ahmido
c57f680f39
Implements Spec 098: workspace-level settings slices for Backup retention, Drift severity mapping, and Operations retention/threshold. Spec - specs/098-settings-slices-v1-backup-drift-ops/spec.md What changed - Workspace Settings page: grouped Backup/Drift/Operations sections, unset-input UX w/ helper text, per-setting reset actions (confirmed) - Settings registry: adds/updates validation + normalization (incl. drift severity mapping normalization to lowercase) - Backup retention: adds workspace default + floor clamp; job clamps effective keep-last up to floor - Drift findings: optional workspace severity mapping; adds `critical` severity support + badge mapping - Operations pruning: retention computed per workspace via settings; scheduler unchanged; stuck threshold is storage-only Safety / Compliance notes - Filament v5 / Livewire v4: no Livewire v3 usage; relies on existing Filament v5 + Livewire v4 stack - Provider registration unchanged (Laravel 11+/12 uses bootstrap/providers.php) - Destructive actions: per-setting reset uses Filament actions with confirmation - Global search: not affected (no resource changes) - Assets: no new assets registered; no `filament:assets` changes Tests - vendor/bin/sail artisan test --compact tests/Feature/SettingsFoundation/WorkspaceSettingsManageTest.php \ tests/Feature/SettingsFoundation/WorkspaceSettingsViewOnlyTest.php \ tests/Feature/BackupScheduling/BackupScheduleLifecycleTest.php \ tests/Feature/Drift/DriftPolicySnapshotDriftDetectionTest.php \ tests/Feature/Scheduling/PruneOldOperationRunsScheduleTest.php \ tests/Unit/Badges/FindingBadgesTest.php Formatting - vendor/bin/sail bin pint --dirty Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #120
141 lines
5.2 KiB
PHP
141 lines
5.2 KiB
PHP
<?php
|
|
|
|
use App\Models\Finding;
|
|
use App\Models\Policy;
|
|
use App\Models\PolicyVersion;
|
|
use App\Models\WorkspaceSetting;
|
|
use App\Services\Drift\DriftFindingGenerator;
|
|
|
|
test('uses medium severity for drift findings when no severity mapping exists', function () {
|
|
[, $tenant] = createUserWithTenant(role: 'manager');
|
|
|
|
$scopeKey = hash('sha256', 'scope-policy-snapshot-default-severity');
|
|
|
|
$baseline = createInventorySyncOperationRun($tenant, [
|
|
'selection_hash' => $scopeKey,
|
|
'selection_payload' => ['policy_types' => ['deviceConfiguration']],
|
|
'status' => 'success',
|
|
'finished_at' => now()->subDays(2),
|
|
]);
|
|
|
|
$current = createInventorySyncOperationRun($tenant, [
|
|
'selection_hash' => $scopeKey,
|
|
'selection_payload' => ['policy_types' => ['deviceConfiguration']],
|
|
'status' => 'success',
|
|
'finished_at' => now()->subDay(),
|
|
]);
|
|
|
|
$policy = Policy::factory()->for($tenant)->create([
|
|
'policy_type' => 'deviceConfiguration',
|
|
'platform' => 'windows10',
|
|
]);
|
|
|
|
PolicyVersion::factory()->for($tenant)->for($policy)->create([
|
|
'version_number' => 1,
|
|
'policy_type' => $policy->policy_type,
|
|
'platform' => $policy->platform,
|
|
'captured_at' => $baseline->finished_at->copy()->subMinute(),
|
|
'snapshot' => ['customSettingFoo' => 'Old value'],
|
|
'assignments' => [],
|
|
]);
|
|
|
|
PolicyVersion::factory()->for($tenant)->for($policy)->create([
|
|
'version_number' => 2,
|
|
'policy_type' => $policy->policy_type,
|
|
'platform' => $policy->platform,
|
|
'captured_at' => $current->finished_at->copy()->subMinute(),
|
|
'snapshot' => ['customSettingFoo' => 'New value'],
