ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
6d14d2544f
TenantAtlas/tests/Feature/Filament/HousekeepingTest.php
Ahmed Darrazi 6d14d2544f feat: TenantPilot v1 - Complete implementation (Phases 1-12) 
Complete implementation of TenantPilot v1 Intune Management Platform with
comprehensive backup, versioning, and restore capabilities.

CONSTITUTION & SPEC
- Ratified constitution v1.0.0 with 7 core principles
- Complete spec.md with 7 user stories (US1-7)
- Detailed plan.md with constitution compliance check
- Task breakdown with 125+ tasks across 12 phases

CORE FEATURES (US1-4)
- Policy inventory with Graph-based sync (US1)
- Backup creation with immutable JSONB snapshots (US2)
- Version history with diff viewer (human + JSON) (US3)
- Defensive restore with preview/dry-run (US4)

TENANT MANAGEMENT (US6-7)
- Full tenant CRUD with Entra ID app configuration
- Admin consent callback flow integration
- Tenant connectivity verification
- Permission health status monitoring
- 'Highlander' pattern: single current tenant with is_current flag

GRAPH ABSTRACTION
- Complete isolation layer (7 classes)
- GraphClientInterface with mockable implementations
- Error mapping, logging, and standardized responses
- Rate-limit aware design

DOMAIN SERVICES
- BackupService: immutable snapshot creation
- RestoreService: preview, selective restore, conflict detection
- VersionService: immutable version capture
- VersionDiff: human-readable and structured diffs
- PolicySyncService: Graph-based policy import
- TenantConfigService: connectivity testing
- TenantPermissionService: permission health checks
- AuditLogger: comprehensive audit trail

DATA MODEL
- 11 migrations with tenant-aware schema
- 8 Eloquent models with proper relationships
- SoftDeletes on Tenant, BackupSet, BackupItem, PolicyVersion, RestoreRun
- JSONB storage for snapshots, metadata, permissions
- Encrypted storage for client secrets
- Partial unique index for is_current tenant

FILAMENT ADMIN UI
- 5 main resources: Tenant, Policy, PolicyVersion, BackupSet, RestoreRun
- RelationManagers: Versions (Policy), BackupItems (BackupSet)
- Actions: Verify config, Admin consent, Make current, Delete/Force delete
- Filters: Status, Type, Platform, Archive state
- Permission panel with status indicators
- ActionGroup pattern for cleaner row actions

HOUSEKEEPING (Phases 10-12)
- Soft delete with archive status for all entities
- Force delete protection (blocks if dependencies exist)
- Tenant deactivation with cascade prevention
- Audit logging for all delete operations

TESTING
- 36 tests passing (125 assertions, 11.21s)
- Feature tests: Policy, Backup, Restore, Version, Tenant, Housekeeping
- Unit tests: VersionDiff, TenantCurrent, Permissions, Scopes
- Full TDD coverage for critical flows

CONFIGURATION
- config/tenantpilot.php: 10+ policy types with metadata
- config/intune_permissions.php: required Graph permissions
- config/graph.php: Graph client configuration

SAFETY & COMPLIANCE
- Constitution compliance: 7/7 principles ✓
- Safety-first operations: preview, confirmation, validation
- Immutable versioning: no in-place modifications
- Defensive restore: dry-run, selective, conflict detection
- Comprehensive auditability: all critical operations logged
- Tenant-aware architecture: multi-tenant ready
- Graph abstraction: isolated, mockable, testable
- Spec-driven development: spec → plan → tasks → implementation

OPERATIONAL READINESS
- Laravel Sail for local development
- Dokploy deployment documentation
- Queue/worker ready architecture
- Migration safety notes
- Environment variable documentation

Tests: 36 passed
Duration: 11.21s
Status: Production-ready (98% complete)
2025-12-12 02:27:54 +01:00

