ahmido
1655cc481e
## Summary - migrate provider connections to the canonical three-dimension state model: lifecycle via `is_enabled`, consent via `consent_status`, and verification via `verification_status` - remove legacy provider status and health badge paths, update admin and system directory surfaces, and align onboarding, consent callback, verification, resolver, and mutation flows with the new model - add the Spec 188 artifact set, schema migrations, guard coverage, and expanded provider-state tests across admin, system, onboarding, verification, and rendering paths ## Verification - `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Auth/SystemPanelAuthTest.php tests/Feature/Filament/TenantGlobalSearchLifecycleScopeTest.php tests/Feature/ProviderConnections/ProviderConnectionEnableDisableTest.php tests/Feature/ProviderConnections/ProviderConnectionTruthCleanupSpec179Test.php` - integrated browser smoke: validated admin provider list/detail/edit, tenant provider summary, system directory tenant detail, provider-connection search exclusion, and cleaned up the temporary smoke record afterward ## Filament / implementation notes - Livewire v4.0+ compliance: preserved; this change targets Filament v5 on Livewire v4 and does not introduce older APIs - Provider registration location: unchanged; Laravel 11+ panel providers remain registered in `bootstrap/providers.php` - Globally searchable resources: `ProviderConnectionResource` remains intentionally excluded from global search; tenant global search remains enabled and continues to resolve to view pages - Destructive actions: no new destructive action surface was introduced without confirmation or authorization; existing capability checks continue to gate provider mutations - Asset strategy: unchanged; no new Filament assets were added, so deploy behavior for `php artisan filament:assets` remains unchanged - Testing plan covered: system auth, tenant global search, provider lifecycle enable/disable behavior, and provider truth cleanup cutover behavior Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #219
162 lines
5.5 KiB
PHP
162 lines
5.5 KiB
PHP
<?php
|
|
|
|
use App\Filament\Resources\ProviderConnectionResource\Pages\ListProviderConnections;
|
|
use App\Jobs\ProviderComplianceSnapshotJob;
|
|
use App\Jobs\ProviderInventorySyncJob;
|
|
use App\Models\OperationRun;
|
|
use App\Models\ProviderConnection;
|
|
use App\Services\Graph\GraphClientInterface;
|
|
use App\Support\OperationRunLinks;
|
|
use Filament\Facades\Filament;
|
|
use Illuminate\Support\Facades\Queue;
|
|
use Livewire\Livewire;
|
|
|
|
it('dedupes inventory sync runs and does not call Graph during start', function (): void {
|
|
Queue::fake();
|
|
|
|
$this->mock(GraphClientInterface::class, function ($mock): void {
|
|
$mock->shouldReceive('listPolicies')->never();
|
|
$mock->shouldReceive('getPolicy')->never();
|
|
$mock->shouldReceive('getOrganization')->never();
|
|
$mock->shouldReceive('applyPolicy')->never();
|
|
$mock->shouldReceive('getServicePrincipalPermissions')->never();
|
|
$mock->shouldReceive('request')->never();
|
|
});
|
|
|
|
[$user, $tenant] = createUserWithTenant(role: 'operator');
|
|
$this->actingAs($user);
|
|
|
|
$tenant->makeCurrent();
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$connection = ProviderConnection::factory()->platform()->consentGranted()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'provider' => 'microsoft',
|
|
'entra_tenant_id' => fake()->uuid(),
|
|
'consent_status' => 'granted',
|
|
]);
|
|
|
|
$component = Livewire::test(ListProviderConnections::class);
|
|
$component->callTableAction('inventory_sync', $connection);
|
|
$component->callTableAction('inventory_sync', $connection);
|
|
|
|
$opRun = OperationRun::query()
|
|
->where('tenant_id', $tenant->getKey())
|
|
->where('type', 'inventory_sync')
|
|
->latest('id')
