Expanded Pester automated integration testing

scripts/Dependencies.ps1

@@ -4,6 +4,7 @@ param (
 )
 
 # Development Modules
+Set-PSRepository -Name $Repository -InstallationPolicy Trusted
 $modules = @("Pester", "PSModuleDevelopment", "PSScriptAnalyzer")
 Write-Host "Installing development modules"
 foreach ($module in $modules) {
@@ -16,7 +17,7 @@ Write-Host "Installing runtime modules"
 foreach ($dependency in $data.RequiredModules) {
     $module = Get-Module -Name $dependency -ListAvailable
     if ($null -ne $module) { Uninstall-Module -Name $dependency -Force }
-    Install-Module -Name $dependency.ModuleName -RequiredVersion $dependency.RequiredVersion -Repository $Repository -Force
+    Install-Module -Name $dependency.ModuleName -RequiredVersion $dependency.RequiredVersion -Repository $Repository
 }
 # Download and add bicep to PATH
 curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64

src/tests/Pester.ps1

@@ -13,6 +13,8 @@
     $Exclude = @("Help.Tests.ps1", "PSScriptAnalyzer.Tests.ps1")
 )
 
+Set-PSFConfig -FullName PSFramework.Message.Info.Maximum -Value 9
+
 Write-PSFMessage -Level Important -Message "Starting Tests"
 
 Write-PSFMessage -Level Important -Message "Importing Module"
@@ -136,4 +138,4 @@ else { Write-PSFMessage -Level Critical -Message "<c='em'>$totalFailed tests</c>
 
 if ($totalFailed -gt 0) {
     throw "$totalFailed / $totalRun tests failed!"
-}
+}

src/tests/integration/Repository.Tests.ps1

@@ -54,7 +54,7 @@ Describe "Repository" {
         # run within and generate data as needed
         #
 
-        Write-PSFMessage -Level Verbose -Message "Validationg Azure context" -FunctionName "BeforeAll"
+        Write-PSFMessage -Level Verbose -Message "Validating Azure context" -FunctionName "BeforeAll"
         $tenant = (Get-AzContext -ListAvailable -ErrorAction SilentlyContinue).Tenant.Id
         if ($tenant -inotcontains "$script:tenantId") {
             Write-PSFMessage -Level Verbose -Message "Authenticating Azure session" -FunctionName "BeforeAll"
@@ -96,6 +96,34 @@ Describe "Repository" {
             throw
         }
 
+        <#
+        Wait for Management Group structure consistency
+        #>
+
+        $script:managementGroupDeployment = (Get-AzManagementGroupDeployment -ManagementGroupId "$script:tenantId" -Name "AzOps-Tests")
+        $script:timeOutMinutes = 25
+        $script:mgmtRun = "Run"
+
+        While ($script:mgmtRun -eq "Run") {
+            Write-PSFMessage -Level Verbose -Message "Waiting for Management Group structure consistency" -FunctionName "BeforeAll"
+
+            $script:mgmt = Get-AzManagementGroup
+            $script:testManagementGroup = ($script:mgmt | Where-Object Name -eq "$($script:managementGroupDeployment.Outputs.testManagementGroup.value)")
+            $script:platformManagementGroup = ($script:mgmt | Where-Object Name -eq "$($script:managementGroupDeployment.Outputs.platformManagementGroup.value)")
+            $script:managementManagementGroup = ($script:mgmt | Where-Object Name -eq "$($script:managementGroupDeployment.Outputs.managementManagementGroup.value)")
+
+            if ($script:testManagementGroup -ne $null -and $script:platformManagementGroup -ne $null -and $script:managementManagementGroup -ne $null) {
+                $script:mgmtRun = "Done"
+            }
+            else {
+                Start-Sleep -Seconds 60
+                $script:timeOutMinutes--
+            }
+            if ($script:timeOutMinutes -le 0) {
+                break
+            }
+        }
+
         #
         # Ensure that the root directory
         # does not exist before running
@@ -109,36 +137,43 @@ Describe "Repository" {
             Remove-Item -Path $generatedRoot -Recurse
         }
 
