ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
358-operationrun-queue-truth-foundation
TenantAtlas/apps/platform/tests/Feature/Drift/DriftFindingDiffUnavailableTest.php
ahmido 8cffdbdb2c feat: governance inbox final operator workflow (spec 346) (#418) 
Implemented the final operator workflow for the Governance Inbox. This includes refactoring the inbox page, updating finding resources, adding UI enforcement policies, updating related blade views, and adding comprehensive tests for operator workflow and scope contracts.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #418
2026-06-02 14:58:39 +00:00

279 lines
10 KiB
PHP
Raw Permalink Blame History

<?php
use App\Filament\Resources\FindingResource;
use App\Models\Finding;
use App\Models\Policy;
use App\Models\PolicyVersion;
use App\Support\Workspaces\WorkspaceContext;
it('shows an explicit diff unavailable message when policy version references are missing', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$finding = Finding::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'finding_type' => Finding::FINDING_TYPE_DRIFT,
'source' => 'baseline.compare',
'subject_type' => 'policy',
'subject_external_id' => 'policy-alpha-uuid',
'evidence_fidelity' => 'meta',
'evidence_jsonb' => [
'change_type' => 'different_version',
'policy_type' => 'deviceConfiguration',
'subject_key' => 'policy alpha',
'summary' => [
'kind' => 'policy_snapshot',
],
'baseline' => [
'policy_version_id' => null,
],
'current' => [
'policy_version_id' => null,
],
'fidelity' => 'meta',
'provenance' => [
'baseline_profile_id' => 1,
'baseline_snapshot_id' => 1,
'compare_operation_run_id' => 1,
'inventory_sync_run_id' => null,
],
],
]);
$response = $this->actingAs($user)
->withSession([
WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id,
WorkspaceContext::LAST_ENVIRONMENT_IDS_SESSION_KEY => [
(string) $tenant->workspace_id => (int) $tenant->getKey(),
],
])
->get(FindingResource::getUrl('view', ['record' => $finding], panel: 'admin', tenant: $tenant))
->assertOk()
->assertSee('Diff unavailable')
->assertDontSee('No normalized changes were found');
expect($response->getContent())
->toContain('data-shared-detail-family="normalized-diff"')
->toContain('data-shared-normalized-diff-host="finding"')
->toContain('data-shared-normalized-diff-state="unavailable"');
});
it('does not render an empty diff section when drift evidence has no supported diff surface', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$finding = Finding::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'finding_type' => Finding::FINDING_TYPE_DRIFT,
'source' => 'baseline.compare',
'subject_type' => 'policy',
'subject_external_id' => 'demo-finding-without-diff-surface',
'evidence_fidelity' => 'meta',
'evidence_jsonb' => [
'demo_fixture' => 'spec342-findings',
],
]);
$response = $this->actingAs($user)
->withSession([
WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id,
WorkspaceContext::LAST_ENVIRONMENT_IDS_SESSION_KEY => [
(string) $tenant->workspace_id => (int) $tenant->getKey(),
],
])
->get(FindingResource::getUrl('view', ['record' => $finding], panel: 'admin', tenant: $tenant))
->assertOk()
->assertSee('Evidence (Sanitized)');
expect($response->getContent())
->not->toContain('id="infolist.diff::section"')
->not->toContain('data-shared-detail-family="normalized-diff"');
});
it('shows an explicit scope tag diff unavailable message when policy version references are missing', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$finding = Finding::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'finding_type' => Finding::FINDING_TYPE_DRIFT,
'source' => 'baseline.compare',
'subject_type' => 'policy',
'subject_external_id' => 'policy-scope-tag-drift',
'evidence_fidelity' => 'meta',
'evidence_jsonb' => [
'change_type' => 'different_version',
'policy_type' => 'deviceConfiguration',
'subject_key' => 'policy scope tag drift',
'summary' => [
'kind' => 'policy_scope_tags',
],
'baseline' => [
'policy_version_id' => null,
],
'current' => [
'policy_version_id' => null,
],
'fidelity' => 'meta',
],
]);
$response = $this->actingAs($user)
->withSession([
WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id,
WorkspaceContext::LAST_ENVIRONMENT_IDS_SESSION_KEY => [
(string) $tenant->workspace_id => (int) $tenant->getKey(),
],
])
->get(FindingResource::getUrl('view', ['record' => $finding], panel: 'admin', tenant: $tenant))
->assertOk()
->assertSee('Diff unavailable')
