + # } + Context "Scen13: Create new claims issuance policy and attach that to the Service Principal"{ + It "Creating policy"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $testpolicyName = 'Simplepolicy' + $thisTestInstanceId + $global:NewPolicy = New-EntraBetaPolicy -Definition @('{ "definition": [ "{\"ClaimsMappingPolicy\":{\"Version\":1,\"IncludeBasicClaimSet\":\"true\",\"ClaimsSchema\":[{\"Source\":\"user\",\"ID\":\"userPrincipalName\",\"SAMLClaimType\":\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\"JwtClaimType\":\"upn\"},{\"Source\":\"user\",\"ID\":\"displayName\",\"SAMLClaimType\":\"http://schemas.microsoft.com/identity/claims/displayname\",\"JwtClaimType\":\"name\"}]}}" ], "displayName": "Custom Claims Issuance Policy", "isOrganizationDefault": false }') -DisplayName $testpolicyName -Type "claimsMappingPolicies" -IsOrganizationDefault $false + } + It "Attaching Policy to service principal"{ + Add-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id -RefObjectId $NewPolicy.Id + } + It "Verification of added policy to service principal"{ + $result = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id + $result.Id | should -Contain $NewPolicy.Id + } + } + Context "Scene14: Remove the policy attached to the existing Service Principal"{ + It "Removing the policy attached"{ + Remove-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id -PolicyId $NewPolicy.Id + $retrivePolicy = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id + $retrivePolicy.Id | should -Not -Contain $NewPolicy.Id + } + } + + AfterAll { + foreach ($app in (Get-EntraBetaApplication -SearchString "SimpleTestApp")) { + Remove-EntraBetaApplication -ObjectId $app.Id | Out-Null + } + foreach ($user in (Get-EntraBetaUser -SearchString "SimpleTestUsers")) { + Remove-EntraBetaUser -ObjectId $user.Id | Out-Null + } + foreach ($group in (Get-EntraBetaGroup -SearchString "SimpleTestGroup")) { + Remove-EntraBetaGroup -ObjectId $group.Id | Out-Null + } + # Remove-EntraBetaConditionalAccessPolicy -PolicyId $NewConditionalAccessPolicy.Id + Remove-EntraBetaPolicy -Id $NewPolicy.Id + } +} diff --git a/test/module/EntraBeta/Integration/Scenario2.Tests.ps1 b/test/module/EntraBeta/Integration/Scenario2.Tests.ps1 new file mode 100644 index 0000000000..8383bfb241 --- /dev/null +++ b/test/module/EntraBeta/Integration/Scenario2.Tests.ps1 @@ -0,0 +1,92 @@ +BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert +} +Describe "Integration Testing" { + + Context "Scen1: Assign Entra roles including assign roles with different scopes"{ + It "Get user and role"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $testUserName = 'SimpleTestUsers' + $thisTestInstanceId + # Create new User + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser = New-EntraBetaUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" + + $global:role = Get-EntraBetaDirectoryRole | Where-Object {$_.DisplayName -eq "Application Administrator"} + } + It "Assign Entra roles"{ + $scope = "/" + # Assign the role to the user with the defined scope + $params = @{ + RoleDefinitionId = $role.Id + PrincipalId = $NewUser.Id + DirectoryScopeId = $scope + } + $global:newRole=New-EntraBetaRoleAssignment @params + } + It "Verification of assigned role Creation"{ + $global:assignedRole = Get-EntraBetaRoleAssignment -Filter "PrincipalId eq '$($NewUser.Id)'" + $assignedRole.Id | Should -Be $newRole.Id + } + } + Context "Create custom roles"{ + It "Creating custom roles"{ + $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission + $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") + $params = @{ + RolePermissions = $RolePermissions + IsEnabled = $false + DisplayName = 'SimpleTestRoleDefinition' + ResourceScopes = '/' + } + $global:customRole=New-EntraBetaRoleDefinition @params + } + It "Verification of custom role created"{ + $global:getRole = Get-EntraBetaRoleDefinition -Filter "DisplayName eq 'SimpleTestRoleDefinition'" + $getRole.Id | Should -Contain $customRole.Id + } + } + Context "Add or deactivate custom security attribute definitions in Microsoft Entra ID"{ + It "Adding custom security attribute definitions"{ + $thisTestInstanceId = Get-Random -Minimum 10000 -Maximum 100000 + $testName = 'TestDefinition' + $thisTestInstanceId + $AttributeSet = Get-EntraBetaAttributeSet -Id 'Testing' + $params = @{ + Name = $testName + Description = 'Target completion' + Type = 'String' + Status = 'Available' + AttributeSet = $AttributeSet.Id + IsCollection = $False + IsSearchable = $True + UsePreDefinedValuesOnly = $True + } + $global:Definition = New-EntraBetaCustomSecurityAttributeDefinition @params + } + It "Deactivate custom security attribute definition"{ + $params = @{ + Id = $Definition.Id + Description = 'Target completion' + Status = 'Deprecated' + } + Set-EntraBetaCustomSecurityAttributeDefinition @params + } + It "Verification of deactivation of custom security attribute definition"{ + $global:getDefinition = Get-EntraBetaCustomSecurityAttributeDefinition -Id $Definition.Id + $getDefinition.Status | Should -Be 'Deprecated' + } + } + AfterAll { + Remove-EntraBetaRoleAssignment -Id $assignedRole.Id + foreach ($user in (Get-EntraBetaUser -SearchString "SimpleTestUsers")) { + Remove-EntraBetaUser -ObjectId $user.Id | Out-Null + } + Remove-EntraBetaRoleDefinition -Id $getRole.Id + + } +} diff --git a/test/module/EntraBeta/Integration/setenv.ps1 b/test/module/EntraBeta/Integration/setenv.ps1 new file mode 100644 index 0000000000..f29697816a --- /dev/null +++ b/test/module/EntraBeta/Integration/setenv.ps1 @@ -0,0 +1,3 @@ +$env:TEST_APPID = "8886ad7b-1795-4542-9808-c85859d97f23" +$env:TEST_TENANTID = "d5aec55f-2d12-4442-8d2f-ccca95d4390e" +$env:CERTIFICATETHUMBPRINT = "305D4F33E153980E2451F6E068426FC2BCAF683E" From a63161d4432a77d8cbfd68009dde081e91227565 Mon Sep 17 00:00:00 2001 From: Ashwini Karke Date: Fri, 30 Aug 2024 16:22:32 +0530 Subject: [PATCH 03/20] added Integration test cases --- .../Integration/Add-EntraGroupOwner.Tests.ps1 | 66 +++++++++++ ...ntraApplicationExtensionProperty.Tests.ps1 | 59 ++++++++++ .../EntraGroupAppRoleAssignment.Tests.ps1 | 109 ++++++++++++++++++ .../EntraLifecyclePolicyGroup.Tests.ps1 | 91 +++++++++++++++ .../Entra/Integration/Scenario1.Tests.ps1 | 9 +- .../EntraBeta/Integration/Scenario1.Tests.ps1 | 9 +- 6 files changed, 339 insertions(+), 4 deletions(-) create mode 100644 test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 create mode 100644 test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 create mode 100644 test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 create mode 100644 test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 diff --git a/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 b/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 new file mode 100644 index 0000000000..daec4c7fe3 --- /dev/null +++ b/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 @@ -0,0 +1,66 @@ +Describe "The Add-EntraGroupOwner command executing unmocked" { + + Context "When getting user and group" { + BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-MgGraph -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $testName = 'SimpleTests' + $thisTestInstanceId + $testName1 = 'SimpleTests1' + $thisTestInstanceId + + #create test user + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:newUser = New-EntraUser -AccountEnabled $true -DisplayName $testName -PasswordProfile $PasswordProfile -MailNickName $testName -UserPrincipalName $testName"@M365x99297270.OnMicrosoft.com" + + #create test user + $PasswordProfile1 = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile1.Password = "Pass@1234" + $global:newUser1 = New-EntraUser -AccountEnabled $true -DisplayName $testName1 -PasswordProfile $PasswordProfile1 -MailNickName $testName1 -UserPrincipalName $testName1"@M365x99297270.OnMicrosoft.com" + + #create test group + $global:newGroup = New-EntraGroup -DisplayName $testName -MailEnabled $false -SecurityEnabled $true -MailNickName $testName + } + + It "should update the properties of user and group" { + $updatedDisplayName = "SimpleTestsUpdated" + Set-EntraGroup -Id $newGroup.Id -DisplayName $updatedDisplayName + + $result = Get-EntraGroup -ObjectId $newGroup.Id + $result.Id | Should -Contain $newGroup.Id + $result.DisplayName | Should -Contain $updatedDisplayName + + $updatedDisplayNameInCreatedUser = 'SimpleTests1AnotherTestUser' + Set-EntraUser -ObjectId $newUser.Id -Displayname $updatedDisplayNameInCreatedUser + + $updatedUser = Get-EntraUser -ObjectId $newUser.Id + $updatedUser.Id | Should -Be $newUser.Id + $updatedUser.DisplayName | Should -Be $updatedDisplayNameInCreatedUser + + $user1 = Get-EntraUser -ObjectId $newUser1.Id + $user1.Id | Should -Be $newUser1.Id + $user1.DisplayName | Should -Be $testName1 + } + It "Should successfully Adds an owner to a group" { + Add-EntraGroupOwner -ObjectId $newGroup.Id -RefObjectId $newUser.Id + $result = Get-EntraGroupOwner -ObjectId $newGroup.Id + $result.Id | Should -Contain $newUser.Id + + Add-EntraGroupOwner -ObjectId $newGroup.Id -RefObjectId $newUser1.Id + $result1 = Get-EntraGroupOwner -ObjectId $newGroup.Id + $result1.Id | Should -Contain $newUser1.Id + } + + AfterAll { + Remove-EntraGroupOwner -ObjectId $newGroup.Id -OwnerId $newUser.Id + Remove-EntraUser -ObjectId $newUser.Id + Remove-EntraGroup -ObjectId $newGroup.Id + Remove-EntraUser -ObjectId $newUser1.Id + } + } +} \ No newline at end of file diff --git a/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 b/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 new file mode 100644 index 0000000000..cc0d4e5e77 --- /dev/null +++ b/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 @@ -0,0 +1,59 @@ +Describe "The EntraApplicationExtensionProperty command executing unmocked" { + + Context "When getting ApplicationExtensionProperty" { + BeforeAll { + $testReportPath = Join-Path $PSScriptRoot "\setenv.ps1" + Import-Module -Name $testReportPath + + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + + if (-not $appId -or -not $tenantId -or -not $cert) { + throw "Required environment variables are not set." + } + + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $testApplicationName = 'Test Demo Name' + $thisTestInstanceId + $global:newMSApplication = New-EntraApplication -DisplayName $testApplicationName + } + + It "should successfully get an application by display name" { + $application = Get-EntraApplication -Filter "DisplayName eq '$($newMSApplication.DisplayName)'" + $application.ObjectId | Should -Be $newMSApplication.Id + $application.AppId | Should -Be $newMSApplication.AppId + $application.DisplayName | Should -Be $newMSApplication.DisplayName + } + + It "should successfully update a application display name" { + $updatedDisplayName = "Update Application Name" + Set-EntraApplication -ObjectId $newMSApplication.ObjectId -DisplayName $updatedDisplayName + $result = Get-EntraApplication -Filter "AppId eq '$($newMSApplication.AppId)'" + $result.ObjectId | Should -Be $newMSApplication.Id + $result.AppId | Should -Be $newMSApplication.AppId + $result.DisplayName | Should -Be "Update Application Name" + } + + It "should successfully create application extension property" { + $global:newMSApplicationExtensionProperty = New-EntraApplicationExtensionProperty -ObjectId $newMSApplication.Id -DataType "string" -Name "NewAttribute" -TargetObjects "Application" + } + + It "should successfully get application extension property" { + $applicationExtensionProperty = Get-EntraApplicationExtensionProperty -ObjectId $newMSApplication.Id + $applicationExtensionProperty.ObjectId | Should -Be $newMSApplicationExtensionProperty.Id + $applicationExtensionProperty.Name | Should -Be $newMSApplicationExtensionProperty.Name + + } + + AfterAll { + if ($newMSApplicationExtensionProperty) { + Remove-EntraApplicationExtensionProperty -ObjectId $newMSApplication.Id -ExtensionPropertyId $newMSApplicationExtensionProperty.Id | Out-Null + } + if ($newMSApplication) { + Remove-EntraApplication -ObjectId $newMSApplication.Id | Out-Null + } + } + } +} diff --git a/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 b/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 new file mode 100644 index 0000000000..4d3445539b --- /dev/null +++ b/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 @@ -0,0 +1,109 @@ +Describe "The EntraGroupAppRoleAssignment command executing unmocked" { + + Context "When getting GroupAppRoleAssignment" { + BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $global:displayName = 'DemoName' + $thisTestInstanceId + + $global:newGroup = New-EntraGroup -DisplayName $displayName -MailEnabled $false -SecurityEnabled $true -MailNickName $displayName + } + + It "should successfully get a specific group by using an Id" { + $group = Get-EntraGroup -ObjectId $newGroup.Id + $group.Id | Should -Be $newGroup.Id + $group.DisplayName | Should -Be $displayName + } + + It "should successfully update a group display name" { + $global:updatedDisplayName = "Demo Name 2" + Set-EntraGroup -Id $newGroup.Id -DisplayName $updatedDisplayName + $result = Get-EntraGroup -ObjectId $newGroup.Id + $result.Id | Should -Contain $newGroup.Id + } + + It "should successfully create application" { + $types = @() + $types += 'User' + $approle = New-Object Microsoft.Open.MSGraph.Model.AppRole + $approle.AllowedMemberTypes = $types + $approle.Description = 'msiam_access' + $approle.DisplayName = 'msiam_access' + $approle.Id = '643985ce-3eaf-4a67-9550-ecca25cb6814' + $approle.Value = 'Application' + $approle.IsEnabled = $true + $applicationDisplayName = "Demo new application" + $global:createdApplication = New-EntraApplication -DisplayName $applicationDisplayName -AppRoles $approle + $createdApplication.DisplayName | Should -Be $applicationDisplayName + } + + It "should successfully get application" { + $global:getCreatedApplication = Get-EntraApplication -ObjectId $createdApplication.Id + $getCreatedApplication.DisplayName | Should -Be $createdApplication.DisplayName + $getCreatedApplication.Id | Should -Be $createdApplication.Id + $getCreatedApplication.AppId | Should -Be $createdApplication.AppId + } + + It "should successfully update application display name" { + $global:updateApplicationDisplayName = "Update demo application" + Set-EntraApplication -ObjectId $getCreatedApplication.Id -DisplayName $updateApplicationDisplayName + + $global:getUpdatedCreatedApplication = Get-EntraApplication -ObjectId $getCreatedApplication.Id + $getUpdatedCreatedApplication.DisplayName | Should -Be $updateApplicationDisplayName + $getUpdatedCreatedApplication.Id | Should -Be $getCreatedApplication.Id + $getUpdatedCreatedApplication.AppId | Should -Be $getCreatedApplication.AppId + } + + It "should successfully create and get service principal" { + $global:MyApp = Get-EntraApplication -Filter "DisplayName eq '$($getUpdatedCreatedApplication.DisplayName)'" + + New-EntraServicePrincipal -AccountEnabled $true -AppId $MyApp.AppId -AppRoleAssignmentRequired $true -DisplayName $MyApp.DisplayName -Tags {"WindowsAzureActiveDirectoryIntegratedApp"} + $global:createdServicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '$($MyApp.DisplayName)'" + $createdServicePrincipal.AppId | Should -Be $MyApp.AppId + $createdServicePrincipal.DisplayName | Should -Be $MyApp.DisplayName + } + + It "should successfully update the account of a service principal" { + Set-EntraServicePrincipal -ObjectId $createdServicePrincipal.Id -AccountEnabled $False + $disableServicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '$($MyApp.DisplayName)'" + $disableServicePrincipal.AppId | Should -Be $MyApp.AppId + $disableServicePrincipal.DisplayName | Should -Be $MyApp.DisplayName + + Set-EntraServicePrincipal -ObjectId $createdServicePrincipal.Id -AccountEnabled $True + $global:updatedServicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '$($MyApp.DisplayName)'" + $updatedServicePrincipal.AppId | Should -Be $MyApp.AppId + $updatedServicePrincipal.DisplayName | Should -Be $MyApp.DisplayName + } + + It "should successfully assign a group of users to an application" { + New-EntraGroupAppRoleAssignment -ObjectId $newGroup.ObjectId -PrincipalId $newGroup.ObjectId -ResourceId $updatedServicePrincipal.ObjectId -Id $updatedServicePrincipal.Approles[0].id + } + + It "should successfully retrieve application role assignments of a group" { + $global:getGroupAppRoleAssignment = Get-EntraGroupAppRoleAssignment -ObjectId $newGroup.Id + $getGroupAppRoleAssignment.ResourceDisplayName | Should -Be $createdServicePrincipal.DisplayName + $getGroupAppRoleAssignment.PrincipalDisplayName | Should -Be $updatedDisplayName + } + + AfterAll { + if ( $getGroupAppRoleAssignment) { + Remove-EntraGroupAppRoleAssignment -ObjectId $newGroup.Id -AppRoleAssignmentId $getGroupAppRoleAssignment.Id | Out-Null + } + if ( $updatedServicePrincipal) { + Remove-EntraServicePrincipal -ObjectId $updatedServicePrincipal.Id | Out-Null + } + if ( $getUpdatedCreatedApplication) { + Remove-EntraApplication -ObjectId $getUpdatedCreatedApplication.Id | Out-Null + } + if ($newGroup) { + Remove-EntraGroup -ObjectId $newGroup.Id | Out-Null + } + } + } +} \ No newline at end of file diff --git a/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 b/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 new file mode 100644 index 0000000000..d400d3ef2a --- /dev/null +++ b/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 @@ -0,0 +1,91 @@ +Describe "The EntraLifecyclePolicyGroup command executing unmocked" { + + Context "When getting LifecyclePolicyGroup" { + BeforeAll { + $testReportPath = Join-Path $PSScriptRoot "\setenv.ps1" + Import-Module -Name $testReportPath + + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + + if (-not $appId -or -not $tenantId -or -not $cert) { + throw "Required environment variables are not set." + } + + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + $thisTestInstanceId = New-Guid | Select-Object -ExpandProperty Guid + $global:displayName = 'Demo Help Group' + $thisTestInstanceId + $testNickname = "test" + $thisTestInstanceId + $global:newMSGroup = New-EntraGroup -DisplayName $displayName -MailEnabled $false -MailNickname $testNickname -SecurityEnabled $true -GroupTypes "unified" + Start-Sleep -Seconds 10 + } + + It "should successfully get a specific group by using an group Id" { + $group = Get-EntraGroup -ObjectId $newMSGroup.Id + $group.ObjectId | Should -Be $newMSGroup.Id + $group.DisplayName | Should -Be $displayName + } + + It "should successfully update a group display name" { + $updatedDisplayName = "Update Help Group Name" + Set-EntraGroup -Id $newMSGroup.Id -DisplayName $updatedDisplayName + $result = Get-EntraGroup -ObjectId $newMSGroup.Id + $result.Id | Should -Contain $newMSGroup.Id + } + + It "should successfully Create a lifecycle policy" { + try { + $existingPolicy = Get-EntraGroupLifecyclePolicy + Remove-EntraGroupLifecyclePolicy -Id $existingPolicy.Id + } + catch {} + $global:testGroupPolicy = New-EntraGroupLifecyclePolicy -GroupLifetimeInDays 99 -ManagedGroupTypes "Selected" -AlternateNotificationEmails "example@contoso.un" + } + + It "should successfully retrieve properties of an groupLifecyclePolicy" { + $groupLifecyclePolicy = Get-EntraGroupLifecyclePolicy -Id $testGroupPolicy.Id + + $groupLifecyclePolicy.Id | Should -Be $testGroupPolicy.Id + $groupLifecyclePolicy.GroupLifetimeInDays | Should -Be 99 + $groupLifecyclePolicy.ManagedGroupTypes | Should -Contain "Selected" + $groupLifecyclePolicy.AlternateNotificationEmails | Should -Contain "example@contoso.un" + } + + It "should successfully update groupLifecyclePolicy" { + $alternateNotificationEmails = "admingroup@contoso.en" + $global:updatedGroupLifecyclePolicy = Set-EntraGroupLifecyclePolicy -Id $testGroupPolicy.Id -GroupLifetimeInDays 200 -AlternateNotificationEmails $alternateNotificationEmails -ManagedGroupTypes "Selected" + + $updatedGroupLifecyclePolicy.Id | Should -Be $testGroupPolicy.Id + $updatedGroupLifecyclePolicy.GroupLifetimeInDays | Should -Be 200 + $updatedGroupLifecyclePolicy.ManagedGroupTypes | Should -Contain "Selected" + $updatedGroupLifecyclePolicy.AlternateNotificationEmails | Should -Contain $alternateNotificationEmails + } + + It "should successfully associate the group with the lifecycle policy" { + $testLifePolicyGroup = Add-EntraLifecyclePolicyGroup -Id $testGroupPolicy.Id -GroupId $newMSGroup.Id + $testLifePolicyGroup.ObjectId | Should -BeNullOrEmpty + } + + It "should successfully retrieve details of a LifecyclePolicyGroup" { + $global:lifecyclePolicyGroup = Get-EntraLifecyclePolicyGroup -Id $newMSGroup.Id + $lifecyclePolicyGroup.ObjectId | Should -Be $testGroupPolicy.Id + $lifecyclePolicyGroup.GroupLifetimeInDays | Should -Be 200 + $lifecyclePolicyGroup.ManagedGroupTypes | Should -Contain "Selected" + $lifecyclePolicyGroup.AlternateNotificationEmails | Should -Contain $updatedGroupLifecyclePolicy.AlternateNotificationEmails + } + + AfterAll { + if ($lifecyclePolicyGroup) { + Remove-EntraLifecyclePolicyGroup -Id $lifecyclePolicyGroup.Id -GroupId $newMSGroup.Id | Out-Null + } + if ($updatedGroupLifecyclePolicy) { + Remove-EntraGroupLifecyclePolicy -Id $updatedGroupLifecyclePolicy.Id | Out-Null + } + if ($newMSGroup) { + Remove-EntraGroup -ObjectId $newMSGroup.Id | Out-Null + } + } + } +} diff --git a/test/module/Entra/Integration/Scenario1.Tests.ps1 b/test/module/Entra/Integration/Scenario1.Tests.ps1 index f74fc28c0f..5c10ad9613 100644 --- a/test/module/Entra/Integration/Scenario1.Tests.ps1 +++ b/test/module/Entra/Integration/Scenario1.Tests.ps1 @@ -113,8 +113,8 @@ Describe "Integration Testing" { $global:NewGroup = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" } It "Adding existing user to new group"{ - $User = Get-EntraUser -top 1 - Add-EntraGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $User.ObjectId + $ExistUser = Get-EntraUser -top 1 + Add-EntraGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $ExistUser.ObjectId } It "Verification of exixting user's addition to the new group"{ $User = Get-EntraUser -top 1 @@ -223,6 +223,11 @@ Describe "Integration Testing" { } AfterAll { + Remove-EntraGroupMember -ObjectId $ExistGroup.ObjectId -MemberId $NewUser.ObjectId + Remove-EntraGroupMember -ObjectId $NewGroup.ObjectId -MemberId $ExistUser.ObjectId + Remove-EntraGroupMember -ObjectId $NewGroup1.ObjectId -MemberId $NewUser1.ObjectId + Remove-EntraGroupMember -ObjectId $NewGroup2.ObjectId -MemberId $NewUser2.ObjectId + foreach ($app in (Get-EntraApplication -SearchString "SimpleTestApp")) { Remove-EntraApplication -ObjectId $app.Id | Out-Null } diff --git a/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 b/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 index 0febeb5af8..c516ae78b9 100644 --- a/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 +++ b/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 @@ -112,8 +112,8 @@ Describe "Integration Testing" { $global:NewGroup = New-EntraBetaGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" } It "Adding existing user to new group"{ - $User = Get-EntraBetaUser -top 1 - Add-EntraBetaGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $User.ObjectId + $ExistUser = Get-EntraBetaUser -top 1 + Add-EntraBetaGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $ExistUser.ObjectId } It "Verification of exixting user's addition to the new group"{ $User = Get-EntraBetaUser -top 1 @@ -222,6 +222,11 @@ Describe "Integration Testing" { } AfterAll { + Remove-EntraBetaGroupMember -ObjectId $ExistGroup.ObjectId -MemberId $NewUser.ObjectId + Remove-EntraBetaGroupMember -ObjectId $NewGroup.ObjectId -MemberId $ExistUser.ObjectId + Remove-EntraBetaGroupMember -ObjectId $NewGroup1.ObjectId -MemberId $NewUser1.ObjectId + Remove-EntraBetaGroupMember -ObjectId $NewGroup2.ObjectId -MemberId $NewUser2.ObjectId + foreach ($app in (Get-EntraBetaApplication -SearchString "SimpleTestApp")) { Remove-EntraBetaApplication -ObjectId $app.Id | Out-Null } From c3f3e8f85d49c36c344c5e8d00c257126c43e6de Mon Sep 17 00:00:00 2001 From: Ashwini Karke Date: Tue, 3 Sep 2024 12:27:19 +0530 Subject: [PATCH 04/20] added EntraBetaObjectSetting --- .../EntraBetaObjectSetting.Tests.ps1 | 50 +++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 diff --git a/test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 b/test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 new file mode 100644 index 0000000000..5aa7f1ce2e --- /dev/null +++ b/test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 @@ -0,0 +1,50 @@ +Describe "The EntraBetaObjectSetting commands executing unmocked" { + + Context "When Changing group settings" { + BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-MgGraph -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + $thisTestInstanceId = New-Guid | select -expandproperty guid + $testGroupName = 'SimpleTestAppRead' + $testGroupName + $global:testGroup = New-EntraBetaGroup -DisplayName $testGroupName -MailEnabled $false -SecurityEnabled $true -MailNickName $testGroupName -Description $testGroupName + } + + It "Should successfully block guest access" { + $template = Get-EntraBetaDirectorySettingTemplate | ? {$_.displayname -eq "group.unified.guest"} + $settingsCopy = $template.CreateDirectorySetting() + $settingsCopy["AllowToAddGuests"]=$False + + $groupID= (Get-EntraBetaGroup -ObjectId $testGroup.Id).ObjectId + $global:newObjectSetting = New-EntraBetaObjectSetting -TargetType Groups -TargetObjectId $groupID -DirectorySetting $settingsCopy + + $ObjectSettings = Get-EntraBetaObjectSetting -TargetType Groups -TargetObjectId $testGroup.Id + $ObjectSettings.values.value | Should -be 'False' + } + + It "Should successfully allow guest access" { + $template = Get-EntraBetaDirectorySettingTemplate | ? {$_.displayname -eq "group.unified.guest"} + $settingsCopy = $template.CreateDirectorySetting() + $settingsCopy["AllowToAddGuests"]=$True + + $groupID= (Get-EntraBetaGroup -ObjectId $testGroup.Id).ObjectId + Set-EntraBetaObjectSetting -TargetType Groups -TargetObjectId $groupID -DirectorySetting $settingsCopy -Id $newObjectSetting.Id + + $ObjectSettings = Get-EntraBetaObjectSetting -TargetType Groups -TargetObjectId $testGroup.Id + $ObjectSettings.values.value | Should -be 'True' + } + + AfterAll { + $groupId = (Get-EntraBetaGroup -ObjectId $testGroup.Id).ObjectId + Remove-EntraBetaObjectSetting -TargetType Groups -TargetObjectId $groupId -Id $newObjectSetting.Id + $ObjectSettings = Get-EntraBetaObjectSetting -TargetType Groups -TargetObjectId $testGroup.Id + $ObjectSettings | Should -BeNullorEmpty + + Remove-EntraBetaGroup -ObjectId $groupId + } + } +} \ No newline at end of file From 9f539cf44a34331d4a6b4b95d138d9f9cc0b0dc8 Mon Sep 17 00:00:00 2001 From: "Snehal Kotwal (Perennial Systems Inc)" Date: Wed, 25 Sep 2024 12:19:19 +0530 Subject: [PATCH 05/20] updated license --- test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 | 3 +++ .../Integration/EntraApplicationExtensionProperty.Tests.ps1 | 3 +++ .../Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 | 3 +++ .../Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 | 3 +++ test/module/Entra/Integration/Scenario1.Tests.ps1 | 3 +++ test/module/Entra/Integration/Scenario2.Tests.ps1 | 3 +++ test/module/Entra/Integration/setenv.ps1 | 3 +++ .../EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 | 3 +++ test/module/EntraBeta/Integration/Scenario1.Tests.ps1 | 3 +++ test/module/EntraBeta/Integration/Scenario2.Tests.ps1 | 3 +++ test/module/EntraBeta/Integration/setenv.ps1 | 3 +++ 11 files changed, 33 insertions(+) diff --git a/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 b/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 index daec4c7fe3..1e74c2dd97 100644 --- a/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 +++ b/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ Describe "The Add-EntraGroupOwner command executing unmocked" { Context "When getting user and group" { diff --git a/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 b/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 index cc0d4e5e77..124b8a6fe2 100644 --- a/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 +++ b/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ Describe "The EntraApplicationExtensionProperty command executing unmocked" { Context "When getting ApplicationExtensionProperty" { diff --git a/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 b/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 index 4d3445539b..6e1caeb2d4 100644 --- a/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 +++ b/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ Describe "The EntraGroupAppRoleAssignment command executing unmocked" { Context "When getting GroupAppRoleAssignment" { diff --git a/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 b/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 index d400d3ef2a..b35d0cff57 100644 --- a/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 +++ b/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ Describe "The EntraLifecyclePolicyGroup command executing unmocked" { Context "When getting LifecyclePolicyGroup" { diff --git a/test/module/Entra/Integration/Scenario1.Tests.ps1 b/test/module/Entra/Integration/Scenario1.Tests.ps1 index 5c10ad9613..e0ad981cb0 100644 --- a/test/module/Entra/Integration/Scenario1.Tests.ps1 +++ b/test/module/Entra/Integration/Scenario1.Tests.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ BeforeAll { $testReportPath = join-path $psscriptroot "\setenv.ps1" Import-Module -Name $testReportPath diff --git a/test/module/Entra/Integration/Scenario2.Tests.ps1 b/test/module/Entra/Integration/Scenario2.Tests.ps1 index b79a46f242..1d1ceec692 100644 --- a/test/module/Entra/Integration/Scenario2.Tests.ps1 +++ b/test/module/Entra/Integration/Scenario2.Tests.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ BeforeAll { $testReportPath = join-path $psscriptroot "\setenv.ps1" Import-Module -Name $testReportPath diff --git a/test/module/Entra/Integration/setenv.ps1 b/test/module/Entra/Integration/setenv.ps1 index f29697816a..feeb819524 100644 --- a/test/module/Entra/Integration/setenv.ps1 +++ b/test/module/Entra/Integration/setenv.