ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
2f45ff5a84
TenantAtlas/apps/platform/tests/Feature/ProviderConnections/ProviderConnectionEnableDisableTest.php
ahmido 1655cc481e Spec 188: canonical provider connection state cleanup (#219) 
## Summary
- migrate provider connections to the canonical three-dimension state model: lifecycle via `is_enabled`, consent via `consent_status`, and verification via `verification_status`
- remove legacy provider status and health badge paths, update admin and system directory surfaces, and align onboarding, consent callback, verification, resolver, and mutation flows with the new model
- add the Spec 188 artifact set, schema migrations, guard coverage, and expanded provider-state tests across admin, system, onboarding, verification, and rendering paths

## Verification
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Auth/SystemPanelAuthTest.php tests/Feature/Filament/TenantGlobalSearchLifecycleScopeTest.php tests/Feature/ProviderConnections/ProviderConnectionEnableDisableTest.php tests/Feature/ProviderConnections/ProviderConnectionTruthCleanupSpec179Test.php`
- integrated browser smoke: validated admin provider list/detail/edit, tenant provider summary, system directory tenant detail, provider-connection search exclusion, and cleaned up the temporary smoke record afterward

## Filament / implementation notes
- Livewire v4.0+ compliance: preserved; this change targets Filament v5 on Livewire v4 and does not introduce older APIs
- Provider registration location: unchanged; Laravel 11+ panel providers remain registered in `bootstrap/providers.php`
- Globally searchable resources: `ProviderConnectionResource` remains intentionally excluded from global search; tenant global search remains enabled and continues to resolve to view pages
- Destructive actions: no new destructive action surface was introduced without confirmation or authorization; existing capability checks continue to gate provider mutations
- Asset strategy: unchanged; no new Filament assets were added, so deploy behavior for `php artisan filament:assets` remains unchanged
- Testing plan covered: system auth, tenant global search, provider lifecycle enable/disable behavior, and provider truth cleanup cutover behavior

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #219
2026-04-10 11:22:56 +00:00