|
|
'assignments' => [],
|
|
]);
|
|
|
|
$generator = app(DriftFindingGenerator::class);
|
|
$created = $generator->generate($tenant, $baseline, $current, $scopeKey);
|
|
|
|
expect($created)->toBe(1);
|
|
|
|
$finding = Finding::query()
|
|
->where('tenant_id', $tenant->getKey())
|
|
->where('finding_type', Finding::FINDING_TYPE_DRIFT)
|
|
->where('scope_key', $scopeKey)
|
|
->where('subject_type', 'policy')
|
|
->first();
|
|
|
|
expect($finding)->not->toBeNull();
|
|
expect($finding->severity)->toBe(Finding::SEVERITY_MEDIUM);
|
|
expect($finding->subject_external_id)->toBe($policy->external_id);
|
|
expect($finding->evidence_jsonb)->toHaveKey('change_type', 'modified');
|
|
expect($finding->evidence_jsonb)
|
|
->toHaveKey('summary.changed_fields')
|
|
->and($finding->evidence_jsonb['summary']['changed_fields'])->toContain('snapshot_hash')
|
|
->and($finding->evidence_jsonb)->toHaveKey('baseline.snapshot_hash')
|
|
->and($finding->evidence_jsonb)->toHaveKey('current.snapshot_hash')
|
|
->and($finding->evidence_jsonb)->not->toHaveKey('baseline.assignments_hash')
|
|
->and($finding->evidence_jsonb)->not->toHaveKey('current.assignments_hash');
|
|
});
|
|
|
|
test('applies workspace drift severity mapping when configured', function () {
|
|
[$user, $tenant] = createUserWithTenant(role: 'manager');
|
|
|
|
WorkspaceSetting::query()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'domain' => 'drift',
|
|
'key' => 'severity_mapping',
|
|
'value' => ['drift' => 'critical'],
|
|
'updated_by_user_id' => (int) $user->getKey(),
|
|
]);
|
|
|
|
$scopeKey = hash('sha256', 'scope-policy-snapshot-mapped-severity');
|
|
|
|
$baseline = createInventorySyncOperationRun($tenant, [
|
|
'selection_hash' => $scopeKey,
|
|
'selection_payload' => ['policy_types' => ['deviceConfiguration']],
|
|
'status' => 'success',
|
|
'finished_at' => now()->subDays(2),
|
|
]);
|
|
|
|
$current = createInventorySyncOperationRun($tenant, [
|
|
'selection_hash' => $scopeKey,
|
|
'selection_payload' => ['policy_types' => ['deviceConfiguration']],
|
|
'status' => 'success',
|
|
'finished_at' => now()->subDay(),
|
|
]);
|
|
|
|
$policy = Policy::factory()->for($tenant)->create([
|
|
'policy_type' => 'deviceConfiguration',
|
|
'platform' => 'windows10',
|
|
]);
|
|
|
|
PolicyVersion::factory()->for($tenant)->for($policy)->create([
|
|
'version_number' => 1,
|
|
'policy_type' => $policy->policy_type,
|
|
'platform' => $policy->platform,
|
|
'captured_at' => $baseline->finished_at->copy()->subMinute(),
|
|
'snapshot' => ['customSettingFoo' => 'Old value'],
|
|
'assignments' => [],
|
|
]);
|
|
|
|
PolicyVersion::factory()->for($tenant)->for($policy)->create([
|
|
'version_number' => 2,
|
|
'policy_type' => $policy->policy_type,
|
|
'platform' => $policy->platform,
|
|
'captured_at' => $current->finished_at->copy()->subMinute(),
|
|
'snapshot' => ['customSettingFoo' => 'New value'],
|
|
'assignments' => [],
|
|
]);
|
|
|
|
$generator = app(DriftFindingGenerator::class);
|
|
$created = $generator->generate($tenant, $baseline, $current, $scopeKey);
|
|
|
|
expect($created)->toBe(1);
|
|
|
|
$finding = Finding::query()
|
|
->where('tenant_id', $tenant->getKey())
|
|
->where('finding_type', Finding::FINDING_TYPE_DRIFT)
|
|
->where('scope_key', $scopeKey)
|
|
->where('subject_type', 'policy')
|
|
->first();
|
|
|
|
expect($finding)->not->toBeNull();
|
|
expect($finding->severity)->toBe(Finding::SEVERITY_CRITICAL);
|
|
});
|