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ $env:TEST_APPID = "8886ad7b-1795-4542-9808-c85859d97f23" $env:TEST_TENANTID = "d5aec55f-2d12-4442-8d2f-ccca95d4390e" $env:CERTIFICATETHUMBPRINT = "305D4F33E153980E2451F6E068426FC2BCAF683E" diff --git a/test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 b/test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 index 5aa7f1ce2e..98f6a1688c 100644 --- a/test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 +++ b/test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ Describe "The EntraBetaObjectSetting commands executing unmocked" { Context "When Changing group settings" { diff --git a/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 b/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 index c516ae78b9..2010f5a358 100644 --- a/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 +++ b/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ BeforeAll { $testReportPath = join-path $psscriptroot "\setenv.ps1" Import-Module -Name $testReportPath diff --git a/test/module/EntraBeta/Integration/Scenario2.Tests.ps1 b/test/module/EntraBeta/Integration/Scenario2.Tests.ps1 index 8383bfb241..47b5e3ea7b 100644 --- a/test/module/EntraBeta/Integration/Scenario2.Tests.ps1 +++ b/test/module/EntraBeta/Integration/Scenario2.Tests.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ BeforeAll { $testReportPath = join-path $psscriptroot "\setenv.ps1" Import-Module -Name $testReportPath diff --git a/test/module/EntraBeta/Integration/setenv.ps1 b/test/module/EntraBeta/Integration/setenv.ps1 index f29697816a..feeb819524 100644 --- a/test/module/EntraBeta/Integration/setenv.ps1 +++ b/test/module/EntraBeta/Integration/setenv.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ $env:TEST_APPID = "8886ad7b-1795-4542-9808-c85859d97f23" $env:TEST_TENANTID = "d5aec55f-2d12-4442-8d2f-ccca95d4390e" $env:CERTIFICATETHUMBPRINT = "305D4F33E153980E2451F6E068426FC2BCAF683E" From 94cc3a90c625ec12381940afe9a7158a45c0ea44 Mon Sep 17 00:00:00 2001 From: v-akarke <142799789+v-akarke@users.noreply.github.com> Date: Thu, 26 Sep 2024 13:16:31 +0530 Subject: [PATCH 06/20] Update test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 Co-authored-by: Kennedy Kang'ethe --- test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 b/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 index 1e74c2dd97..e0b0035df2 100644 --- a/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 +++ b/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 @@ -10,7 +10,7 @@ Describe "The Add-EntraGroupOwner command executing unmocked" { $appId = $env:TEST_APPID $tenantId = $env:TEST_TENANTID $cert = $env:CERTIFICATETHUMBPRINT - Connect-MgGraph -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid $testName = 'SimpleTests' + $thisTestInstanceId From 0c1f2f1125caaa894f1a1c22af4c55f0f0290ee9 Mon Sep 17 00:00:00 2001 From: Ashwini Karke Date: Fri, 23 Aug 2024 22:07:31 +0530 Subject: [PATCH 07/20] added Integration test cases --- .../Entra/Integration/Scenario1.Tests.ps1 | 283 ++++++++++++++++++ test/module/Entra/Integration/setenv.ps1 | 3 + 2 files changed, 286 insertions(+) create mode 100644 test/module/Entra/Integration/Scenario1.Tests.ps1 create mode 100644 test/module/Entra/Integration/setenv.ps1 diff --git a/test/module/Entra/Integration/Scenario1.Tests.ps1 b/test/module/Entra/Integration/Scenario1.Tests.ps1 new file mode 100644 index 0000000000..d8d078a6a8 --- /dev/null +++ b/test/module/Entra/Integration/Scenario1.Tests.ps1 @@ -0,0 +1,283 @@ +Describe "The Get-EntraApplication command executing unmocked" { + + Context "When creating applications" { + BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + + } + It "Scen1: Creating Applications and attaching secrets to that newly created application " { + # Create New application + $thisTestInstanceId = New-Guid | select -expandproperty guid + $global:testAppName = 'SimpleTestApp' + $thisTestInstanceId + $global:newApp = New-EntraApplication -DisplayName $testAppName -AvailableToOtherTenants $true -ReplyUrls @("https://yourapp.com") + $newApp.DisplayName | Should -Be $testAppName + + $Result = New-EntraApplicationPasswordCredential -ObjectId $newApp.Id -CustomKeyIdentifier "MySecret" + + # Retrive application password credentials and verify keyId is present or not + # $Result1 = Get-EntraApplicationPasswordCredential -ObjectId $newApp.Id + # $Result1.KeyId | Should -be $Result.KeyId + + # Retrive new created application + $global:application = Get-EntraApplication -ObjectId $newApp.Id + + # verify keyId + $application.PasswordCredentials.KeyId | Should -be $Result.KeyId + } + It "Scen3: Create Service Principal to the newly created application" { + + # Create service Principal for new application + $global:NewServicePrincipal = New-EntraServicePrincipal -AppId $application.AppId -AppRoleAssignmentRequired $true + + # store service principal objectId + $global:servicePrincipalObjectId = $NewServicePrincipal.ObjectId + + # Get created service principal + $ServicePrincipal = Get-EntraServicePrincipal -ObjectId $servicePrincipalObjectId + $ServicePrincipal.AppId | Should -Be $application.AppId + + } + It "Scen4: Configure App ID URI and Redirect URIs on the newly created application" { + + # configure application fot ID URI + $configureApp = Set-EntraApplication -ObjectId $newApp.Id -IdentifierUris @("IdM365x992972766.onmicrosoft.com") -ReplyUrls "https://contoso.com" + + # Retrive new application and verifying ID URI + $updatedApp = Get-EntraApplication -ObjectId $newApp.Id | ConvertTo-json | ConvertFrom-json + $updatedApp.IdentifierUris | Should -Be "IdM365x992972766.onmicrosoft.com" + $updatedApp.Web.RedirectUris | Should -Be "https://contoso.com" + } + It "Scen5: Create AppRoles to the Application" { + + # create approles + $types += 'User' + $approle = New-Object Microsoft.Open.AzureAD.Model.AppRole + $approle.AllowedMemberTypes = $types + $approle.Description = 'msiam_access' + $approle.DisplayName = 'msiam_access' + $approle.Id = '643985ce-3eaf-4a67-9550-ecca25cb6814' + $approle.Value = 'Application' + $approle.IsEnabled = $true + + # Assign approles to existing applictaion + $global:AppUpdate = Set-EntraApplication -ObjectId $newApp.Id -AppRoles $approle + + # Retrive new application and verifying AppRoles + $updatedApp = Get-EntraApplication -ObjectId $newApp.Id + $updatedApp.AppRoles.DisplayName | Should -Be 'msiam_access' + $updatedApp.AppRoles.Id | Should -Be '643985ce-3eaf-4a67-9550-ecca25cb6814' + $updatedApp.AppRoles.Value | Should -Be 'Application' + } + It "Scen6: Assign user and groups to the newly created Service Principal and set right AppRole to it" { + $global:existUser = Get-EntraUser -Top 1 + # write-host "existUser" $existUser.Id + $global:existGroup = Get-EntraGroup -Top 1 + # write-host "servicePrincipalObjectId" $servicePrincipalObjectId + # Add user to group + $userToServicePrincipal = Add-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -RefObjectId $existUser.ObjectId + $PrincipalOwners= Get-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId | ConvertTo-json | ConvertFrom-json + $PrincipalOwners.Id | Should -Contain $existUser.Id + # $userToServicePrincipal = Add-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -RefObjectId $existGroup.ObjectId + + + # Add group to service pricipal + # $GrpToServicePrincipal = Add-EntraGroupMember -ObjectId $existGroup.ObjectId -RefObjectId $servicePrincipalObjectId + # $A = Get-EntraGroupMember -ObjectId $existGroup.ObjectId + # $A.Id | should -Contain $servicePrincipalObjectId + + # Set app role to service principal + $existingServicePrincipal = Get-EntraServicePrincipal -ObjectId $servicePrincipalObjectId | ConvertTo-json | ConvertFrom-json + + $global:AppROletoServicePrincipal = New-EntraServiceAppRoleAssignment -ObjectId $existingServicePrincipal.ObjectId -ResourceId $existingServicePrincipal.ObjectId -Id $existingServicePrincipal.AppRoles.Id -PrincipalId $existingServicePrincipal.ObjectId + # Verifying app role assignment + $RoleAssignment = Get-EntraServiceAppRoleAssignment -ObjectId $existingServicePrincipal.ObjectId + $RoleAssignment.AppRoleId | Should -Be $AppROletoServicePrincipal.AppRoleId + } + It "Scen7: Create a new user and add that user to an existing group"{ + # Create new User + $thisTestInstanceId = New-Guid | select -expandproperty guid + $user = 'SimpleTestUser' + $thisTestInstanceId + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser = New-EntraUser -AccountEnabled $true -DisplayName $user -PasswordProfile $PasswordProfile -MailNickName $user -UserPrincipalName "$user@M365x99297270.OnMicrosoft.com" + # write-host "User:" $NewUser.Id + # Retrive existing group + $global:ExistGroup = Get-EntraGroup -top 1 + + # Add Group member + $NewMem = Add-EntraGroupMember -ObjectId $ExistGroup.ObjectId -RefObjectId $NewUser.ObjectId + + # Get group member + $GetMemb = Get-EntraGroupMember -ObjectId $ExistGroup.ObjectId + $GetMemb.Id | Should -Contain $NewUser.Id + + } + It "Scen8:Create a new group and add existing user to that group"{ + # Create new Group + $testGrpName = 'SimpleTestGrp' + $thisTestInstanceId + $global:NewGroup = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" | ConvertTo-json | ConvertFrom-json + # Retrive existing User + $User = Get-EntraUser -top 1 + + # Add group member + $NewMem = Add-EntraGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $User.ObjectId + + # Get group member + $GetMember = Get-EntraGroupMember -ObjectId $NewGroup.ObjectId + $GetMember.Id | Should -Contain $User.Id + + } + It "Scen9: Create a new user and create a new group and add that new user to the new group"{ + + $thisTestInstanceId = New-Guid | select -expandproperty guid + $testGrpName = 'SimpleGroup' + $thisTestInstanceId + $testUserName = 'SimpleTestUser' + $thisTestInstanceId + # Create new User + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser1 = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" + # write-host "User1:" $NewUser1.Id + # Create new Group + $global:NewGroup1 = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" | ConvertTo-json | ConvertFrom-json + + # Add group member + $NewMem = Add-EntraGroupMember -ObjectId $NewGroup1.ObjectId -RefObjectId $NewUser1.ObjectId + + # Get group member + # $GetMember = Get-EntraGroupMember -ObjectId $NewGroup1.ObjectId + # $GetMember.Id | Should -Be $NewUser1.Id + + } + It "Scen10: Create a new user and add the user to the newly created group and check that user is Member of the group"{ + + $thisTestInstanceId = New-Guid | select -expandproperty guid + $testGrpName = 'SimpleGroup' + $thisTestInstanceId + $testUserName = 'SimpleTestUser' + $thisTestInstanceId + # Create new User + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser2 = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" + # write-host "User2:" $NewUser2.Id + # Create new Group + $global:NewGroup2 = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" | ConvertTo-json | ConvertFrom-json + + # Add group member + $NewMem = Add-EntraGroupMember -ObjectId $NewGroup2.ObjectId -RefObjectId $NewUser2.ObjectId + + # User is member of the new group + $GetMember = Get-EntraGroupMember -ObjectId $NewGroup2.ObjectId + $GetMember.Id | Should -Be $NewUser2.Id + } + It "Scen11: Create a new user and assign that user to the existing Service Principal"{ + # Create new User + $thisTestInstanceId = New-Guid | select -expandproperty guid + $Tuser = 'SimpleTestUser' + $thisTestInstanceId + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser3 = New-EntraUser -AccountEnabled $true -DisplayName $Tuser -PasswordProfile $PasswordProfile -MailNickName $Tuser -UserPrincipalName "$Tuser@M365x99297270.OnMicrosoft.com" + $NewOwner= Add-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -RefObjectId $NewUser3.ObjectId + + # Get group member + $GetOwner = Get-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId + $GetOwner.ObjectId | Should -Contain $NewUser3.Id + + } + It "Scen12: Create a new conditional access policy and attach that policy to the Service Principal" { + # Create conditional access policy + $thisTestInstanceId = New-Guid | select -expandproperty guid + $testpolicyName = 'Simplepolicy' + $thisTestInstanceId + + $Condition = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet + $Condition.clientAppTypes = @("mobileAppsAndDesktopClients","browser") + $Condition.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition + $Condition.Applications.IncludeApplications = $NewServicePrincipal.AppId + $Condition.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition + $Condition.Users.IncludeUsers = "all" + + $Controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls + $Controls._Operator = "AND" + $Controls.BuiltInControls = @("mfa") + + $SessionControls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessSessionControls + $ApplicationEnforcedRestrictions = New-Object Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationEnforcedRestrictions + $ApplicationEnforcedRestrictions.IsEnabled = $true + $SessionControls.applicationEnforcedRestrictions = $ApplicationEnforcedRestrictions + + $global:NewConditionalAccessPolicy = New-EntraMSConditionalAccessPolicy -DisplayName $testpolicyName -State enabled -Conditions $Condition -GrantControls $Controls -SessionControls $SessionControls + $result = Get-EntraMSConditionalAccessPolicy -policyid $NewConditionalAccessPolicy.Id + $result.Conditions.Applications.IncludeApplications | should -Be $NewServicePrincipal.AppId + } + # It "Scen13: Create new claims issuance policy and attach that to the Service Principal" { + + # # $global:NewClaimsIssuancePolicy = New-EntraBetaPolicy -Definition $policyDefinition -DisplayName $testpolicyName -Type "ClaimsIssuancePolicy" + # $global:NewClaimsIssuancePolicy = New-EntraBetaPolicy -Definition @('{ "definition": [ "{\"ClaimsMappingPolicy\":{\"Version\":1,\"IncludeBasicClaimSet\":\"true\",\"ClaimsSchema\":[{\"Source\":\"user\",\"ID\":\"userPrincipalName\",\"SAMLClaimType\":\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\"JwtClaimType\":\"upn\"},{\"Source\":\"user\",\"ID\":\"displayName\",\"SAMLClaimType\":\"http://schemas.microsoft.com/identity/claims/displayname\",\"JwtClaimType\":\"name\"}]}}" ], "displayName": "Custom Claims Issuance Policy", "isOrganizationDefault": false }') -DisplayName $testpolicyName -Type "claimsMappingPolicies" -IsOrganizationDefault $false -AlternativeIdentifier "1f587daa-d6fc-433f-88ee-48afa8daebe4" + + # $A = Get-EntraBetaPolicy - + # write-host $A + # # Write-Host "NewClaimsIssuancePolicy" $NewClaimsIssuancePolicy + # write-host "ServicePrincipalID" $servicePrincipalObjectId + + # $ClaimsIssuancePolicyToServicePrincipal = Add-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId -RefObjectId $NewClaimsIssuancePolicy.Id + # # $A = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId + # # write-host "EntraBetaServicePrincipalPolicy" $A + # } + It "Scen14: Remove the policy attached to the existing Service Principal" { + $Policy = Get-EntraBetaPolicy -Top 1 + + # Add existing policy to service principal + Add-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId -RefObjectId $Policy.Id + $policyOfservicePrincipal = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId + + # Remove policy attached to existing service principal + Remove-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId -PolicyId $policyOfservicePrincipal.Id + $retrivePolicy = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId + $retrivePolicy.Id | should -Not -Contain $Policy.Id + + } + + AfterAll { + + # Remove-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId -PolicyId $NewClaimsIssuancePolicy.Id + # Remove-EntraMSConditionalAccessPolicy -PolicyId $NewClaimsIssuancePolicy.Id + Remove-EntraMSConditionalAccessPolicy -PolicyId $NewConditionalAccessPolicy.Id + Remove-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -OwnerId $NewUser3.ObjectId + Remove-EntraUser -ObjectId $NewUser3.ObjectId | Out-Null + + Remove-EntraGroupMember -ObjectId $NewGroup2.ObjectId -MemberId $NewUser2.ObjectId + Remove-EntraGroup -ObjectId $NewGroup2.ObjectId | Out-Null + Remove-EntraUser -ObjectId $NewUser2.ObjectId | Out-Null + + Remove-EntraGroupMember -ObjectId $NewGroup1.ObjectId -MemberId $NewUser1.ObjectId + Remove-EntraUser -ObjectId $NewUser1.ObjectId | Out-Null + Remove-EntraGroup -ObjectId $NewGroup1.ObjectId | Out-Null + + Remove-EntraGroupMember -ObjectId $ExistGroup.ObjectId -MemberId $NewUser.ObjectId + Remove-EntraUser -ObjectId $NewUser.ObjectId | Out-Null + Remove-EntraGroup -ObjectId $NewGroup.ObjectId | Out-Null + + # Scenario 6 + + Remove-EntraServiceAppRoleAssignment -ObjectId $servicePrincipalObjectId -AppRoleAssignmentId $AppROletoServicePrincipal.Id + # Remove-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -OwnerId $existGroup.ObjectId + Remove-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -OwnerId $existUser.ObjectId + # Remove-EntraGroupMember -ObjectId $existGroup.ObjectId -MemberId $servicePrincipalObjectId + + # Remove-EntraGroupMember -ObjectId $NewGroup.ObjectId -MemberId $User.ObjectId + Remove-EntraServicePrincipal -ObjectId $NewServicePrincipal.ObjectId + Remove-EntraApplication -ObjectId $newApp.Id | Out-Null + + # foreach ($app in (Get-EntraUser -SearchString "SimpleTestUser")) { + # write-host $app.ObjectId + # Remove-EntraUser -ObjectId $app.ObjectId | Out-Null + # } + + } + + } +} diff --git a/test/module/Entra/Integration/setenv.ps1 b/test/module/Entra/Integration/setenv.ps1 new file mode 100644 index 0000000000..f29697816a --- /dev/null +++ b/test/module/Entra/Integration/setenv.ps1 @@ -0,0 +1,3 @@ +$env:TEST_APPID = "8886ad7b-1795-4542-9808-c85859d97f23" +$env:TEST_TENANTID = "d5aec55f-2d12-4442-8d2f-ccca95d4390e" +$env:CERTIFICATETHUMBPRINT = "305D4F33E153980E2451F6E068426FC2BCAF683E" From e3af7521e784c2003d5c9d8f27616bea61b91704 Mon Sep 17 00:00:00 2001 From: Ashwini Karke Date: Tue, 27 Aug 2024 13:01:17 +0530 Subject: [PATCH 08/20] added Integration Testing --- .../Entra/Integration/Scenario1.Tests.ps1 | 401 ++++++++---------- .../Entra/Integration/Scenario2.Tests.ps1 | 92 ++++ .../EntraBeta/Integration/Scenario1.Tests.ps1 | 237 +++++++++++ .../EntraBeta/Integration/Scenario2.Tests.ps1 | 92 ++++ test/module/EntraBeta/Integration/setenv.ps1 | 3 + 5 files changed, 602 insertions(+), 223 deletions(-) create mode 100644 test/module/Entra/Integration/Scenario2.Tests.ps1 create mode 100644 test/module/EntraBeta/Integration/Scenario1.Tests.ps1 create mode 100644 test/module/EntraBeta/Integration/Scenario2.Tests.ps1 create mode 100644 test/module/EntraBeta/Integration/setenv.ps1 diff --git a/test/module/Entra/Integration/Scenario1.Tests.ps1 b/test/module/Entra/Integration/Scenario1.Tests.ps1 index d8d078a6a8..f74fc28c0f 100644 --- a/test/module/Entra/Integration/Scenario1.Tests.ps1 +++ b/test/module/Entra/Integration/Scenario1.Tests.ps1 @@ -1,283 +1,238 @@ -Describe "The Get-EntraApplication command executing unmocked" { - - Context "When creating applications" { - BeforeAll { - $testReportPath = join-path $psscriptroot "\setenv.ps1" - Import-Module -Name $testReportPath - $appId = $env:TEST_APPID - $tenantId = $env:TEST_TENANTID - $cert = $env:CERTIFICATETHUMBPRINT - Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert +BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert +} +Describe "Integration Testing" { - - } - It "Scen1: Creating Applications and attaching secrets to that newly created application " { - # Create New application - $thisTestInstanceId = New-Guid | select -expandproperty guid + Context "Scen1: Creating Applications and attaching secrets to that newly created application"{ + It "Creating New Application"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid $global:testAppName = 'SimpleTestApp' + $thisTestInstanceId - $global:newApp = New-EntraApplication -DisplayName $testAppName -AvailableToOtherTenants $true -ReplyUrls @("https://yourapp.com") + $global:newApp = New-EntraApplication -DisplayName $testAppName $newApp.DisplayName | Should -Be $testAppName - - $Result = New-EntraApplicationPasswordCredential -ObjectId $newApp.Id -CustomKeyIdentifier "MySecret" - - # Retrive application password credentials and verify keyId is present or not - # $Result1 = Get-EntraApplicationPasswordCredential -ObjectId $newApp.Id - # $Result1.KeyId | Should -be $Result.KeyId - - # Retrive new created application + } + It "Attaching a Secret to the Application"{ + $global:Result = New-EntraApplicationPasswordCredential -ObjectId $newApp.Id -CustomKeyIdentifier "MySecret" + } + It "Verification of Application Creation"{ $global:application = Get-EntraApplication -ObjectId $newApp.Id - - # verify keyId + $application.DisplayName | Should -Be $testAppName + } + It "Verification of Attached Secret"{ $application.PasswordCredentials.KeyId | Should -be $Result.KeyId } - It "Scen3: Create Service Principal to the newly created application" { - - # Create service Principal for new application - $global:NewServicePrincipal = New-EntraServicePrincipal -AppId $application.AppId -AppRoleAssignmentRequired $true - - # store service principal objectId - $global:servicePrincipalObjectId = $NewServicePrincipal.ObjectId - - # Get created service principal - $ServicePrincipal = Get-EntraServicePrincipal -ObjectId $servicePrincipalObjectId - $ServicePrincipal.AppId | Should -Be $application.AppId - + } + Context "Scen3: Create Service Principal to the newly created application"{ + It "Creation of the Service Principal"{ + $global:newServicePrincipal = New-EntraServicePrincipal -AppId $newApp.AppId + $newServicePrincipal.AppId | Should -Be $application.AppId } - It "Scen4: Configure App ID URI and Redirect URIs on the newly created application" { - - # configure application fot ID URI - $configureApp = Set-EntraApplication -ObjectId $newApp.Id -IdentifierUris @("IdM365x992972766.onmicrosoft.com") -ReplyUrls "https://contoso.com" - - # Retrive new application and verifying ID URI + } + Context "Scen2: Create Gallery application and setup PreferredSingleSignOn Mode to the application"{ + It "Setting PreferredSingleSignOn Mode to the application"{ + Set-EntraServicePrincipal -ObjectId $newServicePrincipal.ObjectId -PreferredSingleSignOnMode 'password' + } + It "Verification of ServicePricipal Creation and Updated PreferredSingleSignOn"{ + $global:servicePrincipal= Get-EntraServicePrincipal -ObjectId $newServicePrincipal.ObjectId + $servicePrincipal.DisplayName | Should -Be $testAppName + $servicePrincipal.PreferredSingleSignOnMode | Should -Be 'password' + } + } + Context "Scen4: Configure App ID URI and Redirect URIs on the newly created application"{ + It "Configuring the App ID URI and Redirect URI"{ + Set-EntraApplication -ObjectId $newApp.Id -IdentifierUris @("IdM365x992972766.onmicrosoft.com") -Web @{RedirectUris = 'https://contoso.com'} + } + It "Verifying the App ID URI configuration and Redirect URI"{ $updatedApp = Get-EntraApplication -ObjectId $newApp.Id | ConvertTo-json | ConvertFrom-json $updatedApp.IdentifierUris | Should -Be "IdM365x992972766.onmicrosoft.com" $updatedApp.Web.RedirectUris | Should -Be "https://contoso.com" } - It "Scen5: Create AppRoles to the Application" { - - # create approles - $types += 'User' - $approle = New-Object Microsoft.Open.AzureAD.Model.AppRole + } + Context "Scen5: Create AppRoles to the Application"{ + It "Create Approles"{ + $types = @() + $types += 'Application' + $approle = New-Object Microsoft.Open.MSGraph.Model.AppRole $approle.AllowedMemberTypes = $types $approle.Description = 'msiam_access' $approle.DisplayName = 'msiam_access' $approle.Id = '643985ce-3eaf-4a67-9550-ecca25cb6814' $approle.Value = 'Application' $approle.IsEnabled = $true + $approle.Origin = "Application" # Assign approles to existing applictaion $global:AppUpdate = Set-EntraApplication -ObjectId $newApp.Id -AppRoles $approle - - # Retrive new application and verifying AppRoles - $updatedApp = Get-EntraApplication -ObjectId $newApp.Id + } + It "Verification of created Approles"{ + $global:updatedApp = Get-EntraApplication -ObjectId $newApp.Id $updatedApp.AppRoles.DisplayName | Should -Be 'msiam_access' $updatedApp.AppRoles.Id | Should -Be '643985ce-3eaf-4a67-9550-ecca25cb6814' $updatedApp.AppRoles.Value | Should -Be 'Application' } - It "Scen6: Assign user and groups to the newly created Service Principal and set right AppRole to it" { + } + Context "Scen6: Assign user and groups to the newly created Service Principal and set right AppRole to it"{ + It "Assigning users to the Service Principal and setting the correct AppRole for the Service Principal"{ $global:existUser = Get-EntraUser -Top 1 - # write-host "existUser" $existUser.Id - $global:existGroup = Get-EntraGroup -Top 1 - # write-host "servicePrincipalObjectId" $servicePrincipalObjectId - # Add user to group - $userToServicePrincipal = Add-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -RefObjectId $existUser.ObjectId - $PrincipalOwners= Get-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId | ConvertTo-json | ConvertFrom-json - $PrincipalOwners.Id | Should -Contain $existUser.Id - # $userToServicePrincipal = Add-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -RefObjectId $existGroup.ObjectId - + Add-EntraServicePrincipalOwner -ObjectId $servicePrincipal.Id -RefObjectId $existUser.Id - # Add group to service pricipal - # $GrpToServicePrincipal = Add-EntraGroupMember -ObjectId $existGroup.ObjectId -RefObjectId $servicePrincipalObjectId - # $A = Get-EntraGroupMember -ObjectId $existGroup.ObjectId - # $A.Id | should -Contain $servicePrincipalObjectId + $global:AppRoletoServicePrincipal = New-EntraServiceAppRoleAssignment -ObjectId $servicePrincipal.Id -ResourceId $servicePrincipal.Id -Id $updatedApp.AppRoles.Id -PrincipalId $existUser.ObjectId + } + It "Verification of assigned group to service principal"{ + $PrincipalOwners= Get-EntraServicePrincipalOwner -ObjectId $servicePrincipal.Id + $PrincipalOwners.Id | Should -Contain $existUser.Id - # Set app role to service principal - $existingServicePrincipal = Get-EntraServicePrincipal -ObjectId $servicePrincipalObjectId | ConvertTo-json | ConvertFrom-json - - $global:AppROletoServicePrincipal = New-EntraServiceAppRoleAssignment -ObjectId $existingServicePrincipal.ObjectId -ResourceId $existingServicePrincipal.ObjectId -Id $existingServicePrincipal.AppRoles.Id -PrincipalId $existingServicePrincipal.ObjectId - # Verifying app role assignment - $RoleAssignment = Get-EntraServiceAppRoleAssignment -ObjectId $existingServicePrincipal.ObjectId - $RoleAssignment.AppRoleId | Should -Be $AppROletoServicePrincipal.AppRoleId - } - It "Scen7: Create a new user and add that user to an existing group"{ - # Create new User - $thisTestInstanceId = New-Guid | select -expandproperty guid - $user = 'SimpleTestUser' + $thisTestInstanceId + $RoleAssignment = Get-EntraServiceAppRoleAssignment -ObjectId $servicePrincipal.Id + $RoleAssignment.AppRoleId | Should -Be $AppRoletoServicePrincipal.AppRoleId + } + } + Context "Scen7: Create a new user and add that user to an existing group"{ + It "Creating the user"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $user = 'SimpleTestUserss' + $thisTestInstanceId $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = "Pass@1234" $global:NewUser = New-EntraUser -AccountEnabled $true -DisplayName $user -PasswordProfile $PasswordProfile -MailNickName $user -UserPrincipalName "$user@M365x99297270.OnMicrosoft.com" - # write-host "User:" $NewUser.Id - # Retrive existing group + } + It "Adding the user to an existing group"{ $global:ExistGroup = Get-EntraGroup -top 1 - - # Add Group member - $NewMem = Add-EntraGroupMember -ObjectId $ExistGroup.ObjectId -RefObjectId $NewUser.ObjectId - - # Get group member + Add-EntraGroupMember -ObjectId $ExistGroup.ObjectId -RefObjectId $NewUser.ObjectId + } + It "Verification of new user's addition to the existing group"{ $GetMemb = Get-EntraGroupMember -ObjectId $ExistGroup.ObjectId $GetMemb.Id | Should -Contain $NewUser.Id - } - It "Scen8:Create a new group and add existing user to that group"{ - # Create new Group - $testGrpName = 'SimpleTestGrp' + $thisTestInstanceId - $global:NewGroup = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" | ConvertTo-json | ConvertFrom-json - # Retrive existing User + } + Context "Scen8:Create a new group and add existing user to that group"{ + It "Creating a new Group"{ + $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId + $global:NewGroup = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" + } + It "Adding existing user to new group"{ + $User = Get-EntraUser -top 1 + Add-EntraGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $User.ObjectId + } + It "Verification of exixting user's addition to the new group"{ $User = Get-EntraUser -top 1 - - # Add group member - $NewMem = Add-EntraGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $User.ObjectId - - # Get group member $GetMember = Get-EntraGroupMember -ObjectId $NewGroup.ObjectId $GetMember.Id | Should -Contain $User.Id - } - It "Scen9: Create a new user and create a new group and add that new user to the new group"{ - - $thisTestInstanceId = New-Guid | select -expandproperty guid - $testGrpName = 'SimpleGroup' + $thisTestInstanceId - $testUserName = 'SimpleTestUser' + $thisTestInstanceId + } + Context "Scen9: Create a new user and create a new group and add that new user to the new group"{ + It "Creating a new user and group"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $testUserName = 'SimpleTestUsers' + $thisTestInstanceId # Create new User $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = "Pass@1234" $global:NewUser1 = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" - # write-host "User1:" $NewUser1.Id - # Create new Group - $global:NewGroup1 = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" | ConvertTo-json | ConvertFrom-json - - # Add group member - $NewMem = Add-EntraGroupMember -ObjectId $NewGroup1.ObjectId -RefObjectId $NewUser1.ObjectId - - # Get group member - # $GetMember = Get-EntraGroupMember -ObjectId $NewGroup1.ObjectId - # $GetMember.Id | Should -Be $NewUser1.Id + $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId + $global:NewGroup1 = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" } - It "Scen10: Create a new user and add the user to the newly created group and check that user is Member of the group"{ - - $thisTestInstanceId = New-Guid | select -expandproperty guid - $testGrpName = 'SimpleGroup' + $thisTestInstanceId - $testUserName = 'SimpleTestUser' + $thisTestInstanceId + It "Adding New User to New group"{ + Add-EntraGroupMember -ObjectId $NewGroup1.ObjectId -RefObjectId $NewUser1.ObjectId + } + } + Context "Scen10: Create a new user and add the user to the newly created group and check that user is Member of the group"{ + It "Creating a new user and group"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $testUserName = 'SimpleTestUsers' + $thisTestInstanceId # Create new User $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = "Pass@1234" $global:NewUser2 = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" - # write-host "User2:" $NewUser2.Id - # Create new Group - $global:NewGroup2 = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" | ConvertTo-json | ConvertFrom-json - # Add group member - $NewMem = Add-EntraGroupMember -ObjectId $NewGroup2.ObjectId -RefObjectId $NewUser2.ObjectId - - # User is member of the new group - $GetMember = Get-EntraGroupMember -ObjectId $NewGroup2.ObjectId - $GetMember.Id | Should -Be $NewUser2.Id + $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId + $global:NewGroup2 = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" } - It "Scen11: Create a new user and assign that user to the existing Service Principal"{ - # Create new User - $thisTestInstanceId = New-Guid | select -expandproperty guid - $Tuser = 'SimpleTestUser' + $thisTestInstanceId + It "Adding New User to New group"{ + Add-EntraGroupMember -ObjectId $NewGroup2.ObjectId -RefObjectId $NewUser2.ObjectId + } + It "Verification of User is Member of the group"{ + $GetMember = Get-EntraUserMembership -ObjectId $NewUser2.Id + $GetMember.Id | Should -Contain $NewGroup2.Id + } + } + Context "Scen11: Create a new user and assign that user to the existing Service Principal"{ + It "Creating a new user and assign that user to the existing Service Principal"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $Tuser = 'SimpleTestUsers' + $thisTestInstanceId $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = "Pass@1234" $global:NewUser3 = New-EntraUser -AccountEnabled $true -DisplayName $Tuser -PasswordProfile $PasswordProfile -MailNickName $Tuser -UserPrincipalName "$Tuser@M365x99297270.OnMicrosoft.com" - $NewOwner= Add-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -RefObjectId $NewUser3.ObjectId - - # Get group member - $GetOwner = Get-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId - $GetOwner.ObjectId | Should -Contain $NewUser3.Id - + Add-EntraServicePrincipalOwner -ObjectId $servicePrincipal.Id -RefObjectId $NewUser3.Id } - It "Scen12: Create a new conditional access policy and attach that policy to the Service Principal" { - # Create conditional access policy - $thisTestInstanceId = New-Guid | select -expandproperty guid + It "Verfication of assigned User"{ + $GetOwner = Get-EntraServicePrincipalOwner -ObjectId $servicePrincipal.Id + $GetOwner.Id | Should -Contain $NewUser3.Id + } + } + # Context "Scen12: Create a new conditional access policy and attach that policy to the Service Principal"{ + # It "Creating a new conditional access policy and attach that policy to the Service Principal"{ + # $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + # $testpolicyName = 'Simplepolicy' + $thisTestInstanceId + + # $Condition = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet + # $Condition.clientAppTypes = @("mobileAppsAndDesktopClients","browser") + # $Condition.