TestCases/SubscriptionSecurity/SSHealth/SSHealthTest.ps1
|
Set-StrictMode -Version Latest class SSHealthTest:AzSDKTestBase{ [string]$BaselineOutputPath = [string]::Empty SSHealthTest([TestCase] $testcase, [TestSettings] $testsettings):Base($testcase, $testsettings){ if(![string]::IsNullOrEmpty($testcase.BaselineOutput)) { $this.BaselineOutputPath =[CommonHelper]::GetPath([PathList]::TestData,$testcase)+$testcase.BaselineOutput } } [void] Execute(){ switch ($this.testcase.TestMethod.Trim()){ "TestGetAzSDKSubscriptionSecurityStatus"{ $this.TestGetAzSDKSubscriptionSecurityStatus() break } "TestGetAzSDKSubscriptionSecurityStatusWithControlIds"{ $this.TestGetAzSDKSubscriptionSecurityStatusWithControlIds() break } "TestGetAzSDKSubscriptionSecurityStatusWithFilterTags"{ $this.TestGetAzSDKSubscriptionSecurityStatusWithFilterTags() break } "TestGetAzSDKSubscriptionSecurityStatusWithExcludeTags"{ $this.TestGetAzSDKSubscriptionSecurityStatusWithExcludeTags() } "TestSetAzSDKSubscriptionSecurity"{ $this.TestSetAzSDKSubscriptionSecurity() } "TestRemoveAzSDKSubscriptionSecurity"{ $this.TestRemoveAzSDKSubscriptionSecurity() } } } [TestCaseResult] TestGetAzSDKSubscriptionSecurityStatus(){ try{ $outputpath = Get-AzSDKSubscriptionSecurityStatus -SubscriptionId $this.settings.SubscriptionId -DoNotOpenOutputFolder if([CommonHelper]::IsSecurityReportGenerated($outputpath)) { if([CommonHelper]::VerifyCSVForError($outputpath,"Status")) { $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Passed,"Successfully ran the subscription health scan.") } else{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"One or more controls went into error.") } } else{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Security report is not generated.") } } catch{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Error,"Error while running the subscription health scan.") } return $this.testcaseResult } [TestCaseResult] TestGetAzSDKSubscriptionSecurityStatusWithControlIds(){ try{ $outputpath = Get-AzSDKSubscriptionSecurityStatus -SubscriptionId $this.settings.SubscriptionId -ControlIds "Azure_Subscription_AuthZ_Limit_Admin_Owner_Count, Azure_Subscription_AuthZ_Add_Required_Central_Accounts" -DoNotOpenOutputFolder if([CommonHelper]::IsSecurityReportGenerated($outputpath)) { if([CommonHelper]::VerifyCSVForError($outputpath,"Status")) { $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Passed,"Successfully ran the subscription health scan.") } else{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"One or more controls went into error.") } } else{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Security report is not generated.") } } catch{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Error,"Error while running the subscription health scan.") } return $this.testcaseResult } [TestCaseResult] TestGetAzSDKSubscriptionSecurityStatusWithFilterTags(){ try{ $outputpath = Get-AzSDKSubscriptionSecurityStatus -SubscriptionId $this.settings.SubscriptionId -FilterTags "AuthZ" -DoNotOpenOutputFolder if([CommonHelper]::IsSecurityReportGenerated($outputpath)) { if([CommonHelper]::VerifyCSVForError($outputpath,"Status")){ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Passed,"Successfully ran the subscription health scan.") } else{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"One or more controls went into error.") } } else{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Security report is not generated.") } } catch{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Error,"Error while running the subscription health scan.") } return $this.testcaseResult } [TestCaseResult] TestGetAzSDKSubscriptionSecurityStatusWithExcludeTags(){ try{ $outputpath = Get-AzSDKSubscriptionSecurityStatus -SubscriptionId $this.settings.SubscriptionId -FilterTags "AuthZ" -ExcludeTags "Best Practice" -DoNotOpenOutputFolder if([CommonHelper]::IsSecurityReportGenerated($outputpath)) { if([CommonHelper]::VerifyCSVForError($outputpath,"Status")){ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Passed,"Successfully ran the subscription health scan.") } else{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"One or more controls went into error.") } } else{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Security report is not generated.") } } catch{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Error,"Error while running the subscription health scan.") } return $this.testcaseResult } [TestCaseResult] TestSetAzSDKSubscriptionSecurity(){ try{ Set-AzSDKSubscriptionSecurity -SubscriptionId $this.settings.SubscriptionId -SecurityContactEmails $this.settings.SecurityPOCEmail -SecurityPhoneNumber $this.settings.SecurityPhoneNo -DoNotOpenOutputFolder $outputPath = Get-AzSDKSubscriptionSecurityStatus -SubscriptionId $this.settings.SubscriptionId -DoNotOpenOutputFolder $securityReportCsv = [string]::Empty if(![string]::IsNullOrEmpty($outputPath)){ $securityReportCsv = Get-ChildItem -Path $outputPath -Include "SecurityReport-*.csv" -Recurse } if(![string]::IsNullOrEmpty($securityReportCsv)){ $this.testCaseResult = [Assert]::AreFilesEqual($this.BaselineOutputPath,$securityReportCsv,$this.testcase) } #$this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Passed,"Successfully set the subscription security.") #$this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Security report is not generated.") } catch{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Error,"Error while setting the subscription security.") } return $this.testcaseResult } [TestCaseResult] TestRemoveAzSDKSubscriptionSecurity(){ try{ $outputpath = Remove-AzSDKSubscriptionSecurity -SubscriptionId $this.settings.SubscriptionId -Tags 'Mandatory' -DoNotOpenOutputFolder if([CommonHelper]::IsSecurityReportGenerated($outputpath)) { $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Passed,"Successfully removed the subscription security.") } else{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Failed to run the subscription health scan.") } } catch{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Error,"Error while removing the subscription security.") } return $this.testcaseResult } } |