ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
079a7dcaf3
TenantAtlas/apps/platform/tests/Unit/Governance/CanonicalControlCatalogTest.php
ahmido 6a5b8a3a11
Some checks failed
Main Confidence / confidence (push) Failing after 50s
Details
feat: canonical control catalog foundation (#272) 
## Summary
- add a config-seeded canonical control catalog plus shared resolution primitives and Microsoft subject bindings
- propagate canonical control references into findings-derived evidence snapshots and tenant review composition
- add the feature spec artifacts and focused Pest coverage, plus the supporting workspace and Sail helper adjustments included in this branch

## Testing
- cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Governance/CanonicalControlCatalogTest.php tests/Unit/Governance/CanonicalControlResolverTest.php tests/Feature/Governance/CanonicalControlResolutionIntegrationTest.php tests/Feature/Evidence/EvidenceSnapshotCanonicalControlReferenceTest.php tests/Feature/TenantReview/TenantReviewCanonicalControlReferenceTest.php tests/Feature/PlatformRelocation/CommandModelSmokeTest.php
- cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #272
2026-04-24 12:26:02 +00:00

75 lines
3.4 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Support\Governance\Controls\CanonicalControlCatalog;
use App\Support\Governance\Controls\DetectabilityClass;
use App\Support\Governance\Controls\EvaluationStrategy;
it('loads stable provider-neutral seed definitions with complete metadata', function (): void {
$catalog = app(CanonicalControlCatalog::class);
expect($catalog->all())->toHaveCount(7);
foreach ($catalog->all() as $definition) {
expect($definition->controlKey)->toMatch('/^[a-z][a-z0-9_]*$/')
->and($definition->name)->not->toBeEmpty()
->and($definition->domainKey)->not->toContain('microsoft')
->and($definition->domainKey)->not->toContain('intune')
->and($definition->subdomainKey)->not->toBeEmpty()
->and($definition->controlClass)->not->toBeEmpty()
->and($definition->summary)->not->toBeEmpty()
->and($definition->operatorDescription)->not->toBeEmpty()
->and($definition->detectabilityClass)->toBeInstanceOf(DetectabilityClass::class)
->and($definition->evaluationStrategy)->toBeInstanceOf(EvaluationStrategy::class)
->and($definition->evidenceArchetypes)->not->toBeEmpty()
->and(array_keys($definition->artifactSuitability->toArray()))->toBe([
'baseline',
'drift',
'finding',
'exception',
'evidence',
'review',
'report',
])
->and($definition->historicalStatus)->toBeIn(['active', 'retired']);
}
});
it('seeds the first-slice high-value control families', function (): void {
$keys = array_map(
static fn ($definition): string => $definition->controlKey,
app(CanonicalControlCatalog::class)->all(),
);
expect($keys)->toEqualCanonicalizing([
'audit_log_retention',
'conditional_access_enforcement',
'delegated_admin_boundaries',
'endpoint_hardening_compliance',
'external_sharing_boundaries',
'privileged_access_governance',
'strong_authentication',
]);
});
it('keeps Microsoft bindings secondary to the definition payload', function (): void {
$catalog = app(CanonicalControlCatalog::class);
$definition = $catalog->find('endpoint_hardening_compliance');
expect($definition?->toArray())->not->toHaveKey('microsoft_bindings')
->and($catalog->microsoftBindingsForControl('endpoint_hardening_compliance'))->not->toBeEmpty()
->and($catalog->microsoftBindingsForControl('endpoint_hardening_compliance')[0]->toArray()['provider'])->toBe('microsoft');
});
it('preserves honest detectability, evaluation, and suitability distinctions', function (): void {
$catalog = app(CanonicalControlCatalog::class);
expect($catalog->find('endpoint_hardening_compliance')?->detectabilityClass)->toBe(DetectabilityClass::DirectTechnical)
->and($catalog->find('endpoint_hardening_compliance')?->evaluationStrategy)->toBe(EvaluationStrategy::StateEvaluated)
->and($catalog->find('audit_log_retention')?->detectabilityClass)->toBe(DetectabilityClass::ExternalEvidenceOnly)
->and($catalog->find('audit_log_retention')?->evaluationStrategy)->toBe(EvaluationStrategy::ExternallyAttested)
->and($catalog->find('audit_log_retention')?->artifactSuitability->baseline)->toBeFalse()
->and($catalog->find('audit_log_retention')?->artifactSuitability->review)->toBeTrue();
});
Reference in New Issue View Git Blame Copy Permalink