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition + # $Condition.Applications.IncludeApplications = $NewServicePrincipal.AppId + # $Condition.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition + # $Condition.Users.IncludeUsers = "all" + + # $Controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls + # $Controls._Operator = "AND" + # $Controls.BuiltInControls = @("mfa") + + # $SessionControls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessSessionControls + # $ApplicationEnforcedRestrictions = New-Object Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationEnforcedRestrictions + # $ApplicationEnforcedRestrictions.IsEnabled = $true + # $SessionControls.applicationEnforcedRestrictions = $ApplicationEnforcedRestrictions + + # $global:NewConditionalAccessPolicy = New-EntraConditionalAccessPolicy -DisplayName $testpolicyName -State enabled -Conditions $Condition -GrantControls $Controls -SessionControls $SessionControls + # } + # It "Verification of attached policy"{ + # $result = Get-EntraConditionalAccessPolicy -policyid $NewConditionalAccessPolicy.Id + # $result.Conditions.Applications.IncludeApplications | should -Be $NewServicePrincipal.AppId + # } + # } + Context "Scen13: Create new claims issuance policy and attach that to the Service Principal"{ + It "Creating policy"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid $testpolicyName = 'Simplepolicy' + $thisTestInstanceId - - $Condition = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet - $Condition.clientAppTypes = @("mobileAppsAndDesktopClients","browser") - $Condition.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition - $Condition.Applications.IncludeApplications = $NewServicePrincipal.AppId - $Condition.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition - $Condition.Users.IncludeUsers = "all" - - $Controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls - $Controls._Operator = "AND" - $Controls.BuiltInControls = @("mfa") - - $SessionControls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessSessionControls - $ApplicationEnforcedRestrictions = New-Object Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationEnforcedRestrictions - $ApplicationEnforcedRestrictions.IsEnabled = $true - $SessionControls.applicationEnforcedRestrictions = $ApplicationEnforcedRestrictions - - $global:NewConditionalAccessPolicy = New-EntraMSConditionalAccessPolicy -DisplayName $testpolicyName -State enabled -Conditions $Condition -GrantControls $Controls -SessionControls $SessionControls - $result = Get-EntraMSConditionalAccessPolicy -policyid $NewConditionalAccessPolicy.Id - $result.Conditions.Applications.IncludeApplications | should -Be $NewServicePrincipal.AppId - } - # It "Scen13: Create new claims issuance policy and attach that to the Service Principal" { - - # # $global:NewClaimsIssuancePolicy = New-EntraBetaPolicy -Definition $policyDefinition -DisplayName $testpolicyName -Type "ClaimsIssuancePolicy" - # $global:NewClaimsIssuancePolicy = New-EntraBetaPolicy -Definition @('{ "definition": [ "{\"ClaimsMappingPolicy\":{\"Version\":1,\"IncludeBasicClaimSet\":\"true\",\"ClaimsSchema\":[{\"Source\":\"user\",\"ID\":\"userPrincipalName\",\"SAMLClaimType\":\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\"JwtClaimType\":\"upn\"},{\"Source\":\"user\",\"ID\":\"displayName\",\"SAMLClaimType\":\"http://schemas.microsoft.com/identity/claims/displayname\",\"JwtClaimType\":\"name\"}]}}" ], "displayName": "Custom Claims Issuance Policy", "isOrganizationDefault": false }') -DisplayName $testpolicyName -Type "claimsMappingPolicies" -IsOrganizationDefault $false -AlternativeIdentifier "1f587daa-d6fc-433f-88ee-48afa8daebe4" - - # $A = Get-EntraBetaPolicy - - # write-host $A - # # Write-Host "NewClaimsIssuancePolicy" $NewClaimsIssuancePolicy - # write-host "ServicePrincipalID" $servicePrincipalObjectId - - # $ClaimsIssuancePolicyToServicePrincipal = Add-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId -RefObjectId $NewClaimsIssuancePolicy.Id - # # $A = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId - # # write-host "EntraBetaServicePrincipalPolicy" $A - # } - It "Scen14: Remove the policy attached to the existing Service Principal" { - $Policy = Get-EntraBetaPolicy -Top 1 - - # Add existing policy to service principal - Add-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId -RefObjectId $Policy.Id - $policyOfservicePrincipal = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId - - # Remove policy attached to existing service principal - Remove-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId -PolicyId $policyOfservicePrincipal.Id - $retrivePolicy = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId - $retrivePolicy.Id | should -Not -Contain $Policy.Id - + $global:NewPolicy = New-EntraPolicy -Definition @('{ "definition": [ "{\"ClaimsMappingPolicy\":{\"Version\":1,\"IncludeBasicClaimSet\":\"true\",\"ClaimsSchema\":[{\"Source\":\"user\",\"ID\":\"userPrincipalName\",\"SAMLClaimType\":\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\"JwtClaimType\":\"upn\"},{\"Source\":\"user\",\"ID\":\"displayName\",\"SAMLClaimType\":\"http://schemas.microsoft.com/identity/claims/displayname\",\"JwtClaimType\":\"name\"}]}}" ], "displayName": "Custom Claims Issuance Policy", "isOrganizationDefault": false }') -DisplayName $testpolicyName -Type "claimsMappingPolicies" -IsOrganizationDefault $false } - - AfterAll { - - # Remove-EntraBetaServicePrincipalPolicy -Id $servicePrincipalObjectId -PolicyId $NewClaimsIssuancePolicy.Id - # Remove-EntraMSConditionalAccessPolicy -PolicyId $NewClaimsIssuancePolicy.Id - Remove-EntraMSConditionalAccessPolicy -PolicyId $NewConditionalAccessPolicy.Id - Remove-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -OwnerId $NewUser3.ObjectId - Remove-EntraUser -ObjectId $NewUser3.ObjectId | Out-Null - - Remove-EntraGroupMember -ObjectId $NewGroup2.ObjectId -MemberId $NewUser2.ObjectId - Remove-EntraGroup -ObjectId $NewGroup2.ObjectId | Out-Null - Remove-EntraUser -ObjectId $NewUser2.ObjectId | Out-Null - - Remove-EntraGroupMember -ObjectId $NewGroup1.ObjectId -MemberId $NewUser1.ObjectId - Remove-EntraUser -ObjectId $NewUser1.ObjectId | Out-Null - Remove-EntraGroup -ObjectId $NewGroup1.ObjectId | Out-Null - - Remove-EntraGroupMember -ObjectId $ExistGroup.ObjectId -MemberId $NewUser.ObjectId - Remove-EntraUser -ObjectId $NewUser.ObjectId | Out-Null - Remove-EntraGroup -ObjectId $NewGroup.ObjectId | Out-Null - - # Scenario 6 - - Remove-EntraServiceAppRoleAssignment -ObjectId $servicePrincipalObjectId -AppRoleAssignmentId $AppROletoServicePrincipal.Id - # Remove-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -OwnerId $existGroup.ObjectId - Remove-EntraServicePrincipalOwner -ObjectId $servicePrincipalObjectId -OwnerId $existUser.ObjectId - # Remove-EntraGroupMember -ObjectId $existGroup.ObjectId -MemberId $servicePrincipalObjectId - - # Remove-EntraGroupMember -ObjectId $NewGroup.ObjectId -MemberId $User.ObjectId - Remove-EntraServicePrincipal -ObjectId $NewServicePrincipal.ObjectId - Remove-EntraApplication -ObjectId $newApp.Id | Out-Null - - # foreach ($app in (Get-EntraUser -SearchString "SimpleTestUser")) { - # write-host $app.ObjectId - # Remove-EntraUser -ObjectId $app.ObjectId | Out-Null - # } - + It "Attaching Policy to service principal"{ + Add-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id -RefObjectId $NewPolicy.Id + } + It "Verification of added policy to service principal"{ + $result = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id + $result.Id | should -Contain $NewPolicy.Id + } + } + Context "Scene14: Remove the policy attached to the existing Service Principal"{ + It "Removing the policy attached"{ + Remove-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id -PolicyId $NewPolicy.Id + $retrivePolicy = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id + $retrivePolicy.Id | should -Not -Contain $NewPolicy.Id } + } + AfterAll { + foreach ($app in (Get-EntraApplication -SearchString "SimpleTestApp")) { + Remove-EntraApplication -ObjectId $app.Id | Out-Null + } + foreach ($user in (Get-EntraUser -SearchString "SimpleTestUsers")) { + Remove-EntraUser -ObjectId $user.Id | Out-Null + } + foreach ($group in (Get-EntraGroup -SearchString "SimpleTestGroup")) { + Remove-EntraGroup -ObjectId $group.Id | Out-Null + } + # Remove-EntraConditionalAccessPolicy -PolicyId $NewConditionalAccessPolicy.Id + Remove-EntraPolicy -Id $NewPolicy.Id } } diff --git a/test/module/Entra/Integration/Scenario2.Tests.ps1 b/test/module/Entra/Integration/Scenario2.Tests.ps1 new file mode 100644 index 0000000000..b79a46f242 --- /dev/null +++ b/test/module/Entra/Integration/Scenario2.Tests.ps1 @@ -0,0 +1,92 @@ +BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert +} +Describe "Integration Testing" { + + Context "Scen1: Assign Entra roles including assign roles with different scopes"{ + It "Get user and role"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $testUserName = 'SimpleTestUsers' + $thisTestInstanceId + # Create new User + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" + + $global:role = Get-EntraDirectoryRole | Where-Object {$_.DisplayName -eq "Application Administrator"} + } + It "Assign Entra roles"{ + $scope = "/" + # Assign the role to the user with the defined scope + $params = @{ + RoleDefinitionId = $role.Id + PrincipalId = $NewUser.Id + DirectoryScopeId = $scope + } + $global:newRole=New-EntraRoleAssignment @params + } + It "Verification of assigned role Creation"{ + $global:assignedRole = Get-EntraRoleAssignment -Filter "PrincipalId eq '$($NewUser.Id)'" + $assignedRole.Id | Should -Be $newRole.Id + } + } + Context "Create custom roles"{ + It "Creating custom roles"{ + $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission + $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") + $params = @{ + RolePermissions = $RolePermissions + IsEnabled = $false + DisplayName = 'SimpleTestRoleDefinition' + ResourceScopes = '/' + } + $global:customRole=New-EntraRoleDefinition @params + } + It "Verification of custom role created"{ + $global:getRole = Get-EntraRoleDefinition -Filter "DisplayName eq 'SimpleTestRoleDefinition'" + $getRole.Id | Should -Contain $customRole.Id + } + } + Context "Add or deactivate custom security attribute definitions in Microsoft Entra ID"{ + It "Adding custom security attribute definitions"{ + $thisTestInstanceId = Get-Random -Minimum 10000 -Maximum 100000 + $testName = 'TestDefinition' + $thisTestInstanceId + $AttributeSet = Get-EntraAttributeSet -Id 'Testing' + $params = @{ + Name = $testName + Description = 'Target completion' + Type = 'String' + Status = 'Available' + AttributeSet = $AttributeSet.Id + IsCollection = $False + IsSearchable = $True + UsePreDefinedValuesOnly = $True + } + $global:Definition = New-EntraCustomSecurityAttributeDefinition @params + } + It "Deactivate custom security attribute definition"{ + $params = @{ + Id = $Definition.Id + Description = 'Target completion' + Status = 'Deprecated' + } + Set-EntraCustomSecurityAttributeDefinition @params + } + It "Verification of deactivation of custom security attribute definition"{ + $global:getDefinition = Get-EntraCustomSecurityAttributeDefinition -Id $Definition.Id + $getDefinition.Status | Should -Be 'Deprecated' + } + } + AfterAll { + Remove-EntraRoleAssignment -Id $assignedRole.Id + foreach ($user in (Get-EntraUser -SearchString "SimpleTestUsers")) { + Remove-EntraUser -ObjectId $user.Id | Out-Null + } + Remove-EntraRoleDefinition -Id $getRole.Id + + } +} diff --git a/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 b/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 new file mode 100644 index 0000000000..0febeb5af8 --- /dev/null +++ b/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 @@ -0,0 +1,237 @@ +BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert +} +Describe "Integration Testing" { + + Context "Scen1: Creating Applications and attaching secrets to that newly created application"{ + It "Creating New Application"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $global:testAppName = 'SimpleTestApp' + $thisTestInstanceId + $global:newApp = New-EntraBetaApplication -DisplayName $testAppName + $newApp.DisplayName | Should -Be $testAppName + } + It "Attaching a Secret to the Application"{ + $global:Result = New-EntraBetaApplicationPasswordCredential -ObjectId $newApp.Id -CustomKeyIdentifier "MySecret" + } + It "Verification of Application Creation"{ + $global:application = Get-EntraBetaApplication -ObjectId $newApp.Id + $application.DisplayName | Should -Be $testAppName + } + It "Verification of Attached Secret"{ + $application.PasswordCredentials.KeyId | Should -be $Result.KeyId + } + } + Context "Scen3: Create Service Principal to the newly created application"{ + It "Creation of the Service Principal"{ + $global:newServicePrincipal = New-EntraBetaServicePrincipal -AppId $newApp.AppId + $newServicePrincipal.AppId | Should -Be $application.AppId + } + } + Context "Scen2: Create Gallery application and setup PreferredSingleSignOn Mode to the application"{ + It "Setting PreferredSingleSignOn Mode to the application"{ + Set-EntraBetaServicePrincipal -ObjectId $newServicePrincipal.ObjectId -PreferredSingleSignOnMode 'password' + } + It "Verification of ServicePricipal Creation and Updated PreferredSingleSignOn"{ + $global:servicePrincipal= Get-EntraBetaServicePrincipal -ObjectId $newServicePrincipal.ObjectId + $servicePrincipal.DisplayName | Should -Be $testAppName + $servicePrincipal.PreferredSingleSignOnMode | Should -Be 'password' + } + } + Context "Scen4: Configure App ID URI and Redirect URIs on the newly created application"{ + It "Configuring the App ID URI and Redirect URI"{ + Set-EntraBetaApplication -ObjectId $newApp.Id -IdentifierUris @("IdM365x992972766.onmicrosoft.com") -Web @{RedirectUris = 'https://contoso.com'} + } + It "Verifying the App ID URI configuration and Redirect URI"{ + $updatedApp = Get-EntraBetaApplication -ObjectId $newApp.Id | ConvertTo-json | ConvertFrom-json + $updatedApp.IdentifierUris | Should -Be "IdM365x992972766.onmicrosoft.com" + $updatedApp.Web.RedirectUris | Should -Be "https://contoso.com" + } + } + Context "Scen5: Create AppRoles to the Application"{ + It "Create Approles"{ + $types = @() + $types += 'Application' + $approle = New-Object Microsoft.Open.MSGraph.Model.AppRole + $approle.AllowedMemberTypes = $types + $approle.Description = 'msiam_access' + $approle.DisplayName = 'msiam_access' + $approle.Id = '643985ce-3eaf-4a67-9550-ecca25cb6814' + $approle.Value = 'Application' + $approle.IsEnabled = $true + + # Assign approles to existing applictaion + $global:AppUpdate = Set-EntraBetaApplication -ObjectId $newApp.Id -AppRoles $approle + } + It "Verification of created Approles"{ + $global:updatedApp = Get-EntraBetaApplication -ObjectId $newApp.Id + $updatedApp.AppRoles.DisplayName | Should -Be 'msiam_access' + $updatedApp.AppRoles.Id | Should -Be '643985ce-3eaf-4a67-9550-ecca25cb6814' + $updatedApp.AppRoles.Value | Should -Be 'Application' + } + } + Context "Scen6: Assign user and groups to the newly created Service Principal and set right AppRole to it"{ + It "Assigning users to the Service Principal and setting the correct AppRole for the Service Principal"{ + $global:existUser = Get-EntraBetaUser -Top 1 + Add-EntraBetaServicePrincipalOwner -ObjectId $servicePrincipal.Id -RefObjectId $existUser.Id + + $global:AppRoletoServicePrincipal = New-EntraBetaServiceAppRoleAssignment -ObjectId $servicePrincipal.Id -ResourceId $servicePrincipal.Id -Id $updatedApp.AppRoles.Id -PrincipalId $existUser.ObjectId + } + It "Verification of assigned group to service principal"{ + $PrincipalOwners= Get-EntraBetaServicePrincipalOwner -ObjectId $servicePrincipal.Id + $PrincipalOwners.Id | Should -Contain $existUser.Id + + $RoleAssignment = Get-EntraBetaServiceAppRoleAssignment -ObjectId $servicePrincipal.Id + $RoleAssignment.AppRoleId | Should -Be $AppRoletoServicePrincipal.AppRoleId + } + } + Context "Scen7: Create a new user and add that user to an existing group"{ + It "Creating the user"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $user = 'SimpleTestUserss' + $thisTestInstanceId + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser = New-EntraBetaUser -AccountEnabled $true -DisplayName $user -PasswordProfile $PasswordProfile -MailNickName $user -UserPrincipalName "$user@M365x99297270.OnMicrosoft.com" + } + It "Adding the user to an existing group"{ + $global:ExistGroup = Get-EntraBetaGroup -top 1 + Add-EntraBetaGroupMember -ObjectId $ExistGroup.ObjectId -RefObjectId $NewUser.ObjectId + } + It "Verification of new user's addition to the existing group"{ + $GetMemb = Get-EntraBetaGroupMember -ObjectId $ExistGroup.ObjectId + $GetMemb.Id | Should -Contain $NewUser.Id + } + } + Context "Scen8:Create a new group and add existing user to that group"{ + It "Creating a new Group"{ + $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId + $global:NewGroup = New-EntraBetaGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" + } + It "Adding existing user to new group"{ + $User = Get-EntraBetaUser -top 1 + Add-EntraBetaGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $User.ObjectId + } + It "Verification of exixting user's addition to the new group"{ + $User = Get-EntraBetaUser -top 1 + $GetMember = Get-EntraBetaGroupMember -ObjectId $NewGroup.ObjectId + $GetMember.Id | Should -Contain $User.Id + } + } + Context "Scen9: Create a new user and create a new group and add that new user to the new group"{ + It "Creating a new user and group"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $testUserName = 'SimpleTestUsers' + $thisTestInstanceId + # Create new User + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser1 = New-EntraBetaUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" + + $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId + $global:NewGroup1 = New-EntraBetaGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" + } + It "Adding New User to New group"{ + Add-EntraBetaGroupMember -ObjectId $NewGroup1.ObjectId -RefObjectId $NewUser1.ObjectId + } + } + Context "Scen10: Create a new user and add the user to the newly created group and check that user is Member of the group"{ + It "Creating a new user and group"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $testUserName = 'SimpleTestUsers' + $thisTestInstanceId + # Create new User + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser2 = New-EntraBetaUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" + + $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId + $global:NewGroup2 = New-EntraBetaGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" + } + It "Adding New User to New group"{ + Add-EntraBetaGroupMember -ObjectId $NewGroup2.ObjectId -RefObjectId $NewUser2.ObjectId + } + It "Verification of User is Member of the group"{ + $GetMember = Get-EntraBetaUserMembership -ObjectId $NewUser2.Id + $GetMember.Id | Should -Contain $NewGroup2.Id + } + } + Context "Scen11: Create a new user and assign that user to the existing Service Principal"{ + It "Creating a new user and assign that user to the existing Service Principal"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $Tuser = 'SimpleTestUsers' + $thisTestInstanceId + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser3 = New-EntraBetaUser -AccountEnabled $true -DisplayName $Tuser -PasswordProfile $PasswordProfile -MailNickName $Tuser -UserPrincipalName "$Tuser@M365x99297270.OnMicrosoft.com" + Add-EntraBetaServicePrincipalOwner -ObjectId $servicePrincipal.Id -RefObjectId $NewUser3.Id + } + It "Verfication of assigned User"{ + $GetOwner = Get-EntraBetaServicePrincipalOwner -ObjectId $servicePrincipal.Id + $GetOwner.Id | Should -Contain $NewUser3.Id + } + } + # Context "Scen12: Create a new conditional access policy and attach that policy to the Service Principal"{ + # It "Creating a new conditional access policy and attach that policy to the Service Principal"{ + # $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + # $testpolicyName = 'Simplepolicy' + $thisTestInstanceId + + # $Condition = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet + # $Condition.clientAppTypes = @("mobileAppsAndDesktopClients","browser") + # $Condition.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition + # $Condition.Applications.IncludeApplications = $NewServicePrincipal.AppId + # $Condition.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition + # $Condition.Users.IncludeUsers = "all" + + # $Controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls + # $Controls._Operator = "AND" + # $Controls.BuiltInControls = @("mfa") + + # $SessionControls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessSessionControls + # $ApplicationEnforcedRestrictions = New-Object Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationEnforcedRestrictions + # $ApplicationEnforcedRestrictions.IsEnabled = $true + # $SessionControls.applicationEnforcedRestrictions = $ApplicationEnforcedRestrictions + + # $global:NewConditionalAccessPolicy = New-EntraBetaConditionalAccessPolicy -DisplayName $testpolicyName -State enabled -Conditions $Condition -GrantControls $Controls -SessionControls $SessionControls + # } + # It "Verification of attached policy"{ + # $result = Get-EntraBetaConditionalAccessPolicy -policyid $NewConditionalAccessPolicy.Id + # $result.Conditions.Applications.IncludeApplications | should -Be $NewServicePrincipal.AppId + # } + # } + Context "Scen13: Create new claims issuance policy and attach that to the Service Principal"{ + It "Creating policy"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $testpolicyName = 'Simplepolicy' + $thisTestInstanceId + $global:NewPolicy = New-EntraBetaPolicy -Definition @('{ "definition": [ "{\"ClaimsMappingPolicy\":{\"Version\":1,\"IncludeBasicClaimSet\":\"true\",\"ClaimsSchema\":[{\"Source\":\"user\",\"ID\":\"userPrincipalName\",\"SAMLClaimType\":\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\"JwtClaimType\":\"upn\"},{\"Source\":\"user\",\"ID\":\"displayName\",\"SAMLClaimType\":\"http://schemas.microsoft.com/identity/claims/displayname\",\"JwtClaimType\":\"name\"}]}}" ], "displayName": "Custom Claims Issuance Policy", "isOrganizationDefault": false }') -DisplayName $testpolicyName -Type "claimsMappingPolicies" -IsOrganizationDefault $false + } + It "Attaching Policy to service principal"{ + Add-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id -RefObjectId $NewPolicy.Id + } + It "Verification of added policy to service principal"{ + $result = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id + $result.Id | should -Contain $NewPolicy.Id + } + } + Context "Scene14: Remove the policy attached to the existing Service Principal"{ + It "Removing the policy attached"{ + Remove-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id -PolicyId $NewPolicy.Id + $retrivePolicy = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id + $retrivePolicy.Id | should -Not -Contain $NewPolicy.Id + } + } + + AfterAll { + foreach ($app in (Get-EntraBetaApplication -SearchString "SimpleTestApp")) { + Remove-EntraBetaApplication -ObjectId $app.Id | Out-Null + } + foreach ($user in (Get-EntraBetaUser -SearchString "SimpleTestUsers")) { + Remove-EntraBetaUser -ObjectId $user.Id | Out-Null + } + foreach ($group in (Get-EntraBetaGroup -SearchString "SimpleTestGroup")) { + Remove-EntraBetaGroup -ObjectId $group.Id | Out-Null + } + # Remove-EntraBetaConditionalAccessPolicy -PolicyId $NewConditionalAccessPolicy.Id + Remove-EntraBetaPolicy -Id $NewPolicy.Id + } +} diff --git a/test/module/EntraBeta/Integration/Scenario2.Tests.ps1 b/test/module/EntraBeta/Integration/Scenario2.Tests.ps1 new file mode 100644 index 0000000000..8383bfb241 --- /dev/null +++ b/test/module/EntraBeta/Integration/Scenario2.Tests.ps1 @@ -0,0 +1,92 @@ +BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert +} +Describe "Integration Testing" { + + Context "Scen1: Assign Entra roles including assign roles with different scopes"{ + It "Get user and role"{ + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $testUserName = 'SimpleTestUsers' + $thisTestInstanceId + # Create new User + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser = New-EntraBetaUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" + + $global:role = Get-EntraBetaDirectoryRole | Where-Object {$_.DisplayName -eq "Application Administrator"} + } + It "Assign Entra roles"{ + $scope = "/" + # Assign the role to the user with the defined scope + $params = @{ + RoleDefinitionId = $role.Id + PrincipalId = $NewUser.Id + DirectoryScopeId = $scope + } + $global:newRole=New-EntraBetaRoleAssignment @params + } + It "Verification of assigned role Creation"{ + $global:assignedRole = Get-EntraBetaRoleAssignment -Filter "PrincipalId eq '$($NewUser.Id)'" + $assignedRole.Id | Should -Be $newRole.Id + } + } + Context "Create custom roles"{ + It "Creating custom roles"{ + $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission + $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") + $params = @{ + RolePermissions = $RolePermissions + IsEnabled = $false + DisplayName = 'SimpleTestRoleDefinition' + ResourceScopes = '/' + } + $global:customRole=New-EntraBetaRoleDefinition @params + } + It "Verification of custom role created"{ + $global:getRole = Get-EntraBetaRoleDefinition -Filter "DisplayName eq 'SimpleTestRoleDefinition'" + $getRole.Id | Should -Contain $customRole.Id + } + } + Context "Add or deactivate custom security attribute definitions in Microsoft Entra ID"{ + It "Adding custom security attribute definitions"{ + $thisTestInstanceId = Get-Random -Minimum 10000 -Maximum 100000 + $testName = 'TestDefinition' + $thisTestInstanceId + $AttributeSet = Get-EntraBetaAttributeSet -Id 'Testing' + $params = @{ + Name = $testName + Description = 'Target completion' + Type = 'String' + Status = 'Available' + AttributeSet = $AttributeSet.Id + IsCollection = $False + IsSearchable = $True + UsePreDefinedValuesOnly = $True + } + $global:Definition = New-EntraBetaCustomSecurityAttributeDefinition @params + } + It "Deactivate custom security attribute definition"{ + $params = @{ + Id = $Definition.Id + Description = 'Target completion' + Status = 'Deprecated' + } + Set-EntraBetaCustomSecurityAttributeDefinition @params + } + It "Verification of deactivation of custom security attribute definition"{ + $global:getDefinition = Get-EntraBetaCustomSecurityAttributeDefinition -Id $Definition.Id + $getDefinition.Status | Should -Be 'Deprecated' + } + } + AfterAll { + Remove-EntraBetaRoleAssignment -Id $assignedRole.Id + foreach ($user in (Get-EntraBetaUser -SearchString "SimpleTestUsers")) { + Remove-EntraBetaUser -ObjectId $user.Id | Out-Null + } + Remove-EntraBetaRoleDefinition -Id $getRole.Id + + } +} diff --git a/test/module/EntraBeta/Integration/setenv.ps1 b/test/module/EntraBeta/Integration/setenv.ps1 new file mode 100644 index 0000000000..f29697816a --- /dev/null +++ b/test/module/EntraBeta/Integration/setenv.ps1 @@ -0,0 +1,3 @@ +$env:TEST_APPID = "8886ad7b-1795-4542-9808-c85859d97f23" +$env:TEST_TENANTID = "d5aec55f-2d12-4442-8d2f-ccca95d4390e" +$env:CERTIFICATETHUMBPRINT = "305D4F33E153980E2451F6E068426FC2BCAF683E" From 263e935999e01d5b35b87a678f5fc9eb50fd009d Mon Sep 17 00:00:00 2001 From: Ashwini Karke Date: Fri, 30 Aug 2024 16:22:32 +0530 Subject: [PATCH 09/20] added Integration test cases --- .../Integration/Add-EntraGroupOwner.Tests.ps1 | 66 +++++++++++ ...ntraApplicationExtensionProperty.Tests.ps1 | 59 ++++++++++ .../EntraGroupAppRoleAssignment.Tests.ps1 | 109 ++++++++++++++++++ .../EntraLifecyclePolicyGroup.Tests.ps1 | 91 +++++++++++++++ .../Entra/Integration/Scenario1.Tests.ps1 | 9 +- .../EntraBeta/Integration/Scenario1.Tests.ps1 | 9 +- 6 files changed, 339 insertions(+), 4 deletions(-) create mode 100644 test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 create mode 100644 test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 create mode 100644 test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 create mode 100644 test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 diff --git a/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 b/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 new file mode 100644 index 0000000000..daec4c7fe3 --- /dev/null +++ b/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 @@ -0,0 +1,66 @@ +Describe "The Add-EntraGroupOwner command executing unmocked" { + + Context "When getting user and group" { + BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-MgGraph -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $testName = 'SimpleTests' + $thisTestInstanceId + $testName1 = 'SimpleTests1' + $thisTestInstanceId + + #create test user + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:newUser = New-EntraUser -AccountEnabled $true -DisplayName $testName -PasswordProfile $PasswordProfile -MailNickName $testName -UserPrincipalName $testName"@M365x99297270.OnMicrosoft.com" + + #create test user + $PasswordProfile1 = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile1.Password = "Pass@1234" + $global:newUser1 = New-EntraUser -AccountEnabled $true -DisplayName $testName1 -PasswordProfile $PasswordProfile1 -MailNickName $testName1 -UserPrincipalName $testName1"@M365x99297270.OnMicrosoft.com" + + #create test group + $global:newGroup = New-EntraGroup -DisplayName $testName -MailEnabled $false -SecurityEnabled $true -MailNickName $testName + } + + It "should update the properties of user and group" { + $updatedDisplayName = "SimpleTestsUpdated" + Set-EntraGroup -Id $newGroup.Id -DisplayName $updatedDisplayName + + $result = Get-EntraGroup -ObjectId $newGroup.Id + $result.Id | Should -Contain $newGroup.Id + $result.DisplayName | Should -Contain $updatedDisplayName + + $updatedDisplayNameInCreatedUser = 'SimpleTests1AnotherTestUser' + Set-EntraUser -ObjectId $newUser.Id -Displayname $updatedDisplayNameInCreatedUser + + $updatedUser = Get-EntraUser -ObjectId $newUser.Id + $updatedUser.Id | Should -Be $newUser.Id + $updatedUser.DisplayName | Should -Be $updatedDisplayNameInCreatedUser + + $user1 = Get-EntraUser -ObjectId $newUser1.Id + $user1.Id | Should -Be $newUser1.Id + $user1.DisplayName | Should -Be $testName1 + } + It "Should successfully Adds an owner to a group" { + Add-EntraGroupOwner -ObjectId $newGroup.Id -RefObjectId $newUser.Id + $result = Get-EntraGroupOwner -ObjectId $newGroup.Id + $result.Id | Should -Contain $newUser.Id + + Add-EntraGroupOwner -ObjectId $newGroup.Id -RefObjectId $newUser1.Id + $result1 = Get-EntraGroupOwner -ObjectId $newGroup.Id + $result1.Id | Should -Contain $newUser1.Id + } + + AfterAll { + Remove-EntraGroupOwner -ObjectId $newGroup.Id -OwnerId $newUser.Id + Remove-EntraUser -ObjectId $newUser.Id + Remove-EntraGroup -ObjectId $newGroup.Id + Remove-EntraUser -ObjectId $newUser1.Id + } + } +} \ No newline at end of file diff --git a/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 b/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 new file mode 100644 index 0000000000..cc0d4e5e77 --- /dev/null +++ b/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 @@ -0,0 +1,59 @@ +Describe "The EntraApplicationExtensionProperty command executing unmocked" { + + Context "When getting ApplicationExtensionProperty" { + BeforeAll { + $testReportPath = Join-Path $PSScriptRoot "\setenv.ps1" + Import-Module -Name $testReportPath + + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + + if (-not $appId -or -not $tenantId -or -not $cert) { + throw "Required environment variables are not set." + } + + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $testApplicationName = 'Test Demo Name' + $thisTestInstanceId + $global:newMSApplication = New-EntraApplication -DisplayName $testApplicationName + } + + It "should successfully get an application by display name" { + $application = Get-EntraApplication -Filter "DisplayName eq '$($newMSApplication.DisplayName)'" + $application.ObjectId | Should -Be $newMSApplication.Id + $application.AppId | Should -Be $newMSApplication.AppId + $application.DisplayName | Should -Be $newMSApplication.DisplayName + } + + It "should successfully update a application display name" { + $updatedDisplayName = "Update Application Name" + Set-EntraApplication -ObjectId $newMSApplication.ObjectId -DisplayName $updatedDisplayName + $result = Get-EntraApplication -Filter "AppId eq '$($newMSApplication.AppId)'" + $result.ObjectId | Should -Be $newMSApplication.Id + $result.AppId | Should -Be $newMSApplication.AppId + $result.DisplayName | Should -Be "Update Application Name" + } + + It "should successfully create application extension property" { + $global:newMSApplicationExtensionProperty = New-EntraApplicationExtensionProperty -ObjectId $newMSApplication.Id -DataType "string" -Name "NewAttribute" -TargetObjects "Application" + } + + It "should successfully get application extension property" { + $applicationExtensionProperty = Get-EntraApplicationExtensionProperty -ObjectId $newMSApplication.Id + $applicationExtensionProperty.ObjectId | Should -Be $newMSApplicationExtensionProperty.Id + $applicationExtensionProperty.Name | Should -Be $newMSApplicationExtensionProperty.Name + + } + + AfterAll { + if ($newMSApplicationExtensionProperty) { + Remove-EntraApplicationExtensionProperty -ObjectId $newMSApplication.Id -ExtensionPropertyId $newMSApplicationExtensionProperty.Id | Out-Null + } + if ($newMSApplication) { + Remove-EntraApplication -ObjectId $newMSApplication.Id | Out-Null + } + } + } +} diff --git a/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 b/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 new file mode 100644 index 0000000000..4d3445539b --- /dev/null +++ b/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 @@ -0,0 +1,109 @@ +Describe "The EntraGroupAppRoleAssignment command executing unmocked" { + + Context "When getting GroupAppRoleAssignment" { + BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $global:displayName = 'DemoName' + $thisTestInstanceId + + $global:newGroup = New-EntraGroup -DisplayName $displayName -MailEnabled $false -SecurityEnabled $true -MailNickName $displayName + } + + It "should successfully get a specific group by using an Id" { + $group = Get-EntraGroup -ObjectId $newGroup.Id + $group.Id | Should -Be $newGroup.Id + $group.DisplayName | Should -Be $displayName + } + + It "should successfully update a group display name" { + $global:updatedDisplayName = "Demo Name 2" + Set-EntraGroup -Id $newGroup.Id -DisplayName $updatedDisplayName + $result = Get-EntraGroup -ObjectId $newGroup.Id + $result.Id | Should -Contain $newGroup.Id + } + + It "should successfully create application" { + $types = @() + $types += 'User' + $approle = New-Object Microsoft.Open.MSGraph.Model.AppRole + $approle.AllowedMemberTypes = $types + $approle.Description = 'msiam_access' + $approle.DisplayName = 'msiam_access' + $approle.Id = '643985ce-3eaf-4a67-9550-ecca25cb6814' + $approle.Value = 'Application' + $approle.IsEnabled = $true + $applicationDisplayName = "Demo new application" + $global:createdApplication = New-EntraApplication -DisplayName $applicationDisplayName -AppRoles $approle + $createdApplication.DisplayName | Should -Be $applicationDisplayName + } + + It "should successfully get application" { + $global:getCreatedApplication = Get-EntraApplication -ObjectId $createdApplication.Id + $getCreatedApplication.DisplayName | Should -Be $createdApplication.DisplayName + $getCreatedApplication.Id | Should -Be $createdApplication.Id + $getCreatedApplication.AppId | Should -Be $createdApplication.AppId + } + + It "should successfully update application display name" { + $global:updateApplicationDisplayName = "Update demo application" + Set-EntraApplication -ObjectId $getCreatedApplication.Id -DisplayName $updateApplicationDisplayName + + $global:getUpdatedCreatedApplication = Get-EntraApplication -ObjectId $getCreatedApplication.Id + $getUpdatedCreatedApplication.DisplayName | Should -Be $updateApplicationDisplayName + $getUpdatedCreatedApplication.Id | Should -Be $getCreatedApplication.Id + $getUpdatedCreatedApplication.AppId | Should -Be $getCreatedApplication.AppId + } + + It "should successfully create and get service principal" { + $global:MyApp = Get-EntraApplication -Filter "DisplayName eq '$($getUpdatedCreatedApplication.DisplayName)'" + + New-EntraServicePrincipal -AccountEnabled $true -AppId $MyApp.AppId -AppRoleAssignmentRequired $true -DisplayName $MyApp.DisplayName -Tags {"WindowsAzureActiveDirectoryIntegratedApp"} + $global:createdServicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '$($MyApp.DisplayName)'" + $createdServicePrincipal.AppId | Should -Be $MyApp.AppId + $createdServicePrincipal.DisplayName | Should -Be $MyApp.DisplayName + } + + It "should successfully update the account of a service principal" { + Set-EntraServicePrincipal -ObjectId $createdServicePrincipal.Id -AccountEnabled $False + $disableServicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '$($MyApp.DisplayName)'" + $disableServicePrincipal.AppId | Should -Be $MyApp.AppId + $disableServicePrincipal.DisplayName | Should -Be $MyApp.DisplayName + + Set-EntraServicePrincipal -ObjectId $createdServicePrincipal.Id -AccountEnabled $True + $global:updatedServicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '$($MyApp.DisplayName)'" + $updatedServicePrincipal.AppId | Should -Be $MyApp.AppId + $updatedServicePrincipal.DisplayName | Should -Be $MyApp.DisplayName + } + + It "should successfully assign a group of users to an application" { + New-EntraGroupAppRoleAssignment -ObjectId $newGroup.ObjectId -PrincipalId $newGroup.ObjectId -ResourceId $updatedServicePrincipal.ObjectId -Id $updatedServicePrincipal.Approles[0].id + } + + It "should successfully retrieve application role assignments of a group" { + $global:getGroupAppRoleAssignment = Get-EntraGroupAppRoleAssignment -ObjectId $newGroup.Id + $getGroupAppRoleAssignment.ResourceDisplayName | Should -Be $createdServicePrincipal.DisplayName + $getGroupAppRoleAssignment.PrincipalDisplayName | Should -Be $updatedDisplayName + } + + AfterAll { + if ( $getGroupAppRoleAssignment) { + Remove-EntraGroupAppRoleAssignment -ObjectId $newGroup.Id -AppRoleAssignmentId $getGroupAppRoleAssignment.Id | Out-Null + } + if ( $updatedServicePrincipal) { + Remove-EntraServicePrincipal -ObjectId $updatedServicePrincipal.Id | Out-Null + } + if ( $getUpdatedCreatedApplication) { + Remove-EntraApplication -ObjectId $getUpdatedCreatedApplication.Id | Out-Null + } + if ($newGroup) { + Remove-EntraGroup -ObjectId $newGroup.Id | Out-Null + } + } + } +} \ No newline at end of file diff --git a/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 b/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 new file mode 100644 index 0000000000..d400d3ef2a --- /dev/null +++ b/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 @@ -0,0 +1,91 @@ +Describe "The EntraLifecyclePolicyGroup command executing unmocked" { + + Context "When getting LifecyclePolicyGroup" { + BeforeAll { + $testReportPath = Join-Path $PSScriptRoot "\setenv.ps1" + Import-Module -Name $testReportPath + + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + + if (-not $appId -or -not $tenantId -or -not $cert) { + throw "Required environment variables are not set." + } + + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + $thisTestInstanceId = New-Guid | Select-Object -ExpandProperty Guid + $global:displayName = 'Demo Help Group' + $thisTestInstanceId + $testNickname = "test" + $thisTestInstanceId + $global:newMSGroup = New-EntraGroup -DisplayName $displayName -MailEnabled $false -MailNickname $testNickname -SecurityEnabled $true -GroupTypes "unified" + Start-Sleep -Seconds 10 + } + + It "should successfully get a specific group by using an group Id" { + $group = Get-EntraGroup -ObjectId $newMSGroup.Id + $group.ObjectId | Should -Be $newMSGroup.Id + $group.DisplayName | Should -Be $displayName + } + + It "should successfully update a group display name" { + $updatedDisplayName = "Update Help Group Name" + Set-EntraGroup -Id $newMSGroup.Id -DisplayName $updatedDisplayName + $result = Get-EntraGroup -ObjectId $newMSGroup.Id + $result.Id | Should -Contain $newMSGroup.Id + } + + It "should successfully Create a lifecycle policy" { + try { + $existingPolicy = Get-EntraGroupLifecyclePolicy + Remove-EntraGroupLifecyclePolicy -Id $existingPolicy.Id + } + catch {} + $global:testGroupPolicy = New-EntraGroupLifecyclePolicy -GroupLifetimeInDays 99 -ManagedGroupTypes "Selected" -AlternateNotificationEmails "example@contoso.un" + } + + It "should successfully retrieve properties of an groupLifecyclePolicy" { + $groupLifecyclePolicy = Get-EntraGroupLifecyclePolicy -Id $testGroupPolicy.Id + + $groupLifecyclePolicy.Id | Should -Be $testGroupPolicy.Id + $groupLifecyclePolicy.GroupLifetimeInDays | Should -Be 99 + $groupLifecyclePolicy.ManagedGroupTypes | Should -Contain "Selected" + $groupLifecyclePolicy.AlternateNotificationEmails | Should -Contain "example@contoso.un" + } + + It "should successfully update groupLifecyclePolicy" { + $alternateNotificationEmails = "admingroup@contoso.en" + $global:updatedGroupLifecyclePolicy = Set-EntraGroupLifecyclePolicy -Id $testGroupPolicy.Id -GroupLifetimeInDays 200 -AlternateNotificationEmails $alternateNotificationEmails -ManagedGroupTypes "Selected" + + $updatedGroupLifecyclePolicy.Id | Should -Be $testGroupPolicy.Id + $updatedGroupLifecyclePolicy.GroupLifetimeInDays | Should -Be 200 + $updatedGroupLifecyclePolicy.ManagedGroupTypes | Should -Contain "Selected" + $updatedGroupLifecyclePolicy.AlternateNotificationEmails | Should -Contain $alternateNotificationEmails + } + + It "should successfully associate the group with the lifecycle policy" { + $testLifePolicyGroup = Add-EntraLifecyclePolicyGroup -Id $testGroupPolicy.Id -GroupId $newMSGroup.Id + $testLifePolicyGroup.ObjectId | Should -BeNullOrEmpty + } + + It "should successfully retrieve details of a LifecyclePolicyGroup" { + $global:lifecyclePolicyGroup = Get-EntraLifecyclePolicyGroup -Id $newMSGroup.Id + $lifecyclePolicyGroup.ObjectId | Should -Be $testGroupPolicy.Id + $lifecyclePolicyGroup.GroupLifetimeInDays | Should -Be 200 + $lifecyclePolicyGroup.ManagedGroupTypes | Should -Contain "Selected" + $lifecyclePolicyGroup.AlternateNotificationEmails | Should -Contain $updatedGroupLifecyclePolicy.AlternateNotificationEmails + } + + AfterAll { + if ($lifecyclePolicyGroup) { + Remove-EntraLifecyclePolicyGroup -Id $lifecyclePolicyGroup.Id -GroupId $newMSGroup.Id | Out-Null + } + if ($updatedGroupLifecyclePolicy) { + Remove-EntraGroupLifecyclePolicy -Id $updatedGroupLifecyclePolicy.Id | Out-Null + } + if ($newMSGroup) { + Remove-EntraGroup -ObjectId $newMSGroup.Id | Out-Null + } + } + } +} diff --git a/test/module/Entra/Integration/Scenario1.Tests.ps1 b/test/module/Entra/Integration/Scenario1.Tests.ps1 index f74fc28c0f..5c10ad9613 100644 --- a/test/module/Entra/Integration/Scenario1.Tests.ps1 +++ b/test/module/Entra/Integration/Scenario1.Tests.ps1 @@ -113,8 +113,8 @@ Describe "Integration Testing" { $global:NewGroup = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" } It "Adding existing user to new group"{ - $User = Get-EntraUser -top 1 - Add-EntraGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $User.ObjectId + $ExistUser = Get-EntraUser -top 1 + Add-EntraGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $ExistUser.ObjectId } It "Verification of exixting user's addition to the new group"{ $User = Get-EntraUser -top 1 @@ -223,6 +223,11 @@ Describe "Integration Testing" { } AfterAll { + Remove-EntraGroupMember -ObjectId $ExistGroup.ObjectId -MemberId $NewUser.ObjectId + Remove-EntraGroupMember -ObjectId $NewGroup.ObjectId -MemberId $ExistUser.ObjectId + Remove-EntraGroupMember -ObjectId $NewGroup1.ObjectId -MemberId $NewUser1.ObjectId + Remove-EntraGroupMember -ObjectId $NewGroup2.ObjectId -MemberId $NewUser2.ObjectId + foreach ($app in (Get-EntraApplication -SearchString "SimpleTestApp")) { Remove-EntraApplication -ObjectId $app.Id | Out-Null } diff --git a/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 b/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 index 0febeb5af8..c516ae78b9 100644 --- a/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 +++ b/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 @@ -112,8 +112,8 @@ Describe "Integration Testing" { $global:NewGroup = New-EntraBetaGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" } It "Adding existing user to new group"{ - $User = Get-EntraBetaUser -top 1 - Add-EntraBetaGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $User.ObjectId + $ExistUser = Get-EntraBetaUser -top 1 + Add-EntraBetaGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $ExistUser.ObjectId } It "Verification of exixting user's addition to the new group"{ $User = Get-EntraBetaUser -top 1 @@ -222,6 +222,11 @@ Describe "Integration Testing" { } AfterAll { + Remove-EntraBetaGroupMember -ObjectId $ExistGroup.ObjectId -MemberId $NewUser.ObjectId + Remove-EntraBetaGroupMember -ObjectId $NewGroup.ObjectId -MemberId $ExistUser.ObjectId + Remove-EntraBetaGroupMember -ObjectId $NewGroup1.ObjectId -MemberId $NewUser1.ObjectId + Remove-EntraBetaGroupMember -ObjectId $NewGroup2.ObjectId -MemberId $NewUser2.ObjectId + foreach ($app in (Get-EntraBetaApplication -SearchString "SimpleTestApp")) { Remove-EntraBetaApplication -ObjectId $app.Id | Out-Null } From 4aeec5d4fc678f89753eea6102400ceede6793f3 Mon Sep 17 00:00:00 2001 From: Ashwini Karke Date: Tue, 3 Sep 2024 12:27:19 +0530 Subject: [PATCH 10/20] added EntraBetaObjectSetting --- .../EntraBetaObjectSetting.Tests.ps1 | 50 +++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 diff --git a/test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 b/test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 new file mode 100644 index 0000000000..5aa7f1ce2e --- /dev/null +++ b/test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 @@ -0,0 +1,50 @@ +Describe "The EntraBetaObjectSetting commands executing unmocked" { + + Context "When Changing group settings" { + BeforeAll { + $testReportPath = join-path $psscriptroot "\setenv.ps1" + Import-Module -Name $testReportPath + $appId = $env:TEST_APPID + $tenantId = $env:TEST_TENANTID + $cert = $env:CERTIFICATETHUMBPRINT + Connect-MgGraph -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + + $thisTestInstanceId = New-Guid | select -expandproperty guid + $testGroupName = 'SimpleTestAppRead' + $testGroupName + $global:testGroup = New-EntraBetaGroup -DisplayName $testGroupName -MailEnabled $false -SecurityEnabled $true -MailNickName $testGroupName -Description $testGroupName + } + + It "Should successfully block guest access" { + $template = Get-EntraBetaDirectorySettingTemplate | ? {$_.displayname -eq "group.unified.guest"} + $settingsCopy = $template.CreateDirectorySetting() + $settingsCopy["AllowToAddGuests"]=$False + + $groupID= (Get-EntraBetaGroup -ObjectId $testGroup.Id).ObjectId + $global:newObjectSetting = New-EntraBetaObjectSetting -TargetType Groups -TargetObjectId $groupID -DirectorySetting $settingsCopy + + $ObjectSettings = Get-EntraBetaObjectSetting -TargetType Groups -TargetObjectId $testGroup.Id + $ObjectSettings.values.value | Should -be 'False' + } + + It "Should successfully allow guest access" { + $template = Get-EntraBetaDirectorySettingTemplate | ? {$_.displayname -eq "group.unified.guest"} + $settingsCopy = $template.CreateDirectorySetting() + $settingsCopy["AllowToAddGuests"]=$True + + $groupID= (Get-EntraBetaGroup -ObjectId $testGroup.Id).ObjectId + Set-EntraBetaObjectSetting -TargetType Groups -TargetObjectId $groupID -DirectorySetting $settingsCopy -Id $newObjectSetting.Id + + $ObjectSettings = Get-EntraBetaObjectSetting -TargetType Groups -TargetObjectId $testGroup.Id + $ObjectSettings.values.value | Should -be 'True' + } + + AfterAll { + $groupId = (Get-EntraBetaGroup -ObjectId $testGroup.Id).ObjectId + Remove-EntraBetaObjectSetting -TargetType Groups -TargetObjectId $groupId -Id $newObjectSetting.Id + $ObjectSettings = Get-EntraBetaObjectSetting -TargetType Groups -TargetObjectId $testGroup.Id + $ObjectSettings | Should -BeNullorEmpty + + Remove-EntraBetaGroup -ObjectId $groupId + } + } +} \ No newline at end of file From eb59c4e89057ec62c962747a32893de96cc299d0 Mon Sep 17 00:00:00 2001 From: "Snehal Kotwal (Perennial Systems Inc)" Date: Wed, 25 Sep 2024 12:19:19 +0530 Subject: [PATCH 11/20] updated license --- test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 | 3 +++ .../Integration/EntraApplicationExtensionProperty.Tests.ps1 | 3 +++ .../Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 | 3 +++ .../Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 | 3 +++ test/module/Entra/Integration/Scenario1.Tests.ps1 | 3 +++ test/module/Entra/Integration/Scenario2.Tests.ps1 | 3 +++ test/module/Entra/Integration/setenv.ps1 | 3 +++ .../EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 | 3 +++ test/module/EntraBeta/Integration/Scenario1.Tests.ps1 | 3 +++ test/module/EntraBeta/Integration/Scenario2.Tests.ps1 | 3 +++ test/module/EntraBeta/Integration/setenv.ps1 | 3 +++ 11 files changed, 33 insertions(+) diff --git a/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 b/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 index daec4c7fe3..1e74c2dd97 100644 --- a/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 +++ b/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ Describe "The Add-EntraGroupOwner command executing unmocked" { Context "When getting user and group" { diff --git a/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 b/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 index cc0d4e5e77..124b8a6fe2 100644 --- a/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 +++ b/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ Describe "The EntraApplicationExtensionProperty command executing unmocked" { Context "When getting ApplicationExtensionProperty" { diff --git a/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 b/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 index 4d3445539b..6e1caeb2d4 100644 --- a/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 +++ b/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ Describe "The EntraGroupAppRoleAssignment command executing unmocked" { Context "When getting GroupAppRoleAssignment" { diff --git a/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 b/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 index d400d3ef2a..b35d0cff57 100644 --- a/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 +++ b/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ Describe "The EntraLifecyclePolicyGroup command executing unmocked" { Context "When getting LifecyclePolicyGroup" { diff --git a/test/module/Entra/Integration/Scenario1.Tests.ps1 b/test/module/Entra/Integration/Scenario1.Tests.ps1 index 5c10ad9613..e0ad981cb0 100644 --- a/test/module/Entra/Integration/Scenario1.Tests.ps1 +++ b/test/module/Entra/Integration/Scenario1.Tests.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ BeforeAll { $testReportPath = join-path $psscriptroot "\setenv.ps1" Import-Module -Name $testReportPath diff --git a/test/module/Entra/Integration/Scenario2.Tests.ps1 b/test/module/Entra/Integration/Scenario2.Tests.ps1 index b79a46f242..1d1ceec692 100644 --- a/test/module/Entra/Integration/Scenario2.Tests.ps1 +++ b/test/module/Entra/Integration/Scenario2.Tests.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ BeforeAll { $testReportPath = join-path $psscriptroot "\setenv.ps1" Import-Module -Name $testReportPath diff --git a/test/module/Entra/Integration/setenv.ps1 b/test/module/Entra/Integration/setenv.ps1 index f29697816a..feeb819524 100644 --- a/test/module/Entra/Integration/setenv.ps1 +++ b/test/module/Entra/Integration/setenv.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ $env:TEST_APPID = "8886ad7b-1795-4542-9808-c85859d97f23" $env:TEST_TENANTID = "d5aec55f-2d12-4442-8d2f-ccca95d4390e" $env:CERTIFICATETHUMBPRINT = "305D4F33E153980E2451F6E068426FC2BCAF683E" diff --git a/test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 b/test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 index 5aa7f1ce2e..98f6a1688c 100644 --- a/test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 +++ b/test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ Describe "The EntraBetaObjectSetting commands executing unmocked" { Context "When Changing group settings" { diff --git a/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 b/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 index c516ae78b9..2010f5a358 100644 --- a/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 +++ b/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ BeforeAll { $testReportPath = join-path $psscriptroot "\setenv.ps1" Import-Module -Name $testReportPath diff --git a/test/module/EntraBeta/Integration/Scenario2.Tests.ps1 b/test/module/EntraBeta/Integration/Scenario2.Tests.ps1 index 8383bfb241..47b5e3ea7b 100644 --- a/test/module/EntraBeta/Integration/Scenario2.Tests.ps1 +++ b/test/module/EntraBeta/Integration/Scenario2.Tests.