+        #
+        # The following values match the Resource Template
+        # which we deploy the platform services with
+        # these need to match so that the lookups within
+        # the filesystem are aligned.
+        #
+
+        try {
+            Start-Sleep -Seconds 300
+            Set-AzContext -SubscriptionId $script:subscriptionId
+            $script:policyAssignments = Get-AzPolicyAssignment -Name "TestPolicyAssignment" -Scope "/providers/Microsoft.Management/managementGroups/$($script:managementManagementGroup.Name)"
+            $script:subscription = (Get-AzSubscription | Where-Object Id -eq $script:subscriptionId)
+            $script:resourceGroup = (Get-AzResourceGroup | Where-Object ResourceGroupName -eq "Application")
+            $script:roleAssignments = (Get-AzRoleAssignment -ObjectId "1b993954-3377-46fd-a368-58fff7420021" | Where-Object { $_.Scope -eq "/subscriptions/$script:subscriptionId" -and $_.RoleDefinitionId -eq "acdd72a7-3385-48ef-bd42-f606fba81ae7" })
+            $script:routeTable = (Get-AzResource -Name "RouteTable" -ResourceGroupName $($script:resourceGroup).ResourceGroupName)
+        }
+        catch {
+            Write-PSFMessage -Level Critical -Message "Failed to get deployed services" -Exception $_.Exception
+        }
+
         #
         # Invoke the Invoke-AzOpsPull
         # function to generate the scope data which
         # can be tested against to ensure structure
         # is correct and data model hasn't changed.
         #
 
+        Set-PSFConfig -FullName AzOps.Core.SubscriptionsToIncludeResourceGroups -Value $script:subscriptionId
         Write-PSFMessage -Level Verbose -Message "Generating folder structure" -FunctionName "BeforeAll"
         try {
-            Invoke-AzOpsPull -SkipRole:$true -SkipPolicy:$true -SkipResource:$true
+            Invoke-AzOpsPull -SkipRole:$false -SkipPolicy:$false -SkipResource:$false
         }
         catch {
             Write-PSFMessage -Level Critical -Message "Initialize failed" -Exception $_.Exception
             throw
         }
 
-        #
-        # The following values match the Reosurce Template
-        # which we deploy the platform services with
-        # these need to match so that the lookups within
-        # the filesystem are aligned.
-        #
-
-        $script:managementGroupDeployment = (Get-AzManagementGroupDeployment -ManagementGroupId "$script:tenantId" -Name "AzOps-Tests")
-        $script:testManagementGroup = (Get-AzManagementGroup | Where-Object Name -eq "$($script:managementGroupDeployment.Outputs.testManagementGroup.value)")
-        $script:platformManagementGroup = (Get-AzManagementGroup | Where-Object Name -eq "$($script:managementGroupDeployment.Outputs.platformManagementGroup.value)")
-        $script:managementManagementGroup = (Get-AzManagementGroup | Where-Object Name -eq "$($script:managementGroupDeployment.Outputs.managementManagementGroup.value)")
-        $script:subscription = (Get-AzSubscription | Where-Object Id -eq $script:subscriptionId)
-        $script:resourceGroup = (Get-AzResourceGroup | Where-Object ResourceGroupName -eq "Application")
-
         #
         # The following values are discovering the file
         # system paths so that they can be validate against
@@ -153,36 +188,50 @@ Describe "Repository" {
 
         $filePaths = (Get-ChildItem -Path $generatedRootPath -Recurse)
 
-        $script:tenantRootGroupPath = ($filePaths | Where-Object Name -eq "microsoft.management_managementgroups-$($script:tenantId).json")
+        $script:tenantRootGroupPath = ($filePaths | Where-Object Name -eq "microsoft.management_managementgroups-$(($script:tenantId).toLower()).json")
         $script:tenantRootGroupDirectory = ($script:tenantRootGroupPath).Directory
         $script:tenantRootGroupFile = ($script:tenantRootGroupPath).FullName
         Write-PSFMessage -Level Debug -Message "TenantRootGroupPath: $($script:tenantRootGroupFile)" -FunctionName "BeforeAll"
 
-        $script:testManagementGroupPath = ($filePaths | Where-Object Name -eq "microsoft.management_managementgroups-$($script:testManagementGroup.Name).json")
+        $script:testManagementGroupPath = ($filePaths | Where-Object Name -eq "microsoft.management_managementgroups-$(($script:testManagementGroup.Name).toLower()).json")
         $script:testManagementGroupDirectory = ($script:testManagementGroupPath).Directory
         $script:testManagementGroupFile = ($script:testManagementGroupPath).FullName
         Write-PSFMessage -Level Debug -Message "TestManagementGroupFile: $($script:testManagementGroupFile)" -FunctionName "BeforeAll"
 
