From 78b9c56c64bf22b5074b1efac5cb73942c463a3c Mon Sep 17 00:00:00 2001 From: Simon Heather <32168619+X-Guardian@users.noreply.github.com> Date: Tue, 21 Apr 2020 19:09:23 +0100 Subject: [PATCH] ActiveDirectoryDsc: Migrate HQRM And Unit Tests to PowerShell 7 (#597) - Testing HQRM and Unit Tests on PowerShell 7 - New function `Get-ByteContent` used by the `ADUser` resource `Get-ThumbnailByteArray` function to cope with different `Get-Content` parameters between PowerShell Desktop and Core. - `Compare-ResourcePropertyState` test changes to handle differences between PowerShell Desktop And Core with hashtable ordering. - `ActiveDirectory` stub module changes due to PowerShell Core unimplemented `SecurityIdentifier` property of the `System.Security.Principal` class. - Implementation of a stub module for `Kds` as this module will not currently import on PowerShell Core. --- CHANGELOG.md | 1 + azure-pipelines.yml | 4 +- .../MSFT_ADDomain/MSFT_ADDomain.psm1 | 1 + .../DSCResources/MSFT_ADUser/MSFT_ADUser.psm1 | 2 +- .../ActiveDirectoryDsc.Common.psd1 | 1 + .../ActiveDirectoryDsc.Common.psm1 | 30 +++ .../Unit/ActiveDirectoryDsc.Common.Tests.ps1 | 48 ++-- tests/Unit/MSFT_ADKDSKey.Tests.ps1 | 5 +- tests/Unit/Stubs/ActiveDirectory_2019.psm1 | 34 +-- tests/Unit/Stubs/Kds.psm1 | 225 ++++++++++++++++++ tests/Unit/Stubs/README.md | 38 ++- 11 files changed, 334 insertions(+), 55 deletions(-) create mode 100644 tests/Unit/Stubs/Kds.psm1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 8496fffb3..746dda4ae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ For older change log history see the [historic changelog](HISTORIC_CHANGELOG.md) - ActiveDirectoryDsc - Migrated to DscResource.Common Module. + - Testing HQRM and Unit Tests on PowerShell 7 ## [6.0.1] - 2020-04-16 diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 82611a62a..d82ab65d9 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -66,7 +66,7 @@ stages: inputs: filePath: './build.ps1' arguments: '-Tasks hqrmtest' - pwsh: false + pwsh: true - task: PublishTestResults@2 displayName: 'Publish Test Results' condition: succeededOrFailed() @@ -100,7 +100,7 @@ stages: inputs: filePath: './build.ps1' arguments: "-Tasks test -PesterScript 'tests/Unit'" - pwsh: false + pwsh: true - task: PublishTestResults@2 displayName: 'Publish Test Results' condition: succeededOrFailed() diff --git a/source/DSCResources/MSFT_ADDomain/MSFT_ADDomain.psm1 b/source/DSCResources/MSFT_ADDomain/MSFT_ADDomain.psm1 index b68e23dfd..057213f9f 100644 --- a/source/DSCResources/MSFT_ADDomain/MSFT_ADDomain.psm1 +++ b/source/DSCResources/MSFT_ADDomain/MSFT_ADDomain.psm1 @@ -66,6 +66,7 @@ function Get-TargetResource ) Assert-Module -ModuleName 'ADDSDeployment' -ImportModule + $domainFQDN = Resolve-DomainFQDN -DomainName $DomainName -ParentDomainName $ParentDomainName # If the domain has been installed then the Netlogon SysVol registry item will exist. diff --git a/source/DSCResources/MSFT_ADUser/MSFT_ADUser.psm1 b/source/DSCResources/MSFT_ADUser/MSFT_ADUser.psm1 index 8c5760c0d..3cd3e04f0 100644 --- a/source/DSCResources/MSFT_ADUser/MSFT_ADUser.psm1 +++ b/source/DSCResources/MSFT_ADUser/MSFT_ADUser.psm1 @@ -1863,7 +1863,7 @@ function Get-ThumbnailByteArray if (Test-Path -Path $ThumbnailPhoto) { Write-Verbose -Message ($script:localizedData.LoadingThumbnailFromFile -f $ThumbnailPhoto) - $thumbnailPhotoAsByteArray = Get-Content -Path $ThumbnailPhoto -Encoding Byte + $thumbnailPhotoAsByteArray = Get-ByteContent -Path $ThumbnailPhoto } else { diff --git a/source/Modules/ActiveDirectoryDsc.Common/ActiveDirectoryDsc.Common.psd1 b/source/Modules/ActiveDirectoryDsc.Common/ActiveDirectoryDsc.Common.psd1 index 69d233c8a..5d4d89ab1 100644 --- a/source/Modules/ActiveDirectoryDsc.Common/ActiveDirectoryDsc.Common.psd1 +++ b/source/Modules/ActiveDirectoryDsc.Common/ActiveDirectoryDsc.Common.psd1 @@ -53,6 +53,7 @@ 'Get-CurrentUser' 'Test-Password' 'Test-PrincipalContextCredentials' + 'Get-ByteContent' ) # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export. diff --git a/source/Modules/ActiveDirectoryDsc.Common/ActiveDirectoryDsc.Common.psm1 b/source/Modules/ActiveDirectoryDsc.Common/ActiveDirectoryDsc.Common.psm1 index f717d5b4a..9c38b8765 100644 --- a/source/Modules/ActiveDirectoryDsc.Common/ActiveDirectoryDsc.Common.psm1 +++ b/source/Modules/ActiveDirectoryDsc.Common/ActiveDirectoryDsc.Common.psm1 @@ -2063,3 +2063,33 @@ function Test-PrincipalContextCredentials return $result } + +<# + .SYNOPSIS + Returns the contents of a file as a byte array + + .PARAMETER Path + Specifies the path to an item. +#> +function Get-ByteContent +{ + [CmdletBinding()] + [OutputType([System.Byte[]])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Path + ) + + if ($PSVersionTable.PSEdition -eq 'Core') + { + $content = Get-Content -Path $Path -AsByteStream + } + else + { + $content = Get-Content -Path $Path -Encoding 'Byte' + } + + return $content +} diff --git a/tests/Unit/ActiveDirectoryDsc.Common.Tests.ps1 b/tests/Unit/ActiveDirectoryDsc.Common.Tests.ps1 index 7083d8b27..7850ebd62 100644 --- a/tests/Unit/ActiveDirectoryDsc.Common.Tests.ps1 +++ b/tests/Unit/ActiveDirectoryDsc.Common.Tests.ps1 @@ -1427,14 +1427,14 @@ InModuleScope 'ActiveDirectoryDsc.Common' { $compareTargetResourceStateResult = Compare-ResourcePropertyState @compareTargetResourceStateParameters $compareTargetResourceStateResult | Should -HaveCount 2 - $compareTargetResourceStateResult[0].ParameterName | Should -Be 'ComputerName' - $compareTargetResourceStateResult[0].Expected | Should -Be 'DC01' - $compareTargetResourceStateResult[0].Actual | Should -Be 'DC01' - $compareTargetResourceStateResult[0].InDesiredState | Should -BeTrue - $compareTargetResourceStateResult[1].ParameterName | Should -Be 'Location' - $compareTargetResourceStateResult[1].Expected | Should -Be 'Sweden' - $compareTargetResourceStateResult[1].Actual | Should -Be 'Sweden' - $compareTargetResourceStateResult[1].InDesiredState | Should -BeTrue + $computerNameResult = $compareTargetResourceStateResult | Where-Object -Property ParameterName -eq 'ComputerName' + $computerNameResult.Expected | Should -Be 'DC01' + $computerNameResult.Actual | Should -Be 'DC01' + $computerNameResult.InDesiredState | Should -BeTrue + $locationNameResult = $compareTargetResourceStateResult | Where-Object -Property ParameterName -eq 'Location' + $locationNameResult.Expected | Should -Be 'Sweden' + $locationNameResult.Actual | Should -Be 'Sweden' + $locationNameResult.InDesiredState | Should -BeTrue } } @@ -1485,14 +1485,14 @@ InModuleScope 'ActiveDirectoryDsc.Common' { $compareTargetResourceStateResult = Compare-ResourcePropertyState @compareTargetResourceStateParameters $compareTargetResourceStateResult | Should -HaveCount 2 - $compareTargetResourceStateResult[0].ParameterName | Should -Be 'ComputerName' - $compareTargetResourceStateResult[0].Expected | Should -Be 'DC01' - $compareTargetResourceStateResult[0].Actual | Should -Be 'DC01' - $compareTargetResourceStateResult[0].InDesiredState | Should -BeTrue - $compareTargetResourceStateResult[1].ParameterName | Should -Be 'Location' - $compareTargetResourceStateResult[1].Expected | Should -Be 'Europe' - $compareTargetResourceStateResult[1].Actual | Should -Be 'Sweden' - $compareTargetResourceStateResult[1].InDesiredState | Should -BeFalse + $computerNameResult = $compareTargetResourceStateResult | Where-Object -Property ParameterName -eq 'ComputerName' + $computerNameResult.Expected | Should -Be 'DC01' + $computerNameResult.Actual | Should -Be 'DC01' + $computerNameResult.InDesiredState | Should -BeTrue + $locationNameResult = $compareTargetResourceStateResult | Where-Object -Property ParameterName -eq 'Location' + $locationNameResult.Expected | Should -Be 'Europe' + $locationNameResult.Actual | Should -Be 'Sweden' + $locationNameResult.InDesiredState | Should -BeFalse } } @@ -1579,14 +1579,14 @@ InModuleScope 'ActiveDirectoryDsc.Common' { $compareTargetResourceStateResult = Compare-ResourcePropertyState @compareTargetResourceStateParameters $compareTargetResourceStateResult | Should -HaveCount 2 - $compareTargetResourceStateResult[0].ParameterName | Should -Be 'ComputerName' - $compareTargetResourceStateResult[0].Expected | Should -Be 'DC01' - $compareTargetResourceStateResult[0].Actual | Should -Be 'DC01' - $compareTargetResourceStateResult[0].InDesiredState | Should -BeTrue - $compareTargetResourceStateResult[1].ParameterName | Should -Be 'Location' - $compareTargetResourceStateResult[1].Expected | Should -Be 'Europe' - $compareTargetResourceStateResult[1].Actual | Should -Be 'Sweden' - $compareTargetResourceStateResult[1].InDesiredState | Should -BeFalse + $computerNameResult = $compareTargetResourceStateResult | Where-Object -Property ParameterName -eq 'ComputerName' + $computerNameResult.Expected | Should -Be 'DC01' + $computerNameResult.Actual | Should -Be 'DC01' + $computerNameResult.InDesiredState | Should -BeTrue + $locationNameResult = $compareTargetResourceStateResult | Where-Object -Property ParameterName -eq 'Location' + $locationNameResult.Expected | Should -Be 'Europe' + $locationNameResult.Actual | Should -Be 'Sweden' + $locationNameResult.InDesiredState | Should -BeFalse } } diff --git a/tests/Unit/MSFT_ADKDSKey.Tests.ps1 b/tests/Unit/MSFT_ADKDSKey.Tests.ps1 index f6dcbb198..393be4365 100644 --- a/tests/Unit/MSFT_ADKDSKey.Tests.ps1 +++ b/tests/Unit/MSFT_ADKDSKey.Tests.ps1 @@ -33,9 +33,12 @@ try InModuleScope $script:dscResourceName { Set-StrictMode -Version 1.0 - # Load stub cmdlets and classes. + # Load AD stub cmdlets and classes. Import-Module (Join-Path -Path $PSScriptRoot -ChildPath 'Stubs\ActiveDirectory_2019.psm1') -Force + # Load KDS stub cmdlets and classes. + Import-Module (Join-Path -Path $PSScriptRoot -ChildPath 'Stubs\Kds.psm1') -Force + # Need to do a deep copy of the Array of objects that compare returns function Copy-ArrayObjects { diff --git a/tests/Unit/Stubs/ActiveDirectory_2019.psm1 b/tests/Unit/Stubs/ActiveDirectory_2019.psm1 index 84c65041a..74ddbd473 100644 --- a/tests/Unit/Stubs/ActiveDirectory_2019.psm1 +++ b/tests/Unit/Stubs/ActiveDirectory_2019.psm1 @@ -2,7 +2,7 @@ # Version: 1.0.1.0 # CreatedOn: 2019-08-12 11:47:22Z -Add-Type -IgnoreWarnings -TypeDefinition @' +Add-Type -IgnoreWarnings -WarningAction SilentlyContinue -TypeDefinition @' namespace Microsoft.ActiveDirectory.Management { public class ADAccount @@ -11,14 +11,14 @@ namespace Microsoft.ActiveDirectory.Management public ADAccount() { } public ADAccount(System.String identity) { } public ADAccount(System.Guid guid) { } - public ADAccount(System.Security.Principal.SecurityIdentifier sid) { } + public ADAccount(System.Object sid) { } public ADAccount(Microsoft.ActiveDirectory.Management.ADObject identity) { } // Property public System.String UserPrincipalName { get; set; } public System.Boolean Enabled { get; set; } public System.String SamAccountName { get; set; } - public System.Security.Principal.SecurityIdentifier SID { get; set; } + public System.Object SID { get; set; } public System.String DistinguishedName { get; set; } public System.String Name { get; set; } public System.String ObjectClass { get; set; } @@ -196,14 +196,14 @@ namespace Microsoft.ActiveDirectory.Management public ADComputer(Microsoft.ActiveDirectory.Management.ADObject identity) { } public ADComputer(System.String identity) { } public ADComputer(System.Guid guid) { } - public ADComputer(System.Security.Principal.SecurityIdentifier sid) { } + public ADComputer(System.Object sid) { } // Property public System.String DNSHostName { get; set; } public System.String UserPrincipalName { get; set; } public System.Boolean Enabled { get; set; } public System.String SamAccountName { get; set; } - public System.Security.Principal.SecurityIdentifier SID { get; set; } + public System.Object SID { get; set; } public System.String DistinguishedName { get; set; } public System.String Name { get; set; } public System.String ObjectClass { get; set; } @@ -272,11 +272,11 @@ namespace Microsoft.ActiveDirectory.Management public ADDomain() { } public ADDomain(System.String identity) { } public ADDomain(System.Guid guid) { } - public ADDomain(System.Security.Principal.SecurityIdentifier sid) { } + public ADDomain(System.Object sid) { } public ADDomain(Microsoft.ActiveDirectory.Management.ADObject adobject) { } // Property - public System.Security.Principal.SecurityIdentifier DomainSID { get; set; } + public System.Object DomainSID { get; set; } public Microsoft.ActiveDirectory.Management.ADPropertyValueCollection AllowedDNSSuffixes { get; set; } public System.Nullable LastLogonReplicationInterval { get; set; } public System.Nullable DomainMode { get; set; } @@ -320,7 +320,7 @@ namespace Microsoft.ActiveDirectory.Management public ADDomainController() { } public ADDomainController(System.String identity) { } public ADDomainController(System.Guid guid) { } - public ADDomainController(System.Security.Principal.SecurityIdentifier sid) { } + public ADDomainController(System.Object sid) { } public ADDomainController(Microsoft.ActiveDirectory.Management.ADObject identity) { } // Property @@ -414,7 +414,7 @@ namespace Microsoft.ActiveDirectory.Management public ADForest() { } public ADForest(System.String identity) { } public ADForest(System.Guid guid) { } - public ADForest(System.Security.Principal.SecurityIdentifier sid) { } + public ADForest(System.Object sid) { } public ADForest(Microsoft.ActiveDirectory.Management.ADObject adobject) { } // Property @@ -458,14 +458,14 @@ namespace Microsoft.ActiveDirectory.Management public ADGroup() { } public ADGroup(System.String identity) { } public ADGroup(System.Guid guid) { } - public ADGroup(System.Security.Principal.SecurityIdentifier sid) { } + public ADGroup(System.Object sid) { } public ADGroup(Microsoft.ActiveDirectory.Management.ADObject identity) { } // Property