TenantAtlas/apps/platform/tests/Feature/TenantRBAC/RoleDefinitionsSyncNowTest.php

<?php

declare(strict_types=1);

use App\Models\ManagedEnvironment;
use App\Services\Providers\ProviderOperationStartResult;
use App\Services\Directory\RoleDefinitionsSyncService;
use App\Support\OperationRunLinks;
use App\Support\OperationRunType;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Bus;

uses(RefreshDatabase::class);

it('starts a role definitions sync with an immediate canonical view link', function (): void {
    Bus::fake();

    /** @var ManagedEnvironment $tenant */
    $tenant = ManagedEnvironment::factory()->create([
        'app_client_id' => 'client-123',
        'app_client_secret' => 'secret',
        'status' => 'active',
    ]);

    [$user, $tenant] = createUserWithTenant(
        tenant: $tenant,
        role: 'owner',
        fixtureProfile: 'credential-enabled',
    );

    $service = app(RoleDefinitionsSyncService::class);

    $result = $service->startManualSync($tenant, $user);

    expect($result)->toBeInstanceOf(ProviderOperationStartResult::class);
    expect($result->status)->toBe('started');

    $run = $result->run;

    expect($run->type)->toBe(OperationRunType::DirectoryRoleDefinitionsSync->value);
    expect($run->context['provider_connection_id'] ?? null)->toBeInt();

    $url = OperationRunLinks::tenantlessView($run);
    expect($url)->toContain('/admin/operations/');

    Bus::assertDispatched(
        App\Jobs\SyncRoleDefinitionsJob::class,
        fn (App\Jobs\SyncRoleDefinitionsJob $job): bool => $job->tenantId === (int) $tenant->getKey()
            && $job->providerConnectionId === ($run->context['provider_connection_id'] ?? null)
            && $job->operationRun?->is($run)
    );
});