Beyond Pester 103 : Applying a testing mindset

Beyond Pester 103
@glennsarti glenn-sarti
Applying a testing mindset to PowerShell
Glenn Sarti - Senior Software Engineer at

View Slide

Beyond Pester 101
Applying testing principles to PowerShell
Glenn Sarti
Software Engineer, Windows Team

View Slide

@glennsarti
To reduce the risk that a
user will experience an
unexpected behaviour

View Slide

@glennsarti
Unit (White box)
Integration
Unit (Black box)
Characterisation

View Slide

@glennsarti
Reduce duration
Remove tests
Reorder tests
General
maintenance

View Slide

Beyond Pester 102
Acceptance testing with PowerShell
@glennsarti glenn-sarti

View Slide

@glennsarti
Cynefin Framework
“The Cynefin framework (/ˈkʌnɪvɪn/
KUN-iv-in) is a conceptual framework
used to aid decision-making”
- https://www.youtube.com/watch?v=N7oz366X0-8

View Slide

@glennsarti
Operational Acceptance Tests
Operation Validation Tests
User Acceptance Tests
Compliance Acceptance Tests

View Slide

@glennsarti
?
@glennsarti

View Slide

Designing automated test suites
About 60% automation testing and 40% manual
Contribute towards maintaining regression suite
Ability to write clear and concise test/bug reports
Review and analyze system specifications
Regression testing, reporting
@glennsarti

View Slide

Wanted: Testing Mindset
Creative Thinker
Problem Solver
Explorer / Experimenter
@glennsarti

View Slide

@glennsarti

View Slide

@glennsarti
Testing is one of the most
profitable investments engineers can
make to improve the reliability of
their product. Testing isn’t an activity
that happens once or twice in the
lifecycle of a project; it’s continuous.
”
“
- https://sre.google/sre-book/testing-reliability/

View Slide

@glennsarti
“Shifting left” is about building quality into
the software development process. When
you shift left, fewer things break in
production, because any issues are detected
and resolved earlier.
- Puppet State of DevOps Report 2016

View Slide

@glennsarti
?
@glennsarti

View Slide

@glennsarti
@glennsarti
AD Account Cleanup Script
• Disable accounts that haven’t logged in
for 45 days
• Delete disabled accounts after 6 months
• Be able to exclude some accounts
• Log all activities

