ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
154-finding-risk-acceptance
TenantAtlas/tests/Feature/BaselineDriftEngine/ResolverTest.php
ahmido 45a804970e feat: complete admin canonical tenant rollout (#165) 
## Summary
- complete Spec 136 canonical admin tenant rollout across admin-visible and shared Filament surfaces
- add the shared panel-aware tenant resolver helper, persisted filter-state synchronization, and admin navigation segregation for tenant-sensitive resources
- expand regression, guard, and parity coverage for admin-path tenant resolution, stale filters, workspace-wide tenant-default surfaces, and panel split behavior

## Validation
- `vendor/bin/sail artisan test --compact tests/Feature/Guards/AdminTenantResolverGuardTest.php`
- `vendor/bin/sail artisan test --compact tests/Feature/Filament/TableStatePersistenceTest.php`
- `vendor/bin/sail artisan test --compact --filter='CanonicalAdminTenantFilterState|PolicyResource|BackupSchedule|BackupSet|FindingResource|BaselineCompareLanding|RestoreRunResource|InventoryItemResource|PolicyVersionResource|ProviderConnectionResource|TenantDiagnostics|InventoryCoverage|InventoryKpiHeader|AuditLog|EntraGroup'`
- `vendor/bin/sail bin pint --dirty --format agent`

## Notes
- Livewire v4.0+ compliance is preserved with Filament v5.
- Provider registration remains unchanged in `bootstrap/providers.php`.
- `PolicyResource` and `PolicyVersionResource` have admin global search disabled explicitly; `EntraGroupResource` keeps admin-aware scoped search with a View page.
- Destructive and governance-sensitive actions retain existing confirmation and authorization behavior while using canonical tenant parity.
- No new assets were introduced, so deployment asset strategy is unchanged and does not add new `filament:assets` work.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #165
2026-03-13 08:09:20 +00:00

138 lines
5.3 KiB
PHP
Raw Permalink Blame History

<?php
use App\Models\InventoryItem;
use App\Models\Policy;
use App\Models\PolicyVersion;
use App\Services\Baselines\BaselineSnapshotIdentity;
use App\Services\Baselines\CurrentStateHashResolver;
use Carbon\CarbonImmutable;
it('Baseline resolver prefers content evidence over meta evidence when available', function () {
[, $tenant] = createUserWithTenant();
$policy = Policy::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'policy_type' => 'settingsCatalogPolicy',
'external_id' => 'policy-a',
'platform' => 'windows10',
]);
$policyVersion = PolicyVersion::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'policy_id' => (int) $policy->getKey(),
'policy_type' => (string) $policy->policy_type,
'platform' => (string) $policy->platform,
'captured_at' => CarbonImmutable::parse('2026-03-01 10:00:00'),
'snapshot' => [
'settings' => [
['name' => 'settingA', 'value' => 1],
],
],
]);
$inventory = InventoryItem::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'policy_type' => (string) $policy->policy_type,
'external_id' => (string) $policy->external_id,
'meta_jsonb' => [
'odata_type' => '#microsoft.graph.deviceManagementConfigurationPolicy',
'etag' => 'W/"meta-etag"',
'scope_tag_ids' => [],
'assignment_target_count' => 1,
],
'last_seen_at' => CarbonImmutable::parse('2026-03-01 11:00:00'),
'last_seen_operation_run_id' => null,
]);
$expectedContentHash = expectedPolicyVersionContentHash(
snapshot: is_array($policyVersion->snapshot) ? $policyVersion->snapshot : [],
policyType: (string) $policyVersion->policy_type,
platform: is_string($policyVersion->platform) ? $policyVersion->platform : null,
);
$expectedMetaHash = app(BaselineSnapshotIdentity::class)->hashItemContent(
policyType: (string) $inventory->policy_type,
subjectExternalId: (string) $inventory->external_id,
metaJsonb: is_array($inventory->meta_jsonb) ? $inventory->meta_jsonb : [],
);
$resolver = app(CurrentStateHashResolver::class);
$result = $resolver->resolveForSubjects(
tenant: $tenant,
subjects: [
['policy_type' => (string) $policy->policy_type, 'subject_external_id' => (string) $policy->external_id],
],
since: null,
latestInventorySyncRunId: null,
);
expect($result)->toHaveKey((string) $policy->policy_type.'|'.(string) $policy->external_id);
$evidence = $result[(string) $policy->policy_type.'|'.(string) $policy->external_id];
expect($evidence)->not->toBeNull();
expect($evidence?->hash)->toBe($expectedContentHash);
expect($evidence?->hash)->not->toBe($expectedMetaHash);
expect($evidence?->provenance()['fidelity'])->toBe('content');
expect($evidence?->provenance()['source'])->toBe('policy_version');
});
it('Baseline resolver obeys since rule and falls back to meta evidence when content is too old', function () {
[, $tenant] = createUserWithTenant();
$policy = Policy::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'policy_type' => 'settingsCatalogPolicy',
'external_id' => 'policy-b',
'platform' => 'windows10',
]);
PolicyVersion::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'policy_id' => (int) $policy->getKey(),
'policy_type' => (string) $policy->policy_type,
'platform' => (string) $policy->platform,
'captured_at' => CarbonImmutable::parse('2026-03-01 10:00:00'),
'snapshot' => [
'settings' => [
['name' => 'settingB', 'value' => 2],
],
],
]);
$inventory = InventoryItem::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'policy_type' => (string) $policy->policy_type,
'external_id' => (string) $policy->external_id,
'meta_jsonb' => [
'odata_type' => '#microsoft.graph.deviceManagementConfigurationPolicy',
'etag' => 'W/"meta-etag-b"',
'scope_tag_ids' => [],
'assignment_target_count' => 1,
],
'last_seen_at' => CarbonImmutable::parse('2026-03-02 10:00:00'),
'last_seen_operation_run_id' => null,
]);
$expectedMetaHash = app(BaselineSnapshotIdentity::class)->hashItemContent(
policyType: (string) $inventory->policy_type,
subjectExternalId: (string) $inventory->external_id,
metaJsonb: is_array($inventory->meta_jsonb) ? $inventory->meta_jsonb : [],
);
$resolver = app(CurrentStateHashResolver::class);
$result = $resolver->resolveForSubjects(
tenant: $tenant,
subjects: [
['policy_type' => (string) $policy->policy_type, 'subject_external_id' => (string) $policy->external_id],
],
since: CarbonImmutable::parse('2026-03-02 00:00:00'),
latestInventorySyncRunId: null,
);
$evidence = $result[(string) $policy->policy_type.'|'.(string) $policy->external_id] ?? null;
expect($evidence)->not->toBeNull();
expect($evidence?->hash)->toBe($expectedMetaHash);
expect($evidence?->provenance()['fidelity'])->toBe('meta');
expect($evidence?->provenance()['source'])->toBe('inventory');
});
Reference in New Issue View Git Blame Copy Permalink