ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Compare commits

merge into: ahmido:dev
Branches Tags
ahmido:dev
ahmido:114-system-console-control-tower
ahmido:114-system-console-control-tower-session-1772188674
ahmido:113-platform-ops-runbooks
ahmido:112-list-expand-parity
ahmido:111-findings-workflow-sla
ahmido:feat/110-ops-ux-enforcement
ahmido:110-ops-ux-enforcement
ahmido:109-review-pack-export
ahmido:108-provider-access-hardening
ahmido:107-workspace-chooser
ahmido:fix/pest-makeassignment-collision
ahmido:106-required-permissions-sidebar-context
ahmido:105-entra-admin-roles-evidence-findings
ahmido:104-provider-permission-posture
ahmido:103-ia-scope-filter-semantics
ahmido:feat/700-bugfix
ahmido:feat/102-filament-5-2-1-upgrade
ahmido:101-golden-master-baseline-governance-v1
ahmido:101-golden-master-baseline-governance-v1-session-1771506612
ahmido:feat/100-alert-target-test-actions
ahmido:feat/099-alerts-v1-teams-email
ahmido:098-settings-slices-v1-backup-drift-ops
ahmido:097-settings-foundation
ahmido:fix/tenant-permissions-workspace-id
ahmido:fix/tenant-permissions-workspace-id-session-1771192503
ahmido:096-ops-polish-assignment-dedupe-system-tracking
ahmido:095-graph-contracts-registry-completeness
ahmido:094-assignment-ops-observability-hardening
ahmido:093-scope-001-workspace-id-isolation
ahmido:docs/constitution-scope-1.8.2
ahmido:092-legacy-purge-final
ahmido:091-backupschedule-retention-lifecycle
ahmido:090-action-surface-contract-compliance
ahmido:089-provider-connections-tenantless-ui
ahmido:087-legacy-runs-removal
ahmido:088-remove-tenant-graphoptions-legacy
ahmido:085-tenant-operate-hub
ahmido:084-verification-surfaces-unification
ahmido:083-required-permissions-hardening
ahmido:082-action-surface-contract
ahmido:chore/spec-kit-action-surface-contract
ahmido:081-provider-connection-cutover
ahmido:080-workspace-managed-tenant-admin
ahmido:079-inventory-links-non-uuid-ids
ahmido:078-operations-tenantless-canonical
ahmido:077-workspace-nav-monitoring-hub
ahmido:076-permissions-enterprise-ui
ahmido:075-verification-v1_5
ahmido:073-unified-managed-tenant-onboarding-wizard
ahmido:feat/072-managed-tenants-workspace-enforcement
ahmido:feat/999-merge-integration-session-1769990000
ahmido:069-tenant-onboarding-wizard-v2-session-1769905221
ahmido:069-managed-tenant-onboarding-wizard-session-1769903080
ahmido:068-workspaces-v2
ahmido:068-workspace-foundation-v1
ahmido:067-rbac-troubleshooting
ahmido:feat/066-rbac-ui-enforcement-helper-v2
ahmido:spec/066-rbac-ui-enforcement-helper-v2
ahmido:066-rbac-ui-enforcement-helper
ahmido:dev-session-1769637808
ahmido:065-tenant-rbac-v1
ahmido:dev-session-1769551498
ahmido:064-auth-structure
ahmido:063-entra-signin
ahmido:061-provider-foundation
ahmido:060-tag-badge-catalog
ahmido:059-unified-badges
ahmido:058-tenant-ui-polish
ahmido:feat/057-filament-v5-upgrade
ahmido:057-filament-v5-upgrade
ahmido:feat/053-unify-runs-monitoring
ahmido:feat/052-async-add-policies
ahmido:feat/044-drift-mvp
ahmido:051-entra-group-directory-cache
ahmido:feat/049-backup-restore-job-orchestration
ahmido:feat/048-backup-restore-ui-graph-safety
ahmido:feat/000-specify-deprecate
ahmido:feat/047-inventory-foundations-nodes