View Slide

@glennsarti
@glennsarti
Param (
$ScriptPath = "C:\Automation\AD\Cleanup\",
$LogDirectory = "logfiles\",
$Date = (Get-Date).ToString("dd-MM-yyyy"),
$NamedExceptions = (Get-Content $ScriptPath`ADnamedExceptions.txt),
$Server = "DC002.domain.com"
)
Function Get-AgedAccounts {
Param (
[string]$AccountType,
[int]$AgedAccountThreshold,
[int]$NewAccountThreshold
)
$LastLogonDate = (Get-Date).AddDays(-$AgedAccountThreshold)
$WhenCreated = (Get-Date).AddDays(-$NewAccountThreshold)
If ($AccountType -eq "User") {
$AgedAccounts = Get-ADUser -Filter {
(enabled -eq $True -and PasswordNeverExpires -eq $False -and WhenCreated -lt $WhenCreated -and samAccountType -eq "805306368") -and
((LastLogonDate -lt $LastLogonDate) -or (LastLogonDate -notlike "*"))
} -Properties lastLogonDate,whenCreated,passWordLastSet,whenChanged -Server $server |
Select-Object -Properties distinguishedName,samAccountName,lastLogonDate,whenCreated,passWordLastSet,whenChanged,objectClass
$AgedAccounts
} ElseIf ($AccountType -eq "Computer") {
$AgedAccounts = Get-ADComputer -Filter {
(enabled -eq $True -and PasswordNeverExpires -eq $False -and WhenCreated -lt $WhenCreated -and samAccountType -eq "805306369") -and
((LastLogonDate -lt $LastLogonDate) -or (LastLogonDate -notlike "*"))
} -Properties lastLogonDate,whenCreated,passWordLastSet,whenChanged -Server $server |
Select-Object -Property distinguishedName,samAccountName,lastLogonDate,whenCreated,passWordLastSet,whenChanged,objectClass
$AgedAccounts
} Else {
$AgedAccounts
}
}
Function Get-DisabledAccounts {
Param (
[int]$LastModifiedThreshold
)
$LastModifiedDate = (Get-Date).AddDays(-$LastModifiedThreshold)
$DisabledAccounts = Get-ADUser -Filter {
enabled -eq $False -and samAccountType -eq "805306368" -and whenChanged -lt $LastModifiedDate
} -properties lastLogonDate,whenCreated,passWordLastSet,whenChanged -server $server |
$DisabledAccounts
} ElseIf ($AccountType -eq "Computer") {
$DisabledAccounts = Get-ADComputer -Filter {
enabled -eq $False -and samAccountType -eq "805306369" -and whenChanged -lt $LastModifiedDate
} -properties lastLogonDate,whenCreated,passWordLastSet,whenChanged -server $server |
$DisabledAccounts
} Else {
$DisabledAccounts
}
}
$AgedAccounts = $null
$AgedAccounts = Get-AgedAccounts User 45 21
$AgedAccounts += Get-AgedAccounts Computer 45 14
$AgedAccounts.Count
$DisabledAccounts = $null
$DisabledAccounts = Get-DisabledAccounts Computer 183
# $DisabledAccounts += Get-DisabledAccounts User 183
$DisabledAccounts.Count
ForEach ($AgedAccount in $AgedAccounts) {
If ($NamedExceptions -contains $AgedAccount.DistinguishedName) {
$Result = "Match found in named exceptions file"
} Else {
Disable-ADAccount $AgedAccount.DistinguishedName -Server $Server # -WhatIf
$Result = $?
}
Add-Member -InputObject $AgedAccount -MemberType NoteProperty `
-Name ScriptDisabled -Value $Result
}
$LogFile = $Date + "disabled accounts.csv"
$AgedAccounts |
Export-Csv $ScriptPath$LogDirectory$LogFile -NoTypeInformation
ForEach ($DisabledAccount in $DisabledAccounts) {
If ($NamedExceptions -contains $DisabledAccount.DistinguishedName) {
} Else {
Remove-ADObject $DisabledAccount.DistinguishedName -Server $Server -Confirm:$False -Recursive # -WhatIf
$Result = $?
}
Add-Member -InputObject $DisabledAccount -MemberType NoteProperty -Name ScriptDeleted -Value $Result
}
$LogFile = $Date + "-deleted accounts.csv"
$DisabledAccounts |

View Slide

@glennsarti
@glennsarti
for 45 days

View Slide

@glennsarti
Single Responsibility
Principle
@glennsarti

View Slide

@glennsarti
• Find accounts that haven’t logged in for 45
days
• Exclude some accounts
• Disable the accounts
• Log the results to a file
@glennsarti

View Slide

@glennsarti
@glennsarti
Get-OldAccount |
Skip-ExcludedAccounts |
Disable-Account |
Out-AuditFile

View Slide

@glennsarti
@glennsarti
Get-OldAccount -OlderThanDays 45 |
Skip-ExcludedAccounts -Exclude $IgnoreAccounts |
Disable-Account |
Out-AuditFile -Path $AuditFileCSV

View Slide

@glennsarti
@glennsarti
Describe "Get-OldAccounts" {
BeforeEach {
$OldUserName1 = "Jasper"
$OldUserName2 = "Tomato"
$NotStaleUserName = "Pinapple"
Function New-MockUser($Name, $Age) {
# Insert mocking code here
}
New-MockUser $OldUserName1 46
New-MockUser $NotStaleUserName 45
}
It "only returns old accounts" {
$Actual = Get-OldAccounts -OlderThanDays 45
$Actual | Should-Be @($OldUserName1, $OldUserName2)
}
}