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ BeforeAll { $testReportPath = join-path $psscriptroot "\setenv.ps1" Import-Module -Name $testReportPath diff --git a/test/module/EntraBeta/Integration/setenv.ps1 b/test/module/EntraBeta/Integration/setenv.ps1 index f29697816a..feeb819524 100644 --- a/test/module/EntraBeta/Integration/setenv.ps1 +++ b/test/module/EntraBeta/Integration/setenv.ps1 @@ -1,3 +1,6 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ $env:TEST_APPID = "8886ad7b-1795-4542-9808-c85859d97f23" $env:TEST_TENANTID = "d5aec55f-2d12-4442-8d2f-ccca95d4390e" $env:CERTIFICATETHUMBPRINT = "305D4F33E153980E2451F6E068426FC2BCAF683E" From 4d1a1d197205e5db8a9dc3fb546fa7766097304a Mon Sep 17 00:00:00 2001 From: v-akarke <142799789+v-akarke@users.noreply.github.com> Date: Thu, 26 Sep 2024 13:16:31 +0530 Subject: [PATCH 12/20] Update test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 Co-authored-by: Kennedy Kang'ethe --- test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 b/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 index 1e74c2dd97..e0b0035df2 100644 --- a/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 +++ b/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 @@ -10,7 +10,7 @@ Describe "The Add-EntraGroupOwner command executing unmocked" { $appId = $env:TEST_APPID $tenantId = $env:TEST_TENANTID $cert = $env:CERTIFICATETHUMBPRINT - Connect-MgGraph -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid $testName = 'SimpleTests' + $thisTestInstanceId From 0f2cddda9340a8bbd005e5f7a4260211bf9ac1d4 Mon Sep 17 00:00:00 2001 From: Ashwini Karke Date: Mon, 30 Sep 2024 14:35:45 +0530 Subject: [PATCH 13/20] updated test cases --- .../Integration/Add-EntraGroupOwner.Tests.ps1 | 15 ++- ...ntraApplicationExtensionProperty.Tests.ps1 | 14 +-- .../EntraGroupAppRoleAssignment.Tests.ps1 | 6 +- .../EntraLifecyclePolicyGroup.Tests.ps1 | 14 +-- .../Entra/Integration/Scenario1.Tests.ps1 | 99 +++++++++++-------- .../Entra/Integration/Scenario2.Tests.ps1 | 12 +-- test/module/Entra/Integration/setenv.ps1 | 13 ++- 7 files changed, 84 insertions(+), 89 deletions(-) diff --git a/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 b/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 index e0b0035df2..c1f2b9d82c 100644 --- a/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 +++ b/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 @@ -6,26 +6,23 @@ Describe "The Add-EntraGroupOwner command executing unmocked" { Context "When getting user and group" { BeforeAll { $testReportPath = join-path $psscriptroot "\setenv.ps1" - Import-Module -Name $testReportPath - $appId = $env:TEST_APPID - $tenantId = $env:TEST_TENANTID - $cert = $env:CERTIFICATETHUMBPRINT - Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + . $testReportPath - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $domain = (Get-EntraTenantDetail).VerifiedDomains.Name + $thisTestInstanceId = (New-Guid).Guid.ToString() + $thisTestInstanceId = $thisTestInstanceId.Substring($thisTestInstanceId.Length - 5) $testName = 'SimpleTests' + $thisTestInstanceId $testName1 = 'SimpleTests1' + $thisTestInstanceId #create test user $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = "Pass@1234" - $global:newUser = New-EntraUser -AccountEnabled $true -DisplayName $testName -PasswordProfile $PasswordProfile -MailNickName $testName -UserPrincipalName $testName"@M365x99297270.OnMicrosoft.com" + $global:newUser = New-EntraUser -AccountEnabled $true -DisplayName $testName -PasswordProfile $PasswordProfile -MailNickName $testName -UserPrincipalName "$testName@$domain" #create test user $PasswordProfile1 = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile1.Password = "Pass@1234" - $global:newUser1 = New-EntraUser -AccountEnabled $true -DisplayName $testName1 -PasswordProfile $PasswordProfile1 -MailNickName $testName1 -UserPrincipalName $testName1"@M365x99297270.OnMicrosoft.com" - + $global:newUser1 = New-EntraUser -AccountEnabled $true -DisplayName $testName1 -PasswordProfile $PasswordProfile1 -MailNickName $testName1 -UserPrincipalName "$testName1@$domain" #create test group $global:newGroup = New-EntraGroup -DisplayName $testName -MailEnabled $false -SecurityEnabled $true -MailNickName $testName } diff --git a/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 b/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 index 124b8a6fe2..ebe9b9d6ef 100644 --- a/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 +++ b/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 @@ -5,18 +5,8 @@ Describe "The EntraApplicationExtensionProperty command executing unmocked" { Context "When getting ApplicationExtensionProperty" { BeforeAll { - $testReportPath = Join-Path $PSScriptRoot "\setenv.ps1" - Import-Module -Name $testReportPath - - $appId = $env:TEST_APPID - $tenantId = $env:TEST_TENANTID - $cert = $env:CERTIFICATETHUMBPRINT - - if (-not $appId -or -not $tenantId -or -not $cert) { - throw "Required environment variables are not set." - } - - Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + $testReportPath = join-path $psscriptroot "\setenv.ps1" + . $testReportPath $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid $testApplicationName = 'Test Demo Name' + $thisTestInstanceId diff --git a/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 b/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 index 6e1caeb2d4..a4940f37bd 100644 --- a/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 +++ b/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 @@ -6,11 +6,7 @@ Describe "The EntraGroupAppRoleAssignment command executing unmocked" { Context "When getting GroupAppRoleAssignment" { BeforeAll { $testReportPath = join-path $psscriptroot "\setenv.ps1" - Import-Module -Name $testReportPath - $appId = $env:TEST_APPID - $tenantId = $env:TEST_TENANTID - $cert = $env:CERTIFICATETHUMBPRINT - Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + . $testReportPath $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid $global:displayName = 'DemoName' + $thisTestInstanceId diff --git a/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 b/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 index b35d0cff57..b5ffbe5f3d 100644 --- a/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 +++ b/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 @@ -5,18 +5,8 @@ Describe "The EntraLifecyclePolicyGroup command executing unmocked" { Context "When getting LifecyclePolicyGroup" { BeforeAll { - $testReportPath = Join-Path $PSScriptRoot "\setenv.ps1" - Import-Module -Name $testReportPath - - $appId = $env:TEST_APPID - $tenantId = $env:TEST_TENANTID - $cert = $env:CERTIFICATETHUMBPRINT - - if (-not $appId -or -not $tenantId -or -not $cert) { - throw "Required environment variables are not set." - } - - Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + $testReportPath = join-path $psscriptroot "\setenv.ps1" + . $testReportPath $thisTestInstanceId = New-Guid | Select-Object -ExpandProperty Guid $global:displayName = 'Demo Help Group' + $thisTestInstanceId diff --git a/test/module/Entra/Integration/Scenario1.Tests.ps1 b/test/module/Entra/Integration/Scenario1.Tests.ps1 index e0ad981cb0..31cbf05b81 100644 --- a/test/module/Entra/Integration/Scenario1.Tests.ps1 +++ b/test/module/Entra/Integration/Scenario1.Tests.ps1 @@ -3,11 +3,7 @@ # ------------------------------------------------------------------------------ BeforeAll { $testReportPath = join-path $psscriptroot "\setenv.ps1" - Import-Module -Name $testReportPath - $appId = $env:TEST_APPID - $tenantId = $env:TEST_TENANTID - $cert = $env:CERTIFICATETHUMBPRINT - Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + . $testReportPath } Describe "Integration Testing" { @@ -47,11 +43,11 @@ Describe "Integration Testing" { } Context "Scen4: Configure App ID URI and Redirect URIs on the newly created application"{ It "Configuring the App ID URI and Redirect URI"{ - Set-EntraApplication -ObjectId $newApp.Id -IdentifierUris @("IdM365x992972766.onmicrosoft.com") -Web @{RedirectUris = 'https://contoso.com'} + Set-EntraApplication -ObjectId $newApp.Id -IdentifierUris @("IdentifierUri.com") -Web @{RedirectUris = 'https://contoso.com'} } It "Verifying the App ID URI configuration and Redirect URI"{ $updatedApp = Get-EntraApplication -ObjectId $newApp.Id | ConvertTo-json | ConvertFrom-json - $updatedApp.IdentifierUris | Should -Be "IdM365x992972766.onmicrosoft.com" + $updatedApp.IdentifierUris | Should -Be "IdentifierUri.com" $updatedApp.Web.RedirectUris | Should -Be "https://contoso.com" } } @@ -66,7 +62,6 @@ Describe "Integration Testing" { $approle.Id = '643985ce-3eaf-4a67-9550-ecca25cb6814' $approle.Value = 'Application' $approle.IsEnabled = $true - $approle.Origin = "Application" # Assign approles to existing applictaion $global:AppUpdate = Set-EntraApplication -ObjectId $newApp.Id -AppRoles $approle @@ -79,8 +74,17 @@ Describe "Integration Testing" { } } Context "Scen6: Assign user and groups to the newly created Service Principal and set right AppRole to it"{ + It "Creating user"{ + $domain = (Get-EntraTenantDetail).VerifiedDomains.Name + $thisTestInstanceId = (New-Guid).Guid.ToString() + $thisTestInstanceId = $thisTestInstanceId.Substring($thisTestInstanceId.Length - 5) + $user = 'SimpleTestUserss' + $thisTestInstanceId + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:existingUser = New-EntraUser -AccountEnabled $true -DisplayName $user -PasswordProfile $PasswordProfile -MailNickName $user -UserPrincipalName "$user@$domain" + } It "Assigning users to the Service Principal and setting the correct AppRole for the Service Principal"{ - $global:existUser = Get-EntraUser -Top 1 + $global:existUser = Get-EntraUser -ObjectId $existingUser.Id Add-EntraServicePrincipalOwner -ObjectId $servicePrincipal.Id -RefObjectId $existUser.Id $global:AppRoletoServicePrincipal = New-EntraServiceAppRoleAssignment -ObjectId $servicePrincipal.Id -ResourceId $servicePrincipal.Id -Id $updatedApp.AppRoles.Id -PrincipalId $existUser.ObjectId @@ -95,14 +99,20 @@ Describe "Integration Testing" { } Context "Scen7: Create a new user and add that user to an existing group"{ It "Creating the user"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $domain = (Get-EntraTenantDetail).VerifiedDomains.Name + $thisTestInstanceId = (New-Guid).Guid.ToString() + $thisTestInstanceId = $thisTestInstanceId.Substring($thisTestInstanceId.Length - 5) $user = 'SimpleTestUserss' + $thisTestInstanceId $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = "Pass@1234" - $global:NewUser = New-EntraUser -AccountEnabled $true -DisplayName $user -PasswordProfile $PasswordProfile -MailNickName $user -UserPrincipalName "$user@M365x99297270.OnMicrosoft.com" + $global:NewUser = New-EntraUser -AccountEnabled $true -DisplayName $user -PasswordProfile $PasswordProfile -MailNickName $user -UserPrincipalName "$user@$domain" + } + It "Creating a new Group"{ + $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId + $global:ExistingGroup = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" } It "Adding the user to an existing group"{ - $global:ExistGroup = Get-EntraGroup -top 1 + $global:ExistGroup = Get-EntraGroup -ObjectId $ExistingGroup.Id Add-EntraGroupMember -ObjectId $ExistGroup.ObjectId -RefObjectId $NewUser.ObjectId } It "Verification of new user's addition to the existing group"{ @@ -116,23 +126,25 @@ Describe "Integration Testing" { $global:NewGroup = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" } It "Adding existing user to new group"{ - $ExistUser = Get-EntraUser -top 1 + $ExistUser = Get-EntraUser -ObjectId $existingUser.Id Add-EntraGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $ExistUser.ObjectId } It "Verification of exixting user's addition to the new group"{ - $User = Get-EntraUser -top 1 + $User = Get-EntraUser -ObjectId $existingUser.Id $GetMember = Get-EntraGroupMember -ObjectId $NewGroup.ObjectId $GetMember.Id | Should -Contain $User.Id } } Context "Scen9: Create a new user and create a new group and add that new user to the new group"{ It "Creating a new user and group"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $domain = (Get-EntraTenantDetail).VerifiedDomains.Name + $thisTestInstanceId = (New-Guid).Guid.ToString() + $thisTestInstanceId = $thisTestInstanceId.Substring($thisTestInstanceId.Length - 5) $testUserName = 'SimpleTestUsers' + $thisTestInstanceId # Create new User $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = "Pass@1234" - $global:NewUser1 = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" + $global:NewUser1 = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@$domain" $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId $global:NewGroup1 = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" @@ -143,12 +155,14 @@ Describe "Integration Testing" { } Context "Scen10: Create a new user and add the user to the newly created group and check that user is Member of the group"{ It "Creating a new user and group"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $domain = (Get-EntraTenantDetail).VerifiedDomains.Name + $thisTestInstanceId = (New-Guid).Guid.ToString() + $thisTestInstanceId = $thisTestInstanceId.Substring($thisTestInstanceId.Length - 5) $testUserName = 'SimpleTestUsers' + $thisTestInstanceId # Create new User $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = "Pass@1234" - $global:NewUser2 = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" + $global:NewUser2 = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@$domain" $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId $global:NewGroup2 = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" @@ -163,11 +177,14 @@ Describe "Integration Testing" { } Context "Scen11: Create a new user and assign that user to the existing Service Principal"{ It "Creating a new user and assign that user to the existing Service Principal"{ + $domain = (Get-EntraTenantDetail).VerifiedDomains.Name + $thisTestInstanceId = (New-Guid).Guid.ToString() + $thisTestInstanceId = $thisTestInstanceId.Substring($thisTestInstanceId.Length - 5) $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid $Tuser = 'SimpleTestUsers' + $thisTestInstanceId $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = "Pass@1234" - $global:NewUser3 = New-EntraUser -AccountEnabled $true -DisplayName $Tuser -PasswordProfile $PasswordProfile -MailNickName $Tuser -UserPrincipalName "$Tuser@M365x99297270.OnMicrosoft.com" + $global:NewUser3 = New-EntraUser -AccountEnabled $true -DisplayName $Tuser -PasswordProfile $PasswordProfile -MailNickName $Tuser -UserPrincipalName "$Tuser@$domain" Add-EntraServicePrincipalOwner -ObjectId $servicePrincipal.Id -RefObjectId $NewUser3.Id } It "Verfication of assigned User"{ @@ -203,27 +220,27 @@ Describe "Integration Testing" { # $result.Conditions.Applications.IncludeApplications | should -Be $NewServicePrincipal.AppId # } # } - Context "Scen13: Create new claims issuance policy and attach that to the Service Principal"{ - It "Creating policy"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid - $testpolicyName = 'Simplepolicy' + $thisTestInstanceId - $global:NewPolicy = New-EntraPolicy -Definition @('{ "definition": [ "{\"ClaimsMappingPolicy\":{\"Version\":1,\"IncludeBasicClaimSet\":\"true\",\"ClaimsSchema\":[{\"Source\":\"user\",\"ID\":\"userPrincipalName\",\"SAMLClaimType\":\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\"JwtClaimType\":\"upn\"},{\"Source\":\"user\",\"ID\":\"displayName\",\"SAMLClaimType\":\"http://schemas.microsoft.com/identity/claims/displayname\",\"JwtClaimType\":\"name\"}]}}" ], "displayName": "Custom Claims Issuance Policy", "isOrganizationDefault": false }') -DisplayName $testpolicyName -Type "claimsMappingPolicies" -IsOrganizationDefault $false - } - It "Attaching Policy to service principal"{ - Add-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id -RefObjectId $NewPolicy.Id - } - It "Verification of added policy to service principal"{ - $result = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id - $result.Id | should -Contain $NewPolicy.Id - } - } - Context "Scene14: Remove the policy attached to the existing Service Principal"{ - It "Removing the policy attached"{ - Remove-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id -PolicyId $NewPolicy.Id - $retrivePolicy = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id - $retrivePolicy.Id | should -Not -Contain $NewPolicy.Id - } - } + # Context "Scen13: Create new claims issuance policy and attach that to the Service Principal"{ + # It "Creating policy"{ + # $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + # $testpolicyName = 'Simplepolicy' + $thisTestInstanceId + # $global:NewPolicy = New-EntraPolicy -Definition @('{ "definition": [ "{\"ClaimsMappingPolicy\":{\"Version\":1,\"IncludeBasicClaimSet\":\"true\",\"ClaimsSchema\":[{\"Source\":\"user\",\"ID\":\"userPrincipalName\",\"SAMLClaimType\":\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\"JwtClaimType\":\"upn\"},{\"Source\":\"user\",\"ID\":\"displayName\",\"SAMLClaimType\":\"http://schemas.microsoft.com/identity/claims/displayname\",\"JwtClaimType\":\"name\"}]}}" ], "displayName": "Custom Claims Issuance Policy", "isOrganizationDefault": false }') -DisplayName $testpolicyName -Type "claimsMappingPolicies" -IsOrganizationDefault $false + # } + # It "Attaching Policy to service principal"{ + # Add-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id -RefObjectId $NewPolicy.Id + # } + # It "Verification of added policy to service principal"{ + # $result = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id + # $result.Id | should -Contain $NewPolicy.Id + # } + # } + # Context "Scene14: Remove the policy attached to the existing Service Principal"{ + # It "Removing the policy attached"{ + # Remove-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id -PolicyId $NewPolicy.Id + # $retrivePolicy = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id + # $retrivePolicy.Id | should -Not -Contain $NewPolicy.Id + # } + # } AfterAll { Remove-EntraGroupMember -ObjectId $ExistGroup.ObjectId -MemberId $NewUser.ObjectId @@ -241,6 +258,6 @@ Describe "Integration Testing" { Remove-EntraGroup -ObjectId $group.Id | Out-Null } # Remove-EntraConditionalAccessPolicy -PolicyId $NewConditionalAccessPolicy.Id - Remove-EntraPolicy -Id $NewPolicy.Id + # Remove-EntraPolicy -Id $NewPolicy.Id } } diff --git a/test/module/Entra/Integration/Scenario2.Tests.ps1 b/test/module/Entra/Integration/Scenario2.Tests.ps1 index 1d1ceec692..26d738eff3 100644 --- a/test/module/Entra/Integration/Scenario2.Tests.ps1 +++ b/test/module/Entra/Integration/Scenario2.Tests.ps1 @@ -3,22 +3,20 @@ # ------------------------------------------------------------------------------ BeforeAll { $testReportPath = join-path $psscriptroot "\setenv.ps1" - Import-Module -Name $testReportPath - $appId = $env:TEST_APPID - $tenantId = $env:TEST_TENANTID - $cert = $env:CERTIFICATETHUMBPRINT - Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + . $testReportPath } Describe "Integration Testing" { Context "Scen1: Assign Entra roles including assign roles with different scopes"{ It "Get user and role"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $domain = (Get-EntraTenantDetail).VerifiedDomains.Name + $thisTestInstanceId = (New-Guid).Guid.ToString() + $thisTestInstanceId = $thisTestInstanceId.Substring($thisTestInstanceId.Length - 5) $testUserName = 'SimpleTestUsers' + $thisTestInstanceId # Create new User $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = "Pass@1234" - $global:NewUser = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" + $global:NewUser = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@$domain" $global:role = Get-EntraDirectoryRole | Where-Object {$_.DisplayName -eq "Application Administrator"} } diff --git a/test/module/Entra/Integration/setenv.ps1 b/test/module/Entra/Integration/setenv.ps1 index feeb819524..d7000ad40f 100644 --- a/test/module/Entra/Integration/setenv.ps1 +++ b/test/module/Entra/Integration/setenv.ps1 @@ -1,6 +1,13 @@ # ------------------------------------------------------------------------------ # Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ -$env:TEST_APPID = "8886ad7b-1795-4542-9808-c85859d97f23" -$env:TEST_TENANTID = "d5aec55f-2d12-4442-8d2f-ccca95d4390e" -$env:CERTIFICATETHUMBPRINT = "305D4F33E153980E2451F6E068426FC2BCAF683E" +# $env:TEST_APPID = "45451aa1-24e7-46c8-b9e5-dccb2118f536" +# $env:TEST_TENANTID = "0e5ab497-530a-4f6f-bd51-2230c84acad8" +# $env:CERTIFICATETHUMBPRINT = "5C76C328BE9A29C0077398FC52BA531EAF8480F2" + + +$appId = "45451aa1-24e7-46c8-b9e5-dccb2118f536" +$tenantId = "0e5ab497-530a-4f6f-bd51-2230c84acad8" +$cert = "5C76C328BE9A29C0077398FC52BA531EAF8480F2" + +Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert \ No newline at end of file From 77aa53eb7e26877a360093aaeaea3e28a230b03d Mon Sep 17 00:00:00 2001 From: Ashwini Karke Date: Mon, 30 Sep 2024 14:50:24 +0530 Subject: [PATCH 14/20] updated structure --- .../Entra/Integration/Scenario2.Tests.ps1 | 93 ------------------- .../Entra}/Add-EntraGroupOwner.Tests.ps1 | 2 +- ...ntraApplicationExtensionProperty.Tests.ps1 | 2 +- .../EntraGroupAppRoleAssignment.Tests.ps1 | 2 +- .../EntraLifecyclePolicyGroup.Tests.ps1 | 2 +- .../Entra}/Scenario1.Tests.ps1 | 2 +- .../Integration/Entra/Scenario2.Tests.ps1 | 93 +++++++++++++++++++ .../EntraBetaObjectSetting.Tests.ps1 | 0 .../EntraBeta}/Scenario1.Tests.ps1 | 0 .../EntraBeta}/Scenario2.Tests.ps1 | 0 .../EntraBeta}/setenv.ps1 | 0 .../module/{Entra => }/Integration/setenv.ps1 | 0 12 files changed, 98 insertions(+), 98 deletions(-) delete mode 100644 test/module/Entra/Integration/Scenario2.Tests.ps1 rename test/module/{Entra/Integration => Integration/Entra}/Add-EntraGroupOwner.Tests.ps1 (98%) rename test/module/{Entra/Integration => Integration/Entra}/EntraApplicationExtensionProperty.Tests.ps1 (97%) rename test/module/{Entra/Integration => Integration/Entra}/EntraGroupAppRoleAssignment.Tests.ps1 (98%) rename test/module/{Entra/Integration => Integration/Entra}/EntraLifecyclePolicyGroup.Tests.ps1 (98%) rename test/module/{Entra/Integration => Integration/Entra}/Scenario1.Tests.ps1 (99%) create mode 100644 test/module/Integration/Entra/Scenario2.Tests.ps1 rename test/module/{EntraBeta/Integration => Integration/EntraBeta}/EntraBetaObjectSetting.Tests.ps1 (100%) rename test/module/{EntraBeta/Integration => Integration/EntraBeta}/Scenario1.Tests.ps1 (100%) rename test/module/{EntraBeta/Integration => Integration/EntraBeta}/Scenario2.Tests.ps1 (100%) rename test/module/{EntraBeta/Integration => Integration/EntraBeta}/setenv.ps1 (100%) rename test/module/{Entra => }/Integration/setenv.ps1 (100%) diff --git a/test/module/Entra/Integration/Scenario2.Tests.ps1 b/test/module/Entra/Integration/Scenario2.Tests.ps1 deleted file mode 100644 index 26d738eff3..0000000000 --- a/test/module/Entra/Integration/Scenario2.Tests.ps1 +++ /dev/null @@ -1,93 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. -# ------------------------------------------------------------------------------ -BeforeAll { - $testReportPath = join-path $psscriptroot "\setenv.ps1" - . $testReportPath -} -Describe "Integration Testing" { - - Context "Scen1: Assign Entra roles including assign roles with different scopes"{ - It "Get user and role"{ - $domain = (Get-EntraTenantDetail).VerifiedDomains.Name - $thisTestInstanceId = (New-Guid).Guid.ToString() - $thisTestInstanceId = $thisTestInstanceId.Substring($thisTestInstanceId.Length - 5) - $testUserName = 'SimpleTestUsers' + $thisTestInstanceId - # Create new User - $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" - $global:NewUser = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@$domain" - - $global:role = Get-EntraDirectoryRole | Where-Object {$_.DisplayName -eq "Application Administrator"} - } - It "Assign Entra roles"{ - $scope = "/" - # Assign the role to the user with the defined scope - $params = @{ - RoleDefinitionId = $role.Id - PrincipalId = $NewUser.Id - DirectoryScopeId = $scope - } - $global:newRole=New-EntraRoleAssignment @params - } - It "Verification of assigned role Creation"{ - $global:assignedRole = Get-EntraRoleAssignment -Filter "PrincipalId eq '$($NewUser.Id)'" - $assignedRole.Id | Should -Be $newRole.Id - } - } - Context "Create custom roles"{ - It "Creating custom roles"{ - $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission - $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") - $params = @{ - RolePermissions = $RolePermissions - IsEnabled = $false - DisplayName = 'SimpleTestRoleDefinition' - ResourceScopes = '/' - } - $global:customRole=New-EntraRoleDefinition @params - } - It "Verification of custom role created"{ - $global:getRole = Get-EntraRoleDefinition -Filter "DisplayName eq 'SimpleTestRoleDefinition'" - $getRole.Id | Should -Contain $customRole.Id - } - } - Context "Add or deactivate custom security attribute definitions in Microsoft Entra ID"{ - It "Adding custom security attribute definitions"{ - $thisTestInstanceId = Get-Random -Minimum 10000 -Maximum 100000 - $testName = 'TestDefinition' + $thisTestInstanceId - $AttributeSet = Get-EntraAttributeSet -Id 'Testing' - $params = @{ - Name = $testName - Description = 'Target completion' - Type = 'String' - Status = 'Available' - AttributeSet = $AttributeSet.Id - IsCollection = $False - IsSearchable = $True - UsePreDefinedValuesOnly = $True - } - $global:Definition = New-EntraCustomSecurityAttributeDefinition @params - } - It "Deactivate custom security attribute definition"{ - $params = @{ - Id = $Definition.Id - Description = 'Target completion' - Status = 'Deprecated' - } - Set-EntraCustomSecurityAttributeDefinition @params - } - It "Verification of deactivation of custom security attribute definition"{ - $global:getDefinition = Get-EntraCustomSecurityAttributeDefinition -Id $Definition.Id - $getDefinition.Status | Should -Be 'Deprecated' - } - } - AfterAll { - Remove-EntraRoleAssignment -Id $assignedRole.Id - foreach ($user in (Get-EntraUser -SearchString "SimpleTestUsers")) { - Remove-EntraUser -ObjectId $user.Id | Out-Null - } - Remove-EntraRoleDefinition -Id $getRole.Id - - } -} diff --git a/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 b/test/module/Integration/Entra/Add-EntraGroupOwner.Tests.ps1 similarity index 98% rename from test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 rename to test/module/Integration/Entra/Add-EntraGroupOwner.Tests.ps1 index c1f2b9d82c..c5041391ec 100644 --- a/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 +++ b/test/module/Integration/Entra/Add-EntraGroupOwner.Tests.ps1 @@ -5,7 +5,7 @@ Describe "The Add-EntraGroupOwner command executing unmocked" { Context "When getting user and group" { BeforeAll { - $testReportPath = join-path $psscriptroot "\setenv.ps1" + $testReportPath = join-path $psscriptroot "..\setenv.ps1" . $testReportPath $domain = (Get-EntraTenantDetail).VerifiedDomains.Name diff --git a/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 b/test/module/Integration/Entra/EntraApplicationExtensionProperty.Tests.ps1 similarity index 97% rename from test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 rename to test/module/Integration/Entra/EntraApplicationExtensionProperty.Tests.ps1 index ebe9b9d6ef..43bd6619b1 100644 --- a/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 +++ b/test/module/Integration/Entra/EntraApplicationExtensionProperty.Tests.ps1 @@ -5,7 +5,7 @@ Describe "The EntraApplicationExtensionProperty command executing unmocked" { Context "When getting ApplicationExtensionProperty" { BeforeAll { - $testReportPath = join-path $psscriptroot "\setenv.ps1" + $testReportPath = join-path $psscriptroot "..\setenv.ps1" . $testReportPath $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid diff --git a/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 b/test/module/Integration/Entra/EntraGroupAppRoleAssignment.Tests.ps1 similarity index 98% rename from test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 rename to test/module/Integration/Entra/EntraGroupAppRoleAssignment.Tests.ps1 index a4940f37bd..25f8a3e2d2 100644 --- a/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 +++ b/test/module/Integration/Entra/EntraGroupAppRoleAssignment.Tests.ps1 @@ -5,7 +5,7 @@ Describe "The EntraGroupAppRoleAssignment command executing unmocked" { Context "When getting GroupAppRoleAssignment" { BeforeAll { - $testReportPath = join-path $psscriptroot "\setenv.ps1" + $testReportPath = join-path $psscriptroot "..\setenv.ps1" . $testReportPath $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid diff --git a/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 b/test/module/Integration/Entra/EntraLifecyclePolicyGroup.Tests.ps1 similarity index 98% rename from test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 rename to test/module/Integration/Entra/EntraLifecyclePolicyGroup.Tests.ps1 index b5ffbe5f3d..323568986b 100644 --- a/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 +++ b/test/module/Integration/Entra/EntraLifecyclePolicyGroup.Tests.ps1 @@ -5,7 +5,7 @@ Describe "The EntraLifecyclePolicyGroup command executing unmocked" { Context "When getting LifecyclePolicyGroup" { BeforeAll { - $testReportPath = join-path $psscriptroot "\setenv.ps1" + $testReportPath = join-path $psscriptroot "..\setenv.ps1" . $testReportPath $thisTestInstanceId = New-Guid | Select-Object -ExpandProperty Guid diff --git a/test/module/Entra/Integration/Scenario1.Tests.ps1 b/test/module/Integration/Entra/Scenario1.Tests.ps1 similarity index 99% rename from test/module/Entra/Integration/Scenario1.Tests.ps1 rename to test/module/Integration/Entra/Scenario1.Tests.ps1 index 31cbf05b81..8644bfbd37 100644 --- a/test/module/Entra/Integration/Scenario1.Tests.ps1 +++ b/test/module/Integration/Entra/Scenario1.Tests.ps1 @@ -2,7 +2,7 @@ # Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ BeforeAll { - $testReportPath = join-path $psscriptroot "\setenv.ps1" + $testReportPath = join-path $psscriptroot "..\setenv.ps1" . $testReportPath } Describe "Integration Testing" { diff --git a/test/module/Integration/Entra/Scenario2.Tests.ps1 b/test/module/Integration/Entra/Scenario2.Tests.ps1 new file mode 100644 index 0000000000..6677d83cd0 --- /dev/null +++ b/test/module/Integration/Entra/Scenario2.Tests.ps1 @@ -0,0 +1,93 @@ +# ------------------------------------------------------------------------------ +# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. +# ------------------------------------------------------------------------------ +BeforeAll { + $testReportPath = join-path $psscriptroot "..