ahmido:feat/042-inventory-dependencies-graph
ahmido:046-inventory-sync-button
ahmido:feat/045-settingscatalog-classification
ahmido:fix/sail-node-modules-volume
ahmido:fix/pest-uses-cleanup
ahmido:feat/041-inventory-ui
ahmido:feat/040-inventory-core
ahmido:chore/docs-constitution-v1.1.0
ahmido:chore/solo-copilot-workflow
ahmido:feat/011-restore-run-wizard
ahmido:feat/011-restore-run-wizard-session-1767749508
ahmido:feat/011-restore-run-wizard-session-1767749319
ahmido:feat/032-backup-scheduling-mvp
ahmido:fix/032-manual-dispatch-unique-violation-session-1767604982
ahmido:feat/032-next-run-schedule-timezone-session-1767604322
ahmido:feat/032-backup-scheduling-mvp-session-1767583912
ahmido:feat/031-tenant-portfolio-context-switch
ahmido:feat/027-enrollment-config-subtypes
ahmido:feat/024-terms-and-conditions
ahmido:feat/026-custom-compliance-scripts
ahmido:spec/024-additional-intune-types
ahmido:feat/018-driver-updates-wufb
ahmido:feat/023-endpoint-security-restore-into-dev
ahmido:feat/023-endpoint-security-restore
ahmido:feat/017-policy-types-mam-endpoint-security-baselines
ahmido:016-backup-version-reuse
ahmido:015-policy-picker-ux
ahmido:014-enrollment-autopilot
ahmido:014-enrollment-autopilot-session-1767305003
ahmido:013-scripts-management
ahmido:feat/012-windows-update-rings
ahmido:feat/011-restore-run-wizard-session-1767185846
ahmido:feat/010-admin-templates
ahmido:feat/009-app-protection-policy
ahmido:feat/008-apps-app-management
ahmido:feat/007-device-config-compliance
ahmido:spec/007-008-workload-specs
ahmido:feat/005-bulk-operations
ahmido:feat/004-assignments-scope-tags
...
pull from: ahmido:fix/pest-makeassignment-collision
Branches Tags
ahmido:dev
ahmido:114-system-console-control-tower
ahmido:114-system-console-control-tower-session-1772188674
ahmido:113-platform-ops-runbooks
ahmido:112-list-expand-parity
ahmido:111-findings-workflow-sla
ahmido:feat/110-ops-ux-enforcement
ahmido:110-ops-ux-enforcement
ahmido:109-review-pack-export
ahmido:108-provider-access-hardening
ahmido:107-workspace-chooser
ahmido:fix/pest-makeassignment-collision
ahmido:106-required-permissions-sidebar-context
ahmido:105-entra-admin-roles-evidence-findings
ahmido:104-provider-permission-posture
ahmido:103-ia-scope-filter-semantics
ahmido:feat/700-bugfix
ahmido:feat/102-filament-5-2-1-upgrade
ahmido:101-golden-master-baseline-governance-v1
ahmido:101-golden-master-baseline-governance-v1-session-1771506612
ahmido:feat/100-alert-target-test-actions
ahmido:feat/099-alerts-v1-teams-email
ahmido:098-settings-slices-v1-backup-drift-ops
ahmido:097-settings-foundation
ahmido:fix/tenant-permissions-workspace-id
ahmido:fix/tenant-permissions-workspace-id-session-1771192503
ahmido:096-ops-polish-assignment-dedupe-system-tracking
ahmido:095-graph-contracts-registry-completeness
ahmido:094-assignment-ops-observability-hardening
ahmido:093-scope-001-workspace-id-isolation
ahmido:docs/constitution-scope-1.8.2
ahmido:092-legacy-purge-final
ahmido:091-backupschedule-retention-lifecycle
ahmido:090-action-surface-contract-compliance
ahmido:089-provider-connections-tenantless-ui
ahmido:087-legacy-runs-removal
ahmido:088-remove-tenant-graphoptions-legacy