View Slide

@glennsarti
@glennsarti
BeforeEach {
}
}
}
}
Old accounts
Not old
account

View Slide

@glennsarti
@glennsarti
BeforeEach {
}
}
}
}

View Slide

@glennsarti
@glennsarti
Get-OldAccount `
-OlderThanDays 45 |
Skip-ExcludedAccounts `
-Exclude $IgnoreAccounts |
Disable-Account |
$AgedAccounts = $null
$AgedAccounts = Get-AgedAccounts User 45
# ...
ForEach ($AgedAccount in $AgedAccounts) {
If ($NamedExceptions -contains $AgedAccount.DistinguishedName) {
} Else {
Disable-ADAccount $AgedAccount.DistinguishedName `
-Server $Server
$Result = $?
}
Add-Member -InputObject $AgedAccount -MemberType NoteProperty `
-Name ScriptDisabled -Value $Result
}
$LogFile = $Date + "disabled accounts.csv"
$AgedAccounts |
Before After

View Slide

@glennsarti
• Find accounts that were disabled 6 months
ago
• Exclude some accounts
• Delete the accounts
• Log the results to a file
@glennsarti

View Slide

@glennsarti
@glennsarti
Disable-Account |
Get-DisabledAccount -OlderThanDays 180 |
Remove-Account |

View Slide

@glennsarti
Avoid Implicit
Dependencies
@glennsarti

View Slide

@glennsarti
@glennsarti
Param (
[int]$NewAccountThreshold
)
$WhenCreated = (Get-Date).AddDays(-$NewAccountThreshold)
(enabled -eq $True -and PasswordNeverExpires -eq $False -and WhenCreated -lt $WhenCreated
–and …

View Slide

@glennsarti
@glennsarti
Param (
[DateTime]$CreatedAfter
)
(enabled -eq $True -and PasswordNeverExpires -eq $False -and WhenCreated -ge $CreatedAfter
–and …

View Slide

@glennsarti
@glennsarti
Disable-Account |
Get-DisabledAccount -OlderThanDays 180 |
Remove-Account |

View Slide

@glennsarti
@glennsarti
$DisableTime = (Get-Date).AddDays(-45)
$RemoveTime = (Get-Date).AddMonths(-6)
Get-OldAccount -OlderThan $DisableTime |
Disable-Account |
Get-DisabledAccount -OlderThan $RemoveTime |
Remove-Account |

View Slide

@glennsarti
Types of tests – Unit (Black box)
“Tools do one thing … Tools don’t
know where their input data has
generated … Tools accept all input
only from their parameters … Tools
don’t know how their output will be
used, “
- The Many Forms of Scripting: which to use - Manning
@glennsarti

View Slide

@glennsarti
Why is testing hard?
@glennsarti

View Slide

@glennsarti
@glennsarti

View Slide

@glennsarti
TDD
@glennsarti

View Slide

@glennsarti
@glennsarti
…here’s another one: TDD (Test-driven development)
… why not write down what your trying to accomplish
in the form of tests … Make sure all of those tests fail
and then write PowerShell code to accomplish the
necessary tasks until all of the tests pass.
- https://mikefrobbins.com/2014/10/09/using-pester-for-test-driven-development-in-powershell/

View Slide

@glennsarti
@glennsarti
- https://sqldbawithabeard.com/2017/06/30/creating-a-powershell-module-and-tdd-for-get-sqldiagrecommendations/
I approached writing this module using
Test Driven Development with Pester.
This means that I have to write my
tests before I write my code.

