Breaking dependency on opa in unit testing (#721)

* Mock opa executable * Mock API Module * Add NoOpa to setup call * Backout unrelated change
cisagov · Dec 11, 2023 · 8698efb · 8698efb
1 parent fe743e1
commit 8698efb
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 48 deletions.
diff --git a/.github/workflows/run_powershell_tests.yaml b/.github/workflows/run_powershell_tests.yaml
@@ -29,5 +29,5 @@ jobs:
       if: '!cancelled()'
       shell: powershell
       run: |
-        ./SetUp.ps1
+        ./SetUp.ps1 -NoOpa
         Invoke-Pester -Output 'Detailed' -Path './Testing/Unit/PowerShell'
diff --git a/PowerShell/ScubaGear/Modules/RunRego/RunRego.psm1 b/PowerShell/ScubaGear/Modules/RunRego/RunRego.psm1
@@ -43,14 +43,26 @@ function Invoke-Rego {
         $RegoFileObject = Get-Item $RegoFile
         $ScubaUtils = Join-Path -Path $RegoFileObject.DirectoryName -ChildPath "Utils"
         $CmdArgs = @("eval", "data.$PackageName.tests", "-i", $InputFile, "-d", $RegoFile, "-d", $ScubaUtils, "-f", "values")
-        $TestResults = $(& $Cmd @CmdArgs) | Out-String -ErrorAction 'Stop' | ConvertFrom-Json -ErrorAction 'Stop'
+        $TestResults = Invoke-ExternalCmd -LiteralPath $Cmd -PassThruArgs $CmdArgs | Out-String -ErrorAction 'Stop' | ConvertFrom-Json -ErrorAction 'Stop'
         $TestResults
     }
     catch {
         throw "Error calling the OPA executable: $($_)"
     }
 }
 
+function Invoke-ExternalCmd{
+    param(
+        [Parameter(Mandatory=$true)]
+        [ValidateNotNullOrEmpty()]
+        [string]$LiteralPath,
+        [Parameter(ValueFromRemainingArguments=$true)]
+        $PassThruArgs
+    )
+
+    & $LiteralPath $PassThruArgs
+}
+
 Export-ModuleMember -Function @(
     'Invoke-Rego'
 )
diff --git a/Testing/Unit/PowerShell/RunRego/Run-Rego.Tests.ps1 b/Testing/Unit/PowerShell/RunRego/Run-Rego.Tests.ps1
@@ -1,8 +1,18 @@
-Import-Module (Join-Path -Path $PSScriptRoot -ChildPath '../../../../PowerShell/ScubaGear/Modules/RunRego')
+Import-Module (Join-Path -Path $PSScriptRoot -ChildPath '../../../../PowerShell/ScubaGear/Modules/RunRego') -Force
 
 InModuleScope 'RunRego' {
     Describe -Tag 'RunRego' -Name 'Invoke-Rego' {
         BeforeAll {
+            #Mock -ModuleName RunRego Invoke-ExternalCmd -ParameterFilter { $LiteranlPath -contains 'opa_windows_amd64.exe'} -MockWith { '[]'}
+            $DummyTestResults = @"
+            [
+                {
+                    "RequirementMet":  false
+                }
+            ]
+"@
+            Mock -ModuleName RunRego Invoke-ExternalCmd -MockWith { return $DummyTestResults}
+
             [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', 'ArgToProd')]
             $ArgToProd = @{
                 teams         = "Teams";
@@ -19,53 +29,20 @@ InModuleScope 'RunRego' {
                 'OPAPath'   = Join-Path -Path $PSScriptRoot -ChildPath "../../../../";
             }
         }
-        It 'Runs the AAD Rego on a Provider JSON and returns a TestResults object' {
-            $Product = 'aad'
-            $RegoParams += @{
-                'RegoFile'    = Join-Path -Path $PSScriptRoot -ChildPath "../../../../Rego/$($ArgToProd[$Product])Config.rego";
-                'PackageName' = $Product;
-            }
-            Invoke-Rego @RegoParams | Should -Not -Be $null
-        }
-        It 'Runs the Defender Rego on a Provider JSON and returns a TestResults object' {
-            $Product = 'defender'
-            $RegoParams += @{
-                'RegoFile'    = Join-Path -Path $PSScriptRoot -ChildPath "../../../../Rego/$($ArgToProd[$Product])Config.rego";
-                'PackageName' = $Product;
-            }
-            Invoke-Rego @RegoParams | Should -Not -Be $null
-        }
-        It 'Runs the EXO Rego on a Provider JSON and returns a TestResults object' {
-            $Product = 'exo'
-            $RegoParams += @{
-                'RegoFile'    = Join-Path -Path $PSScriptRoot -ChildPath "../../../../Rego/$($ArgToProd[$Product])Config.rego";
-                'PackageName' = $Product;
-            }
-            Invoke-Rego @RegoParams | Should -Not -Be $null
-        }
-        It 'Runs the PowerPlatform Rego on a Provider JSON and returns a TestResults object' {
-            $Product = 'powerplatform'
-            $RegoParams += @{
-                'RegoFile'    = Join-Path -Path $PSScriptRoot -ChildPath "../../../../Rego/$($ArgToProd[$Product])Config.rego";
-                'PackageName' = $Product;
-            }
-            Invoke-Rego @RegoParams | Should -Not -Be $null
-        }
-        It 'Runs the SharePoint Rego on a Provider JSON and returns a TestResults object' {
-            $Product = 'sharepoint'
-            $RegoParams += @{
-                'RegoFile'    = Join-Path -Path $PSScriptRoot -ChildPath "../../../../Rego/$($ArgToProd[$Product])Config.rego";
-                'PackageName' = $Product;
-            }
-            Invoke-Rego @RegoParams | Should -Not -Be $null
-        }
-        It 'Runs the Teams Rego on a Provider JSON and returns a TestResults object' {
-            $Product = 'teams'
+        It "Runs the <ProductName> Rego on a Provider JSON and returns a TestResults object" -ForEach @(
+            @{ProductName = 'aad'},
+            @{ProductName = 'defender'},
+            @{ProductName = 'exo'},
+            @{ProductName = 'powerplatform'},
+            @{ProductName = 'sharepoint'},
+            @{ProductName = 'teams'}
+        ){
             $RegoParams += @{
-                'RegoFile'    = Join-Path -Path $PSScriptRoot -ChildPath "../../../../Rego/$($ArgToProd[$Product])Config.rego";
-                'PackageName' = $Product;
+                'RegoFile'    = Join-Path -Path $PSScriptRoot -ChildPath "../../../../Rego/$($ArgToProd[$ProductName])Config.rego";
+                'PackageName' = $ProductName;
             }
-            Invoke-Rego @RegoParams | Should -Not -Be $null
+            $TestResults = Invoke-Rego @RegoParams
+            $TestResults[0].RequirementMet | Should -BeExactly $false
         }
     }
 }