-        $script:platformManagementGroupPath = ($filePaths | Where-Object Name -eq "microsoft.management_managementgroups-$($script:platformManagementGroup.Name).json")
+        $script:platformManagementGroupPath = ($filePaths | Where-Object Name -eq "microsoft.management_managementgroups-$(($script:platformManagementGroup.Name).toLower()).json")
         $script:platformManagementGroupDirectory = ($script:platformManagementGroupPath).Directory
         $script:platformManagementGroupFile = ($script:platformManagementGroupPath).FullName
         Write-PSFMessage -Level Debug -Message "PlatformManagementGroupFile: $($script:platformManagementGroupFile)" -FunctionName "BeforeAll"
 
-        $script:managementManagementGroupPath = ($filePaths | Where-Object Name -eq "microsoft.management_managementgroups-$($script:managementManagementGroup.Name).json")
+        $script:managementManagementGroupPath = ($filePaths | Where-Object Name -eq "microsoft.management_managementgroups-$(($script:managementManagementGroup.Name).toLower()).json")
         $script:managementManagementGroupDirectory = ($script:managementManagementGroupPath).Directory
         $script:managementManagementGroupFile = ($script:managementManagementGroupPath).FullName
         Write-PSFMessage -Level Debug -Message "ManagementManagementGroupFile: $($script:managementManagementGroupFile)" -FunctionName "BeforeAll"
 
+        $script:policyAssignmentsPath = ($filePaths | Where-Object Name -eq "microsoft.authorization_policyassignments-$(($script:policyAssignments.Name).toLower()).json")
+        $script:policyAssignmentsDirectory = ($script:policyAssignmentsPath).Directory
+        $script:policyAssignmentsFile = ($script:policyAssignmentsPath).FullName
+        Write-PSFMessage -Level Debug -Message "PolicyAssignmentsFile: $($script:policyAssignmentsFile)" -FunctionName "BeforeAll"
 
-        $script:subscriptionPath = ($filePaths | Where-Object Name -eq "microsoft.subscription_subscriptions-$($script:subscription.Id).json")
+        $script:subscriptionPath = ($filePaths | Where-Object Name -eq "microsoft.subscription_subscriptions-$(($script:subscription.Id).toLower()).json")
         $script:subscriptionDirectory = ($script:subscriptionPath).Directory
         $script:subscriptionFile = ($script:subscriptionPath).FullName
         Write-PSFMessage -Level Debug -Message "SubscriptionFile: $($script:subscriptionFile)" -FunctionName "BeforeAll"
 
-        $script:resourceGroupPath = ($filePaths | Where-Object Name -eq "microsoft.resources_resourcegroups-$($script:resourceGroup.ResourceGroupName).json")
+        $script:resourceGroupPath = ($filePaths | Where-Object Name -eq "microsoft.resources_resourcegroups-$(($script:resourceGroup.ResourceGroupName).toLower()).json")
         $script:resourceGroupDirectory = ($script:resourceGroupPath).Directory
         $script:resourceGroupFile = ($script:resourceGroupPath).FullName
         Write-PSFMessage -Level Debug -Message "ResourceGroupFile: $($script:resourceGroupFile)" -FunctionName "BeforeAll"
+
+        $script:roleAssignmentsPath = ($filePaths | Where-Object Name -eq "microsoft.authorization_roleassignments-$(($script:roleAssignments.RoleAssignmentId).toLower() -replace ".*/").json")
+        $script:roleAssignmentsDirectory = ($script:roleAssignmentsPath).Directory
+        $script:roleAssignmentsFile = ($script:roleAssignmentsPath).FullName
+        Write-PSFMessage -Level Debug -Message "RoleAssignmentFile: $($script:roleAssignmentsFile)" -FunctionName "BeforeAll"
+
+        $script:routeTablePath = ($filePaths | Where-Object Name -eq "microsoft.network_routetables-$(($script:routeTable.Name).toLower()).json")
+        $script:routeTableDirectory = ($script:routeTablePath).Directory
+        $script:routeTableFile = ($script:routeTablePath).FullName
+        Write-PSFMessage -Level Debug -Message "RouteTableFile: $($script:routeTableFile)" -FunctionName "BeforeAll"
         #endregion Paths
 