View Slide

@glennsarti
TDD anyone?
@glennsarti

View Slide

@glennsarti
1. Add a test
2. It should fail
3. Write the code
4. Tests should pass
@glennsarti
- https://en.wikipedia.org/wiki/Test-driven_development

View Slide

@glennsarti
1. Add a test
2. It should fail
3. Write the code
5. Refactor
6. Repeat
@glennsarti

View Slide

@glennsarti
1. Add a test
2. It should fail
3. Write the code
5. Refactor
6. Repeat
@glennsarti
Iterate

View Slide

@glennsarti
1. Add a test
2. It should fail
3. Write the code
5. Refactor
6. Repeat
@glennsarti
Always adding quality

View Slide

@glennsarti
1. Add a test
2. It should fail
3. Write the code
5. Refactor
6. Repeat
@glennsarti
Focus on requirements

View Slide

@glennsarti
1. Add a test
2. It should fail
3. Write the code
5. Refactor
6. Repeat
@glennsarti
Small QoL things

View Slide

@glennsarti
@glennsarti
❌ Code before tests
❌ Blocking work
❌ The end state
TDD is not

View Slide

@glennsarti
@glennsarti
✅ Fast feedback loops
✅ Focus on requirements
✅ A high confidence change tool
TDD is

View Slide

@glennsarti
@glennsarti
… we are 100% capable of doing TDD with
Powershell, No Excuses! … It’s that simple, and
it’s a beautiful thing.
- https://devingleasonlambert.medium.com/test-driven-development-by-example-using-powershell-what-is-tdd-9a5006c9931
- Devin Gleason-Lambert

View Slide

@glennsarti
@glennsarti
for 45 days

View Slide

@glennsarti
BeforeEach {
}
}
}
}

View Slide

@glennsarti
$DisableTime = (Get-Date).AddDays(-45)
$RemoveTime = (Get-Date).AddMonths(-6)
Get-OldAccount -OlderThan $DisableTime |
Disable-Account |
Get-DisabledAccount -OlderThan $RemoveTime |
Remove-Account |

View Slide

@glennsarti
@glennsarti
for 45 days

View Slide

@glennsarti
@glennsarti
TDD for everyone

View Slide

@glennsarti
TDD for everyone
@glennsarti
“The code is more what you’d call ‘guidelines’ than actual rules.”
- Captain Barbosa – Pirates of the Caribbean

View Slide

@glennsarti
Q: Where to start?
@glennsarti

View Slide

@glennsarti
Q: Where to start?
A: It depends 😕
@glennsarti

View Slide

@glennsarti
1. Happy path
2. Sad path
3. Weird 💩 path
@glennsarti

View Slide

@glennsarti
A software tester walks into a bar ...
Orders a beer
Orders ten beers
Orders a nothing
Orders 200 beers
Tries to leave without paying
Orders -1 beers
Orders a cat
@glennsarti

View Slide

@glennsarti
@glennsarti
Happy
Sad
Weird
A software tester walks into a bar ...
Orders a beer
Orders ten beers
Orders a nothing
Orders 200 beers
Tries to leave without paying
Orders -1 beers
Orders a cat

View Slide

@glennsarti
AD Cleanup script – Get old Accounts
An account logged in 46 days ago
@glennsarti
Happy

View Slide

@glennsarti
An account that’s never logged in
Network error
@glennsarti
Happy
Sad

View Slide

@glennsarti
An account that’s never logged in
Network error
An account logged in 1 day into the future
@glennsarti
Happy
Sad
Weird

View Slide

@glennsarti
@glennsarti
“ If it hurts, do it more
frequently, and bring the
pain forward. “
- https://www.amazon.com.au/Continuous-Delivery-Reliable-Deployment-Automation/dp/0321601912
- Jez Humble

View Slide

@glennsarti
Operation Validation Framework
- https://github.com/PowerShell/Operation-Validation-Framework
A set of tools for executing validation of the
operation of a system. It provides a way to
organize and execute Pester tests which are
written to validate operation … ”
“
@glennsarti

View Slide

@glennsarti

View Slide

@glennsarti
@glennsarti
Tests are tools

View Slide

@glennsarti
@glennsarti
Gherkin

View Slide

@glennsarti
@glennsarti
Feature: It retrieves old accounts
Background: Login to Test AD
Given test AD server 'testad.local'
And a user '[email protected]' which logged in 45 days ago
Scenario: Getting many accounts
When getting accounts older than 45 days
Then it returns user '[email protected]'
And it returns user '[email protected]'
And it does not return user '[email protected]'