public System.Nullable GroupScope { get; set; } public System.Nullable GroupCategory { get; set; } public System.String SamAccountName { get; set; } - public System.Security.Principal.SecurityIdentifier SID { get; set; } + public System.Object SID { get; set; } public System.String DistinguishedName { get; set; } public System.String Name { get; set; } public System.String ObjectClass { get; set; } @@ -606,12 +606,12 @@ namespace Microsoft.ActiveDirectory.Management public ADPrincipal() { } public ADPrincipal(System.String identity) { SamAccountName = identity; } public ADPrincipal(System.Guid guid) { } - public ADPrincipal(System.Security.Principal.SecurityIdentifier sid) { } + public ADPrincipal(System.Object sid) { } public ADPrincipal(Microsoft.ActiveDirectory.Management.ADObject adobject) { } // Property public System.String SamAccountName { get; set; } - public System.Security.Principal.SecurityIdentifier SID { get; set; } + public System.Object SID { get; set; } public System.String DistinguishedName { get; set; } public System.String Name { get; set; } public System.String ObjectClass { get; set; } @@ -828,14 +828,14 @@ namespace Microsoft.ActiveDirectory.Management public ADServiceAccount(Microsoft.ActiveDirectory.Management.ADObject identity) { } public ADServiceAccount(System.String identity) { } public ADServiceAccount(System.Guid guid) { } - public ADServiceAccount(System.Security.Principal.SecurityIdentifier sid) { } + public ADServiceAccount(System.Object sid) { } // Property public System.String[] ServicePrincipalNames { get; set; } public System.String UserPrincipalName { get; set; } public System.Boolean Enabled { get; set; } public System.String SamAccountName { get; set; } - public System.Security.Principal.SecurityIdentifier SID { get; set; } + public System.Object SID { get; set; } public System.String DistinguishedName { get; set; } public System.String Name { get; set; } public System.String ObjectClass { get; set; } @@ -905,7 +905,7 @@ namespace Microsoft.ActiveDirectory.Management public ADUser() { } public ADUser(System.String identity) { } public ADUser(System.Guid guid) { } - public ADUser(System.Security.Principal.SecurityIdentifier sid) { } + public ADUser(System.Object sid) { } public ADUser(Microsoft.ActiveDirectory.Management.ADObject identity) { } // Property @@ -914,7 +914,7 @@ namespace Microsoft.ActiveDirectory.Management public System.String UserPrincipalName { get; set; } public System.Boolean Enabled { get; set; } public System.String SamAccountName { get; set; } - public System.Security.Principal.SecurityIdentifier SID { get; set; } + public System.Object SID { get; set; } public System.String DistinguishedName { get; set; } public System.String Name { get; set; } public System.String ObjectClass { get; set; } diff --git a/tests/Unit/Stubs/Kds.psm1 b/tests/Unit/Stubs/Kds.psm1 new file mode 100644 index 000000000..5f4701427 --- /dev/null +++ b/tests/Unit/Stubs/Kds.psm1 @@ -0,0 +1,225 @@ +# Name: Kds +# Version: 1.0.0.0 +# CreatedOn: 2020-04-19 13:18:44Z + +Add-Type -IgnoreWarnings -TypeDefinition @' +public class _KDS_CONFIGURATION +{ + public bool IsSecondaryStubType = true; + + public _KDS_CONFIGURATION() { } +} + +namespace Microsoft.KeyDistributionService.Cmdlets +{ + public class KdsRootKey + { + public bool IsSecondaryStubType = true; + + public KdsRootKey() { } + } + + public class KdsServerConfiguration + { + // Constructor + public