\setenv.ps1" + . $testReportPath +} +Describe "Integration Testing" { + + Context "Scen1: Assign Entra roles including assign roles with different scopes"{ + It "Get user and role"{ + $domain = (Get-EntraTenantDetail).VerifiedDomains.Name + $thisTestInstanceId = (New-Guid).Guid.ToString() + $thisTestInstanceId = $thisTestInstanceId.Substring($thisTestInstanceId.Length - 5) + $testUserName = 'SimpleTestUsers' + $thisTestInstanceId + # Create new User + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:NewUser = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@$domain" + + $global:role = Get-EntraDirectoryRole | Where-Object {$_.DisplayName -eq "Application Administrator"} + } + It "Assign Entra roles"{ + $scope = "/" + # Assign the role to the user with the defined scope + $params = @{ + RoleDefinitionId = $role.Id + PrincipalId = $NewUser.Id + DirectoryScopeId = $scope + } + $global:newRole=New-EntraRoleAssignment @params + } + It "Verification of assigned role Creation"{ + $global:assignedRole = Get-EntraRoleAssignment -Filter "PrincipalId eq '$($NewUser.Id)'" + $assignedRole.Id | Should -Be $newRole.Id + } + } + # Context "Create custom roles"{ + # It "Creating custom roles"{ + # $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission + # $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") + # $params = @{ + # RolePermissions = $RolePermissions + # IsEnabled = $false + # DisplayName = 'SimpleTestRoleDefinition' + # ResourceScopes = '/' + # } + # $global:customRole=New-EntraRoleDefinition @params + # } + # It "Verification of custom role created"{ + # $global:getRole = Get-EntraRoleDefinition -Filter "DisplayName eq 'SimpleTestRoleDefinition'" + # $getRole.Id | Should -Contain $customRole.Id + # } + # } + # Context "Add or deactivate custom security attribute definitions in Microsoft Entra ID"{ + # It "Adding custom security attribute definitions"{ + # $thisTestInstanceId = Get-Random -Minimum 10000 -Maximum 100000 + # $testName = 'TestDefinition' + $thisTestInstanceId + # $AttributeSet = Get-EntraAttributeSet -Id 'Testing' + # $params = @{ + # Name = $testName + # Description = 'Target completion' + # Type = 'String' + # Status = 'Available' + # AttributeSet = $AttributeSet.Id + # IsCollection = $False + # IsSearchable = $True + # UsePreDefinedValuesOnly = $True + # } + # $global:Definition = New-EntraCustomSecurityAttributeDefinition @params + # } + # It "Deactivate custom security attribute definition"{ + # $params = @{ + # Id = $Definition.Id + # Description = 'Target completion' + # Status = 'Deprecated' + # } + # Set-EntraCustomSecurityAttributeDefinition @params + # } + # It "Verification of deactivation of custom security attribute definition"{ + # $global:getDefinition = Get-EntraCustomSecurityAttributeDefinition -Id $Definition.Id + # $getDefinition.Status | Should -Be 'Deprecated' + # } + # } + AfterAll { + Remove-EntraRoleAssignment -Id $assignedRole.Id + foreach ($user in (Get-EntraUser -SearchString "SimpleTestUsers")) { + Remove-EntraUser -ObjectId $user.Id | Out-Null + } + # Remove-EntraRoleDefinition -Id $getRole.Id + + } +} diff --git a/test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 b/test/module/Integration/EntraBeta/EntraBetaObjectSetting.Tests.ps1 similarity index 100% rename from test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 rename to test/module/Integration/EntraBeta/EntraBetaObjectSetting.Tests.ps1 diff --git a/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 b/test/module/Integration/EntraBeta/Scenario1.Tests.ps1 similarity index 100% rename from test/module/EntraBeta/Integration/Scenario1.Tests.ps1 rename to test/module/Integration/EntraBeta/Scenario1.Tests.ps1 diff --git a/test/module/EntraBeta/Integration/Scenario2.Tests.ps1 b/test/module/Integration/EntraBeta/Scenario2.Tests.ps1 similarity index 100% rename from test/module/EntraBeta/Integration/Scenario2.Tests.ps1 rename to test/module/Integration/EntraBeta/Scenario2.Tests.ps1 diff --git a/test/module/EntraBeta/Integration/setenv.ps1 b/test/module/Integration/EntraBeta/setenv.ps1 similarity index 100% rename from test/module/EntraBeta/Integration/setenv.ps1 rename to test/module/Integration/EntraBeta/setenv.ps1 diff --git a/test/module/Entra/Integration/setenv.ps1 b/test/module/Integration/setenv.ps1 similarity index 100% rename from test/module/Entra/Integration/setenv.ps1 rename to test/module/Integration/setenv.ps1 From 536012035366cbdc2c1f56dc1f2ddd1261ed4d35 Mon Sep 17 00:00:00 2001 From: Ashwini Karke Date: Mon, 30 Sep 2024 18:04:30 +0530 Subject: [PATCH 15/20] updated beta test cases --- .../Integration/EntraBeta/Scenario1.Tests.ps1 | 58 ++++++--- .../Integration/EntraBeta/Scenario2.Tests.ps1 | 114 +++++++++--------- test/module/Integration/EntraBeta/setenv.ps1 | 6 - test/module/Integration/setenv.ps1 | 7 +- 4 files changed, 96 insertions(+), 89 deletions(-) delete mode 100644 test/module/Integration/EntraBeta/setenv.ps1 diff --git a/test/module/Integration/EntraBeta/Scenario1.Tests.ps1 b/test/module/Integration/EntraBeta/Scenario1.Tests.ps1 index 2010f5a358..1fe1aab838 100644 --- a/test/module/Integration/EntraBeta/Scenario1.Tests.ps1 +++ b/test/module/Integration/EntraBeta/Scenario1.Tests.ps1 @@ -2,12 +2,8 @@ # Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ BeforeAll { - $testReportPath = join-path $psscriptroot "\setenv.ps1" - Import-Module -Name $testReportPath - $appId = $env:TEST_APPID - $tenantId = $env:TEST_TENANTID - $cert = $env:CERTIFICATETHUMBPRINT - Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + $testReportPath = join-path $psscriptroot "..\setenv.ps1" + . $testReportPath } Describe "Integration Testing" { @@ -28,7 +24,7 @@ Describe "Integration Testing" { It "Verification of Attached Secret"{ $application.PasswordCredentials.KeyId | Should -be $Result.KeyId } - } + } Context "Scen3: Create Service Principal to the newly created application"{ It "Creation of the Service Principal"{ $global:newServicePrincipal = New-EntraBetaServicePrincipal -AppId $newApp.AppId @@ -47,11 +43,11 @@ Describe "Integration Testing" { } Context "Scen4: Configure App ID URI and Redirect URIs on the newly created application"{ It "Configuring the App ID URI and Redirect URI"{ - Set-EntraBetaApplication -ObjectId $newApp.Id -IdentifierUris @("IdM365x992972766.onmicrosoft.com") -Web @{RedirectUris = 'https://contoso.com'} + Set-EntraBetaApplication -ObjectId $newApp.Id -IdentifierUris @("IdentifierUri.com") -Web @{RedirectUris = 'https://contoso.com'} } It "Verifying the App ID URI configuration and Redirect URI"{ $updatedApp = Get-EntraBetaApplication -ObjectId $newApp.Id | ConvertTo-json | ConvertFrom-json - $updatedApp.IdentifierUris | Should -Be "IdM365x992972766.onmicrosoft.com" + $updatedApp.IdentifierUris | Should -Be "IdentifierUri.com" $updatedApp.Web.RedirectUris | Should -Be "https://contoso.com" } } @@ -78,8 +74,17 @@ Describe "Integration Testing" { } } Context "Scen6: Assign user and groups to the newly created Service Principal and set right AppRole to it"{ + It "Creating user"{ + $domain = (Get-EntraBetaTenantDetail).VerifiedDomains.Name + $thisTestInstanceId = (New-Guid).Guid.ToString() + $thisTestInstanceId = $thisTestInstanceId.Substring($thisTestInstanceId.Length - 5) + $user = 'SimpleTestUserss' + $thisTestInstanceId + $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile + $PasswordProfile.Password = "Pass@1234" + $global:existingUser = New-EntraBetaUser -AccountEnabled $true -DisplayName $user -PasswordProfile $PasswordProfile -MailNickName $user -UserPrincipalName "$user@$domain" + } It "Assigning users to the Service Principal and setting the correct AppRole for the Service Principal"{ - $global:existUser = Get-EntraBetaUser -Top 1 + $global:existUser = Get-EntraBetaUser -ObjectId $existingUser.Id Add-EntraBetaServicePrincipalOwner -ObjectId $servicePrincipal.Id -RefObjectId $existUser.Id $global:AppRoletoServicePrincipal = New-EntraBetaServiceAppRoleAssignment -ObjectId $servicePrincipal.Id -ResourceId $servicePrincipal.Id -Id $updatedApp.AppRoles.Id -PrincipalId $existUser.ObjectId @@ -94,14 +99,20 @@ Describe "Integration Testing" { } Context "Scen7: Create a new user and add that user to an existing group"{ It "Creating the user"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $domain = (Get-EntraBetaTenantDetail).VerifiedDomains.Name + $thisTestInstanceId = (New-Guid).Guid.ToString() + $thisTestInstanceId = $thisTestInstanceId.Substring($thisTestInstanceId.Length - 5) $user = 'SimpleTestUserss' + $thisTestInstanceId $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = "Pass@1234" - $global:NewUser = New-EntraBetaUser -AccountEnabled $true -DisplayName $user -PasswordProfile $PasswordProfile -MailNickName $user -UserPrincipalName "$user@M365x99297270.OnMicrosoft.com" + $global:NewUser = New-EntraBetaUser -AccountEnabled $true -DisplayName $user -PasswordProfile $PasswordProfile -MailNickName $user -UserPrincipalName "$user@$domain" + } + It "Creating a new Group"{ + $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId + $global:ExistingGroup = New-EntraBetaGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" } It "Adding the user to an existing group"{ - $global:ExistGroup = Get-EntraBetaGroup -top 1 + $global:ExistGroup = Get-EntraBetaGroup -ObjectId $ExistingGroup.Id Add-EntraBetaGroupMember -ObjectId $ExistGroup.ObjectId -RefObjectId $NewUser.ObjectId } It "Verification of new user's addition to the existing group"{ @@ -115,23 +126,25 @@ Describe "Integration Testing" { $global:NewGroup = New-EntraBetaGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" } It "Adding existing user to new group"{ - $ExistUser = Get-EntraBetaUser -top 1 + $ExistUser = Get-EntraBetaUser -ObjectId $existingUser.Id Add-EntraBetaGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $ExistUser.ObjectId } It "Verification of exixting user's addition to the new group"{ - $User = Get-EntraBetaUser -top 1 + $User = Get-EntraBetaUser -ObjectId $existingUser.Id $GetMember = Get-EntraBetaGroupMember -ObjectId $NewGroup.ObjectId $GetMember.Id | Should -Contain $User.Id } } Context "Scen9: Create a new user and create a new group and add that new user to the new group"{ It "Creating a new user and group"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $domain = (Get-EntraBetaTenantDetail).VerifiedDomains.Name + $thisTestInstanceId = (New-Guid).Guid.ToString() + $thisTestInstanceId = $thisTestInstanceId.Substring($thisTestInstanceId.Length - 5) $testUserName = 'SimpleTestUsers' + $thisTestInstanceId # Create new User $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = "Pass@1234" - $global:NewUser1 = New-EntraBetaUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" + $global:NewUser1 = New-EntraBetaUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@$domain" $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId $global:NewGroup1 = New-EntraBetaGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" @@ -142,12 +155,14 @@ Describe "Integration Testing" { } Context "Scen10: Create a new user and add the user to the newly created group and check that user is Member of the group"{ It "Creating a new user and group"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $domain = (Get-EntraBetaTenantDetail).VerifiedDomains.Name + $thisTestInstanceId = (New-Guid).Guid.ToString() + $thisTestInstanceId = $thisTestInstanceId.Substring($thisTestInstanceId.Length - 5) $testUserName = 'SimpleTestUsers' + $thisTestInstanceId # Create new User $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = "Pass@1234" - $global:NewUser2 = New-EntraBetaUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" + $global:NewUser2 = New-EntraBetaUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@$domain" $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId $global:NewGroup2 = New-EntraBetaGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" @@ -162,11 +177,14 @@ Describe "Integration Testing" { } Context "Scen11: Create a new user and assign that user to the existing Service Principal"{ It "Creating a new user and assign that user to the existing Service Principal"{ + $domain = (Get-EntraBetaTenantDetail).VerifiedDomains.Name + $thisTestInstanceId = (New-Guid).Guid.ToString() + $thisTestInstanceId = $thisTestInstanceId.Substring($thisTestInstanceId.Length - 5) $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid $Tuser = 'SimpleTestUsers' + $thisTestInstanceId $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = "Pass@1234" - $global:NewUser3 = New-EntraBetaUser -AccountEnabled $true -DisplayName $Tuser -PasswordProfile $PasswordProfile -MailNickName $Tuser -UserPrincipalName "$Tuser@M365x99297270.OnMicrosoft.com" + $global:NewUser3 = New-EntraBetaUser -AccountEnabled $true -DisplayName $Tuser -PasswordProfile $PasswordProfile -MailNickName $Tuser -UserPrincipalName "$Tuser@$domain" Add-EntraBetaServicePrincipalOwner -ObjectId $servicePrincipal.Id -RefObjectId $NewUser3.Id } It "Verfication of assigned User"{ diff --git a/test/module/Integration/EntraBeta/Scenario2.Tests.ps1 b/test/module/Integration/EntraBeta/Scenario2.Tests.ps1 index 47b5e3ea7b..a593389175 100644 --- a/test/module/Integration/EntraBeta/Scenario2.Tests.ps1 +++ b/test/module/Integration/EntraBeta/Scenario2.Tests.ps1 @@ -2,23 +2,21 @@ # Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ BeforeAll { - $testReportPath = join-path $psscriptroot "\setenv.ps1" - Import-Module -Name $testReportPath - $appId = $env:TEST_APPID - $tenantId = $env:TEST_TENANTID - $cert = $env:CERTIFICATETHUMBPRINT - Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert + $testReportPath = join-path $psscriptroot "..\setenv.ps1" + . $testReportPath } Describe "Integration Testing" { Context "Scen1: Assign Entra roles including assign roles with different scopes"{ It "Get user and role"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $domain = (Get-EntraBetaTenantDetail).VerifiedDomains.Name + $thisTestInstanceId = (New-Guid).Guid.ToString() + $thisTestInstanceId = $thisTestInstanceId.Substring($thisTestInstanceId.Length - 5) $testUserName = 'SimpleTestUsers' + $thisTestInstanceId # Create new User $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = "Pass@1234" - $global:NewUser = New-EntraBetaUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" + $global:NewUser = New-EntraBetaUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@$domain" $global:role = Get-EntraBetaDirectoryRole | Where-Object {$_.DisplayName -eq "Application Administrator"} } @@ -30,66 +28,66 @@ Describe "Integration Testing" { PrincipalId = $NewUser.Id DirectoryScopeId = $scope } - $global:newRole=New-EntraBetaRoleAssignment @params + $global:newRole=New-EntraBetaDirectoryRoleAssignment @params } It "Verification of assigned role Creation"{ - $global:assignedRole = Get-EntraBetaRoleAssignment -Filter "PrincipalId eq '$($NewUser.Id)'" + $global:assignedRole = Get-EntraBetaDirectoryRoleAssignment -Id $newRole.Id $assignedRole.Id | Should -Be $newRole.Id } } - Context "Create custom roles"{ - It "Creating custom roles"{ - $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission - $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") - $params = @{ - RolePermissions = $RolePermissions - IsEnabled = $false - DisplayName = 'SimpleTestRoleDefinition' - ResourceScopes = '/' - } - $global:customRole=New-EntraBetaRoleDefinition @params - } - It "Verification of custom role created"{ - $global:getRole = Get-EntraBetaRoleDefinition -Filter "DisplayName eq 'SimpleTestRoleDefinition'" - $getRole.Id | Should -Contain $customRole.Id - } - } - Context "Add or deactivate custom security attribute definitions in Microsoft Entra ID"{ - It "Adding custom security attribute definitions"{ - $thisTestInstanceId = Get-Random -Minimum 10000 -Maximum 100000 - $testName = 'TestDefinition' + $thisTestInstanceId - $AttributeSet = Get-EntraBetaAttributeSet -Id 'Testing' - $params = @{ - Name = $testName - Description = 'Target completion' - Type = 'String' - Status = 'Available' - AttributeSet = $AttributeSet.Id - IsCollection = $False - IsSearchable = $True - UsePreDefinedValuesOnly = $True - } - $global:Definition = New-EntraBetaCustomSecurityAttributeDefinition @params - } - It "Deactivate custom security attribute definition"{ - $params = @{ - Id = $Definition.Id - Description = 'Target completion' - Status = 'Deprecated' - } - Set-EntraBetaCustomSecurityAttributeDefinition @params - } - It "Verification of deactivation of custom security attribute definition"{ - $global:getDefinition = Get-EntraBetaCustomSecurityAttributeDefinition -Id $Definition.Id - $getDefinition.Status | Should -Be 'Deprecated' - } - } + # Context "Create custom roles"{ + # It "Creating custom roles"{ + # $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission + # $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") + # $params = @{ + # RolePermissions = $RolePermissions + # IsEnabled = $false + # DisplayName = 'SimpleTestRoleDefinition' + # ResourceScopes = '/' + # } + # $global:customRole=New-EntraBetaRoleDefinition @params + # } + # It "Verification of custom role created"{ + # $global:getRole = Get-EntraBetaRoleDefinition -Filter "DisplayName eq 'SimpleTestRoleDefinition'" + # $getRole.Id | Should -Contain $customRole.Id + # } + # } + # Context "Add or deactivate custom security attribute definitions in Microsoft Entra ID"{ + # It "Adding custom security attribute definitions"{ + # $thisTestInstanceId = Get-Random -Minimum 10000 -Maximum 100000 + # $testName = 'TestDefinition' + $thisTestInstanceId + # $AttributeSet = Get-EntraBetaAttributeSet -Id 'Testing' + # $params = @{ + # Name = $testName + # Description = 'Target completion' + # Type = 'String' + # Status = 'Available' + # AttributeSet = $AttributeSet.Id + # IsCollection = $False + # IsSearchable = $True + # UsePreDefinedValuesOnly = $True + # } + # $global:Definition = New-EntraBetaCustomSecurityAttributeDefinition @params + # } + # It "Deactivate custom security attribute definition"{ + # $params = @{ + # Id = $Definition.Id + # Description = 'Target completion' + # Status = 'Deprecated' + # } + # Set-EntraBetaCustomSecurityAttributeDefinition @params + # } + # It "Verification of deactivation of custom security attribute definition"{ + # $global:getDefinition = Get-EntraBetaCustomSecurityAttributeDefinition -Id $Definition.Id + # $getDefinition.Status | Should -Be 'Deprecated' + # } + # } AfterAll { Remove-EntraBetaRoleAssignment -Id $assignedRole.Id foreach ($user in (Get-EntraBetaUser -SearchString "SimpleTestUsers")) { Remove-EntraBetaUser -ObjectId $user.Id | Out-Null } - Remove-EntraBetaRoleDefinition -Id $getRole.Id + # Remove-EntraBetaRoleDefinition -Id $getRole.Id } } diff --git a/test/module/Integration/EntraBeta/setenv.ps1 b/test/module/Integration/EntraBeta/setenv.ps1 deleted file mode 100644 index feeb819524..0000000000 --- a/test/module/Integration/EntraBeta/setenv.ps1 +++ /dev/null @@ -1,6 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. -# ------------------------------------------------------------------------------ -$env:TEST_APPID = "8886ad7b-1795-4542-9808-c85859d97f23" -$env:TEST_TENANTID = "d5aec55f-2d12-4442-8d2f-ccca95d4390e" -$env:CERTIFICATETHUMBPRINT = "305D4F33E153980E2451F6E068426FC2BCAF683E" diff --git a/test/module/Integration/setenv.ps1 b/test/module/Integration/setenv.ps1 index d7000ad40f..6f4a8ebf72 100644 --- a/test/module/Integration/setenv.ps1 +++ b/test/module/Integration/setenv.ps1 @@ -1,13 +1,10 @@ # ------------------------------------------------------------------------------ # Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ -# $env:TEST_APPID = "45451aa1-24e7-46c8-b9e5-dccb2118f536" -# $env:TEST_TENANTID = "0e5ab497-530a-4f6f-bd51-2230c84acad8" -# $env:CERTIFICATETHUMBPRINT = "5C76C328BE9A29C0077398FC52BA531EAF8480F2" - $appId = "45451aa1-24e7-46c8-b9e5-dccb2118f536" $tenantId = "0e5ab497-530a-4f6f-bd51-2230c84acad8" $cert = "5C76C328BE9A29C0077398FC52BA531EAF8480F2" -Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert \ No newline at end of file +# Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert +Connect-MgGraph -Identity -ClientId $appId \ No newline at end of file From 547eae01308b987cfb89ecf1522e800b9479bfcc Mon Sep 17 00:00:00 2001 From: Ashwini Karke Date: Tue, 1 Oct 2024 10:52:40 +0530 Subject: [PATCH 16/20] updated test cases --- test/module/Integration/setenv.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/module/Integration/setenv.ps1 b/test/module/Integration/setenv.ps1 index 6f4a8ebf72..98c01b30f0 100644 --- a/test/module/Integration/setenv.ps1 +++ b/test/module/Integration/setenv.ps1 @@ -7,4 +7,4 @@ $tenantId = "0e5ab497-530a-4f6f-bd51-2230c84acad8" $cert = "5C76C328BE9A29C0077398FC52BA531EAF8480F2" # Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert -Connect-MgGraph -Identity -ClientId $appId \ No newline at end of file +Connect-Entra -Identity -ClientId $appId \ No newline at end of file From 05c6594a4b7922db2f58d41b7938feae4398ef74 Mon Sep 17 00:00:00 2001 From: Ashwini Karke Date: Tue, 1 Oct 2024 10:55:03 +0530 Subject: [PATCH 17/20] main pull --- .../Integration/Add-EntraGroupOwner.Tests.ps1 | 69 ----- ...ntraApplicationExtensionProperty.Tests.ps1 | 62 ----- .../EntraGroupAppRoleAssignment.Tests.ps1 | 112 -------- .../EntraLifecyclePolicyGroup.Tests.ps1 | 94 ------- .../Entra/Integration/Scenario1.Tests.ps1 | 246 ------------------ .../Entra/Integration/Scenario2.Tests.ps1 | 95 ------- test/module/Entra/Integration/setenv.ps1 | 6 - .../EntraBetaObjectSetting.Tests.ps1 | 53 ---- .../EntraBeta/Integration/Scenario1.Tests.ps1 | 245 ----------------- .../EntraBeta/Integration/Scenario2.Tests.ps1 | 95 ------- test/module/EntraBeta/Integration/setenv.ps1 | 6 - 11 files changed, 1083 deletions(-) delete mode 100644 test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 delete mode 100644 test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 delete mode 100644 test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 delete mode 100644 test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 delete mode 100644 test/module/Entra/Integration/Scenario1.Tests.ps1 delete mode 100644 test/module/Entra/Integration/Scenario2.Tests.ps1 delete mode 100644 test/module/Entra/Integration/setenv.ps1 delete mode 100644 test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 delete mode 100644 test/module/EntraBeta/Integration/Scenario1.Tests.ps1 delete mode 100644 test/module/EntraBeta/Integration/Scenario2.Tests.ps1 delete mode 100644 test/module/EntraBeta/Integration/setenv.ps1 diff --git a/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 b/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 deleted file mode 100644 index e0b0035df2..0000000000 --- a/test/module/Entra/Integration/Add-EntraGroupOwner.Tests.ps1 +++ /dev/null @@ -1,69 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. -# ------------------------------------------------------------------------------ -Describe "The Add-EntraGroupOwner command executing unmocked" { - - Context "When getting user and group" { - BeforeAll { - $testReportPath = join-path $psscriptroot "\setenv.ps1" - Import-Module -Name $testReportPath - $appId = $env:TEST_APPID - $tenantId = $env:TEST_TENANTID - $cert = $env:CERTIFICATETHUMBPRINT - Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert - - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid - $testName = 'SimpleTests' + $thisTestInstanceId - $testName1 = 'SimpleTests1' + $thisTestInstanceId - - #create test user - $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" - $global:newUser = New-EntraUser -AccountEnabled $true -DisplayName $testName -PasswordProfile $PasswordProfile -MailNickName $testName -UserPrincipalName $testName"@M365x99297270.OnMicrosoft.com" - - #create test user - $PasswordProfile1 = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile1.Password = "Pass@1234" - $global:newUser1 = New-EntraUser -AccountEnabled $true -DisplayName $testName1 -PasswordProfile $PasswordProfile1 -MailNickName $testName1 -UserPrincipalName $testName1"@M365x99297270.OnMicrosoft.com" - - #create test group - $global:newGroup = New-EntraGroup -DisplayName $testName -MailEnabled $false -SecurityEnabled $true -MailNickName $testName - } - - It "should update the properties of user and group" { - $updatedDisplayName = "SimpleTestsUpdated" - Set-EntraGroup -Id $newGroup.Id -DisplayName $updatedDisplayName - - $result = Get-EntraGroup -ObjectId $newGroup.Id - $result.Id | Should -Contain $newGroup.Id - $result.DisplayName | Should -Contain $updatedDisplayName - - $updatedDisplayNameInCreatedUser = 'SimpleTests1AnotherTestUser' - Set-EntraUser -ObjectId $newUser.Id -Displayname $updatedDisplayNameInCreatedUser - - $updatedUser = Get-EntraUser -ObjectId $newUser.Id - $updatedUser.Id | Should -Be $newUser.Id - $updatedUser.DisplayName | Should -Be $updatedDisplayNameInCreatedUser - - $user1 = Get-EntraUser -ObjectId $newUser1.Id - $user1.Id | Should -Be $newUser1.Id - $user1.DisplayName | Should -Be $testName1 - } - It "Should successfully Adds an owner to a group" { - Add-EntraGroupOwner -ObjectId $newGroup.Id -RefObjectId $newUser.Id - $result = Get-EntraGroupOwner -ObjectId $newGroup.Id - $result.Id | Should -Contain $newUser.Id - - Add-EntraGroupOwner -ObjectId $newGroup.Id -RefObjectId $newUser1.Id - $result1 = Get-EntraGroupOwner -ObjectId $newGroup.Id - $result1.Id | Should -Contain $newUser1.Id - } - - AfterAll { - Remove-EntraGroupOwner -ObjectId $newGroup.Id -OwnerId $newUser.Id - Remove-EntraUser -ObjectId $newUser.Id - Remove-EntraGroup -ObjectId $newGroup.Id - Remove-EntraUser -ObjectId $newUser1.Id - } - } -} \ No newline at end of file diff --git a/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 b/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 deleted file mode 100644 index 124b8a6fe2..0000000000 --- a/test/module/Entra/Integration/EntraApplicationExtensionProperty.Tests.ps1 +++ /dev/null @@ -1,62 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. -# ------------------------------------------------------------------------------ -Describe "The EntraApplicationExtensionProperty command executing unmocked" { - - Context "When getting ApplicationExtensionProperty" { - BeforeAll { - $testReportPath = Join-Path $PSScriptRoot "\setenv.ps1" - Import-Module -Name $testReportPath - - $appId = $env:TEST_APPID - $tenantId = $env:TEST_TENANTID - $cert = $env:CERTIFICATETHUMBPRINT - - if (-not $appId -or -not $tenantId -or -not $cert) { - throw "Required environment variables are not set." - } - - Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert - - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid - $testApplicationName = 'Test Demo Name' + $thisTestInstanceId - $global:newMSApplication = New-EntraApplication -DisplayName $testApplicationName - } - - It "should successfully get an application by display name" { - $application = Get-EntraApplication -Filter "DisplayName eq '$($newMSApplication.DisplayName)'" - $application.ObjectId | Should -Be $newMSApplication.Id - $application.AppId | Should -Be $newMSApplication.AppId - $application.DisplayName | Should -Be $newMSApplication.DisplayName - } - - It "should successfully update a application display name" { - $updatedDisplayName = "Update Application Name" - Set-EntraApplication -ObjectId $newMSApplication.ObjectId -DisplayName $updatedDisplayName - $result = Get-EntraApplication -Filter "AppId eq '$($newMSApplication.AppId)'" - $result.ObjectId | Should -Be $newMSApplication.Id - $result.AppId | Should -Be $newMSApplication.AppId - $result.DisplayName | Should -Be "Update Application Name" - } - - It "should successfully create application extension property" { - $global:newMSApplicationExtensionProperty = New-EntraApplicationExtensionProperty -ObjectId $newMSApplication.Id -DataType "string" -Name "NewAttribute" -TargetObjects "Application" - } - - It "should successfully get application extension property" { - $applicationExtensionProperty = Get-EntraApplicationExtensionProperty -ObjectId $newMSApplication.Id - $applicationExtensionProperty.ObjectId | Should -Be $newMSApplicationExtensionProperty.Id - $applicationExtensionProperty.Name | Should -Be $newMSApplicationExtensionProperty.Name - - } - - AfterAll { - if ($newMSApplicationExtensionProperty) { - Remove-EntraApplicationExtensionProperty -ObjectId $newMSApplication.Id -ExtensionPropertyId $newMSApplicationExtensionProperty.Id | Out-Null - } - if ($newMSApplication) { - Remove-EntraApplication -ObjectId $newMSApplication.Id | Out-Null - } - } - } -} diff --git a/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 b/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 deleted file mode 100644 index 6e1caeb2d4..0000000000 --- a/test/module/Entra/Integration/EntraGroupAppRoleAssignment.Tests.ps1 +++ /dev/null @@ -1,112 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. -# ------------------------------------------------------------------------------ -Describe "The EntraGroupAppRoleAssignment command executing unmocked" { - - Context "When getting GroupAppRoleAssignment" { - BeforeAll { - $testReportPath = join-path $psscriptroot "\setenv.ps1" - Import-Module -Name $testReportPath - $appId = $env:TEST_APPID - $tenantId = $env:TEST_TENANTID - $cert = $env:CERTIFICATETHUMBPRINT - Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert - - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid - $global:displayName = 'DemoName' + $thisTestInstanceId - - $global:newGroup = New-EntraGroup -DisplayName $displayName -MailEnabled $false -SecurityEnabled $true -MailNickName $displayName - } - - It "should successfully get a specific group by using an Id" { - $group = Get-EntraGroup -ObjectId $newGroup.Id - $group.Id | Should -Be $newGroup.Id - $group.DisplayName | Should -Be $displayName - } - - It "should successfully update a group display name" { - $global:updatedDisplayName = "Demo Name 2" - Set-EntraGroup -Id $newGroup.Id -DisplayName $updatedDisplayName - $result = Get-EntraGroup -ObjectId $newGroup.Id - $result.Id | Should -Contain $newGroup.Id - } - - It "should successfully create application" { - $types = @() - $types += 'User' - $approle = New-Object Microsoft.Open.MSGraph.Model.AppRole - $approle.AllowedMemberTypes = $types - $approle.Description = 'msiam_access' - $approle.DisplayName = 'msiam_access' - $approle.Id = '643985ce-3eaf-4a67-9550-ecca25cb6814' - $approle.Value = 'Application' - $approle.IsEnabled = $true - $applicationDisplayName = "Demo new application" - $global:createdApplication = New-EntraApplication -DisplayName $applicationDisplayName -AppRoles $approle - $createdApplication.DisplayName | Should -Be $applicationDisplayName - } - - It "should successfully get application" { - $global:getCreatedApplication = Get-EntraApplication -ObjectId $createdApplication.Id - $getCreatedApplication.DisplayName | Should -Be $createdApplication.DisplayName - $getCreatedApplication.Id | Should -Be $createdApplication.Id - $getCreatedApplication.AppId | Should -Be $createdApplication.AppId - } - - It "should successfully update application display name" { - $global:updateApplicationDisplayName = "Update demo application" - Set-EntraApplication -ObjectId $getCreatedApplication.Id -DisplayName $updateApplicationDisplayName - - $global:getUpdatedCreatedApplication = Get-EntraApplication -ObjectId $getCreatedApplication.Id - $getUpdatedCreatedApplication.DisplayName | Should -Be $updateApplicationDisplayName - $getUpdatedCreatedApplication.Id | Should -Be $getCreatedApplication.Id - $getUpdatedCreatedApplication.AppId | Should -Be $getCreatedApplication.AppId - } - - It "should successfully create and get service principal" { - $global:MyApp = Get-EntraApplication -Filter "DisplayName eq '$($getUpdatedCreatedApplication.DisplayName)'" - - New-EntraServicePrincipal -AccountEnabled $true -AppId $MyApp.AppId -AppRoleAssignmentRequired $true -DisplayName $MyApp.DisplayName -Tags {"WindowsAzureActiveDirectoryIntegratedApp"} - $global:createdServicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '$($MyApp.DisplayName)'" - $createdServicePrincipal.AppId | Should -Be $MyApp.AppId - $createdServicePrincipal.DisplayName | Should -Be $MyApp.DisplayName - } - - It "should successfully update the account of a service principal" { - Set-EntraServicePrincipal -ObjectId $createdServicePrincipal.Id -AccountEnabled $False - $disableServicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '$($MyApp.DisplayName)'" - $disableServicePrincipal.AppId | Should -Be $MyApp.AppId - $disableServicePrincipal.DisplayName | Should -Be $MyApp.DisplayName - - Set-EntraServicePrincipal -ObjectId $createdServicePrincipal.Id -AccountEnabled $True - $global:updatedServicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '$($MyApp.DisplayName)'" - $updatedServicePrincipal.AppId | Should -Be $MyApp.AppId - $updatedServicePrincipal.DisplayName | Should -Be $MyApp.DisplayName - } - - It "should successfully assign a group of users to an application" { - New-EntraGroupAppRoleAssignment -ObjectId $newGroup.ObjectId -PrincipalId $newGroup.ObjectId -ResourceId $updatedServicePrincipal.ObjectId -Id $updatedServicePrincipal.Approles[0].id - } - - It "should successfully retrieve application role assignments of a group" { - $global:getGroupAppRoleAssignment = Get-EntraGroupAppRoleAssignment -ObjectId $newGroup.Id - $getGroupAppRoleAssignment.ResourceDisplayName | Should -Be $createdServicePrincipal.DisplayName - $getGroupAppRoleAssignment.PrincipalDisplayName | Should -Be $updatedDisplayName - } - - AfterAll { - if ( $getGroupAppRoleAssignment) { - Remove-EntraGroupAppRoleAssignment -ObjectId $newGroup.Id -AppRoleAssignmentId $getGroupAppRoleAssignment.Id | Out-Null - } - if ( $updatedServicePrincipal) { - Remove-EntraServicePrincipal -ObjectId $updatedServicePrincipal.Id | Out-Null - } - if ( $getUpdatedCreatedApplication) { - Remove-EntraApplication -ObjectId $getUpdatedCreatedApplication.Id | Out-Null - } - if ($newGroup) { - Remove-EntraGroup -ObjectId $newGroup.Id | Out-Null - } - } - } -} \ No newline at end of file diff --git a/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 b/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 deleted file mode 100644 index b35d0cff57..0000000000 --- a/test/module/Entra/Integration/EntraLifecyclePolicyGroup.Tests.ps1 +++ /dev/null @@ -1,94 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. -# ------------------------------------------------------------------------------ -Describe "The EntraLifecyclePolicyGroup command executing unmocked" { - - Context "When getting LifecyclePolicyGroup" { - BeforeAll { - $testReportPath = Join-Path $PSScriptRoot "\setenv.ps1" - Import-Module -Name $testReportPath - - $appId = $env:TEST_APPID - $tenantId = $env:TEST_TENANTID - $cert = $env:CERTIFICATETHUMBPRINT - - if (-not $appId -or -not $tenantId -or -not $cert) { - throw "Required environment variables are not set." - } - - Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert - - $thisTestInstanceId = New-Guid | Select-Object -ExpandProperty Guid - $global:displayName = 'Demo Help Group' + $thisTestInstanceId - $testNickname = "test" + $thisTestInstanceId - $global:newMSGroup = New-EntraGroup -DisplayName $displayName -MailEnabled $false -MailNickname $testNickname -SecurityEnabled $true -GroupTypes "unified" - Start-Sleep -Seconds 10 - } - - It "should successfully get a specific group by using an group Id" { - $group = Get-EntraGroup -ObjectId $newMSGroup.Id - $group.ObjectId | Should -Be $newMSGroup.Id - $group.DisplayName | Should -Be $displayName - } - - It "should successfully update a group display name" { - $updatedDisplayName = "Update Help Group Name" - Set-EntraGroup -Id $newMSGroup.Id -DisplayName $updatedDisplayName - $result = Get-EntraGroup -ObjectId $newMSGroup.Id - $result.Id | Should -Contain $newMSGroup.Id - } - - It "should successfully Create a lifecycle policy" { - try { - $existingPolicy = Get-EntraGroupLifecyclePolicy - Remove-EntraGroupLifecyclePolicy -Id $existingPolicy.Id - } - catch {} - $global:testGroupPolicy = New-EntraGroupLifecyclePolicy -GroupLifetimeInDays 99 -ManagedGroupTypes "Selected" -AlternateNotificationEmails "example@contoso.un" - } - - It "should successfully retrieve properties of an groupLifecyclePolicy" { - $groupLifecyclePolicy = Get-EntraGroupLifecyclePolicy -Id $testGroupPolicy.Id - - $groupLifecyclePolicy.Id | Should -Be $testGroupPolicy.Id - $groupLifecyclePolicy.GroupLifetimeInDays | Should -Be 99 - $groupLifecyclePolicy.ManagedGroupTypes | Should -Contain "Selected" - $groupLifecyclePolicy.AlternateNotificationEmails | Should -Contain "example@contoso.un" - } - - It "should successfully update groupLifecyclePolicy" { - $alternateNotificationEmails = "admingroup@contoso.en" - $global:updatedGroupLifecyclePolicy = Set-EntraGroupLifecyclePolicy -Id $testGroupPolicy.Id -GroupLifetimeInDays 200 -AlternateNotificationEmails $alternateNotificationEmails -ManagedGroupTypes "Selected" - - $updatedGroupLifecyclePolicy.Id | Should -Be $testGroupPolicy.Id - $updatedGroupLifecyclePolicy.GroupLifetimeInDays | Should -Be 200 - $updatedGroupLifecyclePolicy.ManagedGroupTypes | Should -Contain "Selected" - $updatedGroupLifecyclePolicy.AlternateNotificationEmails | Should -Contain $alternateNotificationEmails - } - - It "should successfully associate the group with the lifecycle policy" { - $testLifePolicyGroup = Add-EntraLifecyclePolicyGroup -Id $testGroupPolicy.Id -GroupId $newMSGroup.Id - $testLifePolicyGroup.ObjectId | Should -BeNullOrEmpty - } - - It "should successfully retrieve details of a LifecyclePolicyGroup" { - $global:lifecyclePolicyGroup = Get-EntraLifecyclePolicyGroup -Id $newMSGroup.Id - $lifecyclePolicyGroup.ObjectId | Should -Be $testGroupPolicy.Id - $lifecyclePolicyGroup.GroupLifetimeInDays | Should -Be 200 - $lifecyclePolicyGroup.ManagedGroupTypes | Should -Contain "Selected" - $lifecyclePolicyGroup.AlternateNotificationEmails | Should -Contain $updatedGroupLifecyclePolicy.AlternateNotificationEmails - } - - AfterAll { - if ($lifecyclePolicyGroup) { - Remove-EntraLifecyclePolicyGroup -Id $lifecyclePolicyGroup.Id -GroupId $newMSGroup.Id | Out-Null - } - if ($updatedGroupLifecyclePolicy) { - Remove-EntraGroupLifecyclePolicy -Id $updatedGroupLifecyclePolicy.Id | Out-Null - } - if ($newMSGroup) { - Remove-EntraGroup -ObjectId $newMSGroup.Id | Out-Null - } - } - } -} diff --git a/test/module/Entra/Integration/Scenario1.Tests.ps1 b/test/module/Entra/Integration/Scenario1.Tests.ps1 deleted file mode 100644 index e0ad981cb0..0000000000 --- a/test/module/Entra/Integration/Scenario1.Tests.ps1 +++ /dev/null @@ -1,246 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. -# ------------------------------------------------------------------------------ -BeforeAll { - $testReportPath = join-path $psscriptroot "\setenv.ps1" - Import-Module -Name $testReportPath - $appId = $env:TEST_APPID - $tenantId = $env:TEST_TENANTID - $cert = $env:CERTIFICATETHUMBPRINT - Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert -} -Describe "Integration Testing" { - - Context "Scen1: Creating Applications and attaching secrets to that newly created application"{ - It "Creating New Application"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid - $global:testAppName = 'SimpleTestApp' + $thisTestInstanceId - $global:newApp = New-EntraApplication -DisplayName $testAppName - $newApp.DisplayName | Should -Be $testAppName - } - It "Attaching a Secret to the Application"{ - $global:Result = New-EntraApplicationPasswordCredential -ObjectId $newApp.Id -CustomKeyIdentifier "MySecret" - } - It "Verification of Application Creation"{ - $global:application = Get-EntraApplication -ObjectId $newApp.Id - $application.DisplayName | Should -Be $testAppName - } - It "Verification of Attached Secret"{ - $application.PasswordCredentials.KeyId | Should -be $Result.KeyId - } - } - Context "Scen3: Create Service Principal to the newly created application"{ - It "Creation of the Service Principal"{ - $global:newServicePrincipal = New-EntraServicePrincipal -AppId $newApp.AppId - $newServicePrincipal.AppId | Should -Be $application.AppId - } - } - Context "Scen2: Create Gallery application and setup PreferredSingleSignOn Mode to the application"{ - It "Setting PreferredSingleSignOn Mode to the application"{ - Set-EntraServicePrincipal -ObjectId $newServicePrincipal.ObjectId -PreferredSingleSignOnMode 'password' - } - It "Verification of ServicePricipal Creation and Updated PreferredSingleSignOn"{ - $global:servicePrincipal= Get-EntraServicePrincipal -ObjectId $newServicePrincipal.ObjectId - $servicePrincipal.DisplayName | Should -Be $testAppName - $servicePrincipal.PreferredSingleSignOnMode | Should -Be 'password' - } - } - Context "Scen4: Configure App ID URI and Redirect URIs on the newly created application"{ - It "Configuring the App ID URI and Redirect URI"{ - Set-EntraApplication -ObjectId $newApp.Id -IdentifierUris @("IdM365x992972766.onmicrosoft.com") -Web @{RedirectUris = 'https://contoso.com'} - } - It "Verifying the App ID URI configuration and Redirect URI"{ - $updatedApp = Get-EntraApplication -ObjectId $newApp.Id | ConvertTo-json | ConvertFrom-json - $updatedApp.IdentifierUris | Should -Be "IdM365x992972766.onmicrosoft.com" - $updatedApp.Web.RedirectUris | Should -Be "https://contoso.com" - } - } - Context "Scen5: Create AppRoles to the Application"{ - It "Create Approles"{ - $types = @() - $types += 'Application' - $approle = New-Object Microsoft.Open.MSGraph.Model.AppRole - $approle.AllowedMemberTypes = $types - $approle.Description = 'msiam_access' - $approle.DisplayName = 'msiam_access' - $approle.Id = '643985ce-3eaf-4a67-9550-ecca25cb6814' - $approle.Value = 'Application' - $approle.IsEnabled = $true - $approle.Origin = "Application" - - # Assign approles to existing applictaion - $global:AppUpdate = Set-EntraApplication -ObjectId $newApp.Id -AppRoles $approle - } - It "Verification of created Approles"{ - $global:updatedApp = Get-EntraApplication -ObjectId $newApp.Id - $updatedApp.AppRoles.DisplayName | Should -Be 'msiam_access' - $updatedApp.AppRoles.Id | Should -Be '643985ce-3eaf-4a67-9550-ecca25cb6814' - $updatedApp.AppRoles.Value | Should -Be 'Application' - } - } - Context "Scen6: Assign user and groups to the newly created Service Principal and set right AppRole to it"{ - It "Assigning users to the Service Principal and setting the correct AppRole for the Service Principal"{ - $global:existUser = Get-EntraUser -Top 1 - Add-EntraServicePrincipalOwner -ObjectId $servicePrincipal.Id -RefObjectId $existUser.Id - - $global:AppRoletoServicePrincipal = New-EntraServiceAppRoleAssignment -ObjectId $servicePrincipal.Id -ResourceId $servicePrincipal.Id -Id $updatedApp.AppRoles.Id -PrincipalId $existUser.ObjectId - } - It "Verification of assigned group to service principal"{ - $PrincipalOwners= Get-EntraServicePrincipalOwner -ObjectId $servicePrincipal.Id - $PrincipalOwners.Id | Should -Contain $existUser.Id - - $RoleAssignment = Get-EntraServiceAppRoleAssignment -ObjectId $servicePrincipal.Id - $RoleAssignment.AppRoleId | Should -Be $AppRoletoServicePrincipal.AppRoleId - } - } - Context "Scen7: Create a new user and add that user to an existing group"{ - It "Creating the user"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid - $user = 'SimpleTestUserss' + $thisTestInstanceId - $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" - $global:NewUser = New-EntraUser -AccountEnabled $true -DisplayName $user -PasswordProfile $PasswordProfile -MailNickName $user -UserPrincipalName "$user@M365x99297270.OnMicrosoft.com" - } - It "Adding the user to an existing group"{ - $global:ExistGroup = Get-EntraGroup -top 1 - Add-EntraGroupMember -ObjectId $ExistGroup.ObjectId -RefObjectId $NewUser.ObjectId - } - It "Verification of new user's addition to the existing group"{ - $GetMemb = Get-EntraGroupMember -ObjectId $ExistGroup.ObjectId - $GetMemb.Id | Should -Contain $NewUser.Id - } - } - Context "Scen8:Create a new group and add existing user to that group"{ - It "Creating a new Group"{ - $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId - $global:NewGroup = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" - } - It "Adding existing user to new group"{ - $ExistUser = Get-EntraUser -top 1 - Add-EntraGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $ExistUser.ObjectId - } - It "Verification of exixting user's addition to the new group"{ - $User = Get-EntraUser -top 1 - $GetMember = Get-EntraGroupMember -ObjectId $NewGroup.ObjectId - $GetMember.Id | Should -Contain $User.Id - } - } - Context "Scen9: Create a new user and create a new group and add that new user to the new group"{ - It "Creating a new user and group"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid - $testUserName = 'SimpleTestUsers' + $thisTestInstanceId - # Create new User - $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" - $global:NewUser1 = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" - - $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId - $global:NewGroup1 = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" - } - It "Adding New User to New group"{ - Add-EntraGroupMember -ObjectId $NewGroup1.ObjectId -RefObjectId $NewUser1.ObjectId - } - } - Context "Scen10: Create a new user and add the user to the newly created group and check that user is Member of the group"{ - It "Creating a new user and group"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid - $testUserName = 'SimpleTestUsers' + $thisTestInstanceId - # Create new User - $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" - $global:NewUser2 = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" - - $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId - $global:NewGroup2 = New-EntraGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" - } - It "Adding New User to New group"{ - Add-EntraGroupMember -ObjectId $NewGroup2.ObjectId -RefObjectId $NewUser2.ObjectId - } - It "Verification of User is Member of the group"{ - $GetMember = Get-EntraUserMembership -ObjectId $NewUser2.Id - $GetMember.Id | Should -Contain $NewGroup2.Id - } - } - Context "Scen11: Create a new user and assign that user to the existing Service Principal"{ - It "Creating a new user and assign that user to the existing Service Principal"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid - $Tuser = 'SimpleTestUsers' + $thisTestInstanceId - $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" - $global:NewUser3 = New-EntraUser -AccountEnabled $true -DisplayName $Tuser -PasswordProfile $PasswordProfile -MailNickName $Tuser -UserPrincipalName "$Tuser@M365x99297270.OnMicrosoft.com" - Add-EntraServicePrincipalOwner -ObjectId $servicePrincipal.Id -RefObjectId $NewUser3.Id - } - It "Verfication of assigned User"{ - $GetOwner = Get-EntraServicePrincipalOwner -ObjectId $servicePrincipal.Id - $GetOwner.Id | Should -Contain $NewUser3.Id - } - } - # Context "Scen12: Create a new conditional access policy and attach that policy to the Service Principal"{ - # It "Creating a new conditional access policy and attach that policy to the Service Principal"{ - # $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid - # $testpolicyName = 'Simplepolicy' + $thisTestInstanceId - - # $Condition = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet - # $Condition.clientAppTypes = @("mobileAppsAndDesktopClients","browser") - # $Condition.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition - # $Condition.Applications.IncludeApplications = $NewServicePrincipal.AppId - # $Condition.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition - # $Condition.Users.IncludeUsers = "all" - - # $Controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls - # $Controls._Operator = "AND" - # $Controls.BuiltInControls = @("mfa") - - # $SessionControls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessSessionControls - # $ApplicationEnforcedRestrictions = New-Object Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationEnforcedRestrictions - # $ApplicationEnforcedRestrictions.IsEnabled = $true - # $SessionControls.applicationEnforcedRestrictions = $ApplicationEnforcedRestrictions - - # $global:NewConditionalAccessPolicy = New-EntraConditionalAccessPolicy -DisplayName $testpolicyName -State enabled -Conditions $Condition -GrantControls $Controls -SessionControls $SessionControls - # } - # It "Verification of attached policy"{ - # $result = Get-EntraConditionalAccessPolicy -policyid $NewConditionalAccessPolicy.Id - # $result.Conditions.Applications.IncludeApplications | should -Be $NewServicePrincipal.AppId - # } - # } - Context "Scen13: Create new claims issuance policy and attach that to the Service Principal"{ - It "Creating policy"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid - $testpolicyName = 'Simplepolicy' + $thisTestInstanceId - $global:NewPolicy = New-EntraPolicy -Definition @('{ "definition": [ "{\"ClaimsMappingPolicy\":{\"Version\":1,\"IncludeBasicClaimSet\":\"true\",\"ClaimsSchema\":[{\"Source\":\"user\",\"ID\":\"userPrincipalName\",\"SAMLClaimType\":\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\"JwtClaimType\":\"upn\"},{\"Source\":\"user\",\"ID\":\"displayName\",\"SAMLClaimType\":\"http://schemas.microsoft.com/identity/claims/displayname\",\"JwtClaimType\":\"name\"}]}}" ], "displayName": "Custom Claims Issuance Policy", "isOrganizationDefault": false }') -DisplayName $testpolicyName -Type "claimsMappingPolicies" -IsOrganizationDefault $false - } - It "Attaching Policy to service principal"{ - Add-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id -RefObjectId $NewPolicy.Id - } - It "Verification of added policy to service principal"{ - $result = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id - $result.Id | should -Contain $NewPolicy.Id - } - } - Context "Scene14: Remove the policy attached to the existing Service Principal"{ - It "Removing the policy attached"{ - Remove-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id -PolicyId $NewPolicy.Id - $retrivePolicy = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id - $retrivePolicy.Id | should -Not -Contain $NewPolicy.Id - } - } - - AfterAll { - Remove-EntraGroupMember -ObjectId $ExistGroup.ObjectId -MemberId $NewUser.ObjectId - Remove-EntraGroupMember -ObjectId $NewGroup.ObjectId -MemberId $ExistUser.ObjectId - Remove-EntraGroupMember -ObjectId $NewGroup1.ObjectId -MemberId $NewUser1.ObjectId - Remove-EntraGroupMember -ObjectId $NewGroup2.ObjectId -MemberId $NewUser2.ObjectId - - foreach ($app in (Get-EntraApplication -SearchString "SimpleTestApp")) { - Remove-EntraApplication -ObjectId $app.Id | Out-Null - } - foreach ($user in (Get-EntraUser -SearchString "SimpleTestUsers")) { - Remove-EntraUser -ObjectId $user.Id | Out-Null - } - foreach ($group in (Get-EntraGroup -SearchString "SimpleTestGroup")) { - Remove-EntraGroup -ObjectId $group.Id | Out-Null - } - # Remove-EntraConditionalAccessPolicy -PolicyId $NewConditionalAccessPolicy.Id - Remove-EntraPolicy -Id $NewPolicy.Id - } -} diff --git a/test/module/Entra/Integration/Scenario2.Tests.ps1 b/test/module/Entra/Integration/Scenario2.Tests.ps1 deleted file mode 100644 index 1d1ceec692..0000000000 --- a/test/module/Entra/Integration/Scenario2.Tests.ps1 +++ /dev/null @@ -1,95 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. -# ------------------------------------------------------------------------------ -BeforeAll { - $testReportPath = join-path $psscriptroot "\setenv.ps1" - Import-Module -Name $testReportPath - $appId = $env:TEST_APPID - $tenantId = $env:TEST_TENANTID - $cert = $env:CERTIFICATETHUMBPRINT - Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert -} -Describe "Integration Testing" { - - Context "Scen1: Assign Entra roles including assign roles with different scopes"{ - It "Get user and role"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid - $testUserName = 'SimpleTestUsers' + $thisTestInstanceId - # Create new User - $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" - $global:NewUser = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" - - $global:role = Get-EntraDirectoryRole | Where-Object {$_.DisplayName -eq "Application Administrator"} - } - It "Assign Entra roles"{ - $scope = "/" - # Assign the role to the user with the defined scope - $params = @{ - RoleDefinitionId = $role.Id - PrincipalId = $NewUser.Id - DirectoryScopeId = $scope - } - $global:newRole=New-EntraRoleAssignment @params - } - It "Verification of assigned role Creation"{ - $global:assignedRole = Get-EntraRoleAssignment -Filter "PrincipalId eq '$($NewUser.Id)'" - $assignedRole.Id | Should -Be $newRole.Id - } - } - Context "Create custom roles"{ - It "Creating custom roles"{ - $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission - $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") - $params = @{ - RolePermissions = $RolePermissions - IsEnabled = $false - DisplayName = 'SimpleTestRoleDefinition' - ResourceScopes = '/' - } - $global:customRole=New-EntraRoleDefinition @params - } - It "Verification of custom role created"{ - $global:getRole = Get-EntraRoleDefinition -Filter "DisplayName eq 'SimpleTestRoleDefinition'" - $getRole.Id | Should -Contain $customRole.Id - } - } - Context "Add or deactivate custom security attribute definitions in Microsoft Entra ID"{ - It "Adding custom security attribute definitions"{ - $thisTestInstanceId = Get-Random -Minimum 10000 -Maximum 100000 - $testName = 'TestDefinition' + $thisTestInstanceId - $AttributeSet = Get-EntraAttributeSet -Id 'Testing' - $params = @{ - Name = $testName - Description = 'Target completion' - Type = 'String' - Status = 'Available' - AttributeSet = $AttributeSet.Id - IsCollection = $False - IsSearchable = $True - UsePreDefinedValuesOnly = $True - } - $global:Definition = New-EntraCustomSecurityAttributeDefinition @params - } - It "Deactivate custom security attribute definition"{ - $params = @{ - Id = $Definition.Id - Description = 'Target completion' - Status = 'Deprecated' - } - Set-EntraCustomSecurityAttributeDefinition @params - } - It "Verification of deactivation of custom security attribute definition"{ - $global:getDefinition = Get-EntraCustomSecurityAttributeDefinition -Id $Definition.Id - $getDefinition.Status | Should -Be 'Deprecated' - } - } - AfterAll { - Remove-EntraRoleAssignment -Id $assignedRole.Id - foreach ($user in (Get-EntraUser -SearchString "SimpleTestUsers")) { - Remove-EntraUser -ObjectId $user.Id | Out-Null - } - Remove-EntraRoleDefinition -Id $getRole.Id - - } -} diff --git a/test/module/Entra/Integration/setenv.ps1 b/test/module/Entra/Integration/setenv.ps1 deleted file mode 100644 index feeb819524..0000000000 --- a/test/module/Entra/Integration/setenv.ps1 +++ /dev/null @@ -1,6 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. -# ------------------------------------------------------------------------------ -$env:TEST_APPID = "8886ad7b-1795-4542-9808-c85859d97f23" -$env:TEST_TENANTID = "d5aec55f-2d12-4442-8d2f-ccca95d4390e" -$env:CERTIFICATETHUMBPRINT = "305D4F33E153980E2451F6E068426FC2BCAF683E" diff --git a/test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 b/test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 deleted file mode 100644 index 98f6a1688c..0000000000 --- a/test/module/EntraBeta/Integration/EntraBetaObjectSetting.Tests.ps1 +++ /dev/null @@ -1,53 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. -# ------------------------------------------------------------------------------ -Describe "The EntraBetaObjectSetting commands executing unmocked" { - - Context "When Changing group settings" { - BeforeAll { - $testReportPath = join-path $psscriptroot "\setenv.ps1" - Import-Module -Name $testReportPath - $appId = $env:TEST_APPID - $tenantId = $env:TEST_TENANTID - $cert = $env:CERTIFICATETHUMBPRINT - Connect-MgGraph -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert - - $thisTestInstanceId = New-Guid | select -expandproperty guid - $testGroupName = 'SimpleTestAppRead' + $testGroupName - $global:testGroup = New-EntraBetaGroup -DisplayName $testGroupName -MailEnabled $false -SecurityEnabled $true -MailNickName $testGroupName -Description $testGroupName - } - - It "Should successfully block guest access" { - $template = Get-EntraBetaDirectorySettingTemplate | ? {$_.displayname -eq "group.unified.guest"} - $settingsCopy = $template.CreateDirectorySetting() - $settingsCopy["AllowToAddGuests"]=$False - - $groupID= (Get-EntraBetaGroup -ObjectId $testGroup.Id).ObjectId - $global:newObjectSetting = New-EntraBetaObjectSetting -TargetType Groups -TargetObjectId $groupID -DirectorySetting $settingsCopy - - $ObjectSettings = Get-EntraBetaObjectSetting -TargetType Groups -TargetObjectId $testGroup.Id - $ObjectSettings.values.value | Should -be 'False' - } - - It "Should successfully allow guest access" { - $template = Get-EntraBetaDirectorySettingTemplate | ? {$_.displayname -eq "group.unified.guest"} - $settingsCopy = $template.CreateDirectorySetting() - $settingsCopy["AllowToAddGuests"]=$True - - $groupID= (Get-EntraBetaGroup -ObjectId $testGroup.Id).ObjectId - Set-EntraBetaObjectSetting -TargetType Groups -TargetObjectId $groupID -DirectorySetting $settingsCopy -Id $newObjectSetting.Id - - $ObjectSettings = Get-EntraBetaObjectSetting -TargetType Groups -TargetObjectId $testGroup.Id - $ObjectSettings.values.value | Should -be 'True' - } - - AfterAll { - $groupId = (Get-EntraBetaGroup -ObjectId $testGroup.Id).ObjectId - Remove-EntraBetaObjectSetting -TargetType Groups -TargetObjectId $groupId -Id $newObjectSetting.Id - $ObjectSettings = Get-EntraBetaObjectSetting -TargetType Groups -TargetObjectId $testGroup.Id - $ObjectSettings | Should -BeNullorEmpty - - Remove-EntraBetaGroup -ObjectId $groupId - } - } -} \ No newline at end of file diff --git a/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 b/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 deleted file mode 100644 index 2010f5a358..0000000000 --- a/test/module/EntraBeta/Integration/Scenario1.Tests.ps1 +++ /dev/null @@ -1,245 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. -# ------------------------------------------------------------------------------ -BeforeAll { - $testReportPath = join-path $psscriptroot "\setenv.ps1" - Import-Module -Name $testReportPath - $appId = $env:TEST_APPID - $tenantId = $env:TEST_TENANTID - $cert = $env:CERTIFICATETHUMBPRINT - Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert -} -Describe "Integration Testing" { - - Context "Scen1: Creating Applications and attaching secrets to that newly created application"{ - It "Creating New Application"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid - $global:testAppName = 'SimpleTestApp' + $thisTestInstanceId - $global:newApp = New-EntraBetaApplication -DisplayName $testAppName - $newApp.DisplayName | Should -Be $testAppName - } - It "Attaching a Secret to the Application"{ - $global:Result = New-EntraBetaApplicationPasswordCredential -ObjectId $newApp.Id -CustomKeyIdentifier "MySecret" - } - It "Verification of Application Creation"{ - $global:application = Get-EntraBetaApplication -ObjectId $newApp.Id - $application.DisplayName | Should -Be $testAppName - } - It "Verification of Attached Secret"{ - $application.PasswordCredentials.KeyId | Should -be $Result.KeyId - } - } - Context "Scen3: Create Service Principal to the newly created application"{ - It "Creation of the Service Principal"{ - $global:newServicePrincipal = New-EntraBetaServicePrincipal -AppId $newApp.AppId - $newServicePrincipal.AppId | Should -Be $application.AppId - } - } - Context "Scen2: Create Gallery application and setup PreferredSingleSignOn Mode to the application"{ - It "Setting PreferredSingleSignOn Mode to the application"{ - Set-EntraBetaServicePrincipal -ObjectId $newServicePrincipal.ObjectId -PreferredSingleSignOnMode 'password' - } - It "Verification of ServicePricipal Creation and Updated PreferredSingleSignOn"{ - $global:servicePrincipal= Get-EntraBetaServicePrincipal -ObjectId $newServicePrincipal.ObjectId - $servicePrincipal.DisplayName | Should -Be $testAppName - $servicePrincipal.PreferredSingleSignOnMode | Should -Be 'password' - } - } - Context "Scen4: Configure App ID URI and Redirect URIs on the newly created application"{ - It "Configuring the App ID URI and Redirect URI"{ - Set-EntraBetaApplication -ObjectId $newApp.Id -IdentifierUris @("IdM365x992972766.onmicrosoft.com") -Web @{RedirectUris = 'https://contoso.com'} - } - It "Verifying the App ID URI configuration and Redirect URI"{ - $updatedApp = Get-EntraBetaApplication -ObjectId $newApp.Id | ConvertTo-json | ConvertFrom-json - $updatedApp.IdentifierUris | Should -Be "IdM365x992972766.onmicrosoft.com" - $updatedApp.Web.RedirectUris | Should -Be "https://contoso.com" - } - } - Context "Scen5: Create AppRoles to the Application"{ - It "Create Approles"{ - $types = @() - $types += 'Application' - $approle = New-Object Microsoft.Open.MSGraph.Model.AppRole - $approle.AllowedMemberTypes = $types - $approle.Description = 'msiam_access' - $approle.DisplayName = 'msiam_access' - $approle.Id = '643985ce-3eaf-4a67-9550-ecca25cb6814' - $approle.Value = 'Application' - $approle.IsEnabled = $true - - # Assign approles to existing applictaion - $global:AppUpdate = Set-EntraBetaApplication -ObjectId $newApp.Id -AppRoles $approle - } - It "Verification of created Approles"{ - $global:updatedApp = Get-EntraBetaApplication -ObjectId $newApp.Id - $updatedApp.AppRoles.DisplayName | Should -Be 'msiam_access' - $updatedApp.AppRoles.Id | Should -Be '643985ce-3eaf-4a67-9550-ecca25cb6814' - $updatedApp.AppRoles.Value | Should -Be 'Application' - } - } - Context "Scen6: Assign user and groups to the newly created Service Principal and set right AppRole to it"{ - It "Assigning users to the Service Principal and setting the correct AppRole for the Service Principal"{ - $global:existUser = Get-EntraBetaUser -Top 1 - Add-EntraBetaServicePrincipalOwner -ObjectId $servicePrincipal.Id -RefObjectId $existUser.Id - - $global:AppRoletoServicePrincipal = New-EntraBetaServiceAppRoleAssignment -ObjectId $servicePrincipal.Id -ResourceId $servicePrincipal.Id -Id $updatedApp.AppRoles.Id -PrincipalId $existUser.ObjectId - } - It "Verification of assigned group to service principal"{ - $PrincipalOwners= Get-EntraBetaServicePrincipalOwner -ObjectId $servicePrincipal.Id - $PrincipalOwners.Id | Should -Contain $existUser.Id - - $RoleAssignment = Get-EntraBetaServiceAppRoleAssignment -ObjectId $servicePrincipal.Id - $RoleAssignment.AppRoleId | Should -Be $AppRoletoServicePrincipal.AppRoleId - } - } - Context "Scen7: Create a new user and add that user to an existing group"{ - It "Creating the user"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid - $user = 'SimpleTestUserss' + $thisTestInstanceId - $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" - $global:NewUser = New-EntraBetaUser -AccountEnabled $true -DisplayName $user -PasswordProfile $PasswordProfile -MailNickName $user -UserPrincipalName "$user@M365x99297270.OnMicrosoft.com" - } - It "Adding the user to an existing group"{ - $global:ExistGroup = Get-EntraBetaGroup -top 1 - Add-EntraBetaGroupMember -ObjectId $ExistGroup.ObjectId -RefObjectId $NewUser.ObjectId - } - It "Verification of new user's addition to the existing group"{ - $GetMemb = Get-EntraBetaGroupMember -ObjectId $ExistGroup.ObjectId - $GetMemb.Id | Should -Contain $NewUser.Id - } - } - Context "Scen8:Create a new group and add existing user to that group"{ - It "Creating a new Group"{ - $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId - $global:NewGroup = New-EntraBetaGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" - } - It "Adding existing user to new group"{ - $ExistUser = Get-EntraBetaUser -top 1 - Add-EntraBetaGroupMember -ObjectId $NewGroup.ObjectId -RefObjectId $ExistUser.ObjectId - } - It "Verification of exixting user's addition to the new group"{ - $User = Get-EntraBetaUser -top 1 - $GetMember = Get-EntraBetaGroupMember -ObjectId $NewGroup.ObjectId - $GetMember.Id | Should -Contain $User.Id - } - } - Context "Scen9: Create a new user and create a new group and add that new user to the new group"{ - It "Creating a new user and group"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid - $testUserName = 'SimpleTestUsers' + $thisTestInstanceId - # Create new User - $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" - $global:NewUser1 = New-EntraBetaUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" - - $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId - $global:NewGroup1 = New-EntraBetaGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" - } - It "Adding New User to New group"{ - Add-EntraBetaGroupMember -ObjectId $NewGroup1.ObjectId -RefObjectId $NewUser1.ObjectId - } - } - Context "Scen10: Create a new user and add the user to the newly created group and check that user is Member of the group"{ - It "Creating a new user and group"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid - $testUserName = 'SimpleTestUsers' + $thisTestInstanceId - # Create new User - $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" - $global:NewUser2 = New-EntraBetaUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" - - $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId - $global:NewGroup2 = New-EntraBetaGroup -DisplayName $testGrpName -MailEnabled $false -SecurityEnabled $true -MailNickName "NickName" - } - It "Adding New User to New group"{ - Add-EntraBetaGroupMember -ObjectId $NewGroup2.ObjectId -RefObjectId $NewUser2.ObjectId - } - It "Verification of User is Member of the group"{ - $GetMember = Get-EntraBetaUserMembership -ObjectId $NewUser2.Id - $GetMember.Id | Should -Contain $NewGroup2.Id - } - } - Context "Scen11: Create a new user and assign that user to the existing Service Principal"{ - It "Creating a new user and assign that user to the existing Service Principal"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid - $Tuser = 'SimpleTestUsers' + $thisTestInstanceId - $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" - $global:NewUser3 = New-EntraBetaUser -AccountEnabled $true -DisplayName $Tuser -PasswordProfile $PasswordProfile -MailNickName $Tuser -UserPrincipalName "$Tuser@M365x99297270.OnMicrosoft.com" - Add-EntraBetaServicePrincipalOwner -ObjectId $servicePrincipal.Id -RefObjectId $NewUser3.Id - } - It "Verfication of assigned User"{ - $GetOwner = Get-EntraBetaServicePrincipalOwner -ObjectId $servicePrincipal.Id - $GetOwner.Id | Should -Contain $NewUser3.Id - } - } - # Context "Scen12: Create a new conditional access policy and attach that policy to the Service Principal"{ - # It "Creating a new conditional access policy and attach that policy to the Service Principal"{ - # $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid - # $testpolicyName = 'Simplepolicy' + $thisTestInstanceId - - # $Condition = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet - # $Condition.clientAppTypes = @("mobileAppsAndDesktopClients","browser") - # $Condition.