Split rules tests file per type (#90)

* Split rules tests file per type

tests/Rules.Common.Tests.ps1

@@ -0,0 +1,64 @@
+BeforeAll {
+    # Setup error handling
+    $ErrorActionPreference = 'Stop';
+    Set-StrictMode -Version latest;
+
+    if ($Env:SYSTEM_DEBUG -eq 'true') {
+        $VerbosePreference = 'Continue';
+    }
+
+    # Setup tests paths
+    # $rootPath = $PWD;
+    $rootPath = $env:GITHUB_WORKSPACE
+    $ourModule = (Join-Path -Path $rootPath -ChildPath '/src/PSRule.Rules.AzureDevOps')
+
+    Import-Module -Name $ourModule -Force;
+    $here = (Resolve-Path $PSScriptRoot).Path;
+
+     # Create tempory test output folder and store path
+    $outPath = New-Item -Path (Join-Path -Path $here -ChildPath 'out') -ItemType Directory -Force;
+    $outPath = $outPath.FullName;
+
+    # Export all Azure DevOps rule data for project 'psrule-fail-project' to output folder
+    Connect-AzDevOps -Organization $env:ADO_ORGANIZATION -PAT $env:ADO_PAT
+    Export-AzDevOpsRuleData -Project $env:ADO_PROJECT -OutputPath $outPath
+
+    # Create a temporary test output folder for tests with the ReadOnly TokenType
+    $outPathReadOnly = New-Item -Path (Join-Path -Path $here -ChildPath 'outReadOnly') -ItemType Directory -Force;
+    $outPathReadOnly = $outPathReadOnly.FullName;
+
+    # Export all Azure DevOps rule data for project 'psrule-fail-project' to ReadOnly output folder
+    Connect-AzDevOps -Organization $env:ADO_ORGANIZATION -PAT $env:ADO_PAT_READONLY -TokenType ReadOnly
+    Export-AzDevOpsRuleData -Project $env:ADO_PROJECT -OutputPath $outPathReadOnly
+
+    # Create a temporary test output folder for tests with the FineGrained TokenType
+    $outPathFineGrained = New-Item -Path (Join-Path -Path $here -ChildPath 'outFineGrained') -ItemType Directory -Force;
+    $outPathFineGrained = $outPathFineGrained.FullName;
+
+    # Export all Azure DevOps rule data for project 'psrule-fail-project' to FineGrained output folder
+    Connect-AzDevOps -Organization $env:ADO_ORGANIZATION -PAT $env:ADO_PAT_FINEGRAINED -TokenType FineGrained
+    Export-AzDevOpsRuleData -Project $env:ADO_PROJECT -OutputPath $outPathFineGrained
+}
+
+Describe "PSRule.Rules.AzureDevOps Rules" {
+    Context ' Base rules' {
+        It ' should contain 59 rules' {
+            $rules = Get-PSRule -Module PSRule.Rules.AzureDevOps
+            $rules.Count | Should -Be 59
+        }
+
+        It ' should contain a markdown help file for each rule' {
+            $rules = Get-PSRule -Module PSRule.Rules.AzureDevOps
+            $rules | ForEach-Object {
+                $helpFile = Join-Path -Path "$ourModule/en" -ChildPath "$($_.Name).md"
+                Test-Path -Path $helpFile | Should -Be $true
+            }
+        }
+    }
+}
+
+AfterAll {
+    # Remove Module
+    Disconnect-AzDevOps
+    Remove-Module -Name PSRule.Rules.AzureDevOps -Force;
+}

