ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
2752515da5
TenantAtlas/apps/platform/tests/Feature/Monitoring/AuditCoverageGovernanceTest.php
ahmido 2752515da5
Some checks failed
Main Confidence / confidence (push) Failing after 54s
Details
Spec 235: harden baseline truth and onboarding flows (#271) 
## Summary
- harden baseline capture truth, compare readiness, and monitoring explanations around latest inventory eligibility, blocked prerequisites, and zero-subject outcomes
- improve onboarding verification and bootstrap recovery handling, including admin-consent callback invalidation and queued execution legitimacy/report behavior
- align workspace findings/workspace overview signals and refresh the related spec, roadmap, and spec-candidate artifacts

## Validation
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/BaselineDriftEngine/BaselineCaptureAuditEventsTest.php tests/Feature/BaselineDriftEngine/BaselineSnapshotNoTenantIdentifiersTest.php tests/Feature/BaselineDriftEngine/CaptureBaselineContentTest.php tests/Feature/BaselineDriftEngine/CaptureBaselineFullContentOnDemandTest.php tests/Feature/BaselineDriftEngine/CaptureBaselineMetaFallbackTest.php tests/Feature/Baselines/BaselineCaptureTest.php tests/Feature/Baselines/BaselineCompareFindingsTest.php tests/Feature/Baselines/BaselineSnapshotBackfillTest.php tests/Feature/Filament/BaselineCaptureResultExplanationSurfaceTest.php tests/Feature/Filament/BaselineCompareLandingStartSurfaceTest.php tests/Feature/Filament/BaselineProfileCaptureStartSurfaceTest.php tests/Feature/Filament/OperationRunBaselineTruthSurfaceTest.php tests/Feature/Monitoring/AuditCoverageGovernanceTest.php tests/Feature/Monitoring/GovernanceOperationRunSummariesTest.php tests/Feature/Notifications/OperationRunNotificationTest.php tests/Feature/Authorization/OperatorExplanationSurfaceAuthorizationTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/AdminConsentCallbackTest.php tests/Feature/Filament/WorkspaceOverviewDbOnlyTest.php tests/Feature/Guards/Spec194GovernanceActionSemanticsGuardTest.php tests/Feature/ManagedTenantOnboardingWizardTest.php tests/Feature/Onboarding/OnboardingVerificationTest.php tests/Feature/Operations/QueuedExecutionAuditTrailTest.php tests/Unit/Operations/QueuedExecutionLegitimacyGateTest.php`

## Notes
- browser validation was not re-run in this pass

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #271
2026-04-24 05:44:54 +00:00

138 lines
5.5 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Jobs\CaptureBaselineSnapshotJob;
use App\Models\AuditLog;
use App\Models\BaselineProfile;
use App\Models\InventoryItem;
use App\Services\Baselines\BaselineSnapshotIdentity;
use App\Services\Baselines\InventoryMetaContract;
use App\Services\Intune\AuditLogger;
use App\Services\OperationRunService;
use App\Support\Audit\AuditActorType;
use App\Support\Audit\AuditOutcome;
use App\Support\Baselines\BaselineCaptureMode;
use App\Support\Baselines\BaselineReasonCodes;
it('derives summary-first audit semantics for baseline capture workflow events', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$profile = BaselineProfile::factory()->active()->create([
'workspace_id' => (int) $tenant->workspace_id,
'capture_mode' => BaselineCaptureMode::Opportunistic->value,
'scope_jsonb' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
]);
InventoryItem::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'external_id' => 'audit-policy-a',
'policy_type' => 'deviceConfiguration',
'display_name' => 'Audit policy A',
'meta_jsonb' => ['odata_type' => '#microsoft.graph.deviceConfiguration', 'etag' => 'E_AUDIT'],
]);
$operationRunService = app(OperationRunService::class);
$run = $operationRunService->ensureRunWithIdentity(
tenant: $tenant,
type: 'baseline_capture',
identityInputs: ['baseline_profile_id' => (int) $profile->getKey()],
context: [
'baseline_profile_id' => (int) $profile->getKey(),
'source_tenant_id' => (int) $tenant->getKey(),
'effective_scope' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
],
initiator: $user,
);
(new CaptureBaselineSnapshotJob($run))->handle(
app(BaselineSnapshotIdentity::class),
app(InventoryMetaContract::class),
app(AuditLogger::class),
$operationRunService,
);
$started = AuditLog::query()
->where('tenant_id', (int) $tenant->getKey())
->where('action', 'baseline.capture.started')
->latest('id')
->first();
$completed = AuditLog::query()
->where('tenant_id', (int) $tenant->getKey())
->where('action', 'baseline.capture.completed')
->latest('id')
->first();
expect($started)->not->toBeNull();
expect($completed)->not->toBeNull();
expect($started?->summaryText())->toContain('Baseline capture started')
->and($started?->normalizedOutcome())->toBe(AuditOutcome::Success)
->and($started?->actorSnapshot()->type)->toBe(AuditActorType::Human)
->and($started?->targetDisplayLabel())->toBe($profile->name)
->and((int) $started?->operation_run_id)->toBe((int) $run->getKey());
expect($completed?->summaryText())->toContain('Baseline capture completed')
->and($completed?->normalizedOutcome())->toBe(AuditOutcome::Success)
->and($completed?->actorSnapshot()->type)->toBe(AuditActorType::Human)
->and($completed?->targetDisplayLabel())->not->toBeNull()
->and((int) $completed?->operation_run_id)->toBe((int) $run->getKey());
});
it('records no-data baseline capture audit metadata without claiming baseline truth changed', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$profile = BaselineProfile::factory()->active()->create([
'workspace_id' => (int) $tenant->workspace_id,
'capture_mode' => BaselineCaptureMode::Opportunistic->value,
'scope_jsonb' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
]);
$inventorySyncRun = createInventorySyncOperationRunWithCoverage($tenant, [
'deviceConfiguration' => 'succeeded',
]);
$operationRunService = app(OperationRunService::class);
$run = $operationRunService->ensureRunWithIdentity(
tenant: $tenant,
type: 'baseline_capture',
identityInputs: ['baseline_profile_id' => (int) $profile->getKey()],
context: [
'baseline_profile_id' => (int) $profile->getKey(),
'source_tenant_id' => (int) $tenant->getKey(),
'effective_scope' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
'baseline_capture' => [
'inventory_sync_run_id' => (int) $inventorySyncRun->getKey(),
'eligibility' => [
'phase' => 'preflight',
'ok' => true,
'inventory_sync_run_id' => (int) $inventorySyncRun->getKey(),
'covered_types' => ['deviceConfiguration'],
'uncovered_types' => [],
],
],
],
initiator: $user,
);
(new CaptureBaselineSnapshotJob($run))->handle(
app(BaselineSnapshotIdentity::class),
app(InventoryMetaContract::class),
app(AuditLogger::class),
$operationRunService,
);
$completed = AuditLog::query()
->where('tenant_id', (int) $tenant->getKey())
->where('action', 'baseline.capture.completed')
->latest('id')
->first();
expect($completed)->not->toBeNull();
expect(data_get($completed?->metadata, 'reason_code'))->toBe(BaselineReasonCodes::CAPTURE_ZERO_SUBJECTS);
expect(data_get($completed?->metadata, 'current_baseline_changed'))->toBeFalse();
expect(data_get($completed?->metadata, 'snapshot_id'))->not->toBeNull();
});
Reference in New Issue View Git Blame Copy Permalink