Initialize-TestEnvironment will fail if your box is Domain Joined machine

[guitarrapc]

Description

Initialize-TestEnvironment will failed to change Execution policy if Box is joined to Domain.

Exception

When you run like other DSC Resource doing, you will get Security Error on L383

# Initialize
[String] $moduleRoot = Split-Path -Parent (Split-Path -Parent (Split-Path -Parent $Script:MyInvocation.MyCommand.Path))
if ( (-not (Test-Path -Path (Join-Path -Path $moduleRoot -ChildPath 'DSCResource.Tests'))) -or `
     (-not (Test-Path -Path (Join-Path -Path $moduleRoot -ChildPath 'DSCResource.Tests\TestHelper.psm1'))) )
{
    & git @('clone','https://github.com/PowerShell/DscResource.Tests.git',(Join-Path -Path $moduleRoot -ChildPath '\DSCResource.Tests\'))
}
else
{
    & git @('-C',(Join-Path -Path $moduleRoot -ChildPath '\DSCResource.Tests\'),'pull')
}
Import-Module (Join-Path -Path $moduleRoot -ChildPath 'DSCResource.Tests\TestHelper.psm1') -Force
$TestEnvironment = Initialize-TestEnvironment -DSCModuleName $global:dscModuleName -DSCResourceName $global:dscResourceName -TestType Unit

Initializing Test Environment for Unit testing of Grani_CredentialManager in module GraniResource.
DSC Module Manifest 'GraniResource.psd1' detected in folder 'D:\Github\guitarrapc\GraniResource'.
[-] Error occurred in test script 'D:\Github\guitarrapc\GraniResource\Test\Grani_CredentialManager\Grani_CredentialManager.Tests.ps1' 1.29s
  Security error.
  at Initialize-TestEnvironment, D:\Github\guitarrapc\GraniResource\DSCResource.Tests\TestHelper.psm1: line 383

Reason

Issue happen when Domain Joined machine, or any other condition may apply, had restricted to change ExecutionPolicy. You can reproduce error by following on Domain Joined Box.

Set-ExecutionPolicy -ExecutionPolicy Unrestricted

Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks described in the
about_Execution_Policies help topic at http://go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"): y
Set-ExecutionPolicy : Windows PowerShell updated your execution policy successfully, but the setting is overridden by a policy defined at a more specific scope.  Due to the ove
rride, your shell will retain its current effective execution policy of Bypass. Type "Get-ExecutionPolicy -List" to view your execution policy settings. For more information pl
ease see "Get-Help Set-ExecutionPolicy".
At line:1 char:1
+ Set-ExecutionPolicy -ExecutionPolicy Unrestricted
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (:) [Set-ExecutionPolicy], SecurityException
    + FullyQualifiedErrorId : ExecutionPolicyOverride,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand

Proposal fix

You can avoid issue by just change execution policy to only current Process. As this function aim to remove any side-effect with Test, I propose limit to current process is much better.

Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process -Force

[PlagueHO]

@guitarrapc - good catch! Your solution looks like it would work.

Does this work OK for both Unit tests and Integration tests?
Can anyone else think of a reason not to make this change?

Do you want to submit a PR for this?

[guitarrapc]

@PlagueHO It encounter with my resource testing, and Pester test go green with my resolution. https://github.com/guitarrapc/GraniResource/tree/master/Test/Grani_CredentialManager

I doubt any reason with this, but couldn't imagine at all 😕

[TravisEz13]

It should work... I worked around the same issue my forcing the process execution policy on PowerShell startup.

[johlju]

@mbreakey3 I think this can be closed. This seems to have been fixed for over 8 months ago.
2c54c4f#diff-25348f900c7839eeb1b52cf0a105623bR338

Only reference to Set-ExecutionPolicy is on line 375 and line 440 and both seems fixed.

[guitarrapc]

I checked source code and agree with @johlju . Let's close.