ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
6bb3919814
TenantAtlas/tests/Feature/PolicySyncStartSurfaceTest.php
ahmido 3030dd9af2 054-unify-runs-suitewide (#63) 
Summary

Kurz: Implementiert Feature 054 — canonical OperationRun-flow, Monitoring UI, dispatch-safety, notifications, dedupe, plus small UX safety clarifications (RBAC group search delegated; Restore group mapping DB-only).
What Changed

Core service: OperationRun lifecycle, dedupe and dispatch helpers — OperationRunService.php.
Model + migration: OperationRun model and migration — OperationRun.php, 2026_01_16_180642_create_operation_runs_table.php.
Notifications: queued + terminal DB notifications (initiator-only) — OperationRunQueued.php, OperationRunCompleted.php.
Monitoring UI: Filament list/detail + Livewire pieces (DB-only render) — OperationRunResource.php and related pages/views.
Start surfaces / Jobs: instrumented start surfaces, job middleware, and job updates to use canonical runs — multiple app/Jobs/* and app/Filament/* updates (see tests for full coverage).
RBAC + Restore UX clarifications: RBAC group search is delegated-Graph-based and disabled without delegated token; Restore group mapping remains DB-only (directory cache) and helper text always visible — TenantResource.php, RestoreRunResource.php.
Specs / Constitution: updated spec & quickstart and added one-line constitution guideline about Graph usage:
spec.md
quickstart.md
constitution.md
Tests & Verification

Unit / Feature tests added/updated for run lifecycle, notifications, idempotency, and UI guards: see tests/Feature/* (notably OperationRunServiceTest, MonitoringOperationsTest, OperationRunNotificationTest, and various Filament feature tests).
Full test run locally: ./vendor/bin/sail artisan test → 587 passed, 5 skipped.
Migrations

Adds create_operation_runs_table migration; run php artisan migrate in staging after review.
Notes / Rationale

Monitoring pages are explicitly DB-only at render time (no Graph calls). Start surfaces enqueue work only and return a “View run” link.
Delegated Graph access is used only for explicit user actions (RBAC group search); restore mapping intentionally uses cached DB data only to avoid render-time Graph calls.
Dispatch wrapper marks runs failed immediately if background dispatch throws synchronously to avoid misleading “queued” states.
Upgrade / Deploy Considerations

Run migrations: ./vendor/bin/sail artisan migrate.
Background workers should be running to process queued jobs (recommended to monitor queue health during rollout).
No secret or token persistence changes.
PR checklist

 Tests updated/added for changed behavior
 Specs updated: 054-unify-runs-suitewide docs + quickstart
 Constitution note added (.specify)
 Pint formatting applied

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #63
2026-01-17 22:25:00 +00:00