tests/Rules.Groups.Tests.ps1

@@ -0,0 +1,105 @@
+BeforeAll {
+    # Setup error handling
+    $ErrorActionPreference = 'Stop';
+    Set-StrictMode -Version latest;
+
+    if ($Env:SYSTEM_DEBUG -eq 'true') {
+        $VerbosePreference = 'Continue';
+    }
+
+    # Setup tests paths
+    # $rootPath = $PWD;
+    $rootPath = $env:GITHUB_WORKSPACE
+    $ourModule = (Join-Path -Path $rootPath -ChildPath '/src/PSRule.Rules.AzureDevOps')
+
+    Import-Module -Name $ourModule -Force
+    $here = (Resolve-Path $PSScriptRoot).Path
+
+    # Get tempory test output folder and store path
+    $outPath = Get-Item -Path (Join-Path -Path $here -ChildPath 'out')
+    $outPath = $outPath.FullName
+
+    # Run rules with default token type
+    $ruleResult = Invoke-PSRule -InputPath "$($outPath)/" -Module PSRule.Rules.AzureDevOps -Format Detect -Culture en
+
+    # Get temporary test output folder for tests with the ReadOnly TokenType
+    $outPathReadOnly = Get-Item -Path (Join-Path -Path $here -ChildPath 'outReadOnly')
+    $outPathReadOnly = $outPathReadOnly.FullName
+
+    # Run rules with ReadOnly token type
+    $ruleResultReadOnly = Invoke-PSRule -InputPath "$($outPathReadOnly)/" -Module PSRule.Rules.AzureDevOps -Format Detect -Culture en
+
+    # Get temporary test output folder for tests with the FineGrained TokenType
+    $outPathFineGrained = Get-Item -Path (Join-Path -Path $here -ChildPath 'outFineGrained')
+    $outPathFineGrained = $outPathFineGrained.FullName
+
+    # Run rules with FineGrained token type
+    $ruleResultFineGrained = Invoke-PSRule -InputPath "$($outPathFineGrained)/" -Module PSRule.Rules.AzureDevOps -Format Detect -Culture en
+}
+
+Describe 'Azure.DevOps.Groups rules' {
+    Context 'Azure.DevOps.Groups.ProjectAdmins.MinMembers' {
+        It ' should pass once' {
+            $ruleHits = @($ruleResult | Where-Object { $_.RuleName -eq 'Azure.DevOps.Groups.ProjectAdmins.MinMembers' })
+            $ruleHits[0].Outcome | Should -Be 'Pass';
+            $ruleHits.Count | Should -Be 1;
+        }
+
+        It ' should pass once for ReadOnly token type' {
+            $ruleHits = @($ruleResultReadOnly | Where-Object { $_.RuleName -eq 'Azure.DevOps.Groups.ProjectAdmins.MinMembers' })
+            $ruleHits[0].Outcome | Should -Be 'Pass';
+            $ruleHits.Count | Should -Be 1;
+        }
+
+        It ' should pass once for FineGrained token type' {
+            $ruleHits = @($ruleResultFineGrained | Where-Object { $_.RuleName -eq 'Azure.DevOps.Groups.ProjectAdmins.MinMembers' })
+            $ruleHits[0].Outcome | Should -Be 'Pass';
+            $ruleHits.Count | Should -Be 1;
+        }
+    }
+
+    Context 'Azure.DevOps.Groups.ProjectAdmins.MaxMembers' {
+        It ' should pass once' {
+            $ruleHits = @($ruleResult | Where-Object { $_.RuleName -eq 'Azure.DevOps.Groups.ProjectAdmins.MaxMembers' })
+            $ruleHits[0].Outcome | Should -Be 'Pass';
+            $ruleHits.Count | Should -Be 1;
+        }
+
+        It ' should pass once for ReadOnly token type' {
+            $ruleHits = @($ruleResultReadOnly | Where-Object { $_.RuleName -eq 'Azure.DevOps.Groups.ProjectAdmins.MaxMembers' })
+            $ruleHits[0].Outcome | Should -Be 'Pass';
+            $ruleHits.Count | Should -Be 1;
+        }
+
+        It ' should pass once for FineGrained token type' {
+            $ruleHits = @($ruleResultFineGrained | Where-Object { $_.RuleName -eq 'Azure.DevOps.Groups.ProjectAdmins.MaxMembers' })
+            $ruleHits[0].Outcome | Should -Be 'Pass';
+            $ruleHits.Count | Should -Be 1;
+        }
+    }
+
+    Context 'Azure.DevOps.Groups.ProjectValidUsers.DoNotAssignMemberOfOtherGroups' {
+        It ' should pass once' {
+            $ruleHits = @($ruleResult | Where-Object { $_.RuleName -eq 'Azure.DevOps.Groups.ProjectValidUsers.DoNotAssignMemberOfOtherGroups' })
+            $ruleHits[0].Outcome | Should -Be 'Pass';
+            $ruleHits.Count | Should -Be 1;
+        }
+
+        It ' should pass once for ReadOnly token type' {
+            $ruleHits = @($ruleResultReadOnly | Where-Object { $_.RuleName -eq 'Azure.DevOps.Groups.ProjectValidUsers.DoNotAssignMemberOfOtherGroups' })
+            $ruleHits[0].Outcome | Should -Be 'Pass';
+            $ruleHits.Count | Should -Be 1;
+        }
+
+        It ' should pass once for FineGrained token type' {
+            $ruleHits = @($ruleResultFineGrained | Where-Object { $_.RuleName -eq 'Azure.DevOps.Groups.ProjectValidUsers.DoNotAssignMemberOfOtherGroups' })
+            $ruleHits[0].Outcome | Should -Be 'Pass';
+            $ruleHits.Count | Should -Be 1;
+        }
+    }
+}
+
+AfterAll {
+    # Remove Module
+    Remove-Module -Name PSRule.Rules.AzureDevOps -Force;
+}

