222a7e0a97
- T001-T014: Foundation - StoredReport model/migration, Finding resolved lifecycle, badge mappings (resolved status, permission_posture type), OperationCatalog + AlertRule constants - T015-T022: US1 - PermissionPostureFindingGenerator with fingerprint-based idempotent upsert, severity from feature-impact count, auto-resolve on grant, auto-reopen on revoke, error findings (FR-015), stale finding cleanup; GeneratePermissionPostureFindingsJob dispatched from health check; PostureResult VO + PostureScoreCalculator - T023-T026: US2+US4 - Stored report payload validation, temporal ordering, polymorphic reusability, score accuracy acceptance tests - T027-T029: US3 - EvaluateAlertsJob.permissionMissingEvents() wired into alert pipeline, AlertRuleResource event type option, cooldown/dedupe tests - T030-T034: Polish - PruneStoredReportsCommand with config retention, scheduled daily, end-to-end integration test, Pint clean UI bug fixes found during testing: - FindingResource: hide Diff section for non-drift findings - TenantRequiredPermissions: fix re-run verification link - tenant-required-permissions.blade.php: preserve details open state 70 tests (50 PermissionPosture + 20 FindingResolved/Badge/Alert), 216 assertions
72 lines
2.2 KiB
PHP
72 lines
2.2 KiB
PHP
<?php
|
|
|
|
namespace Database\Factories;
|
|
|
|
use App\Models\Finding;
|
|
use App\Models\Tenant;
|
|
use Illuminate\Database\Eloquent\Factories\Factory;
|
|
|
|
/**
|
|
* @extends \Illuminate\Database\Eloquent\Factories\Factory<\App\Models\Finding>
|
|
*/
|
|
class FindingFactory extends Factory
|
|
{
|
|
/**
|
|
* Define the model's default state.
|
|
*
|
|
* @return array<string, mixed>
|
|
*/
|
|
public function definition(): array
|
|
{
|
|
return [
|
|
'tenant_id' => Tenant::factory(),
|
|
'finding_type' => Finding::FINDING_TYPE_DRIFT,
|
|
'scope_key' => hash('sha256', fake()->uuid()),
|
|
'baseline_operation_run_id' => null,
|
|
'current_operation_run_id' => null,
|
|
'fingerprint' => hash('sha256', fake()->uuid()),
|
|
'subject_type' => 'assignment',
|
|
'subject_external_id' => fake()->uuid(),
|
|
'severity' => Finding::SEVERITY_MEDIUM,
|
|
'status' => Finding::STATUS_NEW,
|
|
'acknowledged_at' => null,
|
|
'acknowledged_by_user_id' => null,
|
|
'evidence_jsonb' => [],
|
|
];
|
|
}
|
|
|
|
/**
|
|
* State for permission posture findings.
|
|
*/
|
|
public function permissionPosture(): static
|
|
{
|
|
return $this->state(fn (array $attributes): array => [
|
|
'finding_type' => Finding::FINDING_TYPE_PERMISSION_POSTURE,
|
|
'source' => 'permission_check',
|
|
'subject_type' => 'permission',
|
|
'subject_external_id' => 'DeviceManagementConfiguration.ReadWrite.All',
|
|
'severity' => Finding::SEVERITY_MEDIUM,
|
|
'evidence_jsonb' => [
|
|
'permission_key' => 'DeviceManagementConfiguration.ReadWrite.All',
|
|
'permission_type' => 'application',
|
|
'expected_status' => 'granted',
|
|
'actual_status' => 'missing',
|
|
'blocked_features' => ['policy-sync', 'backup'],
|
|
'checked_at' => now()->toIso8601String(),
|
|
],
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* State for resolved findings.
|
|
*/
|
|
public function resolved(): static
|
|
{
|
|
return $this->state(fn (array $attributes): array => [
|
|
'status' => Finding::STATUS_RESOLVED,
|
|
'resolved_at' => now(),
|
|
'resolved_reason' => 'permission_granted',
|
|
]);
|
|
}
|
|
}
|