285 lines
8.7 KiB
PHP
285 lines
8.7 KiB
PHP
<?php
|
|
|
|
use App\Models\BackupItem;
|
|
use App\Models\BackupSet;
|
|
use App\Models\Policy;
|
|
use App\Models\PolicyVersion;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Services\Graph\GraphClientInterface;
|
|
use App\Services\Graph\GraphResponse;
|
|
use App\Services\Intune\FoundationMappingService;
|
|
use App\Services\Intune\RestoreService;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Mockery\MockInterface;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
test('restore execution applies items and records audit log', function () {
|
|
app()->bind(GraphClientInterface::class, fn () => new class implements GraphClientInterface
|
|
{
|
|
public function listPolicies(string $policyType, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function getPolicy(string $policyType, string $policyId, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, ['payload' => []]);
|
|
}
|
|
|
|
public function getOrganization(array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function applyPolicy(string $policyType, string $policyId, array $payload, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function request(string $method, string $path, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function getServicePrincipalPermissions(array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
});
|
|
|
|
$tenant = Tenant::create([
|
|
'tenant_id' => 'tenant-1',
|
|
'name' => 'Tenant One',
|
|
'metadata' => [],
|
|
]);
|
|
|
|
$policy = Policy::create([
|
|
'tenant_id' => $tenant->id,
|
|
'external_id' => 'policy-1',
|
|
'policy_type' => 'deviceConfiguration',
|
|
'display_name' => 'Policy A',
|
|
'platform' => 'windows',
|
|
]);
|
|
|
|
$backupSet = BackupSet::create([
|
|
'tenant_id' => $tenant->id,
|
|
'name' => 'Backup',
|
|
'status' => 'completed',
|
|
'item_count' => 1,
|
|
]);
|
|
|
|
$backupItem = BackupItem::create([
|
|
'tenant_id' => $tenant->id,
|
|
'backup_set_id' => $backupSet->id,
|
|
'policy_id' => $policy->id,
|
|
'policy_identifier' => $policy->external_id,
|
|
'policy_type' => $policy->policy_type,
|
|
'platform' => $policy->platform,
|
|
'payload' => ['foo' => 'bar'],
|
|
]);
|
|
|
|
$user = User::factory()->create(['email' => 'tester@example.com']);
|
|
$this->actingAs($user);
|
|
|
|
$service = app(RestoreService::class);
|
|
$run = $service->execute(
|
|
tenant: $tenant,
|
|
backupSet: $backupSet,
|
|
selectedItemIds: [$backupItem->id],
|
|
dryRun: false,
|
|
actorEmail: $user->email,
|
|
actorName: $user->name,
|
|
);
|
|
|
|
expect($run->status)->toBe('completed');
|
|
expect($run->results[0]['status'])->toBe('applied');
|
|
|
|
$this->assertDatabaseHas('audit_logs', [
|
|
'action' => 'restore.executed',
|
|
'resource_id' => (string) $run->id,
|
|
]);
|
|
|
|
expect(PolicyVersion::where('policy_id', $policy->id)->count())->toBe(1);
|
|
});
|
|
|
|
test('restore execution records foundation mappings', function () {
|
|
config()->set('tenantpilot.foundation_types', [
|
|
[
|
|
'type' => 'assignmentFilter',
|
|
'label' => 'Assignment Filter',
|
|
'category' => 'Foundations',
|
|
'platform' => 'all',
|
|
'endpoint' => 'deviceManagement/assignmentFilters',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'low',
|
|
],
|
|
]);
|
|
|
|
$tenant = Tenant::factory()->create();
|
|
$backupSet = BackupSet::factory()->for($tenant)->create();
|
|
$backupItem = BackupItem::factory()
|
|
->for($tenant)
|
|
->for($backupSet)
|
|
->state([
|
|
'policy_id' => null,
|
|
'policy_identifier' => 'filter-1',
|
|
'policy_type' => 'assignmentFilter',
|
|
'platform' => 'all',
|
|
'payload' => [
|
|
'id' => 'filter-1',
|
|
'displayName' => 'Filter One',
|
|
],
|
|
'metadata' => [
|
|
'displayName' => 'Filter One',
|
|
],
|
|
])
|
|
->create();
|
|
|
|
