ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
360d20e881
TenantAtlas/apps/platform/tests/Unit/Providers/CredentialManagerTest.php
ahmido e64bae9cfc feat: cut over tenant core to managed environments (#335) 
## Summary
- replace the legacy Tenant and TenantMembership core models with ManagedEnvironment and ManagedEnvironmentMembership
- propagate the managed environment naming and key changes across Filament resources, pages, controllers, jobs, models, and supporting runtime paths
- add feature 279 spec artifacts and focused managed-environment test coverage for model behavior, route binding, panel context, authorization, and legacy guardrails

## Validation
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php tests/Feature/ManagedEnvironment/ManagedEnvironmentAuthorizationTest.php tests/Feature/ManagedEnvironment/ManagedEnvironmentPanelContextTest.php tests/Feature/ManagedEnvironment/ManagedEnvironmentRouteBindingTest.php tests/Unit/ManagedEnvironment/ManagedEnvironmentContextResolverTest.php tests/Unit/ManagedEnvironment/ManagedEnvironmentModelTest.php`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`

## Notes
- branch pushed from commit `1123b122`
- browser smoke test file was added but not run in this pass

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #335
2026-05-07 06:38:14 +00:00

92 lines
2.8 KiB
PHP
Raw Blame History

<?php
use App\Models\ProviderConnection;
use App\Models\ProviderCredential;
use App\Services\Providers\CredentialManager;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('returns client credentials from encrypted payload', function (): void {
$connection = ProviderConnection::factory()->dedicated()->create([
'entra_tenant_id' => fake()->uuid(),
]);
ProviderCredential::factory()->create([
'provider_connection_id' => $connection->getKey(),
'payload' => [
'client_id' => 'client-id',
'client_secret' => 'client-secret',
],
]);
$manager = app(CredentialManager::class);
expect($manager->getClientCredentials($connection))
->toBe([
'client_id' => 'client-id',
'client_secret' => 'client-secret',
]);
});
it('rejects credential payload that does not match the connection scope', function (): void {
$connection = ProviderConnection::factory()->dedicated()->create([
'entra_tenant_id' => 'tenant-a',
]);
ProviderCredential::factory()->create([
'provider_connection_id' => $connection->getKey(),
'payload' => [
'managed_environment_id' => 'tenant-b',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
],
]);
$manager = app(CredentialManager::class);
$manager->getClientCredentials($connection);
})->throws(InvalidArgumentException::class);
it('rejects resolving dedicated credentials for platform connections', function (): void {
$connection = ProviderConnection::factory()->platform()->create([
'entra_tenant_id' => 'tenant-a',
]);
ProviderCredential::factory()->create([
'provider_connection_id' => $connection->getKey(),
'payload' => [
'client_id' => 'client-id',
'client_secret' => 'client-secret',
],
]);
$manager = app(CredentialManager::class);
$manager->getClientCredentials($connection);
})->throws(InvalidArgumentException::class);
it('upserts client secret credentials and never serializes the payload', function (): void {
$connection = ProviderConnection::factory()->dedicated()->create();
$manager = app(CredentialManager::class);
$credential = $manager->upsertClientSecretCredential(
connection: $connection,
clientId: 'client-id',
clientSecret: 'client-secret',
);
expect($credential->type)->toBe('client_secret');
expect($credential->payload)->toBe([
'client_id' => 'client-id',
'client_secret' => 'client-secret',
]);
expect($credential->toArray())->not->toHaveKey('payload');
expect((string) $credential->getRawOriginal('payload'))
->not->toContain('client-secret')
->not->toContain('client_id');
});
Reference in New Issue View Git Blame Copy Permalink