使用Pester检查Windows磁盘加密

编程问答 2022-06-11

问题描述

我正在尝试使用以下pester代码在Windows Server上使用pester测试本地磁盘的保护状态:

Describe 'Encryption Check' {    
$diskencr =  Get-BitLockerVolume

$diskencr.ForEach{
    write-host $_.ProtectionStatus
    Context "Testing encryption on $($_)" {
        It "Encryption Enabled?" {$_.ProtectionStatus -match 'On' | Should -Be $True}
    }
}

}

输出显示3个磁盘的“ Protection Status”(保护状态)为On(开),而1个为Off(关)。

但是pester的“ It check”说都是假的,我不知道为什么?

    Starting discovery in 1 files.
discovering in D:\Temp\test.ps1.
On
Off
On
On
Found 4 tests. 2.44s
discovery finished in 2.44s.

Running tests from 'D:\Temp\test.ps1'
Describing Encryption Check
 Context Testing encryption on E:
   [-] Encryption Enabled? 15ms (14ms|1ms)
    Expected $true,but got $false.
    at It "Encryption Enabled?" {$_.ProtectionStatus -match 'On' | Should -Be $True},D:\Temp\test.ps1:7
    at <ScriptBlock>,D:\Temp\test.ps1:7
 Context Testing encryption on \\?\Volume{070ba12e-0000-0000-0000-100000000000}\
   [-] Encryption Enabled? 5ms (4ms|1ms)
    Expected $true,D:\Temp\test.ps1:7
 Context Testing encryption on D:
   [-] Encryption Enabled? 8ms (6ms|2ms)
    Expected $true,D:\Temp\test.ps1:7
 Context Testing encryption on C:
   [-] Encryption Enabled? 5ms (4ms|1ms)
    Expected $true,D:\Temp\test.ps1:7
Tests completed in 2.72s
Tests Passed: 0,Failed: 4,Skipped: 0 NotRun: 0

解决方法

块不允许作用域渗入其中。 必须使用-TestCases参数将其重组为类似的内容

Describe 'Encryption Check' {
    Context "Testing encryption on drives" {
        It "checking a drive" -TestCases @(
            $Diskencr =  Get-BitLockerVolume
            $Diskencr.ForEach{
                @{ DriveLetter = $_ }
            }
        ) { 
            param($DriveLetter) 
                Write-Host $DriveLetter 
                $DriveLetter.ProtectionStatus -match 'On' | Should -BeExactly $True
        } 
    } 
}