|
|
->first();
|
|
|
|
expect($opRun)->not->toBeNull();
|
|
expect($opRun?->context)->toMatchArray([
|
|
'provider' => 'microsoft',
|
|
'module' => 'inventory',
|
|
'provider_connection_id' => (int) $connection->getKey(),
|
|
'target_scope' => [
|
|
'entra_tenant_id' => $connection->entra_tenant_id,
|
|
],
|
|
]);
|
|
|
|
expect(OperationRun::query()
|
|
->where('tenant_id', $tenant->getKey())
|
|
->where('type', 'inventory_sync')
|
|
->count())->toBe(1);
|
|
|
|
Queue::assertPushed(ProviderInventorySyncJob::class, 1);
|
|
});
|
|
|
|
it('dedupes compliance snapshot runs and does not call Graph during start', function (): void {
|
|
Queue::fake();
|
|
|
|
$this->mock(GraphClientInterface::class, function ($mock): void {
|
|
$mock->shouldReceive('listPolicies')->never();
|
|
$mock->shouldReceive('getPolicy')->never();
|
|
$mock->shouldReceive('getOrganization')->never();
|
|
$mock->shouldReceive('applyPolicy')->never();
|
|
$mock->shouldReceive('getServicePrincipalPermissions')->never();
|
|
$mock->shouldReceive('request')->never();
|
|
});
|
|
|
|
[$user, $tenant] = createUserWithTenant(role: 'operator');
|
|
$this->actingAs($user);
|
|
|
|
$tenant->makeCurrent();
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$connection = ProviderConnection::factory()->platform()->consentGranted()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'provider' => 'microsoft',
|
|
'entra_tenant_id' => fake()->uuid(),
|
|
'consent_status' => 'granted',
|
|
]);
|
|
|
|
$component = Livewire::test(ListProviderConnections::class);
|
|
$component->callTableAction('compliance_snapshot', $connection);
|
|
$component->callTableAction('compliance_snapshot', $connection);
|
|
|
|
$opRun = OperationRun::query()
|
|
->where('tenant_id', $tenant->getKey())
|
|
->where('type', 'compliance.snapshot')
|
|
->latest('id')
|
|
->first();
|
|
|
|
expect($opRun)->not->toBeNull();
|
|
expect($opRun?->context)->toMatchArray([
|
|
'provider' => 'microsoft',
|
|
'module' => 'compliance',
|
|
'provider_connection_id' => (int) $connection->getKey(),
|
|
'target_scope' => [
|
|
'entra_tenant_id' => $connection->entra_tenant_id,
|
|
],
|
|
]);
|
|
|
|
expect(OperationRun::query()
|
|
->where('tenant_id', $tenant->getKey())
|
|
->where('type', 'compliance.snapshot')
|
|
->count())->toBe(1);
|
|
|
|
Queue::assertPushed(ProviderComplianceSnapshotJob::class, 1);
|
|
});
|
|
|
|
it('blocks different provider operations for the same scope as scope busy', function (): void {
|
|
Queue::fake();
|
|
|
|
[$user, $tenant] = createUserWithTenant(role: 'operator');
|
|
$this->actingAs($user);
|
|
|
|
$tenant->makeCurrent();
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$connection = ProviderConnection::factory()->platform()->consentGranted()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'provider' => 'microsoft',
|
|
'entra_tenant_id' => fake()->uuid(),
|
|
'consent_status' => 'granted',
|
|
]);
|
|
|
|
$component = Livewire::test(ListProviderConnections::class);
|
|
|
|
$component->callTableAction('inventory_sync', $connection);
|
|
$component->callTableAction('compliance_snapshot', $connection);
|
|
|
|
$inventoryRun = OperationRun::query()
|
|
->where('tenant_id', $tenant->getKey())
|
|
->where('type', 'inventory_sync')
|
|
->latest('id')
|
|
->first();
|
|
|
|
expect($inventoryRun)->not->toBeNull();
|
|
|
|
expect(OperationRun::query()
|
|
->where('tenant_id', $tenant->getKey())
|
|
->where('type', 'compliance.snapshot')
|
|
->count())->toBe(0);
|
|
|
|
Queue::assertPushed(ProviderInventorySyncJob::class, 1);
|
|
Queue::assertPushed(ProviderComplianceSnapshotJob::class, 0);
|
|
|
|
$notifications = session('filament.notifications', []);
|
|
expect($notifications)->not->toBeEmpty();
|
|
expect(collect($notifications)->last()['actions'][0]['url'] ?? null)
|
|
->toBe(OperationRunLinks::view($inventoryRun, $tenant));
|
|
});
|