     }
@@ -333,6 +382,39 @@ Describe "Repository" {
         }
         #endregion
 
+        #region Scope = Policy Assignments (./root/tenant root group/test/platform/management/PolicyAssignment)
+        It "Policy Assignments directory should exist" {
+            Test-Path -Path $script:policyAssignmentsDirectory | Should -BeTrue
+        }
+        It "Policy Assignments file should exist" {
+            Test-Path -Path $script:policyAssignmentsFile | Should -BeTrue
+        }
+        It "Policy Assignments resource type should exist" {
+            $fileContents = Get-Content -Path $script:policyAssignmentsFile -Raw | ConvertFrom-Json -Depth 25
+            $fileContents.resources[0].type | Should -BeTrue
+        }
+        It "Policy Assignments resource name should exist" {
+            $fileContents = Get-Content -Path $script:policyAssignmentsFile -Raw | ConvertFrom-Json -Depth 25
+            $fileContents.resources[0].name | Should -BeTrue
+        }
+        It "Policy Assignments resource apiVersion should exist" {
+            $fileContents = Get-Content -Path $script:policyAssignmentsFile -Raw | ConvertFrom-Json -Depth 25
+            $fileContents.resources[0].apiVersion | Should -BeTrue
+        }
+        It "Policy Assignments resource properties should exist" {
+            $fileContents = Get-Content -Path $script:policyAssignmentsFile -Raw | ConvertFrom-Json -Depth 25
+            $fileContents.resources[0].properties | Should -BeTrue
+        }
+        It "Policy Assignments resource type should match" {
+            $fileContents = Get-Content -Path $script:policyAssignmentsFile -Raw | ConvertFrom-Json -Depth 25
+            $fileContents.resources[0].type | Should -Be "Microsoft.Authorization/policyAssignments"
+        }
+        It "Policy Assignments scope property should match" {
+            $fileContents = Get-Content -Path $script:policyAssignmentsFile -Raw | ConvertFrom-Json -Depth 25
+            $fileContents.resources[0].properties.scope | Should -Be "$($script:managementManagementGroup.Id)"
+        }
+        #endregion
+
         #region Scope - Subscription (./root/tenant root group/test/platform/management/subscription-0)
         It "Subscription directory should exist" {
             Test-Path -Path $script:subscriptionDirectory | Should -BeTrue
@@ -391,6 +473,64 @@ Describe "Repository" {
         }
         #endregion
 
