forked from dataplat/dbatools
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCopy-DbaCredential.Tests.ps1
137 lines (113 loc) · 7.39 KB
/
Copy-DbaCredential.Tests.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
$CommandName = $MyInvocation.MyCommand.Name.Replace(".Tests.ps1", "")
Write-Host -Object "Running $PSCommandPath" -ForegroundColor Cyan
. "$PSScriptRoot\constants.ps1"
. "$PSScriptRoot\..\private\functions\Invoke-Command2.ps1"
Describe "$CommandName Unit Tests" -Tag 'UnitTests' {
Context "Validate parameters" {
[object[]]$params = (Get-Command $CommandName).Parameters.Keys | Where-Object { $_ -notin ('whatif', 'confirm') }
[object[]]$knownParameters = 'Source', 'SourceSqlCredential', 'Credential', 'Destination', 'DestinationSqlCredential', 'Name', 'ExcludeName', 'Identity', 'ExcludeIdentity', 'Force', 'EnableException'
$knownParameters += [System.Management.Automation.PSCmdlet]::CommonParameters
It "Should only contain our specific parameters" {
(@(Compare-Object -ReferenceObject ($knownParameters | Where-Object { $_ }) -DifferenceObject $params).Count ) | Should Be 0
}
}
}
Describe "$CommandName Integration Tests" -Tag "IntegrationTests" {
BeforeAll {
$logins = "dbatoolsci_thor", "dbatoolsci_thorsmomma", "dbatoolsci_thor_crypto"
$plaintext = "BigOlPassword!"
$password = ConvertTo-SecureString $plaintext -AsPlainText -Force
$instance2 = Connect-DbaInstance -SqlInstance $script:instance2
$instance3 = Connect-DbaInstance -SqlInstance $script:instance3
# Add user
foreach ($login in $logins) {
$null = Invoke-Command2 -ScriptBlock { net user $args[0] $args[1] /add *>&1 } -ArgumentList $login, $plaintext -ComputerName $script:instance2
$null = Invoke-Command2 -ScriptBlock { net user $args[0] $args[1] /add *>&1 } -ArgumentList $login, $plaintext -ComputerName $script:instance3
}
<#
New tests have been added for validating a credential that uses a crypto provider. (Ref: https://github.com/dataplat/dbatools/issues/7896)
The new pester tests will only run if a crypto provider is registered and enabled.
Follow these steps to configure the local machine to run the crypto provider tests.
1. Run these SQL commands on the instance2 and instance3 servers:
-- Enable advanced options.
USE master;
GO
sp_configure 'show advanced options', 1;
GO
RECONFIGURE;
GO
-- Enable EKM provider
sp_configure 'EKM provider enabled', 1;
GO
RECONFIGURE;
