ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
2f45ff5a84
TenantAtlas/apps/platform/tests/Unit/Providers/ProviderConnectionClassifierTest.php
ahmido 1655cc481e Spec 188: canonical provider connection state cleanup (#219) 
## Summary
- migrate provider connections to the canonical three-dimension state model: lifecycle via `is_enabled`, consent via `consent_status`, and verification via `verification_status`
- remove legacy provider status and health badge paths, update admin and system directory surfaces, and align onboarding, consent callback, verification, resolver, and mutation flows with the new model
- add the Spec 188 artifact set, schema migrations, guard coverage, and expanded provider-state tests across admin, system, onboarding, verification, and rendering paths

## Verification
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Auth/SystemPanelAuthTest.php tests/Feature/Filament/TenantGlobalSearchLifecycleScopeTest.php tests/Feature/ProviderConnections/ProviderConnectionEnableDisableTest.php tests/Feature/ProviderConnections/ProviderConnectionTruthCleanupSpec179Test.php`
- integrated browser smoke: validated admin provider list/detail/edit, tenant provider summary, system directory tenant detail, provider-connection search exclusion, and cleaned up the temporary smoke record afterward

## Filament / implementation notes
- Livewire v4.0+ compliance: preserved; this change targets Filament v5 on Livewire v4 and does not introduce older APIs
- Provider registration location: unchanged; Laravel 11+ panel providers remain registered in `bootstrap/providers.php`
- Globally searchable resources: `ProviderConnectionResource` remains intentionally excluded from global search; tenant global search remains enabled and continues to resolve to view pages
- Destructive actions: no new destructive action surface was introduced without confirmation or authorization; existing capability checks continue to gate provider mutations
- Asset strategy: unchanged; no new Filament assets were added, so deploy behavior for `php artisan filament:assets` remains unchanged
- Testing plan covered: system auth, tenant global search, provider lifecycle enable/disable behavior, and provider truth cleanup cutover behavior

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #219
2026-04-10 11:22:56 +00:00

126 lines
4.5 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Models\ProviderConnection;
use App\Models\ProviderCredential;
use App\Models\Tenant;
use App\Services\Providers\ProviderConnectionClassifier;
use App\Support\Providers\ProviderConnectionType;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('classifies a platform-like connection without legacy identity as platform', function (): void {
config()->set('graph.client_id', 'platform-client-id');
$tenant = Tenant::factory()->create([
'tenant_id' => 'platform-like-tenant-id',
'app_client_id' => null,
'app_client_secret' => null,
]);
$connection = ProviderConnection::factory()->platform()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'provider' => 'microsoft',
'entra_tenant_id' => 'platform-like-tenant-id',
]);
$result = app(ProviderConnectionClassifier::class)->classify($connection);
expect($result->suggestedConnectionType)->toBe(ProviderConnectionType::Platform)
->and($result->reviewRequired)->toBeFalse()
->and($result->metadata())->toMatchArray([
'legacy_identity_classification_source' => 'migration_scan',
'legacy_identity_review_required' => false,
'legacy_identity_result' => 'platform',
'effective_app' => [
'app_id' => 'platform-client-id',
'source' => 'platform_config',
],
]);
});
it('classifies a credential-backed legacy connection as dedicated', function (): void {
$tenant = Tenant::factory()->create([
'tenant_id' => 'dedicated-like-tenant-id',
'app_client_id' => null,
'app_client_secret' => null,
]);
$connection = ProviderConnection::factory()->platform()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'provider' => 'microsoft',
'entra_tenant_id' => 'dedicated-like-tenant-id',
]);
ProviderCredential::factory()->create([
'provider_connection_id' => (int) $connection->getKey(),
'source' => null,
'payload' => [
'client_id' => 'legacy-dedicated-client-id',
'client_secret' => 'legacy-dedicated-secret',
],
]);
$result = app(ProviderConnectionClassifier::class)->classify($connection);
expect($result->suggestedConnectionType)->toBe(ProviderConnectionType::Dedicated)
->and($result->reviewRequired)->toBeFalse()
->and($result->metadata())->toMatchArray([
'legacy_identity_result' => 'dedicated',
'effective_app' => [
'app_id' => 'legacy-dedicated-client-id',
'source' => 'dedicated_credential',
],
]);
});
it('flags contradictory legacy identity as review required', function (): void {
$tenant = Tenant::factory()->create([
'tenant_id' => 'hybrid-tenant-id',
'app_client_id' => 'legacy-tenant-client-id',
'app_client_secret' => 'legacy-tenant-secret',
]);
$connection = ProviderConnection::factory()->platform()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'provider' => 'microsoft',
'entra_tenant_id' => 'hybrid-tenant-id',
'consent_status' => 'granted',
'verification_status' => 'healthy',
]);
ProviderCredential::factory()->create([
'provider_connection_id' => (int) $connection->getKey(),
'source' => null,
'payload' => [
'client_id' => 'dedicated-client-id',
'client_secret' => 'dedicated-client-secret',
],
]);
$result = app(ProviderConnectionClassifier::class)->classify($connection);
expect($result->suggestedConnectionType)->toBe(ProviderConnectionType::Dedicated)
->and($result->reviewRequired)->toBeTrue()
->and($result->metadata())->toMatchArray([
'legacy_identity_review_required' => true,
'legacy_identity_result' => 'dedicated',
'effective_app' => [
'app_id' => null,
'source' => 'review_required',
],
])
->and($result->signals)->toMatchArray([
'tenant_client_id' => 'legacy-tenant-client-id',
'credential_client_id' => 'dedicated-client-id',
'is_enabled' => true,
'consent_status' => 'granted',
'verification_status' => 'healthy',
]);
});
Reference in New Issue View Git Blame Copy Permalink