71 lines
2.8 KiB
PHP
71 lines
2.8 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Services\TenantConfiguration\EntraRenderableSummaryBuilder;
|
|
use Tests\Support\TenantConfiguration\Spec425Fixtures as Spec425;
|
|
|
|
it('Spec425 renders Conditional Access certification summaries without raw or secret output', function (): void {
|
|
$summary = app(EntraRenderableSummaryBuilder::class)->build(
|
|
'conditionalAccessPolicy',
|
|
Spec425::fixture('conditional-access', 'redaction'),
|
|
[
|
|
'claim_state' => 'internal_only',
|
|
'identity_state' => 'stable',
|
|
'last_captured' => 'Jul 1, 2026 10:00 AM',
|
|
],
|
|
);
|
|
$encoded = json_encode($summary, JSON_THROW_ON_ERROR);
|
|
|
|
expect($summary)->toBeArray()
|
|
->and($summary['resource_type'])->toBe('Conditional Access policy')
|
|
->and($encoded)->not->toContain('raw_payload')
|
|
->not->toContain('raw Graph response')
|
|
->not->toContain('permission_context')
|
|
->not->toContain('spec425-ca-secret')
|
|
->not->toContain('spec425-ca-token');
|
|
});
|
|
|
|
it('Spec425 renders Security Defaults certification summaries without raw or secret output', function (): void {
|
|
$summary = app(EntraRenderableSummaryBuilder::class)->build(
|
|
'securityDefaults',
|
|
Spec425::fixture('security-defaults', 'redaction'),
|
|
[
|
|
'claim_state' => 'internal_only',
|
|
'identity_state' => 'stable',
|
|
'evidence_state' => 'content_backed',
|
|
'last_captured' => 'Jul 1, 2026 10:00 AM',
|
|
],
|
|
);
|
|
$encoded = json_encode($summary, JSON_THROW_ON_ERROR);
|
|
|
|
expect($summary)->toBeArray()
|
|
->and($summary['resource_type'])->toBe('Security Defaults')
|
|
->and($encoded)->not->toContain('raw_payload')
|
|
->not->toContain('raw Graph response')
|
|
->not->toContain('permission_context')
|
|
->not->toContain('spec425-security-defaults-secret')
|
|
->not->toContain('spec425-security-defaults-token')
|
|
->not->toContain('spec425-cookie')
|
|
->not->toContain('spec425-private-key')
|
|
->not->toContain('spec425-certificate');
|
|
});
|
|
|
|
it('Spec425 renders Conditional Access device conditions for certified summaries', function (): void {
|
|
$summary = app(EntraRenderableSummaryBuilder::class)->build(
|
|
'conditionalAccessPolicy',
|
|
Spec425::fixture('conditional-access', 'device-condition-change'),
|
|
[
|
|
'claim_state' => 'internal_only',
|
|
'identity_state' => 'stable',
|
|
'last_captured' => 'Jul 1, 2026 10:00 AM',
|
|
],
|
|
);
|
|
|
|
$devices = collect($summary['conditions'] ?? [])->firstWhere('label', 'Devices');
|
|
|
|
expect($devices)->toBeArray()
|
|
->and($devices['value'])->toContain('States: Include compliant; Exclude domainJoined')
|
|
->and($devices['value'])->toContain('Filter: Include device.trustType -eq "AzureAD"');
|
|
});
|