tests/Rules.Pipelines.Core.Tests.ps1

@@ -0,0 +1,143 @@
+BeforeAll {
+    # Setup error handling
+    $ErrorActionPreference = 'Stop';
+    Set-StrictMode -Version latest;
+
+    if ($Env:SYSTEM_DEBUG -eq 'true') {
+        $VerbosePreference = 'Continue';
+    }
+
+    # Setup tests paths
+    # $rootPath = $PWD;
+    $rootPath = $env:GITHUB_WORKSPACE
+    $ourModule = (Join-Path -Path $rootPath -ChildPath '/src/PSRule.Rules.AzureDevOps')
+
+    Import-Module -Name $ourModule -Force
+    $here = (Resolve-Path $PSScriptRoot).Path
+
+    # Get tempory test output folder and store path
+    $outPath = Get-Item -Path (Join-Path -Path $here -ChildPath 'out')
+    $outPath = $outPath.FullName
+
+    # Run rules with default token type
+    $ruleResult = Invoke-PSRule -InputPath "$($outPath)/" -Module PSRule.Rules.AzureDevOps -Format Detect -Culture en
+
+    # Get temporary test output folder for tests with the ReadOnly TokenType
+    $outPathReadOnly = Get-Item -Path (Join-Path -Path $here -ChildPath 'outReadOnly')
+    $outPathReadOnly = $outPathReadOnly.FullName
+
+    # Run rules with ReadOnly token type
+    $ruleResultReadOnly = Invoke-PSRule -InputPath "$($outPathReadOnly)/" -Module PSRule.Rules.AzureDevOps -Format Detect -Culture en
+
+    # Get temporary test output folder for tests with the FineGrained TokenType
+    $outPathFineGrained = Get-Item -Path (Join-Path -Path $here -ChildPath 'outFineGrained')
+    $outPathFineGrained = $outPathFineGrained.FullName
+
+    # Run rules with FineGrained token type
+    $ruleResultFineGrained = Invoke-PSRule -InputPath "$($outPathFineGrained)/" -Module PSRule.Rules.AzureDevOps -Format Detect -Culture en
+}
+
+Describe "Azure.DevOps.Pipelines.Core rules" {
+    Context ' Azure.DevOps.Pipelines.Core.UseYamlDefinition' {
+        It ' should fail for targets named fail' {
+            $ruleHits = @($ruleResult | Where-Object { $_.RuleName -eq 'Azure.DevOps.Pipelines.Core.UseYamlDefinition' -and $_.TargetName -match 'fail-project-CI-gui' })
+            $ruleHits[0].Outcome | Should -Be 'Fail';
+            $ruleHits.Count | Should -Be 1;
+        }
+
+        It ' should pass for targets named success' {
+            $ruleHits = @($ruleResult | Where-Object { $_.RuleName -eq 'Azure.DevOps.Pipelines.Core.UseYamlDefinition' -and $_.TargetName -match 'success' })
+            $ruleHits[0].Outcome | Should -Be 'Pass';
+            $ruleHits.Count | Should -Be 1;
+        }
+
+        It ' should be the same for ReadOnly TokenType' {
+            $ruleHits = @($ruleResultReadOnly | Where-Object { $_.RuleName -eq 'Azure.DevOps.Pipelines.Core.UseYamlDefinition' -and $_.TargetName -match 'fail-project-CI-gui' })
+            $ruleHits[0].Outcome | Should -Be 'Fail';
+            $ruleHits.Count | Should -Be 1;
+
+            $ruleHits = @($ruleResultReadOnly | Where-Object { $_.RuleName -eq 'Azure.DevOps.Pipelines.Core.UseYamlDefinition' -and $_.TargetName -match 'success' })
+            $ruleHits[0].Outcome | Should -Be 'Pass';
+            $ruleHits.Count | Should -Be 1;
+        }
+
+        It ' should be the same for the FineGrained TokenType' {
+            $ruleHits = @($ruleResultFineGrained | Where-Object { $_.RuleName -eq 'Azure.DevOps.Pipelines.Core.UseYamlDefinition' -and $_.TargetName -match 'fail-project-CI-gui' })
+            $ruleHits[0].Outcome | Should -Be 'Fail';
+            $ruleHits.Count | Should -Be 1;
+
+            $ruleHits = @($ruleResultFineGrained | Where-Object { $_.RuleName -eq 'Azure.DevOps.Pipelines.Core.UseYamlDefinition' -and $_.TargetName -match 'success' })
+            $ruleHits[0].Outcome | Should -Be 'Pass';
+            $ruleHits.Count | Should -Be 1;