->assertSee('Scope tags diff');
expect($response->getContent())
->toContain('id="infolist.diff::section"');
});
it('renders a diff against an empty baseline for unexpected_policy findings with a current policy version reference', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$policy = Policy::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'external_id' => 'policy-unexpected-uuid',
'policy_type' => 'deviceCompliancePolicy',
'platform' => 'windows',
'display_name' => 'Bitlocker Require',
]);
$currentVersion = PolicyVersion::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'policy_id' => (int) $policy->getKey(),
'policy_type' => 'deviceCompliancePolicy',
'platform' => 'windows',
'snapshot' => [
'@odata.type' => '#microsoft.graph.windows10CompliancePolicy',
'passwordRequired' => true,
],
'assignments' => [],
'scope_tags' => [],
]);
$finding = Finding::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'finding_type' => Finding::FINDING_TYPE_DRIFT,
'source' => 'baseline.compare',
'subject_type' => 'policy',
'subject_external_id' => 'policy-unexpected-uuid',
'evidence_fidelity' => 'mixed',
'evidence_jsonb' => [
'change_type' => 'unexpected_policy',
'policy_type' => 'deviceCompliancePolicy',
'subject_key' => 'bitlocker require',
'summary' => [
'kind' => 'policy_snapshot',
],
'baseline' => [
'policy_version_id' => null,
],
'current' => [
'policy_version_id' => (int) $currentVersion->getKey(),
],
'fidelity' => 'mixed',
'provenance' => [
'baseline_profile_id' => 1,
'baseline_snapshot_id' => 1,
'compare_operation_run_id' => 1,
'inventory_sync_run_id' => null,
],
],
]);
$response = $this->actingAs($user)
->withSession([
WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id,
WorkspaceContext::LAST_ENVIRONMENT_IDS_SESSION_KEY => [
(string) $tenant->workspace_id => (int) $tenant->getKey(),
],
])
->get(FindingResource::getUrl('view', ['record' => $finding], panel: 'admin', tenant: $tenant))
->assertOk()
->assertDontSee('Diff unavailable')
->assertSee('1 added')
->assertSee('Password required');
expect($response->getContent())
->toContain('data-shared-detail-family="normalized-diff"')
->toContain('data-shared-normalized-diff-host="finding"')
->toContain('data-shared-normalized-diff-state="available"');
});
it('renders a diff against an empty current side for missing_policy findings with a baseline policy version reference', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$policy = Policy::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'external_id' => 'policy-missing-uuid',
'policy_type' => 'deviceCompliancePolicy',
'platform' => 'windows',
'display_name' => 'Bitlocker Require',
]);
$baselineVersion = PolicyVersion::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'policy_id' => (int) $policy->getKey(),
'policy_type' => 'deviceCompliancePolicy',
'platform' => 'windows',
'snapshot' => [
'@odata.type' => '#microsoft.graph.windows10CompliancePolicy',
'passwordRequired' => true,
],
'assignments' => [],
'scope_tags' => [],
]);
$finding = Finding::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'finding_type' => Finding::FINDING_TYPE_DRIFT,
'source' => 'baseline.compare',
'subject_type' => 'policy',
'subject_external_id' => 'policy-missing-uuid',
'evidence_fidelity' => 'mixed',
'evidence_jsonb' => [
'change_type' => 'missing_policy',
'policy_type' => 'deviceCompliancePolicy',
'subject_key' => 'bitlocker require',
'summary' => [
'kind' => 'policy_snapshot',
],
'baseline' => [
'policy_version_id' => (int) $baselineVersion->getKey(),
],
'current' => [
'policy_version_id' => null,
],
'fidelity' => 'mixed',
'provenance' => [
'baseline_profile_id' => 1,
'baseline_snapshot_id' => 1,
'compare_operation_run_id' => 1,
'inventory_sync_run_id' => null,
],
],
]);
$response = $this->actingAs($user)
->withSession([
WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id,
WorkspaceContext::LAST_ENVIRONMENT_IDS_SESSION_KEY => [
(string) $tenant->workspace_id => (int) $tenant->getKey(),
],
])
->get(FindingResource::getUrl('view', ['record' => $finding], panel: 'admin', tenant: $tenant))
->assertOk()
->assertDontSee('Diff unavailable')
->assertSee('1 removed')
->assertSee('Password required');
expect($response->getContent())
->toContain('data-shared-detail-family="normalized-diff"')
->toContain('data-shared-normalized-diff-host="finding"')
->toContain('data-shared-normalized-diff-state="available"');
});
Reference in New Issue View Git Blame Copy Permalink