create(['external_id' => 'tenant-rbac-check']); $checks = TenantPermissionCheckClusters::buildChecks($tenant, [ [ 'key' => 'DeviceManagementRBAC.Read.All', 'type' => 'application', 'description' => 'Read Intune RBAC roles and assignments', 'features' => ['rbac_inventory', 'rbac_backup_history'], 'status' => 'missing', 'details' => null, ], ]); $rbacCheck = collect($checks)->firstWhere('key', 'permissions.intune_rbac_assignments'); expect($rbacCheck)->toBeArray(); expect($rbacCheck['status'] ?? null)->toBe(VerificationCheckStatus::Fail->value); expect($rbacCheck['blocking'] ?? null)->toBeTrue(); expect($rbacCheck['reason_code'] ?? null)->toBe(ProviderReasonCodes::IntuneRbacPermissionMissing); expect((string) ($rbacCheck['message'] ?? ''))->toContain('DeviceManagementRBAC.Read.All'); expect((string) ($rbacCheck['message'] ?? ''))->toContain('RBAC inventory and backup history'); expect($rbacCheck['next_steps'][0]['url'] ?? null)->toBe(RequiredPermissionsLinks::requiredPermissions($tenant)); });