ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
5f1f3b0bfd
TenantAtlas/tests/Unit/PolicyNormalizerTest.php
ahmido 6a1809fbe9 014-enrollment-autopilot (#20) 
This PR completes Feature 014 (Enrollment & Autopilot).

Adds normalization for:
Autopilot deployment profiles (windowsAutopilotDeploymentProfile)
Enrollment Status Page / ESP (windowsEnrollmentStatusPage)
Enrollment Restrictions (enrollmentRestriction, restore remains preview-only)
Improves settings readability:
Autopilot OOBE settings are expanded into readable key/value entries
Enrollment restriction platform restrictions are shown as explicit fields (with sensible defaults)
Array/list values render as badges (avoids Blade rendering crashes on non-string values)
Fixes enrollment configuration type collisions during sync:
Canonical type resolution prevents enrollmentRestriction from “claiming” ESP items
Safe reclassification updates existing wrong rows instead of skipping
Enhances reclassification command:
Can detect ESP even if a policy has no local versions (fetches snapshot from Graph)
Dry-run by default; apply with --write
Tests

Added/updated unit + Filament feature tests for normalization and UI rendering.
Preview-only enforcement for enrollment restrictions is covered.
Targeted test suite and Pint are green.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #20
2026-01-02 11:59:21 +00:00

