ahmido
fbb9748725
Summary add appProtectionPolicy coverage for assignments, normalize settings for UI, and skip targetedManagedAppConfiguration noise during inventory wire up derived Graph endpoints/contracts so restores use the correct /assign paths per platform and assignments no longer rely on unsupported $expand add normalization logic/tests plus Pact/Plan updates so capture+restore behave more like Intune’s app protection workflows and no longer expose unsupported fields Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local> Reviewed-on: #11
230 lines
6.7 KiB
PHP
230 lines
6.7 KiB
PHP
<?php
|
|
|
|
use App\Services\Graph\AssignmentFetcher;
|
|
use App\Services\Graph\GraphContractRegistry;
|
|
use App\Services\Graph\GraphException;
|
|
use App\Services\Graph\GraphResponse;
|
|
use App\Services\Graph\MicrosoftGraphClient;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Tests\TestCase;
|
|
|
|
uses(TestCase::class, RefreshDatabase::class);
|
|
|
|
beforeEach(function () {
|
|
$this->graphClient = Mockery::mock(MicrosoftGraphClient::class);
|
|
$this->fetcher = new AssignmentFetcher($this->graphClient, app(GraphContractRegistry::class));
|
|
});
|
|
|
|
test('primary endpoint success', function () {
|
|
$tenantId = 'tenant-123';
|
|
$policyId = 'policy-456';
|
|
$policyType = 'settingsCatalogPolicy';
|
|
$assignments = [
|
|
['id' => 'assign-1', 'target' => ['@odata.type' => '#microsoft.graph.groupAssignmentTarget', 'groupId' => 'group-1']],
|
|
['id' => 'assign-2', 'target' => ['@odata.type' => '#microsoft.graph.groupAssignmentTarget', 'groupId' => 'group-2']],
|
|
];
|
|
|
|
$response = new GraphResponse(
|
|
success: true,
|
|
data: ['value' => $assignments]
|
|
);
|
|
|
|
$this->graphClient
|
|
->shouldReceive('request')
|
|
->once()
|
|
->with('GET', "/deviceManagement/configurationPolicies/{$policyId}/assignments", [
|
|
'tenant' => $tenantId,
|
|
])
|
|
->andReturn($response);
|
|
|
|
$result = $this->fetcher->fetch($policyType, $tenantId, $policyId);
|
|
|
|
expect($result)->toBe($assignments);
|
|
});
|
|
|
|
test('app protection uses derived assignments list endpoint', function () {
|
|
$tenantId = 'tenant-123';
|
|
$policyId = 'policy-456';
|
|
$policyType = 'appProtectionPolicy';
|
|
$assignments = [
|
|
['id' => 'assign-1', 'target' => ['@odata.type' => '#microsoft.graph.groupAssignmentTarget', 'groupId' => 'group-1']],
|
|
];
|
|
|
|
$response = new GraphResponse(
|
|
success: true,
|
|
data: ['value' => $assignments]
|
|
);
|
|
|
|
$this->graphClient
|
|
->shouldReceive('request')
|
|
->once()
|
|
->with('GET', "/deviceAppManagement/androidManagedAppProtections/{$policyId}/assignments", [
|
|
'tenant' => $tenantId,
|
|
])
|
|
->andReturn($response);
|
|
|
|
$result = $this->fetcher->fetch(
|
|
$policyType,
|
|
$tenantId,
|
|
$policyId,
|
|
[],
|
|
false,
|
|
'#microsoft.graph.androidManagedAppProtection'
|
|
);
|
|
|
|
expect($result)->toBe($assignments);
|
|
});
|
|
|
|
test('fallback on empty response', function () {
|
|
$tenantId = 'tenant-123';
|
|
$policyId = 'policy-456';
|
|
$policyType = 'settingsCatalogPolicy';
|
|
$assignments = [
|
|
['id' => 'assign-1', 'target' => ['@odata.type' => '#microsoft.graph.groupAssignmentTarget', 'groupId' => 'group-1']],
|
|
];
|
|
|
|
// Primary returns empty
|
|
$primaryResponse = new GraphResponse(
|
|
success: true,
|
|
data: ['value' => []]
|
|
);
|
|
|
|
$this->graphClient
|
|
->shouldReceive('request')
|
|
->once()
|
|
->with('GET', "/deviceManagement/configurationPolicies/{$policyId}/assignments", [
|
|
'tenant' => $tenantId,
|
|
])
|
|
->andReturn($primaryResponse);
|
|
|
|