KdsServerConfiguration(_KDS_CONFIGURATION serverConfig) { } + + // Property + public System.String AttributeOfWrongFormat { get; set; } + public System.Byte[] KdfParameters { get; set; } + public System.Byte[] SecretAgreementParameters { get; set; } + public System.Boolean IsValidFormat { get; set; } + public System.String SecretAgreementAlgorithm { get; set; } + public System.String KdfAlgorithm { get; set; } + public System.Int32 SecretAgreementPublicKeyLength { get; set; } + public System.Int32 SecretAgreementPrivateKeyLength { get; set; } + public System.Int32 VersionNumber { get; set; } + + // Fabricated constructor + private KdsServerConfiguration() { } + public static KdsServerConfiguration CreateTypeInstance() + { + return new KdsServerConfiguration(); + } + } + +} + +'@ + +function Add-KdsRootKey { + <# + .SYNOPSIS + Add-KdsRootKey [[-EffectiveTime] ] [-LocalTestOnly] [] + +Add-KdsRootKey -EffectiveImmediately [-LocalTestOnly] [] + .PARAMETER LocalTestOnly + Indicates that the new root key is generated on the local host only. This parameter is used with the Set-KdsConfiguration cmdlet to test the local server configuration. + If this parameter is specified, then the cmdlet returns a value that indicates whether the test passed. + If this parameter is not specified, then the cmdlet returns the identifier (ID) of the root key when the operation succeeds. + .PARAMETER EffectiveTime + Specifies the date on which the newly generated root key takes effect. If this parameter is not specified, the default date set is 10 days after the current date. + .PARAMETER EffectiveImmediately + Indicates that the Microsoft Group Key Distribution Service immediately uses the new root key. + #> + + [CmdletBinding(DefaultParameterSetName='EffectiveTime', SupportsShouldProcess=$true, ConfirmImpact='Medium')] + [OutputType([System.Guid])] + [OutputType([System.Boolean])] + param ( + [switch] + ${LocalTestOnly}, + + [Parameter(ParameterSetName='EffectiveTime', Position=0, ValueFromPipeline=$true)] + [datetime] + ${EffectiveTime}, + + [Parameter(ParameterSetName='EffectiveImmediately', Mandatory=$true)] + [switch] + ${EffectiveImmediately} + ) + end { + throw '{0}: StubNotImplemented' -f $MyInvocation.MyCommand + } +} + +function Clear-KdsCache { + <# + .SYNOPSIS + Clear-KdsCache [[-CacheOwnerSid] ] [] + .PARAMETER CacheOwnerSid + Specifies the security identifier (SID) for the user account whose cache this cmdlet clears. + #> + + [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium')] + param ( + [string] + ${CacheOwnerSid} + ) + end { + throw '{0}: StubNotImplemented' -f $MyInvocation.MyCommand + } +} + +function Get-KdsConfiguration { + <# + .SYNOPSIS + Get-KdsConfiguration [] + #> + + [CmdletBinding()] + [OutputType([Microsoft.KeyDistributionService.Cmdlets.KdsServerConfiguration])] + param ( ) + end { + throw '{0}: StubNotImplemented' -f $MyInvocation.MyCommand + } +} + +function Get-KdsRootKey { + <# + .SYNOPSIS + Get-KdsRootKey [] + #> + + [CmdletBinding()] + [OutputType([System.Collections.Generic.List`1[Microsoft.KeyDistributionService.Cmdlets.KdsRootKey]])] + param ( ) + end { + throw '{0}: StubNotImplemented' -f $MyInvocation.MyCommand + } +} + +function Set-KdsConfiguration { + <# + .SYNOPSIS + Set-KdsConfiguration [-LocalTestOnly] [-SecretAgreementPublicKeyLength ] [-SecretAgreementPrivateKeyLength ] [-SecretAgreementParameters ] [-SecretAgreementAlgorithm ] [-KdfParameters ] [-KdfAlgorithm ] [] + +Set-KdsConfiguration -RevertToDefault [-LocalTestOnly] [] + +Set-KdsConfiguration [-InputObject] [-LocalTestOnly] [] + .PARAMETER LocalTestOnly + Indicates that the cmdlet only validates the new group key distribution service configuration on the local computer, and does not store the key in Active Directory (AD). + If this parameter is specified, then the cmdlet returns a value that indicates whether the test passed. + If this parameter is not specified, then the cmdlet returns the new server configuration object. + .PARAMETER SecretAgreementPublicKeyLength + Specifies the length of the public key used in the secret agreement algorithm. + .PARAMETER SecretAgreementPrivateKeyLength + Specifies the length of the private key used in the secret agreement algorithm. + .PARAMETER SecretAgreementParameters + Specifies the parameters for the secret agreement algorithm. If this parameter is not specified or this parameter is set to $null, then no secret agreement algorithm parameters are needed. + .PARAMETER SecretAgreementAlgorithm + Specifies the name of the secret agreement algorithm used to generate a group public key. + .PARAMETER KdfParameters + Specifies the parameters for the key derivation function used to generate the group private key. If this parameter is not specified or this parameter is set to $null, then no key derivation function parameters are needed. + .PARAMETER KdfAlgorithm + Specifies the name of the key derivation function algorithm that the key distribution server uses to generate the keys. + .PARAMETER RevertToDefault + Indicates that the customized service configuration is reverted to the default configuration. + .PARAMETER InputObject + Specifies the server configuration object that contains the configuration information of the Microsoft Group KdsSvc. + #> + + [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium')] + [OutputType([Microsoft.KeyDistributionService.Cmdlets.KdsServerConfiguration])] + [OutputType([System.Boolean])] + param ( + [switch] + ${LocalTestOnly}, + + [Parameter(ParameterSetName='KdsConfiguration', ValueFromPipelineByPropertyName=$true)] + [int] + ${SecretAgreementPublicKeyLength}, + + [Parameter(ParameterSetName='KdsConfiguration', ValueFromPipelineByPropertyName=$true)] + [int] + ${SecretAgreementPrivateKeyLength}, + + [Parameter(ParameterSetName='KdsConfiguration', ValueFromPipelineByPropertyName=$true)] + [byte[]] + ${SecretAgreementParameters}, + + [Parameter(ParameterSetName='KdsConfiguration', ValueFromPipelineByPropertyName=$true)] + [string] + ${SecretAgreementAlgorithm}, + + [Parameter(ParameterSetName='KdsConfiguration', ValueFromPipelineByPropertyName=$true)] + [byte[]] + ${KdfParameters}, + + [Parameter(ParameterSetName='KdsConfiguration', ValueFromPipelineByPropertyName=$true)] + [string] + ${KdfAlgorithm}, + + [Parameter(ParameterSetName='RevertToDefault', Mandatory=$true)] + [switch] + ${RevertToDefault}, + + [Parameter(ParameterSetName='InputObject', Mandatory=$true, Position=0, ValueFromPipeline=$true)] + [Microsoft.KeyDistributionService.Cmdlets.KdsServerConfiguration] + ${InputObject} + ) + end { + throw '{0}: StubNotImplemented' -f $MyInvocation.MyCommand + } +} + +function Test-KdsRootKey { + <# + .SYNOPSIS + Test-KdsRootKey [-KeyId] [] + .PARAMETER KeyId + Specifies the ID of the root key to test. + #> + + [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium')] + [OutputType([System.Boolean])] + param ( + [Parameter(Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] + [guid] + ${KeyId} + ) + end { + throw '{0}: StubNotImplemented' -f $MyInvocation.MyCommand + } +} + diff --git a/tests/Unit/Stubs/README.md b/tests/Unit/Stubs/README.md index d6da92d8a..c2a06d24a 100644 --- a/tests/Unit/Stubs/README.md +++ b/tests/Unit/Stubs/README.md @@ -9,7 +9,7 @@ the cmdlet or function installed. ## How to >**NOTE!