ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
4db8030f2a
TenantAtlas/tests/Unit/ScopeTagResolverTest.php
ahmido 4db8030f2a Spec 081: Provider connection cutover (#98) 
Implements Spec 081 provider-connection cutover.

Highlights:
- Adds provider connection resolution + gating for operations/verification.
- Adds provider credential observer wiring.
- Updates Filament tenant verify flow to block with next-steps when provider connection isn’t ready.
- Adds spec docs under specs/081-provider-connection-cutover/ and extensive Spec081 test coverage.

Tests:
- vendor/bin/sail artisan test --compact tests/Feature/Filament/TenantSetupTest.php
- Focused suites for ProviderConnections/Verification ran during implementation (see local logs).

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #98
2026-02-08 11:28:51 +00:00

179 lines
6.0 KiB
PHP
Raw Blame History

<?php
use App\Models\ProviderConnection;
use App\Models\ProviderCredential;
use App\Models\Tenant;
use App\Services\Graph\GraphClientInterface;
use App\Services\Graph\GraphResponse;
use App\Services\Graph\ScopeTagResolver;
use App\Services\Providers\CredentialManager;
use App\Services\Providers\ProviderConnectionResolver;
use App\Services\Providers\ProviderGateway;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Cache;
uses(RefreshDatabase::class);
beforeEach(function () {
Cache::flush();
});
test('resolves scope tag IDs to objects with id and displayName', function () {
$tenant = Tenant::factory()->create();
$connection = ProviderConnection::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'provider' => 'microsoft',
'is_default' => true,
'status' => 'connected',
]);
ProviderCredential::factory()->create([
'provider_connection_id' => (int) $connection->getKey(),
]);
$graph = Mockery::mock(GraphClientInterface::class);
$graph->shouldReceive('request')
->with(
'GET',
'/deviceManagement/roleScopeTags',
Mockery::on(function (array $options) use ($connection): bool {
return ($options['query']['$select'] ?? null) === 'id,displayName'
&& ($options['tenant'] ?? null) === $connection->entra_tenant_id
&& is_string($options['client_id'] ?? null)
&& is_string($options['client_secret'] ?? null);
}),
)
->once()
->andReturn(new GraphResponse(
success: true,
data: [
'value' => [
['id' => '0', 'displayName' => 'Default'],
['id' => '1', 'displayName' => 'Verbund-1'],
['id' => '2', 'displayName' => 'Verbund-2'],
],
],
));
$gateway = new ProviderGateway($graph, new CredentialManager);
$resolver = new ScopeTagResolver(app(ProviderConnectionResolver::class), $gateway);
$result = $resolver->resolve(['0', '1', '2'], $tenant);
expect($result)->toBe([
['id' => '0', 'displayName' => 'Default'],
['id' => '1', 'displayName' => 'Verbund-1'],
['id' => '2', 'displayName' => 'Verbund-2'],
]);
});
test('caches scope tag objects for 1 hour', function () {
$tenant = Tenant::factory()->create();
$connection = ProviderConnection::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'provider' => 'microsoft',
'is_default' => true,
'status' => 'connected',
]);
ProviderCredential::factory()->create([
'provider_connection_id' => (int) $connection->getKey(),
]);
$graph = Mockery::mock(GraphClientInterface::class);
$graph->shouldReceive('request')
->once()
->andReturn(new GraphResponse(
success: true,
data: [
'value' => [
['id' => '0', 'displayName' => 'Default'],
],
],
));
$gateway = new ProviderGateway($graph, new CredentialManager);
$resolver = new ScopeTagResolver(app(ProviderConnectionResolver::class), $gateway);
$result1 = $resolver->resolve(['0'], $tenant);
$result2 = $resolver->resolve(['0'], $tenant);
expect($result1)->toBe([['id' => '0', 'displayName' => 'Default']]);
expect($result2)->toBe([['id' => '0', 'displayName' => 'Default']]);
});
test('returns empty array for empty input', function () {
$tenant = Tenant::factory()->create();
$graph = Mockery::mock(GraphClientInterface::class);
$gateway = new ProviderGateway($graph, new CredentialManager);
$resolver = new ScopeTagResolver(app(ProviderConnectionResolver::class), $gateway);
$result = $resolver->resolve([], $tenant);
expect($result)->toBe([]);
});
test('handles 403 forbidden gracefully', function () {
$tenant = Tenant::factory()->create();
$connection = ProviderConnection::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'provider' => 'microsoft',
'is_default' => true,
'status' => 'connected',
]);
ProviderCredential::factory()->create([
'provider_connection_id' => (int) $connection->getKey(),
]);
$graph = Mockery::mock(GraphClientInterface::class);
$graph->shouldReceive('request')
->once()
->andReturn(new GraphResponse(
success: false,
status: 403,
data: [],
));
$gateway = new ProviderGateway($graph, new CredentialManager);
$resolver = new ScopeTagResolver(app(ProviderConnectionResolver::class), $gateway);
$result = $resolver->resolve(['0', '1'], $tenant);
expect($result)->toBe([]);
});
test('filters returned scope tags to requested IDs', function () {
$tenant = Tenant::factory()->create();
$connection = ProviderConnection::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'provider' => 'microsoft',
'is_default' => true,
'status' => 'connected',
]);
ProviderCredential::factory()->create([
'provider_connection_id' => (int) $connection->getKey(),
]);
$graph = Mockery::mock(GraphClientInterface::class);
$graph->shouldReceive('request')
->once()
->andReturn(new GraphResponse(
success: true,
data: [
'value' => [
['id' => '0', 'displayName' => 'Default'],
['id' => '1', 'displayName' => 'Verbund-1'],
['id' => '2', 'displayName' => 'Verbund-2'],
],
],
));
$gateway = new ProviderGateway($graph, new CredentialManager);
$resolver = new ScopeTagResolver(app(ProviderConnectionResolver::class), $gateway);
$result = $resolver->resolve(['0', '2'], $tenant);
expect($result)->toHaveCount(2);
expect($result[0])->toBe(['id' => '0', 'displayName' => 'Default']);
expect($result[2])->toBe(['id' => '2', 'displayName' => 'Verbund-2']);
});
Reference in New Issue View Git Blame Copy Permalink