mock(GraphClientInterface::class, function ($mock): void { $mock->shouldReceive('listPolicies')->never(); $mock->shouldReceive('getPolicy')->never(); $mock->shouldReceive('getOrganization')->never(); $mock->shouldReceive('applyPolicy')->never(); $mock->shouldReceive('getServicePrincipalPermissions')->never(); $mock->shouldReceive('request')->never(); }); [$user, $tenant] = createUserWithTenant(role: 'operator', fixtureProfile: 'credential-enabled'); $this->actingAs($user); $tenant->makeCurrent(); Filament::setTenant($tenant, true); $connection = ProviderConnection::query() ->where('managed_environment_id', (int) $tenant->getKey()) ->where('provider', 'microsoft') ->where('is_default', true) ->firstOrFail(); Livewire::test(ListProviderConnections::class) ->callTableAction('check_connection', $connection); $opRun = OperationRun::query() ->where('managed_environment_id', $tenant->getKey()) ->where('type', 'provider.connection.check') ->latest('id') ->first(); expect($opRun)->not->toBeNull(); expect($opRun?->status)->toBe('queued'); expect($opRun?->outcome)->toBe('pending'); expect($opRun?->context)->toMatchArray([ 'provider' => 'microsoft', 'module' => 'health_check', 'provider_connection_id' => (int) $connection->getKey(), ]); expect($opRun?->context['provider_context'] ?? [])->toMatchArray([ 'provider' => 'microsoft', ]); expect($opRun?->context['target_scope'] ?? [])->toMatchArray([ 'provider' => 'microsoft', 'scope_kind' => 'tenant', 'scope_identifier' => $connection->entra_tenant_id, ])->not->toHaveKey('entra_tenant_id'); $notifications = session('filament.notifications', []); expect($notifications)->not->toBeEmpty(); expect(collect($notifications)->last()['actions'][0]['url'] ?? null) ->toBe(OperationRunLinks::view($opRun, $tenant)); Queue::assertPushed(ProviderConnectionHealthCheckJob::class, 1); }); it('dedupes connection checks and does not enqueue a second job', function (): void { Queue::fake(); [$user, $tenant] = createUserWithTenant(role: 'operator', fixtureProfile: 'credential-enabled'); $this->actingAs($user); $tenant->makeCurrent(); Filament::setTenant($tenant, true); $connection = ProviderConnection::query() ->where('managed_environment_id', (int) $tenant->getKey()) ->where('provider', 'microsoft') ->where('is_default', true) ->firstOrFail(); $component = Livewire::test(ListProviderConnections::class); $component->callTableAction('check_connection', $connection); $component->callTableAction('check_connection', $connection); expect(OperationRun::query() ->where('managed_environment_id', $tenant->getKey()) ->where('type', 'provider.connection.check') ->count())->toBe(1); Queue::assertPushed(ProviderConnectionHealthCheckJob::class, 1); }); it('does not dedupe or link a resolution-scoped active check from the normal connection check action', function (): void { Queue::fake(); [$user, $tenant] = createUserWithTenant(role: 'operator', fixtureProfile: 'credential-enabled'); $this->actingAs($user); $tenant->makeCurrent(); Filament::setTenant($tenant, true); $connection = ProviderConnection::query() ->where('managed_environment_id', (int) $tenant->getKey()) ->where('provider', 'microsoft') ->where('is_default', true) ->firstOrFail(); $resolutionRun = OperationRun::factory()->create([ 'workspace_id' => (int) $tenant->workspace_id, 'managed_environment_id' => (int) $tenant->getKey(), 'type' => 'provider.connection.check', 'status' => 'running', 'context' => [ 'provider_connection_id' => (int) $connection->getKey(), 'trigger' => 'review_publication_resolution', 'review_publication_resolution_case_id' => 388001, 'environment_review_id' => 388002, ], ]); Livewire::test(ListProviderConnections::class) ->callTableAction('check_connection', $connection); expect(OperationRun::query() ->where('managed_environment_id', $tenant->getKey()) ->where('type', 'provider.connection.check') ->count())->toBe(1); $notifications = session('filament.notifications', []); $lastNotification = collect($notifications)->last(); $actions = collect(is_array($lastNotification) ? ($lastNotification['actions'] ?? []) : []); $encodedActions = json_encode($actions->all(), JSON_THROW_ON_ERROR); expect($lastNotification['title'] ?? null)->toBe('Scope busy') ->and($lastNotification['body'] ?? null)->toBe('Another provider-backed operation is already running for this scope. Retry after it finishes.') ->and($actions->pluck('name')->all())->not->toContain('view_run') ->and($encodedActions)->not->toContain(OperationRunLinks::view($resolutionRun, $tenant)); Queue::assertNotPushed(ProviderConnectionHealthCheckJob::class); }); it('does not refresh operation activity for a non-disclosable resolution-scoped busy check from the verification widget', function (): void { Queue::fake(); [$user, $tenant] = createUserWithTenant(role: 'operator', fixtureProfile: 'credential-enabled'); $this->actingAs($user); $tenant->makeCurrent(); Filament::setTenant($tenant, true); $connection = ProviderConnection::query() ->where('managed_environment_id', (int) $tenant->getKey()) ->where('provider', 'microsoft') ->where('is_default', true) ->firstOrFail(); $resolutionRun = OperationRun::factory()->create([ 'workspace_id' => (int) $tenant->workspace_id, 'managed_environment_id' => (int) $tenant->getKey(), 'type' => 'provider.connection.check', 'status' => 'running', 'context' => [ 'provider_connection_id' => (int) $connection->getKey(), 'trigger' => 'review_publication_resolution', 'review_publication_resolution_case_id' => 388201, 'environment_review_id' => 388202, ], ]); Livewire::test(ManagedEnvironmentVerificationReport::class, ['record' => $tenant]) ->call('startVerification') ->assertNotDispatched(OpsUxBrowserEvents::RunEnqueued); $notifications = session('filament.notifications', []); $lastNotification = collect($notifications)->last(); $actions = collect(is_array($lastNotification) ? ($lastNotification['actions'] ?? []) : []); $encodedActions = json_encode($actions->all(), JSON_THROW_ON_ERROR); expect(OperationRun::query() ->where('managed_environment_id', $tenant->getKey()) ->where('type', 'provider.connection.check') ->count())->toBe(1) ->and($lastNotification['title'] ?? null)->toBe('Scope busy') ->and($lastNotification['body'] ?? null)->toBe('Another provider-backed operation is already running for this scope. Retry after it finishes.') ->and($actions->pluck('name')->all())->not->toContain('view_run') ->and($encodedActions)->not->toContain(OperationRunLinks::tenantlessView($resolutionRun)); Queue::assertNotPushed(ProviderConnectionHealthCheckJob::class); }); it('disables connection check action for readonly users', function (): void { Queue::fake(); [$user, $tenant] = createUserWithTenant(role: 'readonly', fixtureProfile: 'credential-enabled'); $this->actingAs($user); $tenant->makeCurrent(); Filament::setTenant($tenant, true); $connection = ProviderConnection::query() ->where('managed_environment_id', (int) $tenant->getKey()) ->where('provider', 'microsoft') ->where('is_default', true) ->firstOrFail(); Livewire::test(ListProviderConnections::class) ->assertTableActionVisible('check_connection', $connection) ->assertTableActionDisabled('check_connection', $connection) ->assertTableActionVisible('compliance_snapshot', $connection) ->assertTableActionDisabled('compliance_snapshot', $connection); Queue::assertNothingPushed(); expect(OperationRun::query()->where('managed_environment_id', $tenant->getKey())->count())->toBe(0); });