+        }
+
+        It ' should have an English markdown help file' {
+            $fileExists = Test-Path -Path (Join-Path -Path $ourModule -ChildPath 'en/Azure.DevOps.Pipelines.Core.UseYamlDefinition.md');
+            $fileExists | Should -Be $true;
+        }
+    }
+
+    Context ' Azure.DevOps.Pipelines.Core.InheritedPermissions' {
+        It ' should fail for targets named fail' {
+            $ruleHits = @($ruleResult | Where-Object { $_.RuleName -eq 'Azure.DevOps.Pipelines.Core.InheritedPermissions' -and $_.TargetName -match "psrule-fail-project$" })
+            $ruleHits[0].Outcome | Should -Be 'Fail';
+            $ruleHits.Count | Should -Be 1;
+        }
+
+        It ' should pass for targets named success' {
+            $ruleHits = @($ruleResult | Where-Object { $_.RuleName -eq 'Azure.DevOps.Pipelines.Core.InheritedPermissions' -and $_.TargetName -match 'success' })
+            $ruleHits[0].Outcome | Should -Be 'Pass';
+            $ruleHits.Count | Should -Be 1;
+        }
+
+        It ' should not be present for ReadOnly TokenType' {
+            $ruleHits = @($ruleResultReadOnly | Where-Object { $_.RuleName -eq 'Azure.DevOps.Pipelines.Core.InheritedPermissions' })
+            $ruleHits.Count | Should -Be 0;
+        }
+
+        It ' should be the same for the FineGrained TokenType' {
+            $ruleHits = @($ruleResultFineGrained | Where-Object { $_.RuleName -eq 'Azure.DevOps.Pipelines.Core.InheritedPermissions' -and $_.TargetName -match "psrule-fail-project$" })
+            $ruleHits[0].Outcome | Should -Be 'Fail';
+            $ruleHits.Count | Should -Be 1;
+
+            $ruleHits = @($ruleResultFineGrained | Where-Object { $_.RuleName -eq 'Azure.DevOps.Pipelines.Core.InheritedPermissions' -and $_.TargetName -match 'success' })
+            $ruleHits[0].Outcome | Should -Be 'Pass';
+            $ruleHits.Count | Should -Be 1;
+        }
+
+        It ' should have an English markdown help file' {
+            $fileExists = Test-Path -Path (Join-Path -Path $ourModule -ChildPath 'en/Azure.DevOps.Pipelines.Core.InheritedPermissions.md');
+            $fileExists | Should -Be $true;
+        }
+    }
+
+    Context ' Azure.DevOps.Pipelines.Core.NoPlainTextSecrets' {
+        It ' should fail for targets named fail' {
+            $ruleHits = @($ruleResult | Where-Object { $_.RuleName -eq 'Azure.DevOps.Pipelines.Core.NoPlainTextSecrets' -and $_.TargetName -match "psrule-fail-project-CI-gui$" })
+            $ruleHits[0].Outcome | Should -Be 'Fail';
+            $ruleHits.Count | Should -Be 1;
+        }
+
+        It ' should be the same for ReadOnly TokenType' {
+            $ruleHits = @($ruleResultReadOnly | Where-Object { $_.RuleName -eq 'Azure.DevOps.Pipelines.Core.NoPlainTextSecrets' -and $_.TargetName -match "psrule-fail-project-CI-gui$" })
+            $ruleHits[0].Outcome | Should -Be 'Fail';
+            $ruleHits.Count | Should -Be 1;
+        }
+
+        It ' should be the same for the FineGrained TokenType' {
+            $ruleHits = @($ruleResultFineGrained | Where-Object { $_.RuleName -eq 'Azure.DevOps.Pipelines.Core.NoPlainTextSecrets' -and $_.TargetName -match "psrule-fail-project-CI-gui$" })
+            $ruleHits[0].Outcome | Should -Be 'Fail';
+            $ruleHits.Count | Should -Be 1;
+        }
+
+        It ' should have an English markdown help file' {
+            $fileExists = Test-Path -Path (Join-Path -Path $ourModule -ChildPath 'en/Azure.DevOps.Pipelines.Core.NoPlainTextSecrets.md');
+            $fileExists | Should -Be $true;
+        }
+    }
+}
+
+AfterAll {
+    # Remove Module
+    Remove-Module -Name PSRule.Rules.AzureDevOps -Force;
+}