ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
4322a15251
TenantAtlas/tests/Unit/Providers/ProviderNextStepsRegistryTest.php
ahmido da1adbdeb5 Spec 119: Drift cutover to Baseline Compare (golden master) (#144) 
Implements Spec 119 (Drift Golden Master Cutover):

- Baseline Compare is the only drift writer (`source = baseline.compare`).
- Drift findings now store diff-compatible `evidence_jsonb` (summary.kind, baseline/current policy_version_id refs, fidelity + provenance).
- Findings UI renders one-sided diffs for `missing_policy`/`unexpected_policy` when a single ref exists; otherwise shows explicit “diff unavailable”.
- Removes legacy drift generator runtime (jobs/services/UI) and related tests.
- Adds one-time migration to delete legacy drift findings (`finding_type=drift` where source is null or != baseline.compare).
- Scopes baseline capture & landing duplicate warnings to latest completed inventory sync.
- Canonicalizes compliance `scheduledActionsForRule` drift signal and keeps legacy snapshots comparable.

Tests:
- `vendor/bin/sail artisan test --compact` (full suite per tasks)
- Focused pack: BaselinePolicyVersionResolverTest, BaselineCompareDriftEvidenceContractTest, DriftFindingDiffUnavailableTest, LegacyDriftFindingsCleanupMigrationTest, ComplianceNoncomplianceActionsDriftTest

Notes:
- Livewire v4+ / Filament v5 compatible (no legacy APIs).
- No new external dependencies.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #144
2026-03-06 14:30:49 +00:00

61 lines
2.0 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Models\ProviderConnection;
use App\Models\ProviderCredential;
use App\Models\Tenant;
use App\Support\Providers\ProviderNextStepsRegistry;
use App\Support\Providers\ProviderReasonCodes;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('includes an admin consent next step when provider consent is missing', function () {
$tenant = Tenant::create([
'tenant_id' => 'tenant-1',
'name' => 'Contoso',
]);
$registry = app(ProviderNextStepsRegistry::class);
$steps = $registry->forReason($tenant, ProviderReasonCodes::ProviderConsentMissing);
expect($steps)->toBeArray()
->and($steps)->not->toBeEmpty()
->and($steps[0]['label'])->toBe('Grant admin consent')
->and($steps[0]['url'])->toContain('learn.microsoft.com');
});
it('links to the real admin consent endpoint when provider credentials exist', function () {
$tenant = Tenant::factory()->create([
'app_client_id' => null,
]);
$connection = ProviderConnection::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'provider' => 'microsoft',
'entra_tenant_id' => (string) $tenant->graphTenantId(),
'is_default' => true,
]);
ProviderCredential::factory()->create([
'provider_connection_id' => (int) $connection->getKey(),
'payload' => [
'client_id' => 'derived-client-id',
'client_secret' => 'derived-client-secret',
],
]);
$registry = app(ProviderNextStepsRegistry::class);
$steps = $registry->forReason($tenant, ProviderReasonCodes::ProviderConsentMissing, $connection);
expect($steps)->toBeArray()
->and($steps)->not->toBeEmpty()
->and($steps[0]['label'])->toBe('Grant admin consent')
->and($steps[0]['url'])->toContain('login.microsoftonline.com')
->and($steps[0]['url'])->toContain('adminconsent');
});
Reference in New Issue View Git Blame Copy Permalink