ahmido:085-tenant-operate-hub
ahmido:084-verification-surfaces-unification
ahmido:083-required-permissions-hardening
ahmido:082-action-surface-contract
ahmido:chore/spec-kit-action-surface-contract
ahmido:081-provider-connection-cutover
ahmido:080-workspace-managed-tenant-admin
ahmido:079-inventory-links-non-uuid-ids
ahmido:078-operations-tenantless-canonical
ahmido:077-workspace-nav-monitoring-hub
ahmido:076-permissions-enterprise-ui
ahmido:075-verification-v1_5
ahmido:073-unified-managed-tenant-onboarding-wizard
ahmido:feat/072-managed-tenants-workspace-enforcement
ahmido:feat/999-merge-integration-session-1769990000
ahmido:069-tenant-onboarding-wizard-v2-session-1769905221
ahmido:069-managed-tenant-onboarding-wizard-session-1769903080
ahmido:068-workspaces-v2
ahmido:068-workspace-foundation-v1
ahmido:067-rbac-troubleshooting
ahmido:feat/066-rbac-ui-enforcement-helper-v2
ahmido:spec/066-rbac-ui-enforcement-helper-v2
ahmido:066-rbac-ui-enforcement-helper
ahmido:dev-session-1769637808
ahmido:065-tenant-rbac-v1
ahmido:dev-session-1769551498
ahmido:064-auth-structure
ahmido:063-entra-signin
ahmido:061-provider-foundation
ahmido:060-tag-badge-catalog
ahmido:059-unified-badges
ahmido:058-tenant-ui-polish
ahmido:feat/057-filament-v5-upgrade
ahmido:057-filament-v5-upgrade
ahmido:feat/053-unify-runs-monitoring
ahmido:feat/052-async-add-policies
ahmido:feat/044-drift-mvp
ahmido:051-entra-group-directory-cache
ahmido:feat/049-backup-restore-job-orchestration
ahmido:feat/048-backup-restore-ui-graph-safety
ahmido:feat/000-specify-deprecate
ahmido:feat/047-inventory-foundations-nodes
ahmido:feat/042-inventory-dependencies-graph
ahmido:046-inventory-sync-button
ahmido:feat/045-settingscatalog-classification
ahmido:fix/sail-node-modules-volume
ahmido:fix/pest-uses-cleanup
ahmido:feat/041-inventory-ui
ahmido:feat/040-inventory-core
ahmido:chore/docs-constitution-v1.1.0
ahmido:chore/solo-copilot-workflow
ahmido:feat/011-restore-run-wizard
ahmido:feat/011-restore-run-wizard-session-1767749508
ahmido:feat/011-restore-run-wizard-session-1767749319
ahmido:feat/032-backup-scheduling-mvp
ahmido:fix/032-manual-dispatch-unique-violation-session-1767604982
ahmido:feat/032-next-run-schedule-timezone-session-1767604322
ahmido:feat/032-backup-scheduling-mvp-session-1767583912
ahmido:feat/031-tenant-portfolio-context-switch
ahmido:feat/027-enrollment-config-subtypes
ahmido:feat/024-terms-and-conditions
ahmido:feat/026-custom-compliance-scripts
ahmido:spec/024-additional-intune-types
ahmido:feat/018-driver-updates-wufb
ahmido:feat/023-endpoint-security-restore-into-dev
ahmido:feat/023-endpoint-security-restore
ahmido:feat/017-policy-types-mam-endpoint-security-baselines
ahmido:016-backup-version-reuse
ahmido:015-policy-picker-ux
ahmido:014-enrollment-autopilot
ahmido:014-enrollment-autopilot-session-1767305003
ahmido:013-scripts-management
ahmido:feat/012-windows-update-rings
ahmido:feat/011-restore-run-wizard-session-1767185846
ahmido:feat/010-admin-templates
ahmido:feat/009-app-protection-policy
ahmido:feat/008-apps-app-management
ahmido:feat/007-device-config-compliance
ahmido:spec/007-008-workload-specs
ahmido:feat/005-bulk-operations
ahmido:feat/004-assignments-scope-tags

