TestCases/SVT/SVTCommon/SVTCommonTest.ps1
|
Set-StrictMode -Version Latest class SVTCommonTest:AzSDKTestBase { [string]$resourceName = "azsdkteststoragecommon" [string]$resourceGroupName = "AzSDKTestRG" [string] $AzSdkSettingsPath = $Env:LOCALAPPDATA + "\Microsoft\AzSDK\AzSdkSettings.json" [string] $OSSPolicyURL = "https://azsdkossep.azureedge.net/`$Version/`$FileName" [string] $MSITPolicyURL = "https://getazsdkcontrolsms.azurewebsites.net/api/files?version=`$Version&fileName=`$FileName" SVTCommonTest([TestCase] $testcase, [TestSettings] $testsettings):Base($testcase, $testsettings){ } [void] Execute(){ switch ($this.testcase.TestMethod.Trim()){ "TestSVTWithoutLogin"{ $this.TestSVTWithoutLogin() break } "TestSVTWithLoginOSSLeastParams"{ $this.TestSVTWithLoginOSSLeastParams() break } "TestSVTWithLoginMSITLeastParams"{ $this.TestSVTWithLoginMSITLeastParams() break } "TestSVTWithLoginOSSTagParamsSet"{ $this.TestSVTWithLoginOSSTagParamsSet() break } "TestSVTWithLoginOSSResourceParamsSet"{ $this.TestSVTWithLoginOSSResourceParamsSet() break } "TestSVTSubscriptionCoreCommonCommand"{ $this.TestSVTSubscriptionCoreCommonCommand() break } "TestSetOnlinePolicy"{ $this.TestSetOnlinePolicy() break } "TestDisableOnlinePolicy"{ $this.TestDisableOnlinePolicy() break } Default { } } } [TestCaseResult] TestSVTWithoutLogin() { $result = [TestStatus]::Passed; $message ="" if((Get-AzureRmContext).Subscription -eq $null) { try { Get-AzSDKAzureServicesSecurityStatus -SubscriptionId $this.settings.SubscriptionId -DoNotOpenOutputFolder $result = [TestStatus]::Passed; $message += "Login flow initiated"; } catch { $result = [TestStatus]::Failed; $message += "Login flow was not initiated"; } $this.testcaseResult = [TestCaseResult]::new($this.testCase, $result, $message) } else { $result = [TestStatus]::Passed; $message += "Login exists already." } $this.testcaseResult = [TestCaseResult]::new($this.testCase,$result,$message) return $this.testcaseResult } [TestCaseResult] TestSVTWithLoginOSSLeastParams() { [CommonHelper]::SetOSSURL() try { Get-AzSDKAzureServicesSecurityStatus -SubscriptionId $this.settings.SubscriptionId ` -ResourceGroupNames $this.resourceGroupName -ResourceName $this.resourceName -DoNotOpenOutputFolder $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Passed,"Successfully checked SVT OSS version with mandatory params") } catch { $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Error occurred while running SVT OSS version with mandatory params") } return $this.testcaseResult } [TestCaseResult] TestSVTWithLoginMSITLeastParams() { [CommonHelper]::SetMSITURL() try { $result = [TestStatus]::Passed; $message ="" $outputpath = Get-AzSDKAzureServicesSecurityStatus -SubscriptionId $this.settings.SubscriptionId ` -ResourceGroupNames $this.resourceGroupName -ResourceName $this.resourceName -DoNotOpenOutputFolder if(![string]::IsNullOrEmpty($outputpath)) { $OverallControlStatuscsv = Get-ChildItem -Path $outputpath -Include "SecurityReport-*.csv" -Recurse if($OverallControlStatuscsv) { $result = [TestStatus]::Passed; $message += "Successfully checked SVT MSIT version with mandatory params" } else { $result = [TestStatus]::Failed; $message += "Error occurred while running SVT MSIT version with mandatory params" } } else { $result = [TestStatus]::Failed; $message += "Error occurred while running SVT MSIT version with mandatory params" } } catch { $result = [TestStatus]::Failed; $message += "Error occurred while running SVT MSIT version with mandatory params" } $this.testcaseResult = [TestCaseResult]::new($this.testCase, $result, $message) return $this.testcaseResult } [TestCaseResult] TestSVTWithLoginOSSTagParamsSet() { [CommonHelper]::SetOSSURL() #add tag Set-AzureRmStorageAccount -Name $this.resourceName -ResourceGroupName $this.resourceGroupName -Tag @{"bvtTest"="bvtTestValue"} try { $outputpath = Get-AzSDKAzureServicesSecurityStatus -SubscriptionId $this.settings.SubscriptionId ` -TagName "bvtTest" ` -TagValue "bvtTestValue" ` -ExcludeTags "RBAC" -DoNotOpenOutputFolder if(![string]::IsNullOrEmpty($outputpath)) { $OverallControlStatuscsv = Get-ChildItem -Path $outputpath -Include "SecurityReport-*.csv" -Recurse if($OverallControlStatuscsv) { $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Passed,"Successfully checked SVT with tag name param set") } else { $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Successfully