View Slide

@glennsarti
@glennsarti
Compliance Testing

View Slide

@glennsarti
Metadata
Test
@glennsarti

View Slide

@glennsarti
@glennsarti
Compliance Testing
Open Policy Agent (OPA)
HashiCorp Sentinel*

View Slide

@glennsarti
@glennsarti
OPA – Conftest - Rego syntax

View Slide

@glennsarti
@glennsarti
HashiCorp - Sentinel
deny_unencrypted_managed_disk = rule when {
all allManagedDisks as _, disks {
all disks.change.after.encryption_settings as encryption_settings {
encryption_settings.enabled is true
}
}
}

View Slide

@glennsarti
@glennsarti
Load Testing

View Slide

@glennsarti
@glennsarti
package gatlingBlog
import scala.concurrent.duration._
import io.gatling.core.Predef._
import io.gatling.http.Predef._
class SartiDevSimulation1 extends Simulation
{
val httpProtocol = http
.baseUrl("https://sarti.dev")
val scn = scenario("SendSimpleQuery")
.exec(
http("root_request")
.get("/")
)
setUp(scn.inject(
atOnceUsers(100)
).protocols(httpProtocol))
}

View Slide

@glennsarti
@glennsarti
package gatlingBlog
import scala.concurrent.duration._
import io.gatling.core.Predef._
import io.gatling.http.Predef._
class SartiDevSimulation1 extends Simulation
{
val httpProtocol = http
.baseUrl("https://sarti.dev")
val scn = scenario("SendSimpleQuery")
.exec(
http("root_request")
.get("/")
)
setUp(scn.inject(
atOnceUsers(100)
).protocols(httpProtocol))
}
Request
URL
Load

View Slide

@glennsarti
@glennsarti

View Slide

@glennsarti
@glennsarti
So many tools…

View Slide

@glennsarti

View Slide

…
If it's truth you're interested
in, Dr.Tyree's Philosophy class
is right down the hall
— Indiana Jones
@glennsarti

View Slide

@glennsarti

View Slide

Does my PowerShell do
what it should?
@glennsarti

View Slide

Does my PowerShell do
what it should?
How do I know my
PowerShell does
what it should?
@glennsarti

View Slide

THANK YOU!
Please use the link below to submit a session rating!
@glennsarti
http://sarti.dev/
https://speakerdeck.com/glennsarti
https://powershellsummit.org/sessionfeedback

View Slide

@glennsarti
Resources
Beyond Pester
https://sarti.dev/presentation/powershell-summit2018-pester
https://sarti.dev/presentation/powershell-summit2019-pester
DevOps
https://www.amazon.com.au/Phoenix-Project-DevOps-Helping-Business/dp/0988262592
https://sre.google/sre-book/testing-reliability/
https://services.google.com/fh/files/misc/state-of-devops-2018.pdf
https://www.amazon.com.au/Continuous-Delivery-Reliable-Deployment-Automation/dp/0321601912
TDD
https://en.wikipedia.org/wiki/Test-driven_development
https://mikefrobbins.com/2014/10/09/using-pester-for-test-driven-development-in-powershell/
https://sqldbawithabeard.com/2017/06/30/creating-a-powershell-module-and-tdd-for-get-sqldiagrecommendations/
https://devingleasonlambert.medium.com/test-driven-development-by-example-using-powershell-what-is-tdd-9a5006c9931
Images
https://unsplash.com
@glennsarti

View Slide

@glennsarti
Resources
Doctor don’t Defenstrate
https://www.youtube.com/watch?v=xu9dRXgmTNc
Compliance
https://www.conftest.dev/
https://www.hashicorp.com/sentinel
@glennsarti

View Slide

Beyond Pester 103 : Applying a testing mindset

Beyond Pester 103 : Applying a testing mindset

Glenn

More Decks by Glenn

Other Decks in Technology

Featured

Transcript