1 Commits
dev ... fix/pest-m

Author SHA1 Message Date
Ahmed Darrazi
54e84c52d7 fix: resolve Pest helper collision + sync ops-ux spec 2026-02-22 04:11:12 +01:00
3 changed files with 26 additions and 27 deletions
Show Stats Expand all files Collapse all files

2
specs/055-ops-ux-rollout/spec.md
View File

@ -184,7 +184,7 @@ ### Functional Requirements
### Canonical allowed summary keys (single source of truth)
The following keys are the ONLY allowed summary keys for Ops-UX rendering:
`total, processed, succeeded, failed, skipped, compliant, noncompliant, unknown, created, updated, deleted, items, tenants, high, medium, low, findings_created, findings_resolved, findings_reopened, findings_unchanged, errors_recorded, posture_score`
`total, processed, succeeded, failed, skipped, compliant, noncompliant, unknown, created, updated, deleted, items, tenants, high, medium, low, findings_created, findings_resolved, findings_reopened, findings_unchanged, errors_recorded, posture_score, report_created, report_deduped, alert_events_produced`
All normalizers/renderers MUST reference this canonical list (no duplicated lists in multiple places).

42
tests/Feature/EntraAdminRoles/EntraAdminRolesFindingGeneratorTest.php
View File

@ -45,7 +45,7 @@ function readerRoleDef(): array
];
}
function makeAssignment(string $id, string $roleDefId, string $principalId, string $odataType = '#microsoft.graph.user', string $displayName = 'User', string $scopeId = '/'): array
function makeEntraAssignment(string $id, string $roleDefId, string $principalId, string $odataType = '#microsoft.graph.user', string $displayName = 'User', string $scopeId = '/'): array
{
return [
'id' => $id,
@ -91,8 +91,8 @@ function makeGenerator(): EntraAdminRolesFindingGenerator
$payload = buildPayload(
[gaRoleDef(), secAdminRoleDef()],
[
makeAssignment('a1', 'def-ga', 'user-1', '#microsoft.graph.user', 'Alice Admin'),
makeAssignment('a2', 'def-secadmin', 'user-2', '#microsoft.graph.user', 'Bob SecAdmin'),
makeEntraAssignment('a1', 'def-ga', 'user-1', '#microsoft.graph.user', 'Alice Admin'),
makeEntraAssignment('a2', 'def-secadmin', 'user-2', '#microsoft.graph.user', 'Bob SecAdmin'),
],
);
@ -128,8 +128,8 @@ function makeGenerator(): EntraAdminRolesFindingGenerator
$payload = buildPayload(
[gaRoleDef(), secAdminRoleDef()],
[
makeAssignment('a1', 'def-ga', 'user-1'),
makeAssignment('a2', 'def-secadmin', 'user-2'),
makeEntraAssignment('a1', 'def-ga', 'user-1'),
makeEntraAssignment('a2', 'def-secadmin', 'user-2'),
],
);
@ -152,7 +152,7 @@ function makeGenerator(): EntraAdminRolesFindingGenerator
$payload = buildPayload(
[gaRoleDef()],
[makeAssignment('a1', 'def-ga', 'user-1')],
[makeEntraAssignment('a1', 'def-ga', 'user-1')],
);
$generator = makeGenerator();
@ -179,7 +179,7 @@ function makeGenerator(): EntraAdminRolesFindingGenerator
// First scan: user-1 has GA
$payload1 = buildPayload(
[gaRoleDef()],
[makeAssignment('a1', 'def-ga', 'user-1')],
[makeEntraAssignment('a1', 'def-ga', 'user-1')],
);
$generator->generate($tenant, $payload1);
@ -207,7 +207,7 @@ function makeGenerator(): EntraAdminRolesFindingGenerator
// Scan 1: create
$payload1 = buildPayload(
[gaRoleDef()],
[makeAssignment('a1', 'def-ga', 'user-1', '#microsoft.graph.user', 'Alice')],
[makeEntraAssignment('a1', 'def-ga', 'user-1', '#microsoft.graph.user', 'Alice')],
);
$generator->generate($tenant, $payload1);
@ -218,7 +218,7 @@ function makeGenerator(): EntraAdminRolesFindingGenerator
// Scan 3: re-assign → re-open
$payload3 = buildPayload(
[gaRoleDef()],
[makeAssignment('a1', 'def-ga', 'user-1', '#microsoft.graph.user', 'Alice Reactivated')],
[makeEntraAssignment('a1', 'def-ga', 'user-1', '#microsoft.graph.user', 'Alice Reactivated')],
);
$result3 = $generator->generate($tenant, $payload3);
@ -242,7 +242,7 @@ function makeGenerator(): EntraAdminRolesFindingGenerator
$assignments = [];
for ($i = 1; $i <= 6; $i++) {