+        #region Scope - Role Assignment (./root/tenant root group/test/platform/management/subscription-0/roleassignments)
+        It "Role Assignment directory should exist" {
+            Test-Path -Path $script:roleAssignmentsDirectory | Should -BeTrue
+        }
+        It "Role Assignment file should exist" {
+            Test-Path -Path $script:roleAssignmentsFile | Should -BeTrue
+        }
+        It "Role Assignment resource type should exist" {
+            $fileContents = Get-Content -Path $script:roleAssignmentsFile -Raw | ConvertFrom-Json -Depth 25
+            $fileContents.resources[0].type | Should -BeTrue
+        }
+        It "Role Assignment resource name should exist" {
+            $fileContents = Get-Content -Path $script:roleAssignmentsFile -Raw | ConvertFrom-Json -Depth 25
+            $fileContents.resources[0].name | Should -BeTrue
+        }
+        It "Role Assignment resource apiVersion should exist" {
+            $fileContents = Get-Content -Path $script:roleAssignmentsFile -Raw | ConvertFrom-Json -Depth 25
+            $fileContents.resources[0].apiVersion | Should -BeTrue
+        }
+        It "Role Assignment resource properties should exist" {
+            $fileContents = Get-Content -Path $script:roleAssignmentsFile -Raw | ConvertFrom-Json -Depth 25
+            $fileContents.resources[0].properties | Should -BeTrue
+        }
+        It "Role Assignment resource type should match" {
+            $fileContents = Get-Content -Path $script:roleAssignmentsFile -Raw | ConvertFrom-Json -Depth 25
+            $fileContents.resources[0].type | Should -Be "Microsoft.Authorization/roleAssignments"
+        }
+        #endregion
+
+        #region Scope - Route Table (./root/tenant root group/test/platform/management/subscription-0/application/routetable)
+        It "Route Table directory should exist" {
+            Test-Path -Path $script:routeTableDirectory | Should -BeTrue
+        }
+        It "Route Table file should exist" {
+            Test-Path -Path $script:routeTableFile | Should -BeTrue
+        }
+        It "Route Table resource type should exist" {
+            $fileContents = Get-Content -Path $script:routeTableFile -Raw | ConvertFrom-Json -Depth 25
+            $fileContents.resources[0].type | Should -BeTrue
+        }
+        It "Route Table resource name should exist" {
+            $fileContents = Get-Content -Path $script:routeTableFile -Raw | ConvertFrom-Json -Depth 25
+            $fileContents.resources[0].name | Should -BeTrue
+        }
+        It "Route Table resource apiVersion should exist" {
+            $fileContents = Get-Content -Path $script:routeTableFile -Raw | ConvertFrom-Json -Depth 25
+            $fileContents.resources[0].apiVersion | Should -BeTrue
+        }
+        It "Route Table resource properties should exist" {
+            $fileContents = Get-Content -Path $script:routeTableFile -Raw | ConvertFrom-Json -Depth 25
+            $fileContents.resources[0].properties | Should -BeTrue
+        }
+        It "Route Table resource type should match" {
+            $fileContents = Get-Content -Path $script:routeTableFile -Raw | ConvertFrom-Json -Depth 25
+            $fileContents.resources[0].type | Should -Be "Microsoft.Network/routeTables"
+        }
+        #endregion
+
     }
 
     AfterAll {
@@ -459,19 +599,33 @@ Describe "Repository" {
 
         }
 
-        $managementGroup = Get-AzManagementGroup | Where-Object DisplayName -eq "Test"
-        if ($managementGroup) {
-            Write-PSFMessage -Level Verbose -Message "Removing Management Group structure" -FunctionName "AfterAll"
-            Remove-ManagementGroups -DisplayName "Test" -Name $managementGroup.Name -RootName (Get-AzTenant).TenantId
-        }
+        try {
+
+            $managementGroup = Get-AzManagementGroup | Where-Object DisplayName -eq "Test"
+            if ($managementGroup) {
+                Write-PSFMessage -Level Verbose -Message "Removing Management Group structure" -FunctionName "AfterAll"
+                Remove-ManagementGroups -DisplayName "Test" -Name $managementGroup.Name -RootName (Get-AzTenant).TenantId
+            }
 
-        $resourceGroup = Get-AzResourceGroup -Name "Application"
-        if ($resourceGroup) {
-            Write-PSFMessage -Level Verbose -Message "Removing Resource Groups" -FunctionName "AfterAll"
             $subscription = Get-AzSubscription -SubscriptionId $script:subscriptionId
-            Remove-ResourceGroups -SubscriptionName $subscription.Name -ResourceGroupNames @($resourceGroup.ResourceGroupName)
+            Set-AzContext -SubscriptionId $script:subscriptionId
+            $roleAssignment = (Get-AzRoleAssignment -ObjectId "1b993954-3377-46fd-a368-58fff7420021" | Where-Object { $_.Scope -eq "/subscriptions/$script:subscriptionId" -and $_.RoleDefinitionId -eq "acdd72a7-3385-48ef-bd42-f606fba81ae7" })
+            if ($roleAssignment) {
+                Write-PSFMessage -Level Verbose -Message "Removing Role Assignment" -FunctionName "AfterAll"
+                $roleAssignment | Remove-AzRoleAssignment
+            }
+
+            $resourceGroup = Get-AzResourceGroup -Name "Application"
+            if ($resourceGroup) {
+                Write-PSFMessage -Level Verbose -Message "Removing Resource Groups" -FunctionName "AfterAll"
+                Remove-ResourceGroups -SubscriptionName $subscription.Name -ResourceGroupNames @($resourceGroup.ResourceGroupName)
+            }
+
+        }
+        catch {
+            Write-PSFMessage -Level Warning -Message $_ -FunctionName "AfterAll"
         }
 
     }
 
-}
+}