$entries = [
|
|
[
|
|
'type' => 'assignmentFilter',
|
|
'sourceId' => 'filter-1',
|
|
'sourceName' => 'Filter One',
|
|
'decision' => 'created',
|
|
'targetId' => 'filter-2',
|
|
'targetName' => 'Filter One',
|
|
],
|
|
];
|
|
|
|
$this->mock(FoundationMappingService::class, function (MockInterface $mock) use ($entries) {
|
|
$mock->shouldReceive('map')
|
|
->twice()
|
|
->andReturn([
|
|
'entries' => $entries,
|
|
'mapping' => ['filter-1' => 'filter-2'],
|
|
'failed' => 0,
|
|
'skipped' => 0,
|
|
]);
|
|
});
|
|
|
|
$user = User::factory()->create(['email' => 'tester@example.com']);
|
|
$this->actingAs($user);
|
|
|
|
$service = app(RestoreService::class);
|
|
$run = $service->execute(
|
|
tenant: $tenant,
|
|
backupSet: $backupSet,
|
|
selectedItemIds: [$backupItem->id],
|
|
dryRun: false,
|
|
actorEmail: $user->email,
|
|
actorName: $user->name,
|
|
);
|
|
|
|
expect($run->status)->toBe('completed');
|
|
expect($run->results)->toHaveCount(1);
|
|
expect($run->results[0]['decision'])->toBe('created');
|
|
|
|
$this->assertDatabaseHas('audit_logs', [
|
|
'action' => 'restore.foundation.created',
|
|
'resource_id' => (string) $run->id,
|
|
]);
|
|
});
|
|
|
|
test('restore execution records compliance notification mapping outcomes', function () {
|
|
app()->bind(GraphClientInterface::class, fn () => new class implements GraphClientInterface
|
|
{
|
|
public function listPolicies(string $policyType, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function getPolicy(string $policyType, string $policyId, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, ['payload' => []]);
|
|
}
|
|
|
|
public function getOrganization(array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function applyPolicy(string $policyType, string $policyId, array $payload, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function request(string $method, string $path, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function getServicePrincipalPermissions(array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
});
|
|
|
|
$tenant = Tenant::create([
|
|
'tenant_id' => 'tenant-3',
|
|
'name' => 'Tenant Three',
|
|
'metadata' => [],
|
|
]);
|
|
|
|
$policy = Policy::create([
|
|
'tenant_id' => $tenant->id,
|
|
'external_id' => 'policy-3',
|
|
'policy_type' => 'deviceCompliancePolicy',
|
|
'display_name' => 'Compliance Policy',
|
|
'platform' => 'windows',
|
|
]);
|
|
|
|
$backupSet = BackupSet::create([
|
|
'tenant_id' => $tenant->id,
|
|
'name' => 'Backup',
|
|
'status' => 'completed',
|
|
'item_count' => 1,
|
|
]);
|
|
|
|
$backupItem = BackupItem::create([
|
|
'tenant_id' => $tenant->id,
|
|
'backup_set_id' => $backupSet->id,
|
|
'policy_id' => $policy->id,
|
|
'policy_identifier' => $policy->external_id,
|
|
'policy_type' => $policy->policy_type,
|
|
'platform' => $policy->platform,
|
|
'payload' => [
|
|
'scheduledActionsForRule' => [
|
|
[
|
|
'ruleName' => 'Password',
|
|
'scheduledActionConfigurations' => [
|
|
[
|
|
'actionType' => 'notification',
|
|
'notificationTemplateId' => 'template-1',
|
|
],
|
|
],
|
|
],
|
|
],
|
|
],
|
|
]);
|
|
|
|
$user = User::factory()->create(['email' => 'tester@example.com']);
|
|
$this->actingAs($user);
|
|
|
|
$service = app(RestoreService::class);
|
|
$run = $service->execute(
|
|
tenant: $tenant,
|
|
backupSet: $backupSet,
|
|
selectedItemIds: [$backupItem->id],
|
|
dryRun: false,
|
|
actorEmail: $user->email,
|
|
actorName: $user->name,
|
|
);
|
|
|
|
expect($run->status)->toBe('partial');
|
|
expect($run->results[0]['status'])->toBe('partial');
|
|
expect($run->results[0]['compliance_action_summary']['skipped'] ?? null)->toBe(1);
|
|
|
|
$this->assertDatabaseHas('audit_logs', [
|
|
'action' => 'restore.compliance.actions.mapped',
|
|
'resource_id' => (string) $run->id,
|
|
]);
|
|
});
|