ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
5443dba269
TenantAtlas/apps/platform/tests/Feature/ProviderConnections/ProviderOperationConcurrencyTest.php
ahmido d3158f5103 test: stabilize provider verification runtime semantics (#349) 
## Summary
- align verification-start tests with the canonical credential-enabled provider fixture
- seed required tenant-permission evidence for provider operation start tests so inventory/compliance assertions exercise the real queued and `scopeBusy` contracts
- refresh stale provider-connection and verification-report test baselines to current shared output
- add the complete Spec 294 artifacts for the bounded provider/verification stabilization follow-up

## Scope
- bounded to `apps/platform/tests`, shared Pest test helpers, and `specs/294-provider-verification-runtime-semantics`
- no runtime application code changes under `apps/platform/app`
- no schema, route-cutover, framework, or asset changes

## Validation
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Verification/VerificationAuthorizationTest.php tests/Feature/Verification/VerificationStartAfterCompletionTest.php tests/Feature/Verification/VerificationStartDedupeTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections/ProviderDispatchGateStartSurfaceTest.php tests/Feature/ProviderConnections/ProviderOperationConcurrencyTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections/ProviderConnectionNeutralitySpec238Test.php tests/Feature/Verification/ProviderConnectionHealthCheckWritesReportTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections tests/Feature/Verification`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`

## Notes
- browser smoke was not run because the final diff contains no runtime app or UI changes; only tests, shared test helpers, and spec artifacts changed
- provider registration remains unchanged in `apps/platform/bootstrap/providers.php`
- no new globally searchable resource or destructive action behavior was introduced

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #349
2026-05-11 08:26:17 +00:00