** The stubs have been altered after that the modules have been ->generated. How they were altered is describe in the below procedure. +>generated. How they were altered is described in the below procedure. Install the module 'Indented.StubCommand' from PowerShell Gallery. @@ -24,35 +24,41 @@ Add-WindowsFeature AD-Domain-Services Add-WindowsFeature RSAT-AD-PowerShell ``` -Create the stub modules in output folder 'c:\projects\stub' (can be any -folder). +Create the stub modules in the module's `tests/Unit/Stubs` folder: ```powershell -$destinationFolder = 'c:\projects\stubs\' +$destinationFolder = 'tests/Unit/Stubs' $functionBody = { throw '{0}: StubNotImplemented' -f $MyInvocation.MyCommand } -New-StubModule -FromModule 'ActiveDirectory' -Path $destinationFolder -FunctionBody $functionBody -ReplaceTypeDefinition @( +$adTypeDefinition = @( @{ ReplaceType = 'System\.Nullable`1\[Microsoft\.ActiveDirectory\.Management\.\w*\]' - WithType = 'System.Object' + WithType = 'System.Object' }, @{ ReplaceType = 'Microsoft\.ActiveDirectory\.Management\.Commands\.\w*' - WithType = 'System.Object' + WithType = 'System.Object' }, @{ ReplaceType = 'Microsoft\.ActiveDirectory\.Management\.\w*' - WithType = 'System.Object' + WithType = 'System.Object' } ) +New-StubModule -FromModule 'ActiveDirectory' -Path $destinationFolder -FunctionBody $functionBody ` + -ReplaceTypeDefinition $adTypeDefinition + New-StubModule -FromModule 'ADDSDeployment' -Path $destinationFolder -FunctionBody $functionBody + +New-StubModule -FromModule 'Kds' -Path $destinationFolder -FunctionBody $functionBody ``` -Some types that is referenced by the code is not automatically create with +### ActiveDirectory Stub Customisation + +Some types that are referenced are not automatically created with the cmdlet `New-StubModule`. Run the following, then the stub classes that are outputted should be copied into the ActiveDirectory stub module that was generated above, inside the namespace `Microsoft.ActiveDirectory.Management`. @@ -77,7 +83,7 @@ public class ADIdentityNotFoundException : System.Exception ``` The stub class `Microsoft.ActiveDirectory.Management.ADDomainController` -can not be generated fully since all properties that are returned from +cannot be generated fully since all properties that are returned from `Get-ADDomainController` are not shown when using the type directly, e.g. `$a = New-Object -TypeName 'Microsoft.ActiveDirectory.Management.ADDomainController'`. To workaround this these properties below must be added manually to the stub @@ -117,3 +123,15 @@ Update the stub class `ADPrincipal` constructor and add the method like this. } } ``` + +Replace all occurences of `System.Security.Principal.SecurityIdentifier` with +`System.Object` as `SecurityIdentifier` is not currently implemented in +PowerShell 7. + +Add `-WarningAction SilentlyContinue` to the `Add-Type` command to suppress +warnings in PowerShell 7. + +### Kds Stub Customisation + +The type definition created for the `Kds` module is not valid, and needs all +occurences of `_KDS_CONFIGURATION*` replacing with `_KDS_CONFIGURATION`.