182 lines
5.4 KiB
PHP
Raw Blame History

<?php
use App\Filament\Resources\PolicyResource\Pages\ListPolicies;
use App\Jobs\SyncPoliciesJob;
use App\Models\OperationRun;
use App\Models\Policy;
use Filament\Facades\Filament;
use Illuminate\Support\Facades\Queue;
use Livewire\Livewire;
it('queues policy sync and creates a canonical operation run (no Graph calls in request)', function () {
Queue::fake();
bindFailHardGraphClient();
[$user, $tenant] = createUserWithTenant(role: 'owner');
$this->actingAs($user);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
Livewire::test(ListPolicies::class)
->mountAction('sync')
->callMountedAction()
->assertHasNoActionErrors();
$requestedTypes = array_map(
static fn (array $typeConfig): string => (string) $typeConfig['type'],
config('tenantpilot.supported_policy_types', [])
);
sort($requestedTypes);
$run = OperationRun::query()
->where('tenant_id', $tenant->getKey())
->where('type', 'policy.sync')
->latest('id')
->first();
expect($run)->not->toBeNull();
expect($run?->status)->toBe('queued');
expect($run?->context)->toMatchArray([
'scope' => 'all',
'types' => $requestedTypes,
]);
Queue::assertPushed(SyncPoliciesJob::class, function (SyncPoliciesJob $job) use ($tenant, $run, $requestedTypes): bool {
return $job->tenantId === (int) $tenant->getKey()
&& $job->types === $requestedTypes
&& $job->operationRun instanceof OperationRun
&& (int) $job->operationRun->getKey() === (int) $run?->getKey();
});
});
it('reuses an active policy sync run and does not enqueue twice', function () {
Queue::fake();
[$user, $tenant] = createUserWithTenant(role: 'owner');
$this->actingAs($user);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
Livewire::test(ListPolicies::class)
->mountAction('sync')
->callMountedAction();
Livewire::test(ListPolicies::class)
->mountAction('sync')
->callMountedAction();
Queue::assertPushed(SyncPoliciesJob::class, 1);
expect(OperationRun::query()
->where('tenant_id', $tenant->getKey())
->where('type', 'policy.sync')
->count())->toBe(1);
});
it('queues row policy sync and creates a canonical operation run (no Graph calls in request)', function () {
Queue::fake();
bindFailHardGraphClient();
[$user, $tenant] = createUserWithTenant(role: 'owner');
$this->actingAs($user);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
$policy = Policy::factory()->create([
'tenant_id' => $tenant->getKey(),
'ignored_at' => null,
]);
Livewire::test(ListPolicies::class)
->callTableAction('sync', $policy)
->assertHasNoTableActionErrors();
$run = OperationRun::query()
->where('tenant_id', $tenant->getKey())
->where('type', 'policy.sync_one')
->latest('id')
->first();
expect($run)->not->toBeNull();
expect($run?->status)->toBe('queued');
expect($run?->context)->toMatchArray([
'scope' => 'one',
'policy_id' => (int) $policy->getKey(),
]);
Queue::assertPushed(SyncPoliciesJob::class, function (SyncPoliciesJob $job) use ($tenant, $run, $policy): bool {
return $job->tenantId === (int) $tenant->getKey()
&& $job->types === null
&& $job->policyIds === [(int) $policy->getKey()]
&& $job->operationRun instanceof OperationRun
&& (int) $job->operationRun->getKey() === (int) $run?->getKey();
});
});
it('queues bulk policy sync and creates a canonical operation run (no Graph calls in request)', function () {
Queue::fake();
bindFailHardGraphClient();
[$user, $tenant] = createUserWithTenant(role: 'owner');
$this->actingAs($user);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
$policies = Policy::factory()->count(2)->create([
'tenant_id' => $tenant->getKey(),
'ignored_at' => null,
]);
Livewire::test(ListPolicies::class)
->callTableBulkAction('bulk_sync', $policies)
->assertHasNoTableBulkActionErrors();
$selectedIds = $policies
->pluck('id')
->map(static fn ($id): int => (int) $id)
->sort()
->values()
->all();
$run = OperationRun::query()
->where('tenant_id', $tenant->getKey())
->where('type', 'policy.sync')
->latest('id')
->first();
expect($run)->not->toBeNull();
expect($run?->status)->toBe('queued');
expect($run?->context)->toMatchArray([
'scope' => 'subset',
'policy_ids' => $selectedIds,
]);
Queue::assertPushed(SyncPoliciesJob::class, function (SyncPoliciesJob $job) use ($tenant, $run, $selectedIds): bool {
return $job->tenantId === (int) $tenant->getKey()
&& $job->types === null
&& $job->policyIds === $selectedIds
&& $job->operationRun instanceof OperationRun
&& (int) $job->operationRun->getKey() === (int) $run?->getKey();
});
});
it('hides policy sync start action for readonly users', function () {
Queue::fake();
[$user, $tenant] = createUserWithTenant(role: 'readonly');
$this->actingAs($user);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
Livewire::test(ListPolicies::class)
->assertActionHidden('sync');
Queue::assertNothingPushed();
});
Reference in New Issue View Git Blame Copy Permalink