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition - # $Condition.Applications.IncludeApplications = $NewServicePrincipal.AppId - # $Condition.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition - # $Condition.Users.IncludeUsers = "all" - - # $Controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls - # $Controls._Operator = "AND" - # $Controls.BuiltInControls = @("mfa") - - # $SessionControls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessSessionControls - # $ApplicationEnforcedRestrictions = New-Object Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationEnforcedRestrictions - # $ApplicationEnforcedRestrictions.IsEnabled = $true - # $SessionControls.applicationEnforcedRestrictions = $ApplicationEnforcedRestrictions - - # $global:NewConditionalAccessPolicy = New-EntraBetaConditionalAccessPolicy -DisplayName $testpolicyName -State enabled -Conditions $Condition -GrantControls $Controls -SessionControls $SessionControls - # } - # It "Verification of attached policy"{ - # $result = Get-EntraBetaConditionalAccessPolicy -policyid $NewConditionalAccessPolicy.Id - # $result.Conditions.Applications.IncludeApplications | should -Be $NewServicePrincipal.AppId - # } - # } - Context "Scen13: Create new claims issuance policy and attach that to the Service Principal"{ - It "Creating policy"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid - $testpolicyName = 'Simplepolicy' + $thisTestInstanceId - $global:NewPolicy = New-EntraBetaPolicy -Definition @('{ "definition": [ "{\"ClaimsMappingPolicy\":{\"Version\":1,\"IncludeBasicClaimSet\":\"true\",\"ClaimsSchema\":[{\"Source\":\"user\",\"ID\":\"userPrincipalName\",\"SAMLClaimType\":\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\"JwtClaimType\":\"upn\"},{\"Source\":\"user\",\"ID\":\"displayName\",\"SAMLClaimType\":\"http://schemas.microsoft.com/identity/claims/displayname\",\"JwtClaimType\":\"name\"}]}}" ], "displayName": "Custom Claims Issuance Policy", "isOrganizationDefault": false }') -DisplayName $testpolicyName -Type "claimsMappingPolicies" -IsOrganizationDefault $false - } - It "Attaching Policy to service principal"{ - Add-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id -RefObjectId $NewPolicy.Id - } - It "Verification of added policy to service principal"{ - $result = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id - $result.Id | should -Contain $NewPolicy.Id - } - } - Context "Scene14: Remove the policy attached to the existing Service Principal"{ - It "Removing the policy attached"{ - Remove-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id -PolicyId $NewPolicy.Id - $retrivePolicy = Get-EntraBetaServicePrincipalPolicy -Id $servicePrincipal.Id - $retrivePolicy.Id | should -Not -Contain $NewPolicy.Id - } - } - - AfterAll { - Remove-EntraBetaGroupMember -ObjectId $ExistGroup.ObjectId -MemberId $NewUser.ObjectId - Remove-EntraBetaGroupMember -ObjectId $NewGroup.ObjectId -MemberId $ExistUser.ObjectId - Remove-EntraBetaGroupMember -ObjectId $NewGroup1.ObjectId -MemberId $NewUser1.ObjectId - Remove-EntraBetaGroupMember -ObjectId $NewGroup2.ObjectId -MemberId $NewUser2.ObjectId - - foreach ($app in (Get-EntraBetaApplication -SearchString "SimpleTestApp")) { - Remove-EntraBetaApplication -ObjectId $app.Id | Out-Null - } - foreach ($user in (Get-EntraBetaUser -SearchString "SimpleTestUsers")) { - Remove-EntraBetaUser -ObjectId $user.Id | Out-Null - } - foreach ($group in (Get-EntraBetaGroup -SearchString "SimpleTestGroup")) { - Remove-EntraBetaGroup -ObjectId $group.Id | Out-Null - } - # Remove-EntraBetaConditionalAccessPolicy -PolicyId $NewConditionalAccessPolicy.Id - Remove-EntraBetaPolicy -Id $NewPolicy.Id - } -} diff --git a/test/module/EntraBeta/Integration/Scenario2.Tests.ps1 b/test/module/EntraBeta/Integration/Scenario2.Tests.ps1 deleted file mode 100644 index 47b5e3ea7b..0000000000 --- a/test/module/EntraBeta/Integration/Scenario2.Tests.ps1 +++ /dev/null @@ -1,95 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. -# ------------------------------------------------------------------------------ -BeforeAll { - $testReportPath = join-path $psscriptroot "\setenv.ps1" - Import-Module -Name $testReportPath - $appId = $env:TEST_APPID - $tenantId = $env:TEST_TENANTID - $cert = $env:CERTIFICATETHUMBPRINT - Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert -} -Describe "Integration Testing" { - - Context "Scen1: Assign Entra roles including assign roles with different scopes"{ - It "Get user and role"{ - $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid - $testUserName = 'SimpleTestUsers' + $thisTestInstanceId - # Create new User - $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" - $global:NewUser = New-EntraBetaUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@M365x99297270.OnMicrosoft.com" - - $global:role = Get-EntraBetaDirectoryRole | Where-Object {$_.DisplayName -eq "Application Administrator"} - } - It "Assign Entra roles"{ - $scope = "/" - # Assign the role to the user with the defined scope - $params = @{ - RoleDefinitionId = $role.Id - PrincipalId = $NewUser.Id - DirectoryScopeId = $scope - } - $global:newRole=New-EntraBetaRoleAssignment @params - } - It "Verification of assigned role Creation"{ - $global:assignedRole = Get-EntraBetaRoleAssignment -Filter "PrincipalId eq '$($NewUser.Id)'" - $assignedRole.Id | Should -Be $newRole.Id - } - } - Context "Create custom roles"{ - It "Creating custom roles"{ - $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission - $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") - $params = @{ - RolePermissions = $RolePermissions - IsEnabled = $false - DisplayName = 'SimpleTestRoleDefinition' - ResourceScopes = '/' - } - $global:customRole=New-EntraBetaRoleDefinition @params - } - It "Verification of custom role created"{ - $global:getRole = Get-EntraBetaRoleDefinition -Filter "DisplayName eq 'SimpleTestRoleDefinition'" - $getRole.Id | Should -Contain $customRole.Id - } - } - Context "Add or deactivate custom security attribute definitions in Microsoft Entra ID"{ - It "Adding custom security attribute definitions"{ - $thisTestInstanceId = Get-Random -Minimum 10000 -Maximum 100000 - $testName = 'TestDefinition' + $thisTestInstanceId - $AttributeSet = Get-EntraBetaAttributeSet -Id 'Testing' - $params = @{ - Name = $testName - Description = 'Target completion' - Type = 'String' - Status = 'Available' - AttributeSet = $AttributeSet.Id - IsCollection = $False - IsSearchable = $True - UsePreDefinedValuesOnly = $True - } - $global:Definition = New-EntraBetaCustomSecurityAttributeDefinition @params - } - It "Deactivate custom security attribute definition"{ - $params = @{ - Id = $Definition.Id - Description = 'Target completion' - Status = 'Deprecated' - } - Set-EntraBetaCustomSecurityAttributeDefinition @params - } - It "Verification of deactivation of custom security attribute definition"{ - $global:getDefinition = Get-EntraBetaCustomSecurityAttributeDefinition -Id $Definition.Id - $getDefinition.Status | Should -Be 'Deprecated' - } - } - AfterAll { - Remove-EntraBetaRoleAssignment -Id $assignedRole.Id - foreach ($user in (Get-EntraBetaUser -SearchString "SimpleTestUsers")) { - Remove-EntraBetaUser -ObjectId $user.Id | Out-Null - } - Remove-EntraBetaRoleDefinition -Id $getRole.Id - - } -} diff --git a/test/module/EntraBeta/Integration/setenv.ps1 b/test/module/EntraBeta/Integration/setenv.ps1 deleted file mode 100644 index feeb819524..0000000000 --- a/test/module/EntraBeta/Integration/setenv.ps1 +++ /dev/null @@ -1,6 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. -# ------------------------------------------------------------------------------ -$env:TEST_APPID = "8886ad7b-1795-4542-9808-c85859d97f23" -$env:TEST_TENANTID = "d5aec55f-2d12-4442-8d2f-ccca95d4390e" -$env:CERTIFICATETHUMBPRINT = "305D4F33E153980E2451F6E068426FC2BCAF683E" From bfad5eae00351010e516d0e407fa2f2a37516dd6 Mon Sep 17 00:00:00 2001 From: Ashwini Karke Date: Tue, 1 Oct 2024 12:38:48 +0530 Subject: [PATCH 18/20] resolved PR comments --- .../Entra/Add-EntraGroupOwner.Tests.ps1 | 5 +++-- test/module/Integration/Entra/Scenario1.Tests.ps1 | 11 ++++++----- test/module/Integration/Entra/Scenario2.Tests.ps1 | 3 ++- .../EntraBeta/EntraBetaObjectSetting.Tests.ps1 | 14 +++++--------- .../Integration/EntraBeta/Scenario1.Tests.ps1 | 11 ++++++----- .../Integration/EntraBeta/Scenario2.Tests.ps1 | 3 ++- test/module/Integration/setenv.ps1 | 2 ++ 7 files changed, 26 insertions(+), 23 deletions(-) diff --git a/test/module/Integration/Entra/Add-EntraGroupOwner.Tests.ps1 b/test/module/Integration/Entra/Add-EntraGroupOwner.Tests.ps1 index c5041391ec..327b3df929 100644 --- a/test/module/Integration/Entra/Add-EntraGroupOwner.Tests.ps1 +++ b/test/module/Integration/Entra/Add-EntraGroupOwner.Tests.ps1 @@ -7,6 +7,7 @@ Describe "The Add-EntraGroupOwner command executing unmocked" { BeforeAll { $testReportPath = join-path $psscriptroot "..\setenv.ps1" . $testReportPath + $password = $env:USER_PASSWORD $domain = (Get-EntraTenantDetail).VerifiedDomains.Name $thisTestInstanceId = (New-Guid).Guid.ToString() @@ -16,12 +17,12 @@ Describe "The Add-EntraGroupOwner command executing unmocked" { #create test user $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" + $PasswordProfile.Password = $password $global:newUser = New-EntraUser -AccountEnabled $true -DisplayName $testName -PasswordProfile $PasswordProfile -MailNickName $testName -UserPrincipalName "$testName@$domain" #create test user $PasswordProfile1 = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile1.Password = "Pass@1234" + $PasswordProfile1.Password = $password $global:newUser1 = New-EntraUser -AccountEnabled $true -DisplayName $testName1 -PasswordProfile $PasswordProfile1 -MailNickName $testName1 -UserPrincipalName "$testName1@$domain" #create test group $global:newGroup = New-EntraGroup -DisplayName $testName -MailEnabled $false -SecurityEnabled $true -MailNickName $testName diff --git a/test/module/Integration/Entra/Scenario1.Tests.ps1 b/test/module/Integration/Entra/Scenario1.Tests.ps1 index 8644bfbd37..246f4ba320 100644 --- a/test/module/Integration/Entra/Scenario1.Tests.ps1 +++ b/test/module/Integration/Entra/Scenario1.Tests.ps1 @@ -4,6 +4,7 @@ BeforeAll { $testReportPath = join-path $psscriptroot "..\setenv.ps1" . $testReportPath + $password = $env:USER_PASSWORD } Describe "Integration Testing" { @@ -80,7 +81,7 @@ Describe "Integration Testing" { $thisTestInstanceId = $thisTestInstanceId.Substring($thisTestInstanceId.Length - 5) $user = 'SimpleTestUserss' + $thisTestInstanceId $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" + $PasswordProfile.Password = $password $global:existingUser = New-EntraUser -AccountEnabled $true -DisplayName $user -PasswordProfile $PasswordProfile -MailNickName $user -UserPrincipalName "$user@$domain" } It "Assigning users to the Service Principal and setting the correct AppRole for the Service Principal"{ @@ -104,7 +105,7 @@ Describe "Integration Testing" { $thisTestInstanceId = $thisTestInstanceId.Substring($thisTestInstanceId.Length - 5) $user = 'SimpleTestUserss' + $thisTestInstanceId $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" + $PasswordProfile.Password = $password $global:NewUser = New-EntraUser -AccountEnabled $true -DisplayName $user -PasswordProfile $PasswordProfile -MailNickName $user -UserPrincipalName "$user@$domain" } It "Creating a new Group"{ @@ -143,7 +144,7 @@ Describe "Integration Testing" { $testUserName = 'SimpleTestUsers' + $thisTestInstanceId # Create new User $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" + $PasswordProfile.Password = $password $global:NewUser1 = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@$domain" $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId @@ -161,7 +162,7 @@ Describe "Integration Testing" { $testUserName = 'SimpleTestUsers' + $thisTestInstanceId # Create new User $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" + $PasswordProfile.Password = $password $global:NewUser2 = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@$domain" $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId @@ -183,7 +184,7 @@ Describe "Integration Testing" { $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid $Tuser = 'SimpleTestUsers' + $thisTestInstanceId $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" + $PasswordProfile.Password = $password $global:NewUser3 = New-EntraUser -AccountEnabled $true -DisplayName $Tuser -PasswordProfile $PasswordProfile -MailNickName $Tuser -UserPrincipalName "$Tuser@$domain" Add-EntraServicePrincipalOwner -ObjectId $servicePrincipal.Id -RefObjectId $NewUser3.Id } diff --git a/test/module/Integration/Entra/Scenario2.Tests.ps1 b/test/module/Integration/Entra/Scenario2.Tests.ps1 index 6677d83cd0..7fdfce5546 100644 --- a/test/module/Integration/Entra/Scenario2.Tests.ps1 +++ b/test/module/Integration/Entra/Scenario2.Tests.ps1 @@ -4,6 +4,7 @@ BeforeAll { $testReportPath = join-path $psscriptroot "..\setenv.ps1" . $testReportPath + $password = $env:USER_PASSWORD } Describe "Integration Testing" { @@ -15,7 +16,7 @@ Describe "Integration Testing" { $testUserName = 'SimpleTestUsers' + $thisTestInstanceId # Create new User $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" + $PasswordProfile.Password = $password $global:NewUser = New-EntraUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@$domain" $global:role = Get-EntraDirectoryRole | Where-Object {$_.DisplayName -eq "Application Administrator"} diff --git a/test/module/Integration/EntraBeta/EntraBetaObjectSetting.Tests.ps1 b/test/module/Integration/EntraBeta/EntraBetaObjectSetting.Tests.ps1 index 98f6a1688c..9a53d50b9e 100644 --- a/test/module/Integration/EntraBeta/EntraBetaObjectSetting.Tests.ps1 +++ b/test/module/Integration/EntraBeta/EntraBetaObjectSetting.Tests.ps1 @@ -5,15 +5,11 @@ Describe "The EntraBetaObjectSetting commands executing unmocked" { Context "When Changing group settings" { BeforeAll { - $testReportPath = join-path $psscriptroot "\setenv.ps1" - Import-Module -Name $testReportPath - $appId = $env:TEST_APPID - $tenantId = $env:TEST_TENANTID - $cert = $env:CERTIFICATETHUMBPRINT - Connect-MgGraph -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert - - $thisTestInstanceId = New-Guid | select -expandproperty guid - $testGroupName = 'SimpleTestAppRead' + $testGroupName + $testReportPath = join-path $psscriptroot "..\setenv.ps1" + . $testReportPath + + $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid + $testGroupName = 'SimpleTestAppRead' + $thisTestInstanceId $global:testGroup = New-EntraBetaGroup -DisplayName $testGroupName -MailEnabled $false -SecurityEnabled $true -MailNickName $testGroupName -Description $testGroupName } diff --git a/test/module/Integration/EntraBeta/Scenario1.Tests.ps1 b/test/module/Integration/EntraBeta/Scenario1.Tests.ps1 index 1fe1aab838..c6bc742703 100644 --- a/test/module/Integration/EntraBeta/Scenario1.Tests.ps1 +++ b/test/module/Integration/EntraBeta/Scenario1.Tests.ps1 @@ -4,6 +4,7 @@ BeforeAll { $testReportPath = join-path $psscriptroot "..\setenv.ps1" . $testReportPath + $password = $env:USER_PASSWORD } Describe "Integration Testing" { @@ -80,7 +81,7 @@ Describe "Integration Testing" { $thisTestInstanceId = $thisTestInstanceId.Substring($thisTestInstanceId.Length - 5) $user = 'SimpleTestUserss' + $thisTestInstanceId $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" + $PasswordProfile.Password = $password $global:existingUser = New-EntraBetaUser -AccountEnabled $true -DisplayName $user -PasswordProfile $PasswordProfile -MailNickName $user -UserPrincipalName "$user@$domain" } It "Assigning users to the Service Principal and setting the correct AppRole for the Service Principal"{ @@ -104,7 +105,7 @@ Describe "Integration Testing" { $thisTestInstanceId = $thisTestInstanceId.Substring($thisTestInstanceId.Length - 5) $user = 'SimpleTestUserss' + $thisTestInstanceId $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" + $PasswordProfile.Password = $password $global:NewUser = New-EntraBetaUser -AccountEnabled $true -DisplayName $user -PasswordProfile $PasswordProfile -MailNickName $user -UserPrincipalName "$user@$domain" } It "Creating a new Group"{ @@ -143,7 +144,7 @@ Describe "Integration Testing" { $testUserName = 'SimpleTestUsers' + $thisTestInstanceId # Create new User $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" + $PasswordProfile.Password = $password $global:NewUser1 = New-EntraBetaUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@$domain" $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId @@ -161,7 +162,7 @@ Describe "Integration Testing" { $testUserName = 'SimpleTestUsers' + $thisTestInstanceId # Create new User $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" + $PasswordProfile.Password = $password $global:NewUser2 = New-EntraBetaUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@$domain" $testGrpName = 'SimpleTestGroup' + $thisTestInstanceId @@ -183,7 +184,7 @@ Describe "Integration Testing" { $thisTestInstanceId = New-Guid | Select-Object -expandproperty guid $Tuser = 'SimpleTestUsers' + $thisTestInstanceId $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" + $PasswordProfile.Password = $password $global:NewUser3 = New-EntraBetaUser -AccountEnabled $true -DisplayName $Tuser -PasswordProfile $PasswordProfile -MailNickName $Tuser -UserPrincipalName "$Tuser@$domain" Add-EntraBetaServicePrincipalOwner -ObjectId $servicePrincipal.Id -RefObjectId $NewUser3.Id } diff --git a/test/module/Integration/EntraBeta/Scenario2.Tests.ps1 b/test/module/Integration/EntraBeta/Scenario2.Tests.ps1 index a593389175..dc2751decf 100644 --- a/test/module/Integration/EntraBeta/Scenario2.Tests.ps1 +++ b/test/module/Integration/EntraBeta/Scenario2.Tests.ps1 @@ -4,6 +4,7 @@ BeforeAll { $testReportPath = join-path $psscriptroot "..\setenv.ps1" . $testReportPath + $password = $env:USER_PASSWORD } Describe "Integration Testing" { @@ -15,7 +16,7 @@ Describe "Integration Testing" { $testUserName = 'SimpleTestUsers' + $thisTestInstanceId # Create new User $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile - $PasswordProfile.Password = "Pass@1234" + $PasswordProfile.Password = $password $global:NewUser = New-EntraBetaUser -AccountEnabled $true -DisplayName $testUserName -PasswordProfile $PasswordProfile -MailNickName $testUserName -UserPrincipalName "$testUserName@$domain" $global:role = Get-EntraBetaDirectoryRole | Where-Object {$_.DisplayName -eq "Application Administrator"} diff --git a/test/module/Integration/setenv.ps1 b/test/module/Integration/setenv.ps1 index 98c01b30f0..01d2b0bd65 100644 --- a/test/module/Integration/setenv.ps1 +++ b/test/module/Integration/setenv.ps1 @@ -2,6 +2,8 @@ # Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ +$env:USER_PASSWORD = "Pass@1234" + $appId = "45451aa1-24e7-46c8-b9e5-dccb2118f536" $tenantId = "0e5ab497-530a-4f6f-bd51-2230c84acad8" $cert = "5C76C328BE9A29C0077398FC52BA531EAF8480F2" From 8bdeb5efcfbc664744155b6acf580dd2135e4806 Mon Sep 17 00:00:00 2001 From: Ashwini Karke Date: Tue, 1 Oct 2024 15:42:30 +0530 Subject: [PATCH 19/20] updated test cases --- .../Integration/Entra/Scenario2.Tests.ps1 | 60 +++++++++---------- .../Integration/EntraBeta/Scenario2.Tests.ps1 | 60 +++++++++---------- 2 files changed, 60 insertions(+), 60 deletions(-) diff --git a/test/module/Integration/Entra/Scenario2.Tests.ps1 b/test/module/Integration/Entra/Scenario2.Tests.ps1 index 7fdfce5546..66b3aa1ab0 100644 --- a/test/module/Integration/Entra/Scenario2.Tests.ps1 +++ b/test/module/Integration/Entra/Scenario2.Tests.ps1 @@ -53,36 +53,36 @@ Describe "Integration Testing" { # $getRole.Id | Should -Contain $customRole.Id # } # } - # Context "Add or deactivate custom security attribute definitions in Microsoft Entra ID"{ - # It "Adding custom security attribute definitions"{ - # $thisTestInstanceId = Get-Random -Minimum 10000 -Maximum 100000 - # $testName = 'TestDefinition' + $thisTestInstanceId - # $AttributeSet = Get-EntraAttributeSet -Id 'Testing' - # $params = @{ - # Name = $testName - # Description = 'Target completion' - # Type = 'String' - # Status = 'Available' - # AttributeSet = $AttributeSet.Id - # IsCollection = $False - # IsSearchable = $True - # UsePreDefinedValuesOnly = $True - # } - # $global:Definition = New-EntraCustomSecurityAttributeDefinition @params - # } - # It "Deactivate custom security attribute definition"{ - # $params = @{ - # Id = $Definition.Id - # Description = 'Target completion' - # Status = 'Deprecated' - # } - # Set-EntraCustomSecurityAttributeDefinition @params - # } - # It "Verification of deactivation of custom security attribute definition"{ - # $global:getDefinition = Get-EntraCustomSecurityAttributeDefinition -Id $Definition.Id - # $getDefinition.Status | Should -Be 'Deprecated' - # } - # } + Context "Add or deactivate custom security attribute definitions in Microsoft Entra ID"{ + It "Adding custom security attribute definitions"{ + $thisTestInstanceId = Get-Random -Minimum 10000 -Maximum 100000 + $testName = 'TestDefinition' + $thisTestInstanceId + $AttributeSet = Get-EntraAttributeSet -Id 'Testing' + $params = @{ + Name = $testName + Description = 'Target completion' + Type = 'String' + Status = 'Available' + AttributeSet = $AttributeSet.Id + IsCollection = $False + IsSearchable = $True + UsePreDefinedValuesOnly = $True + } + $global:Definition = New-EntraCustomSecurityAttributeDefinition @params + } + It "Deactivate custom security attribute definition"{ + $params = @{ + Id = $Definition.Id + Description = 'Target completion' + Status = 'Deprecated' + } + Set-EntraCustomSecurityAttributeDefinition @params + } + It "Verification of deactivation of custom security attribute definition"{ + $global:getDefinition = Get-EntraCustomSecurityAttributeDefinition -Id $Definition.Id + $getDefinition.Status | Should -Be 'Deprecated' + } + } AfterAll { Remove-EntraRoleAssignment -Id $assignedRole.Id foreach ($user in (Get-EntraUser -SearchString "SimpleTestUsers")) { diff --git a/test/module/Integration/EntraBeta/Scenario2.Tests.ps1 b/test/module/Integration/EntraBeta/Scenario2.Tests.ps1 index dc2751decf..794904f9ba 100644 --- a/test/module/Integration/EntraBeta/Scenario2.Tests.ps1 +++ b/test/module/Integration/EntraBeta/Scenario2.Tests.ps1 @@ -53,36 +53,36 @@ Describe "Integration Testing" { # $getRole.Id | Should -Contain $customRole.Id # } # } - # Context "Add or deactivate custom security attribute definitions in Microsoft Entra ID"{ - # It "Adding custom security attribute definitions"{ - # $thisTestInstanceId = Get-Random -Minimum 10000 -Maximum 100000 - # $testName = 'TestDefinition' + $thisTestInstanceId - # $AttributeSet = Get-EntraBetaAttributeSet -Id 'Testing' - # $params = @{ - # Name = $testName - # Description = 'Target completion' - # Type = 'String' - # Status = 'Available' - # AttributeSet = $AttributeSet.Id - # IsCollection = $False - # IsSearchable = $True - # UsePreDefinedValuesOnly = $True - # } - # $global:Definition = New-EntraBetaCustomSecurityAttributeDefinition @params - # } - # It "Deactivate custom security attribute definition"{ - # $params = @{ - # Id = $Definition.Id - # Description = 'Target completion' - # Status = 'Deprecated' - # } - # Set-EntraBetaCustomSecurityAttributeDefinition @params - # } - # It "Verification of deactivation of custom security attribute definition"{ - # $global:getDefinition = Get-EntraBetaCustomSecurityAttributeDefinition -Id $Definition.Id - # $getDefinition.Status | Should -Be 'Deprecated' - # } - # } + Context "Add or deactivate custom security attribute definitions in Microsoft Entra ID"{ + It "Adding custom security attribute definitions"{ + $thisTestInstanceId = Get-Random -Minimum 10000 -Maximum 100000 + $testName = 'TestDefinition' + $thisTestInstanceId + $AttributeSet = Get-EntraBetaAttributeSet -Id 'Testing' + $params = @{ + Name = $testName + Description = 'Target completion' + Type = 'String' + Status = 'Available' + AttributeSet = $AttributeSet.Id + IsCollection = $False + IsSearchable = $True + UsePreDefinedValuesOnly = $True + } + $global:Definition = New-EntraBetaCustomSecurityAttributeDefinition @params + } + It "Deactivate custom security attribute definition"{ + $params = @{ + Id = $Definition.Id + Description = 'Target completion' + Status = 'Deprecated' + } + Set-EntraBetaCustomSecurityAttributeDefinition @params + } + It "Verification of deactivation of custom security attribute definition"{ + $global:getDefinition = Get-EntraBetaCustomSecurityAttributeDefinition -Id $Definition.Id + $getDefinition.Status | Should -Be 'Deprecated' + } + } AfterAll { Remove-EntraBetaRoleAssignment -Id $assignedRole.Id foreach ($user in (Get-EntraBetaUser -SearchString "SimpleTestUsers")) { From f46fa9bc086ee7af23d06a7c8d47d96b199b09ba Mon Sep 17 00:00:00 2001 From: v-varshamane <142500640+v-varshamane@users.noreply.github.com> Date: Wed, 2 Oct 2024 14:44:16 +0530 Subject: [PATCH 20/20] updated clientId --- test/module/Integration/setenv.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/module/Integration/setenv.ps1 b/test/module/Integration/setenv.ps1 index 01d2b0bd65..ff5d95d269 100644 --- a/test/module/Integration/setenv.ps1 +++ b/test/module/Integration/setenv.ps1 @@ -7,6 +7,7 @@ $env:USER_PASSWORD = "Pass@1234" $appId = "45451aa1-24e7-46c8-b9e5-dccb2118f536" $tenantId = "0e5ab497-530a-4f6f-bd51-2230c84acad8" $cert = "5C76C328BE9A29C0077398FC52BA531EAF8480F2" +$clientId = "4d3ac7a8-9f8a-405c-9224-72cd737db2ea" # Connect-Entra -TenantId $tenantId -AppId $appId -CertificateThumbprint $cert -Connect-Entra -Identity -ClientId $appId \ No newline at end of file +Connect-Entra -Identity -ClientId $clientId