$assignments[] = makeAssignment("a{$i}", 'def-ga', "user-{$i}", '#microsoft.graph.user', "GA User {$i}");
$assignments[] = makeEntraAssignment("a{$i}", 'def-ga', "user-{$i}", '#microsoft.graph.user', "GA User {$i}");
}
$payload = buildPayload([gaRoleDef()], $assignments);
@ -274,7 +274,7 @@ function makeGenerator(): EntraAdminRolesFindingGenerator
$assignments = [];
for ($i = 1; $i <= 6; $i++) {
$assignments[] = makeAssignment("a{$i}", 'def-ga', "user-{$i}");
$assignments[] = makeEntraAssignment("a{$i}", 'def-ga', "user-{$i}");
}
$generator->generate($tenant, buildPayload([gaRoleDef()], $assignments));
@ -301,7 +301,7 @@ function makeGenerator(): EntraAdminRolesFindingGenerator
$payload = buildPayload(
[gaRoleDef()],
[makeAssignment('a1', 'def-ga', 'user-1')],
[makeEntraAssignment('a1', 'def-ga', 'user-1')],
);
$generator->generate($tenant, $payload);
@ -321,7 +321,7 @@ function makeGenerator(): EntraAdminRolesFindingGenerator
$payload = buildPayload(
[gaRoleDef()],
[makeAssignment('a1', 'def-ga', 'user-1')],
[makeEntraAssignment('a1', 'def-ga', 'user-1')],
);
// Scan 1: alert events produced for new finding
@ -340,7 +340,7 @@ function makeGenerator(): EntraAdminRolesFindingGenerator
$payload = buildPayload(
[gaRoleDef()],
[makeAssignment('a1', 'def-ga', 'user-1', '#microsoft.graph.user', 'Alice Admin')],
[makeEntraAssignment('a1', 'def-ga', 'user-1', '#microsoft.graph.user', 'Alice Admin')],
);
makeGenerator()->generate($tenant, $payload);
@ -378,9 +378,9 @@ function makeGenerator(): EntraAdminRolesFindingGenerator
$payload = buildPayload(
[gaRoleDef()],
[
makeAssignment('a1', 'def-ga', 'p-user', '#microsoft.graph.user', 'User'),
makeAssignment('a2', 'def-ga', 'p-group', '#microsoft.graph.group', 'Group'),
makeAssignment('a3', 'def-ga', 'p-sp', '#microsoft.graph.servicePrincipal', 'SP'),
makeEntraAssignment('a1', 'def-ga', 'p-user', '#microsoft.graph.user', 'User'),
makeEntraAssignment('a2', 'def-ga', 'p-group', '#microsoft.graph.group', 'Group'),
makeEntraAssignment('a3', 'def-ga', 'p-sp', '#microsoft.graph.servicePrincipal', 'SP'),
],
);
@ -403,7 +403,7 @@ function makeGenerator(): EntraAdminRolesFindingGenerator
$payload = buildPayload(
[gaRoleDef()],
[makeAssignment('a1', 'def-ga', 'user-1')],
[makeEntraAssignment('a1', 'def-ga', 'user-1')],
);
makeGenerator()->generate($tenant, $payload);
@ -425,7 +425,7 @@ function makeGenerator(): EntraAdminRolesFindingGenerator
// Scan 1: create
$payload = buildPayload(
[gaRoleDef()],
[makeAssignment('a1', 'def-ga', 'user-1')],
[makeEntraAssignment('a1', 'def-ga', 'user-1')],
);
$generator->generate($tenant, $payload);
@ -454,7 +454,7 @@ function makeGenerator(): EntraAdminRolesFindingGenerator
$payload = buildPayload(
[gaRoleDef()],
[makeAssignment('a1', 'def-ga', 'user-1', '#microsoft.graph.user', 'Alice', '/administrativeUnits/au-123')],
[makeEntraAssignment('a1', 'def-ga', 'user-1', '#microsoft.graph.user', 'Alice', '/administrativeUnits/au-123')],
);
makeGenerator()->generate($tenant, $payload);
@ -473,7 +473,7 @@ function makeGenerator(): EntraAdminRolesFindingGenerator
$payload = buildPayload(
[readerRoleDef()],
[makeAssignment('a1', 'def-reader', 'user-1')],
[makeEntraAssignment('a1', 'def-reader', 'user-1')],
);
$result = makeGenerator()->generate($tenant, $payload);

9
tests/Feature/OpsUx/SummaryCountsWhitelistTest.php
View File

@ -43,11 +43,10 @@
$body = (string) ($notification->data['body'] ?? '');
expect($body)->toContain('Summary:');
expect($body)->toContain('total: 10');
expect($body)->toContain('processed: 5');
expect($body)->not->toContain('secrets');
expect($body)->not->toContain('failed:');
expect($body)->toContain('Total: 10');
expect($body)->toContain('Processed: 5');
expect($body)->not->toContain('Secrets');
expect($body)->not->toContain('Failed:');
})->group('ops-ux');
it('sanitizes summary_counts values and drops non-whitelisted keys', function (): void {