TenantAtlas/apps/platform/tests/Unit/Support/TenantConfiguration/EntraCertifiedRenderRedactionTest.php
Ahmed Darrazi 39d0353e03
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m22s
feat: complete spec 425 enta certified compare pack
2026-07-02 00:55:04 +02:00

71 lines
2.8 KiB
PHP

<?php
declare(strict_types=1);
use App\Services\TenantConfiguration\EntraRenderableSummaryBuilder;
use Tests\Support\TenantConfiguration\Spec425Fixtures as Spec425;
it('Spec425 renders Conditional Access certification summaries without raw or secret output', function (): void {
$summary = app(EntraRenderableSummaryBuilder::class)->build(
'conditionalAccessPolicy',
Spec425::fixture('conditional-access', 'redaction'),
[
'claim_state' => 'internal_only',
'identity_state' => 'stable',
'last_captured' => 'Jul 1, 2026 10:00 AM',
],
);
$encoded = json_encode($summary, JSON_THROW_ON_ERROR);
expect($summary)->toBeArray()
->and($summary['resource_type'])->toBe('Conditional Access policy')
->and($encoded)->not->toContain('raw_payload')
->not->toContain('raw Graph response')
->not->toContain('permission_context')
->not->toContain('spec425-ca-secret')
->not->toContain('spec425-ca-token');
});
it('Spec425 renders Security Defaults certification summaries without raw or secret output', function (): void {
$summary = app(EntraRenderableSummaryBuilder::class)->build(
'securityDefaults',
Spec425::fixture('security-defaults', 'redaction'),
[
'claim_state' => 'internal_only',
'identity_state' => 'stable',
'evidence_state' => 'content_backed',
'last_captured' => 'Jul 1, 2026 10:00 AM',
],
);
$encoded = json_encode($summary, JSON_THROW_ON_ERROR);
expect($summary)->toBeArray()
->and($summary['resource_type'])->toBe('Security Defaults')
->and($encoded)->not->toContain('raw_payload')
->not->toContain('raw Graph response')
->not->toContain('permission_context')
->not->toContain('spec425-security-defaults-secret')
->not->toContain('spec425-security-defaults-token')
->not->toContain('spec425-cookie')
->not->toContain('spec425-private-key')
->not->toContain('spec425-certificate');
});
it('Spec425 renders Conditional Access device conditions for certified summaries', function (): void {
$summary = app(EntraRenderableSummaryBuilder::class)->build(
'conditionalAccessPolicy',
Spec425::fixture('conditional-access', 'device-condition-change'),
[
'claim_state' => 'internal_only',
'identity_state' => 'stable',
'last_captured' => 'Jul 1, 2026 10:00 AM',
],
);
$devices = collect($summary['conditions'] ?? [])->firstWhere('label', 'Devices');
expect($devices)->toBeArray()
->and($devices['value'])->toContain('States: Include compliant; Exclude domainJoined')
->and($devices['value'])->toContain('Filter: Include device.trustType -eq "AzureAD"');
});