168 lines
6.6 KiB
PHP
Raw Blame History

<?php
use App\Models\AuditLog;
use App\Filament\Resources\ProviderConnectionResource;
use App\Filament\Resources\ProviderConnectionResource\Pages\EditProviderConnection;
use App\Models\OperationRun;
use App\Models\ProviderConnection;
use App\Models\ProviderCredential;
use App\Support\Providers\ProviderConsentStatus;
use App\Support\Providers\ProviderReasonCodes;
use App\Support\Providers\ProviderVerificationStatus;
use Filament\Facades\Filament;
use Livewire\Livewire;
it('enables a disabled connection and records verification as blocked when credentials are missing', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$this->actingAs($user);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
$connection = ProviderConnection::factory()->create([
'tenant_id' => $tenant->getKey(),
'provider' => 'microsoft',
'entra_tenant_id' => fake()->uuid(),
'is_enabled' => false,
'consent_status' => ProviderConsentStatus::Granted->value,
'verification_status' => ProviderVerificationStatus::Error->value,
'last_health_check_at' => now(),
'last_error_reason_code' => 'provider_auth_failed',
'last_error_message' => 'Some failure',
]);
Livewire::test(EditProviderConnection::class, ['record' => $connection->getRouteKey()])
->callAction('enable_connection');
$connection->refresh();
$audit = AuditLog::query()
->where('tenant_id', (int) $tenant->getKey())
->where('action', 'provider_connection.enabled')
->latest('id')
->first();
expect($connection->is_enabled)->toBeTrue()
->and($connection->consent_status)->toBe(ProviderConsentStatus::Granted)
->and($connection->verification_status)->toBe(ProviderVerificationStatus::Blocked)
->and($connection->last_health_check_at)->toBeNull()
->and($connection->last_error_reason_code)->toBe(ProviderReasonCodes::ProviderCredentialMissing)
->and($connection->last_error_message)->toBe('Provider connection credentials are missing.');
expect($audit)->not->toBeNull()
->and($audit?->metadata['from_lifecycle'] ?? null)->toBe('disabled')
->and($audit?->metadata['to_lifecycle'] ?? null)->toBe('enabled')
->and($audit?->metadata['verification_status'] ?? null)->toBe(ProviderVerificationStatus::Blocked->value)
->and($audit?->metadata['credentials_present'] ?? null)->toBeFalse();
});
it('enables a disabled connection and resets verification when credentials are present', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$this->actingAs($user);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
$connection = ProviderConnection::factory()->create([
'tenant_id' => $tenant->getKey(),
'provider' => 'microsoft',
'entra_tenant_id' => fake()->uuid(),
'is_enabled' => false,
'consent_status' => ProviderConsentStatus::Granted->value,
'verification_status' => ProviderVerificationStatus::Error->value,
]);
ProviderCredential::factory()->create([
'provider_connection_id' => $connection->getKey(),
'payload' => [
'client_id' => 'client-id',
'client_secret' => 'client-secret',
],
]);
Livewire::test(EditProviderConnection::class, ['record' => $connection->getRouteKey()])
->callAction('enable_connection');
$connection->refresh();
$audit = AuditLog::query()
->where('tenant_id', (int) $tenant->getKey())
->where('action', 'provider_connection.enabled')
->latest('id')
->first();
expect($connection->is_enabled)->toBeTrue()
->and($connection->consent_status)->toBe(ProviderConsentStatus::Granted)
->and($connection->verification_status)->toBe(ProviderVerificationStatus::Unknown);
expect($audit)->not->toBeNull()
->and($audit?->metadata['from_lifecycle'] ?? null)->toBe('disabled')
->and($audit?->metadata['to_lifecycle'] ?? null)->toBe('enabled')
->and($audit?->metadata['verification_status'] ?? null)->toBe(ProviderVerificationStatus::Unknown->value)
->and($audit?->metadata['credentials_present'] ?? null)->toBeTrue();
});
it('disables an enabled connection without changing consent or verification truth', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$this->actingAs($user);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
$connection = ProviderConnection::factory()->create([
'tenant_id' => $tenant->getKey(),
'provider' => 'microsoft',
'entra_tenant_id' => fake()->uuid(),
'is_enabled' => true,
'consent_status' => ProviderConsentStatus::Granted->value,
'verification_status' => ProviderVerificationStatus::Healthy->value,
]);
Livewire::test(EditProviderConnection::class, ['record' => $connection->getRouteKey()])
->callAction('disable_connection');
$connection->refresh();
$audit = AuditLog::query()
->where('tenant_id', (int) $tenant->getKey())
->where('action', 'provider_connection.disabled')
->latest('id')
->first();
expect($connection->is_enabled)->toBeFalse()
->and($connection->consent_status)->toBe(ProviderConsentStatus::Granted)
->and($connection->verification_status)->toBe(ProviderVerificationStatus::Healthy);
expect($audit)->not->toBeNull()
->and($audit?->metadata['from_lifecycle'] ?? null)->toBe('enabled')
->and($audit?->metadata['to_lifecycle'] ?? null)->toBe('disabled');
});
it('shows a link to the last connection check run when present', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$connection = ProviderConnection::factory()->create([
'tenant_id' => $tenant->getKey(),
'provider' => 'microsoft',
'entra_tenant_id' => fake()->uuid(),
]);
$run = OperationRun::factory()->create([
'tenant_id' => $tenant->getKey(),
'user_id' => $user->getKey(),
'initiator_name' => $user->name,
'type' => 'provider.connection.check',
'status' => 'completed',
'outcome' => 'succeeded',
'context' => [
'provider' => 'microsoft',
'module' => 'health_check',
'provider_connection_id' => (int) $connection->getKey(),
'target_scope' => [
'entra_tenant_id' => $connection->entra_tenant_id,
],
],
]);
$this->actingAs($user)
->get(ProviderConnectionResource::getUrl('edit', ['record' => $connection], tenant: $tenant))
->assertOk();
});
Reference in New Issue View Git Blame Copy Permalink