Make ExecutionPolicy.Tests.ps1 admin-aware
This commit is contained in:
Sergei Vorobev
parent
06d274995e
commit
a1ee6d840d
|
|
@ -911,73 +911,78 @@ ZoneId=$FileType
|
|||
}
|
||||
}
|
||||
|
||||
function VerfiyBlockedSetExecutionPolicy
|
||||
{
|
||||
param(
|
||||
[string]
|
||||
$policyScope
|
||||
)
|
||||
try {
|
||||
Set-ExecutionPolicy -Scope $policyScope -ExecutionPolicy Restricted
|
||||
}
|
||||
catch {
|
||||
$_.FullyQualifiedErrorId | Should Be "CantSetGroupPolicy,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand"
|
||||
}
|
||||
}
|
||||
|
||||
function RestoreExecutionPolicy
|
||||
{
|
||||
param($originalPolicies)
|
||||
|
||||
foreach ($scopedPolicy in $originalPolicies)
|
||||
{
|
||||
if (($scopedPolicy.Scope -eq "Process") -or
|
||||
($scopedPolicy.Scope -eq "CurrentUser"))
|
||||
{
|
||||
try {
|
||||
Set-ExecutionPolicy -Scope $scopedPolicy.Scope -ExecutionPolicy $scopedPolicy.ExecutionPolicy -Force
|
||||
}
|
||||
catch {
|
||||
if ($_.FullyQualifiedErrorId -ne "ExecutionPolicyOverride,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand")
|
||||
{
|
||||
# Re-throw unrecognized exceptions. Otherwise, swallow
|
||||
# the exception that warns about overridden policies
|
||||
throw $_
|
||||
}
|
||||
}
|
||||
}
|
||||
elseif($scopedPolicy.Scope -eq "LocalMachine")
|
||||
{
|
||||
try {
|
||||
Set-ExecutionPolicy -Scope $scopedPolicy.Scope -ExecutionPolicy $scopedPolicy.ExecutionPolicy -Force
|
||||
}
|
||||
catch {
|
||||
if ($_.FullyQualifiedErrorId -eq "System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand")
|
||||
{
|
||||
# Do nothing. Depending on the ownership of the file,
|
||||
# regular users may or may not be able to set its
|
||||
# value.
|
||||
#
|
||||
# When targetting the Registry, regular users cannot
|
||||
# modify this value.
|
||||
}
|
||||
elseif ($_.FullyQualifiedErrorId -ne "ExecutionPolicyOverride,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand")
|
||||
{
|
||||
# Re-throw unrecognized exceptions. Otherwise, swallow
|
||||
# the exception that warns about overridden policies
|
||||
throw $_
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Describe "Validate Set-ExecutionPolicy -Scope" -Tags "CI" {
|
||||
|
||||
BeforeAll {
|
||||
if ($IsNotSkipped) {
|
||||
$originalPolicies = Get-ExecutionPolicy -list
|
||||
|
||||
# Calls Set-ExecutionPolicy with a known-bad Scope and expects failure.
|
||||
# It is defined here so that it will be available at It scope.
|
||||
function VerfiyBlockedSetExecutionPolicy
|
||||
{
|
||||
param(
|
||||
[string]
|
||||
$policyScope
|
||||
)
|
||||
try {
|
||||
Set-ExecutionPolicy -Scope $policyScope -ExecutionPolicy Restricted
|
||||
}
|
||||
catch {
|
||||
$_.FullyQualifiedErrorId | Should Be "CantSetGroupPolicy,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
AfterAll {
|
||||
if ($IsNotSkipped) {
|
||||
foreach ($scopedPolicy in $originalPolicies)
|
||||
{
|
||||
if (($scopedPolicy.Scope -eq "Process") -or
|
||||
($scopedPolicy.Scope -eq "CurrentUser"))
|
||||
{
|
||||
try {
|
||||
Set-ExecutionPolicy -Scope $scopedPolicy.Scope -ExecutionPolicy $scopedPolicy.ExecutionPolicy -Force
|
||||
}
|
||||
catch {
|
||||
if ($_.FullyQualifiedErrorId -ne "ExecutionPolicyOverride,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand")
|
||||
{
|
||||
# Re-throw unrecognized exceptions. Otherwise, swallow
|
||||
# the exception that warns about overridden policies
|
||||
throw $_
|
||||
}
|
||||
}
|
||||
}
|
||||
elseif($scopedPolicy.Scope -eq "LocalMachine")
|
||||
{
|
||||
try {
|
||||
Set-ExecutionPolicy -Scope $scopedPolicy.Scope -ExecutionPolicy $scopedPolicy.ExecutionPolicy -Force
|
||||
}
|
||||
catch {
|
||||
if ($_.FullyQualifiedErrorId -eq "System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand")
|
||||
{
|
||||
# Do nothing. Depending on the ownership of the file,
|
||||
# regular users may or may not be able to set its
|
||||
# value.
|
||||
#
|
||||
# When targetting the Registry, regular users cannot
|
||||
# modify this value.
|
||||
}
|
||||
elseif ($_.FullyQualifiedErrorId -ne "ExecutionPolicyOverride,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand")
|
||||
{
|
||||
# Re-throw unrecognized exceptions. Otherwise, swallow
|
||||
# the exception that warns about overridden policies
|
||||
throw $_
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
RestoreExecutionPolicy $originalPolicies
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -998,8 +1003,24 @@ ZoneId=$FileType
|
|||
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy ByPass
|
||||
Get-ExecutionPolicy -Scope CurrentUser | Should Be "ByPass"
|
||||
}
|
||||
}
|
||||
|
||||
Describe "Validate Set-ExecutionPolicy -Scope (Admin)" -Tags @('CI', 'RequireAdminOnWindows') {
|
||||
|
||||
BeforeAll {
|
||||
if ($IsNotSkipped)
|
||||
{
|
||||
$originalPolicies = Get-ExecutionPolicy -list
|
||||
}
|
||||
}
|
||||
|
||||
AfterAll {
|
||||
if ($IsNotSkipped)
|
||||
{
|
||||
RestoreExecutionPolicy $originalPolicies
|
||||
}
|
||||
}
|
||||
|
||||
# This test requires Administrator privileges on Windows.
|
||||
It "-Scope LocalMachine is Settable" {
|
||||
Set-ExecutionPolicy -Scope LocalMachine -ExecutionPolicy ByPass
|
||||
Get-ExecutionPolicy -Scope LocalMachine | Should Be "ByPass"
|
||||
|
|
|
|||
Loading…
Reference in a new issue