161 lines
7.1 KiB
PHP
Raw Blame History

<?php
use App\Services\Intune\PolicyNormalizer;
use Tests\TestCase;
uses(TestCase::class);
beforeEach(function () {
$this->normalizer = app(PolicyNormalizer::class);
});
it('normalizes oma uri settings', function () {
$snapshot = [
'@odata.type' => '#microsoft.graph.windows10CustomConfiguration',
'omaSettings' => [
[
'displayName' => 'Setting A',
'omaUri' => './Vendor/MSFT/SettingA',
'value' => 'Enabled',
],
],
];
$result = $this->normalizer->normalize($snapshot, 'deviceConfiguration', 'windows');
expect($result['status'])->toBe('success');
expect($result['warnings'])->toBe([]);
expect($result['settings'][0]['type'])->toBe('table');
expect($result['settings'][0]['rows'][0]['path'])->toBe('./Vendor/MSFT/SettingA');
expect($result['settings'][0]['rows'][0]['value'])->toBe('Enabled');
});
it('normalizes settings catalog structures', function () {
$snapshot = [
'settings' => [
[
'displayName' => 'Enable feature',
'value' => ['value' => 'on'],
],
],
];
$result = $this->normalizer->normalize($snapshot, 'deviceConfiguration', 'windows');
expect($result['settings'][0]['type'])->toBe('keyValue');
expect($result['settings'][0]['entries'][0]['key'])->toBe('Enable feature');
expect($result['settings'][0]['entries'][0]['value'])->toContain('on');
});
it('adds warning for malformed snapshots', function () {
$snapshot = ['only', 'values'];
$result = $this->normalizer->normalize($snapshot, 'deviceConfiguration', 'windows');
expect($result['status'])->toBe('warning');
expect($result['warnings'])->toContain('This snapshot may be incomplete or malformed');
});
it('detects @odata.type mismatch', function () {
$snapshot = [
'@odata.type' => '#microsoft.graph.targetedManagedAppProtection',
'displayName' => 'Policy',
];
$result = $this->normalizer->normalize($snapshot, 'deviceConfiguration', 'windows');
expect(collect($result['warnings'])->join(' '))->toContain('@odata.type mismatch');
});
it('normalizes enrollment restrictions platform restriction payload', function () {
$snapshot = [
'@odata.type' => '#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration',
'deviceEnrollmentConfigurationType' => 'deviceEnrollmentPlatformRestrictionConfiguration',
'displayName' => 'DeviceTypeRestriction',
'version' => 2,
// Graph uses this singular shape for platform restriction configs.
'platformRestriction' => [
'platformBlocked' => false,
'personalDeviceEnrollmentBlocked' => true,
],
];
$result = $this->normalizer->normalize($snapshot, 'enrollmentRestriction', 'all');
$block = collect($result['settings'])->firstWhere('title', 'Enrollment restrictions');
expect($block)->not->toBeNull();
$platformEntry = collect($block['entries'] ?? [])->firstWhere('key', 'Platform restrictions');
expect($platformEntry)->toBeNull();
expect(collect($block['entries'] ?? [])->firstWhere('key', 'Platform blocked')['value'] ?? null)->toBe('Disabled');
expect(collect($block['entries'] ?? [])->firstWhere('key', 'Personal device enrollment blocked')['value'] ?? null)->toBe('Enabled');
expect(collect($block['entries'] ?? [])->firstWhere('key', 'OS minimum version')['value'] ?? null)->toBe('None');
expect(collect($block['entries'] ?? [])->firstWhere('key', 'OS maximum version')['value'] ?? null)->toBe('None');
expect(collect($block['entries'] ?? [])->firstWhere('key', 'Blocked manufacturers')['value'] ?? null)->toBe(['None']);
expect(collect($block['entries'] ?? [])->firstWhere('key', 'Blocked SKUs')['value'] ?? null)->toBe(['None']);
});
it('normalizes Autopilot deployment profile key fields', function () {
$snapshot = [
'@odata.type' => '#microsoft.graph.azureADWindowsAutopilotDeploymentProfile',
'displayName' => 'Autopilot Profile A',
'description' => 'Used for standard devices',
'deviceNameTemplate' => 'DEV-%SERIAL%',
'deploymentMode' => 'singleUser',
'deviceType' => 'windowsPc',
'enableWhiteGlove' => true,
'outOfBoxExperienceSettings' => [
'hideEULA' => true,
'userType' => 'standard',
],
];
$result = $this->normalizer->normalize($snapshot, 'windowsAutopilotDeploymentProfile', 'windows');
expect($result['status'])->toBe('ok');
expect($result['warnings'])->toBe([]);
$general = collect($result['settings'])->firstWhere('title', 'General');
expect($general)->not->toBeNull();
expect(collect($general['entries'] ?? [])->firstWhere('key', 'Type')['value'] ?? null)->toBe('windowsAutopilotDeploymentProfile');
expect(collect($general['entries'] ?? [])->firstWhere('key', 'Display name')['value'] ?? null)->toBe('Autopilot Profile A');
$block = collect($result['settings'])->firstWhere('title', 'Autopilot profile');
expect($block)->not->toBeNull();
expect(collect($block['entries'] ?? [])->firstWhere('key', 'Device name template')['value'] ?? null)->toBe('DEV-%SERIAL%');
expect(collect($block['entries'] ?? [])->firstWhere('key', 'Pre-provisioning (White Glove)')['value'] ?? null)->toBe('Enabled');
expect(collect($block['entries'] ?? [])->firstWhere('key', 'OOBE: Hide EULA')['value'] ?? null)->toBe('Enabled');
expect(collect($block['entries'] ?? [])->firstWhere('key', 'OOBE: User type')['value'] ?? null)->toBe('standard');
});
it('normalizes Enrollment Status Page key fields', function () {
$snapshot = [
'@odata.type' => '#microsoft.graph.windowsEnrollmentStatusPageConfiguration',
'displayName' => 'ESP A',
'priority' => 1,
'showInstallationProgress' => true,
'blockDeviceSetupRetryByUser' => false,
'installProgressTimeoutInMinutes' => 60,
'selectedMobileAppIds' => ['app-1', 'app-2'],
];
$result = $this->normalizer->normalize($snapshot, 'windowsEnrollmentStatusPage', 'windows');
expect($result['status'])->toBe('ok');
expect($result['warnings'])->toBe([]);
$general = collect($result['settings'])->firstWhere('title', 'General');
expect($general)->not->toBeNull();
expect(collect($general['entries'] ?? [])->firstWhere('key', 'Type')['value'] ?? null)->toBe('windowsEnrollmentStatusPage');
expect(collect($general['entries'] ?? [])->firstWhere('key', 'Display name')['value'] ?? null)->toBe('ESP A');
$block = collect($result['settings'])->firstWhere('title', 'Enrollment Status Page (ESP)');
expect($block)->not->toBeNull();
expect(collect($block['entries'] ?? [])->firstWhere('key', 'Priority')['value'] ?? null)->toBe(1);
expect(collect($block['entries'] ?? [])->firstWhere('key', 'Show installation progress')['value'] ?? null)->toBe('Enabled');
expect(collect($block['entries'] ?? [])->firstWhere('key', 'Block retry by user')['value'] ?? null)->toBe('Disabled');
expect(collect($block['entries'] ?? [])->firstWhere('key', 'Selected mobile app IDs')['value'] ?? null)->toBe(['app-1', 'app-2']);
});
Reference in New Issue View Git Blame Copy Permalink