2018-02-13 18:23:53 +01:00
|
|
|
# Copyright (c) Microsoft Corporation. All rights reserved.
|
|
|
|
# Licensed under the MIT License.
|
2017-02-14 19:42:17 +01:00
|
|
|
##
|
|
|
|
## PowerShell Remoting Endpoint Role Capability Files Tests
|
|
|
|
##
|
|
|
|
|
|
|
|
Describe "Remote session configuration RoleDefintion RoleCapabilityFiles key tests" -Tags "Feature" {
|
|
|
|
|
|
|
|
BeforeAll {
|
|
|
|
|
|
|
|
if (!$IsWindows)
|
|
|
|
{
|
|
|
|
$originalDefaultParameterValues = $PSDefaultParameterValues.Clone()
|
|
|
|
$PSDefaultParameterValues["it:skip"] = $true
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
[string] $RoleCapDirectory = (New-Item -Path "$TestDrive\RoleCapability" -ItemType Directory -Force).FullName
|
|
|
|
|
|
|
|
[string] $GoodRoleCapFile = "$RoleCapDirectory\TestGoodRoleCap.psrc"
|
|
|
|
New-PSRoleCapabilityFile -Path $GoodRoleCapFile -VisibleCmdlets 'Get-Command','Get-Process','Clear-Host','Out-Default','Select-Object','Get-FormatData','Get-Help'
|
|
|
|
|
|
|
|
[string] $BadRoleCapFile = "$RoleCapDirectory\TestBadRoleCap.psrc"
|
|
|
|
New-PSRoleCapabilityFile -Path $BadRoleCapFile -VisibleCmdlets *
|
|
|
|
[string] $BadRoleCapFile = $BadRoleCapFile.Replace('.psrc', 'psbad')
|
|
|
|
|
|
|
|
[string] $PSSessionConfigFile = "$RoleCapDirectory\TestConfig.pssc"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
AfterAll {
|
|
|
|
|
|
|
|
if (!$IsWindows)
|
|
|
|
{
|
|
|
|
$global:PSDefaultParameterValues = $originalDefaultParameterValues
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
It "Verifies missing role capability file error" {
|
|
|
|
|
|
|
|
New-PSSessionConfigurationFile -Path $PSSessionConfigFile -RoleDefinitions @{
|
|
|
|
Administrators = @{ RoleCapabilityFiles = "$RoleCapDirectory\NoFile.psrc" }
|
|
|
|
}
|
|
|
|
|
2018-05-17 23:42:04 +02:00
|
|
|
$e = {
|
2017-02-14 19:42:17 +01:00
|
|
|
$iss = [initialsessionstate]::CreateFromSessionConfigurationFile($PSSessionConfigFile, { $true })
|
2018-05-17 23:42:04 +02:00
|
|
|
} | Should -Throw -PassThru
|
|
|
|
|
|
|
|
$e.Exception.InnerException.ErrorRecord.FullyQualifiedErrorId | Should -BeExactly 'CouldNotFindRoleCapabilityFile'
|
2017-02-14 19:42:17 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
It "Verifies incorrect role capability file extenstion error" {
|
|
|
|
|
|
|
|
New-PSSessionConfigurationFile -Path $PSSessionConfigFile -RoleDefinitions @{
|
|
|
|
Administrators = @{ RoleCapabilityFiles = "$BadRoleCapFile" }
|
|
|
|
}
|
|
|
|
|
2018-05-17 23:42:04 +02:00
|
|
|
$e = {
|
2017-02-14 19:42:17 +01:00
|
|
|
$iss = [initialsessionstate]::CreateFromSessionConfigurationFile($PSSessionConfigFile, { $true })
|
2018-05-17 23:42:04 +02:00
|
|
|
} | Should -Throw -PassThru
|
|
|
|
$e.Exception.InnerException.ErrorRecord.FullyQualifiedErrorId | Should -BeExactly 'InvalidRoleCapabilityFileExtension'
|
2017-02-14 19:42:17 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
It "Verifies restriction on good role capability file" {
|
|
|
|
|
|
|
|
New-PSSessionConfigurationFile -Path $PSSessionConfigFile -RoleDefinitions @{
|
|
|
|
Administrators = @{ RoleCapabilityFiles = "$GoodRoleCapFile" }
|
|
|
|
}
|
|
|
|
|
|
|
|
# 'Get-Service' is not included in the session.
|
|
|
|
$iss = [initialsessionstate]::CreateFromSessionConfigurationFile($PSSessionConfigFile, { $true })
|
|
|
|
[powershell] $ps = [powershell]::Create($iss)
|
|
|
|
$null = $ps.AddCommand('Get-Service')
|
|
|
|
|
2018-03-14 20:13:32 +01:00
|
|
|
{ $ps.Invoke() } | Should -Throw -ErrorId 'CommandNotFoundException'
|
2017-02-14 19:42:17 +01:00
|
|
|
|
|
|
|
$ps.Dispose()
|
|
|
|
}
|
|
|
|
}
|