2. Install https://www.microsoft.com/en-us/download/details.aspx?id=45344 on the instance2 and instance3 servers.
3. Run these SQL commands on the instance2 and instance3 servers:
CREATE CRYPTOGRAPHIC PROVIDER dbatoolsci_AKV FROM FILE = 'C:\github\appveyor-lab\keytests\ekm\Microsoft.AzureKeyVaultService.EKM.dll'
#>
# check to see if a crypto provider is present on the instances
$instance2CryptoProviders = $instance2.Query("SELECT name FROM sys.cryptographic_providers WHERE is_enabled = 1 ORDER BY name")
$instance3CryptoProviders = $instance3.Query("SELECT name FROM sys.cryptographic_providers WHERE is_enabled = 1 ORDER BY name")
$cryptoProvider = ($instance2CryptoProviders | Where-Object { $_.name -eq $instance3CryptoProviders.name } | Select-Object -First 1).name
}
AfterAll {
(Get-DbaCredential -SqlInstance $instance2 -Identity dbatoolsci_thor, dbatoolsci_thorsmomma, dbatoolsci_thor_crypto -ErrorAction Stop -WarningAction SilentlyContinue).Drop()
(Get-DbaCredential -SqlInstance $instance3 -Identity dbatoolsci_thor, dbatoolsci_thorsmomma, dbatoolsci_thor_crypto -ErrorAction Stop -WarningAction SilentlyContinue).Drop()
foreach ($login in $logins) {
$null = Invoke-Command2 -ScriptBlock { net user $args /delete *>&1 } -ArgumentList $login -ComputerName $script:instance2
$null = Invoke-Command2 -ScriptBlock { net user $args /delete *>&1 } -ArgumentList $login -ComputerName $script:instance3
}
}
Context "Create new credential" {
It "Should create new credentials with the proper properties" {
$results = New-DbaCredential -SqlInstance $instance2 -Name dbatoolsci_thorcred -Identity dbatoolsci_thor -Password $password
$results.Name | Should Be "dbatoolsci_thorcred"
$results.Identity | Should Be "dbatoolsci_thor"
$results = New-DbaCredential -SqlInstance $instance2 -Identity dbatoolsci_thorsmomma -Password $password
$results.Name | Should Be "dbatoolsci_thorsmomma"
$results.Identity | Should Be "dbatoolsci_thorsmomma"
if ($cryptoProvider) {
$results = New-DbaCredential -SqlInstance $instance2 -Identity dbatoolsci_thor_crypto -Password $password -MappedClassType CryptographicProvider -ProviderName $cryptoProvider
$results.Name | Should Be "dbatoolsci_thor_crypto"
$results.Identity | Should Be "dbatoolsci_thor_crypto"
$results.ProviderName | Should -Be $cryptoProvider
}
}
}
Context "Copy Credential with the same properties." {
It "Should copy successfully" {
$results = Copy-DbaCredential -Source $instance2 -Destination $instance3 -Name dbatoolsci_thorcred
$results.Status | Should Be "Successful"
}
It "Should retain its same properties" {
$Credential1 = Get-DbaCredential -SqlInstance $instance2 -Name dbatoolsci_thor -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
$Credential2 = Get-DbaCredential -SqlInstance $instance3 -Name dbatoolsci_thor -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
# Compare its value
$Credential1.Name | Should Be $Credential2.Name
$Credential1.Identity | Should Be $Credential2.Identity
}
}
Context "No overwrite" {
It "does not overwrite without force" {
$results = Copy-DbaCredential -Source $instance2 -Destination $instance3 -Name dbatoolsci_thorcred
$results.Status | Should Be "Skipping"
}
}
# See https://github.com/dataplat/dbatools/issues/7896 and comments above in BeforeAll
Context "Crypto provider cred" {
It -Skip:(-not $cryptoProvider) "ensure copied credential is using the same crypto provider" {
$results = Copy-DbaCredential -Source $instance2 -Destination $instance3 -Name dbatoolsci_thor_crypto
$results.Status | Should Be Successful
$results = Get-DbaCredential -SqlInstance $instance3 -Name dbatoolsci_thor_crypto
$results.Name | Should -Be dbatoolsci_thor_crypto
$results.ProviderName | Should -Be $cryptoProvider
}
It -Skip:(-not $cryptoProvider) "check warning message if crypto provider is not configured/enabled on destination" {
Remove-DbaCredential -SqlInstance $instance3 -Credential dbatoolsci_thor_crypto -Confirm:$false
$instance3.Query("ALTER CRYPTOGRAPHIC PROVIDER $cryptoProvider DISABLE")
$results = Copy-DbaCredential -Source $instance2 -Destination $instance3 -Name dbatoolsci_thor_crypto -WarningVariable warnings
$instance3.Query("ALTER CRYPTOGRAPHIC PROVIDER $cryptoProvider ENABLE")
$results.Status | Should Be Failed
$results.Notes | Should -Match "The cryptographic provider $cryptoProvider needs to be configured and enabled on"
}
}
}