230 lines
8.5 KiB
PHP
Raw Blame History

<?php
use App\Filament\Resources\ProviderConnectionResource\Pages\ListProviderConnections;
use App\Filament\Resources\ProviderConnectionResource\Pages\ViewProviderConnection;
use App\Jobs\ProviderComplianceSnapshotJob;
use App\Jobs\ProviderInventorySyncJob;
use App\Models\OperationRun;
use App\Models\ProviderConnection;
use App\Services\Graph\GraphClientInterface;
use App\Support\OperationRunLinks;
use Filament\Facades\Filament;
use Illuminate\Support\Facades\Queue;
use Livewire\Livewire;
it('dedupes inventory sync runs and does not call Graph during start', function (): void {
Queue::fake();
$this->mock(GraphClientInterface::class, function ($mock): void {
$mock->shouldReceive('listPolicies')->never();
$mock->shouldReceive('getPolicy')->never();
$mock->shouldReceive('getOrganization')->never();
$mock->shouldReceive('applyPolicy')->never();
$mock->shouldReceive('getServicePrincipalPermissions')->never();
$mock->shouldReceive('request')->never();
});
[$user, $tenant] = createUserWithTenant(role: 'operator', fixtureProfile: 'credential-enabled');
$this->actingAs($user);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
$connection = ProviderConnection::query()
->where('managed_environment_id', (int) $tenant->getKey())
->where('provider', 'microsoft')
->where('is_default', true)
->firstOrFail();
spec283SeedRequirementRows($tenant, ['permissions.intune_configuration', 'permissions.intune_apps']);
$component = Livewire::test(ListProviderConnections::class);
$component->callTableAction('inventory_sync', $connection);
$component->callTableAction('inventory_sync', $connection);
$opRun = OperationRun::query()
->where('managed_environment_id', $tenant->getKey())
->where('type', 'inventory.sync')
->latest('id')
->first();
expect($opRun)->not->toBeNull();
expect($opRun?->context)->toMatchArray([
'provider' => 'microsoft',
'module' => 'inventory',
'provider_connection_id' => (int) $connection->getKey(),
]);
expect($opRun?->context['provider_context'] ?? [])->toMatchArray([
'provider' => 'microsoft',
]);
expect($opRun?->context['target_scope'] ?? [])->toMatchArray([
'provider' => 'microsoft',
'scope_kind' => 'tenant',
'scope_identifier' => $connection->entra_tenant_id,
])->not->toHaveKey('entra_tenant_id');
expect(OperationRun::query()
->where('managed_environment_id', $tenant->getKey())
->where('type', 'inventory.sync')
->count())->toBe(1);
Queue::assertPushed(ProviderInventorySyncJob::class, 1);
});
it('starts inventory sync from the provider connection detail page', function (): void {
Queue::fake();
$this->mock(GraphClientInterface::class, function ($mock): void {
$mock->shouldReceive('listPolicies')->never();
$mock->shouldReceive('getPolicy')->never();
$mock->shouldReceive('getOrganization')->never();
$mock->shouldReceive('applyPolicy')->never();
$mock->shouldReceive('getServicePrincipalPermissions')->never();
$mock->shouldReceive('request')->never();
});
[$user, $tenant] = createUserWithTenant(role: 'operator', fixtureProfile: 'credential-enabled');
$this->actingAs($user);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
$connection = ProviderConnection::query()
->where('managed_environment_id', (int) $tenant->getKey())
->where('provider', 'microsoft')
->where('is_default', true)
->firstOrFail();
spec283SeedRequirementRows($tenant, ['permissions.intune_configuration', 'permissions.intune_apps']);
Livewire::test(ViewProviderConnection::class, ['record' => $connection->getKey()])
->assertActionVisible('inventory_sync')
->callAction('inventory_sync');
$opRun = OperationRun::query()
->where('managed_environment_id', $tenant->getKey())
->where('type', 'inventory.sync')
->latest('id')
->first();
expect($opRun)->not->toBeNull();
expect($opRun?->context)->toMatchArray([
'provider' => 'microsoft',
'module' => 'inventory',
'provider_connection_id' => (int) $connection->getKey(),
]);
expect($opRun?->context['provider_context'] ?? [])->toMatchArray([
'provider' => 'microsoft',
]);
expect($opRun?->context['target_scope'] ?? [])->toMatchArray([
'provider' => 'microsoft',
'scope_kind' => 'tenant',
'scope_identifier' => $connection->entra_tenant_id,
])->not->toHaveKey('entra_tenant_id');
Queue::assertPushed(ProviderInventorySyncJob::class, 1);
});
it('dedupes compliance snapshot runs and does not call Graph during start', function (): void {
Queue::fake();
$this->mock(GraphClientInterface::class, function ($mock): void {
$mock->shouldReceive('listPolicies')->never();
$mock->shouldReceive('getPolicy')->never();
$mock->shouldReceive('getOrganization')->never();
$mock->shouldReceive('applyPolicy')->never();
$mock->shouldReceive('getServicePrincipalPermissions')->never();
$mock->shouldReceive('request')->never();
});
[$user, $tenant] = createUserWithTenant(role: 'operator', fixtureProfile: 'credential-enabled');
$this->actingAs($user);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
$connection = ProviderConnection::query()
->where('managed_environment_id', (int) $tenant->getKey())
->where('provider', 'microsoft')
->where('is_default', true)
->firstOrFail();
spec283SeedRequirementRows($tenant, ['permissions.intune_configuration', 'permissions.intune_apps']);
$component = Livewire::test(ListProviderConnections::class);
$component->callTableAction('compliance_snapshot', $connection);
$component->callTableAction('compliance_snapshot', $connection);
$opRun = OperationRun::query()
->where('managed_environment_id', $tenant->getKey())
->where('type', 'compliance.snapshot')
->latest('id')
->first();
expect($opRun)->not->toBeNull();
expect($opRun?->context)->toMatchArray([
'provider' => 'microsoft',
'module' => 'compliance',
'provider_connection_id' => (int) $connection->getKey(),
]);
expect($opRun?->context['provider_context'] ?? [])->toMatchArray([
'provider' => 'microsoft',
]);
expect($opRun?->context['target_scope'] ?? [])->toMatchArray([
'provider' => 'microsoft',
'scope_kind' => 'tenant',
'scope_identifier' => $connection->entra_tenant_id,
])->not->toHaveKey('entra_tenant_id');
expect(OperationRun::query()
->where('managed_environment_id', $tenant->getKey())
->where('type', 'compliance.snapshot')
->count())->toBe(1);
Queue::assertPushed(ProviderComplianceSnapshotJob::class, 1);
});
it('blocks different provider operations for the same scope as scope busy', function (): void {
Queue::fake();
[$user, $tenant] = createUserWithTenant(role: 'operator', fixtureProfile: 'credential-enabled');
$this->actingAs($user);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
$connection = ProviderConnection::query()
->where('managed_environment_id', (int) $tenant->getKey())
->where('provider', 'microsoft')
->where('is_default', true)
->firstOrFail();
spec283SeedRequirementRows($tenant, ['permissions.intune_configuration', 'permissions.intune_apps']);
$component = Livewire::test(ListProviderConnections::class);
$component->callTableAction('inventory_sync', $connection);
$component->callTableAction('compliance_snapshot', $connection);
$inventoryRun = OperationRun::query()
->where('managed_environment_id', $tenant->getKey())
->where('type', 'inventory.sync')
->latest('id')
->first();
expect($inventoryRun)->not->toBeNull();
expect(OperationRun::query()
->where('managed_environment_id', $tenant->getKey())
->where('type', 'compliance.snapshot')
->count())->toBe(0);
Queue::assertPushed(ProviderInventorySyncJob::class, 1);
Queue::assertPushed(ProviderComplianceSnapshotJob::class, 0);
$notifications = session('filament.notifications', []);
expect($notifications)->not->toBeEmpty();
expect(collect($notifications)->last()['actions'][0]['url'] ?? null)
->toBe(OperationRunLinks::view($inventoryRun, $tenant));
});
Reference in New Issue View Git Blame Copy Permalink