// Fallback returns assignments
|
|
$fallbackResponse = new GraphResponse(
|
|
success: true,
|
|
data: ['value' => [['id' => $policyId, 'assignments' => $assignments]]]
|
|
);
|
|
|
|
$this->graphClient
|
|
->shouldReceive('request')
|
|
->once()
|
|
->with('GET', 'deviceManagement/configurationPolicies', [
|
|
'tenant' => $tenantId,
|
|
'query' => [
|
|
'$expand' => 'assignments',
|
|
'$filter' => "id eq '{$policyId}'",
|
|
],
|
|
])
|
|
->andReturn($fallbackResponse);
|
|
|
|
$result = $this->fetcher->fetch($policyType, $tenantId, $policyId);
|
|
|
|
expect($result)->toBe($assignments);
|
|
});
|
|
|
|
test('fail soft on error', function () {
|
|
$tenantId = 'tenant-123';
|
|
$policyId = 'policy-456';
|
|
$policyType = 'settingsCatalogPolicy';
|
|
|
|
$this->graphClient
|
|
->shouldReceive('request')
|
|
->twice()
|
|
->andThrow(new GraphException('Graph API error', 500, ['request_id' => 'request-id-123']));
|
|
|
|
$result = $this->fetcher->fetch($policyType, $tenantId, $policyId);
|
|
|
|
expect($result)->toBe([]);
|
|
});
|
|
|
|
test('returns empty array when both endpoints return empty', function () {
|
|
$tenantId = 'tenant-123';
|
|
$policyId = 'policy-456';
|
|
$policyType = 'settingsCatalogPolicy';
|
|
|
|
// Primary returns empty
|
|
$primaryResponse = new GraphResponse(
|
|
success: true,
|
|
data: ['value' => []]
|
|
);
|
|
|
|
$this->graphClient
|
|
->shouldReceive('request')
|
|
->once()
|
|
->with('GET', "/deviceManagement/configurationPolicies/{$policyId}/assignments", Mockery::any())
|
|
->andReturn($primaryResponse);
|
|
|
|
// Fallback returns empty
|
|
$fallbackResponse = new GraphResponse(
|
|
success: true,
|
|
data: ['value' => []]
|
|
);
|
|
|
|
$this->graphClient
|
|
->shouldReceive('request')
|
|
->once()
|
|
->with('GET', 'deviceManagement/configurationPolicies', Mockery::any())
|
|
->andReturn($fallbackResponse);
|
|
|
|
$result = $this->fetcher->fetch($policyType, $tenantId, $policyId);
|
|
|
|
expect($result)->toBe([]);
|
|
});
|
|
|
|
test('fallback handles missing assignments key', function () {
|
|
$tenantId = 'tenant-123';
|
|
$policyId = 'policy-456';
|
|
$policyType = 'settingsCatalogPolicy';
|
|
|
|
// Primary returns empty
|
|
$primaryResponse = new GraphResponse(
|
|
success: true,
|
|
data: ['value' => []]
|
|
);
|
|
|
|
$this->graphClient
|
|
->shouldReceive('request')
|
|
->once()
|
|
->andReturn($primaryResponse);
|
|
|
|
// Fallback returns policy without assignments key
|
|
$fallbackResponse = new GraphResponse(
|
|
success: true,
|
|
data: ['value' => [['id' => $policyId]]]
|
|
);
|
|
|
|
$this->graphClient
|
|
->shouldReceive('request')
|
|
->once()
|
|
->andReturn($fallbackResponse);
|
|
|
|
$result = $this->fetcher->fetch($policyType, $tenantId, $policyId);
|
|
|
|
expect($result)->toBe([]);
|
|
});
|
|
|
|
test('throws when both endpoints fail with throwOnFailure enabled', function () {
|
|
$tenantId = 'tenant-123';
|
|
$policyId = 'policy-456';
|
|
$policyType = 'settingsCatalogPolicy';
|
|
|
|
$failureResponse = new GraphResponse(
|
|
success: false,
|
|
data: [],
|
|
status: 403,
|
|
errors: [['message' => 'Forbidden']]
|
|
);
|
|
|
|
$this->graphClient
|
|
->shouldReceive('request')
|
|
->once()
|
|
->with('GET', "/deviceManagement/configurationPolicies/{$policyId}/assignments", Mockery::any())
|
|
->andReturn($failureResponse);
|
|
|
|
$this->graphClient
|
|
->shouldReceive('request')
|
|
->once()
|
|
->with('GET', 'deviceManagement/configurationPolicies', Mockery::any())
|
|
->andReturn($failureResponse);
|
|
|
|
$this->fetcher->fetch($policyType, $tenantId, $policyId, [], true);
|
|
})->throws(GraphException::class);
|