Initial build of AD DS tests. #1366
Conversation
| $__MtSession.Connections = $Service | ||
|
|
||
| $OrderedImport = Get-ModuleImportOrder -Name @('Az.Accounts', 'ExchangeOnlineManagement', 'Microsoft.Graph.Authentication', 'MicrosoftTeams') | ||
| $OrderedImport = Get-ModuleImportOrder -Name @('ActiveDirectory', 'Az.Accounts', 'ExchangeOnlineManagement', 'Microsoft.Graph.Authentication', 'MicrosoftTeams') |
There was a problem hiding this comment.
The 'ActiveDirectory' module is not needed in this array. An inline explanatory comment would be helpful: it is checking modules that rely on the MSAL to determine which one should be connected to first, which ensures that the newest (and backwards compatible) version of Microsoft.Identity.Client.dll is loaded to avoid version conflicts between the MS modules.
There was a problem hiding this comment.
Since the switch case is dependent on the array returned, does that work as intended?
|
This is an exciting addition, @soulemike! I have reviewed the overall structure and will have to come back to review the individual tests soon. One question that I wondered while reviewing is what the anticipated usage will look like as we potentially add more tests outside of the core M365 suite. Would we recommend or expect users to run For example, including potential future test suites: Group tags by platform environment using core module
Using this approach, Group test suites using test provider modules
Use one core module and select tests by PlatformTest to execute could be referenced by their platform name in addition to the existing options. Examples:
Curious about your thoughts! |
I think leaving the default option as Graph is still the best. I do think adding a nuance to All is beneficial though, initially adding an AllCloud option was my thought. The intent would be that this could be handled in a single run though. I had originally thought an integration with WireGuard would be really cool. It seems like most in the Discord would just prefer to run a self-hosted runner or a utility server though. 
|
|
This is an awesome addition and I'd love to chip in; at least with our approach. We should certainly support cloud based automations, as I expect many have done exactly that given that Maesters original target was M365. I have also been keen on getting started with a module for Palo Alto, as I have many years of experience with Palo Alto NGFW, but I have been reluctant due to the connectivity question and how to approach this. Firewalls are (often) not exposed on management interfaces, so I also think local runners would be ideal in this scenario. The next question is how to relay that to the cloud automation. Happy to work with you guys on this 👍 There is also Palo Alto Panorama (often cloud hosted) and Palo Alto Cortex XDR (cloud hosted) with API integration, so we could attempt to draft a standard for cloud service (API with keys) and local services (self-hosted runners). |
|
It would be great to see a common architecture document or a framework for these scenarios so others can consistently build tests for infrastructure that requires other forms of access and authentication. I have minimal experience with local runners, but it does seem like a good approach. |
3 participants
Description
Provides new functionality to enable Active Directory tests.
Contribution Checklist
Before submitting this PR, please confirm you have completed the following:
/powershell/tests/pester.ps1on your local system.Join us at the Maester repository discussions 💬 or Entra Discord 🧑💻 for more help and conversations!