checked SVT with tag name param set") } } else { $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Successfully checked SVT with tag name param set") } } catch { $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Error occurred while running SVT with tag name param set") } return $this.testcaseResult } [TestCaseResult] TestSVTWithLoginOSSResourceParamsSet() { [CommonHelper]::SetOSSURL() try { $outputpath = Get-AzSDKAzureServicesSecurityStatus -SubscriptionId $this.settings.SubscriptionId ` -ResourceGroupNames $this.resourceGroupName ` -ResourceTypeName StorageAccount ` -ResourceName $this.resourceName ` -FilterTags "SDL" ` -ControlIds "Azure_Storage_DP_Encrypt_At_Rest_Blob" -DoNotOpenOutputFolder if(![string]::IsNullOrEmpty($outputpath)) { $OverallControlStatuscsv = Get-ChildItem -Path $outputpath -Include "SecurityReport-*.csv" -Recurse if($OverallControlStatuscsv) { $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Passed,"Successfully checked SVT with resource filter param set") } else { $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Error occurred while running SVT with resource filter param set") } } else { $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Error occurred while running SVT with resource filter param set") } } catch { $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Error occurred while running SVT with resource filter param set") } return $this.testcaseResult } [TestCaseResult] TestSVTSubscriptionCoreCommonCommand() { try { $outputpath = Get-AzSDKControlsStatus -SubscriptionId $this.settings.SubscriptionId ` -ResourceGroupNames $this.resourceGroupName ` -ResourceTypeName StorageAccount ` -ResourceName $this.resourceName ` -FilterTags "SDL" ` -DoNotOpenOutputFolder if(![string]::IsNullOrEmpty($outputpath)) { $OverallControlStatuscsv = Get-ChildItem -Path $outputpath -Include "SecurityReport-*.csv" -Recurse if($OverallControlStatuscsv) { #check if featurename contains SubscriptionCore and Storage $resultCSV = Import-Csv $OverallControlStatuscsv.FullName $subcoreResult = $resultCSV | Where-Object { $_.FeatureName -contains "SubscriptionCore"} $resResult = $resultCSV | Where-Object { $_.FeatureName -contains "Storage"} if(($subcoreResult|Measure-Object).Count -gt 0 -and ($resResult|Measure-Object).Count -gt 0) { $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Passed,"Successfully checked common command for SVT and Subscription Core") } else { $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Error occurred while running common command for SVT and Subscription Core") } } else { $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Error occurred while running common command for SVT and Subscription Core") } } else { $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Error occurred while running common command for SVT and Subscription Core") } } catch { $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Error occurred while running common command for SVT and Subscription Core") } return $this.testcaseResult } [TestCaseResult] TestSetOnlinePolicy() { try { Set-AzSDKPolicySettings -OnlinePolicyStoreUrl $this.OSSPolicyURL $fileContent = (Get-Content -Raw -Path $this.AzSdkSettingsPath) | ConvertFrom-Json; $result = [TestStatus]::Passed; $message = ""; if($fileContent.OnlinePolicyStoreUrl -ne $this.OSSPolicyURL) { $result = [TestStatus]::Failed; $message += "Policy URL is not set"; } else { $message += "Successfully updated online policy URL"; } $this.testcaseResult = [TestCaseResult]::new($this.testCase, $result, $message) } catch { $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Error occurred while setting online policy settings") } return $this.testcaseResult } [TestCaseResult] TestDisableOnlinePolicy() { try { Set-AzSDKPolicySettings -DisableOnlinePolicy $fileContent = (Get-Content -Raw -Path $this.AzSdkSettingsPath) | ConvertFrom-Json; $result = [TestStatus]::Passed; $message = ""; if($fileContent.UseOnlinePolicyStore -ne $false) { $result = [TestStatus]::Failed; $message += "Online policy setting is not disabled"; } else { $message += "Successfully disabled online policy setting"; } $this.testcaseResult = [TestCaseResult]::new($this.testCase, $result, $message) } catch { $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Error occurred while disabling online policy settings") } return $this.testcaseResult } } |