327 lines
9.4 KiB
PHP
Raw Blame History

<?php
use App\Filament\Resources\BackupSetResource\Pages\ListBackupSets;
use App\Filament\Resources\PolicyVersionResource\Pages\ListPolicyVersions;
use App\Filament\Resources\RestoreRunResource\Pages\ListRestoreRuns;
use App\Filament\Resources\TenantResource\Pages\ListTenants;
use App\Models\BackupItem;
use App\Models\BackupSet;
use App\Models\Policy;
use App\Models\PolicyVersion;
use App\Models\RestoreRun;
use App\Models\Tenant;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Livewire\Livewire;
uses(RefreshDatabase::class);
test('backup set can be archived when unused', function () {
$tenant = Tenant::create([
'tenant_id' => 'tenant-1',
'name' => 'Tenant',
]);
$backupSet = BackupSet::create([
'tenant_id' => $tenant->id,
'name' => 'Set 1',
'status' => 'completed',
]);
BackupItem::create([
'tenant_id' => $tenant->id,
'backup_set_id' => $backupSet->id,
'policy_id' => null,
'policy_identifier' => 'policy-1',
'policy_type' => 'deviceConfiguration',
'platform' => 'windows',
'payload' => ['id' => 'policy-1'],
]);
$user = User::factory()->create();
$this->actingAs($user);
Livewire::test(ListBackupSets::class)
->callTableAction('archive', $backupSet);
$this->assertSoftDeleted('backup_sets', ['id' => $backupSet->id]);
$this->assertSoftDeleted('backup_items', ['backup_set_id' => $backupSet->id]);
$this->assertDatabaseHas('audit_logs', [
'resource_type' => 'backup_set',
'resource_id' => (string) $backupSet->id,
'action' => 'backup.deleted',
]);
});
test('backup set archive is blocked when restore runs exist', function () {
$tenant = Tenant::create([
'tenant_id' => 'tenant-2',
'name' => 'Tenant 2',
]);
$backupSet = BackupSet::create([
'tenant_id' => $tenant->id,
'name' => 'Set with restore',
'status' => 'completed',
]);
RestoreRun::create([
'tenant_id' => $tenant->id,
'backup_set_id' => $backupSet->id,
'status' => 'completed',
]);
$user = User::factory()->create();
$this->actingAs($user);
Livewire::test(ListBackupSets::class)
->callTableAction('archive', $backupSet);
$this->assertDatabaseMissing('audit_logs', [
'resource_type' => 'backup_set',
'resource_id' => (string) $backupSet->id,
'action' => 'backup.deleted',
]);
$this->assertDatabaseHas('backup_sets', ['id' => $backupSet->id, 'deleted_at' => null]);
});
test('backup set can be force deleted when trashed and unused', function () {
$tenant = Tenant::create([
'tenant_id' => 'tenant-force',
'name' => 'Tenant Force',
]);
$backupSet = BackupSet::create([
'tenant_id' => $tenant->id,
'name' => 'Set force',
'status' => 'completed',
]);
BackupItem::create([
'tenant_id' => $tenant->id,
'backup_set_id' => $backupSet->id,
'policy_id' => null,
'policy_identifier' => 'policy-force',
'policy_type' => 'deviceConfiguration',
'platform' => 'windows',
'payload' => ['id' => 'policy-force'],
]);
$user = User::factory()->create();
$this->actingAs($user);
Livewire::test(ListBackupSets::class)
->callTableAction('archive', $backupSet)
->set('tableFilters.trashed.value', 1)
->callTableAction('forceDelete', $backupSet);
$this->assertDatabaseMissing('backup_sets', ['id' => $backupSet->id]);
$this->assertDatabaseMissing('backup_items', ['backup_set_id' => $backupSet->id]);
$this->assertDatabaseHas('audit_logs', [
'resource_type' => 'backup_set',
'resource_id' => (string) $backupSet->id,
'action' => 'backup.force_deleted',
]);
});
test('restore run can be archived and force deleted', function () {
$tenant = Tenant::create([
'tenant_id' => 'tenant-restore-run',
'name' => 'Tenant Restore Run',
]);
$backupSet = BackupSet::create([
'tenant_id' => $tenant->id,
'name' => 'Set RR',
'status' => 'completed',
'item_count' => 1,
]);
$restoreRun = RestoreRun::create([
'tenant_id' => $tenant->id,
'backup_set_id' => $backupSet->id,
'status' => 'completed',
'is_dry_run' => true,
]);
$user = User::factory()->create();
$this->actingAs($user);
Livewire::test(ListRestoreRuns::class)
->callTableAction('archive', $restoreRun)
->set('tableFilters.trashed.value', 1)
->callTableAction('forceDelete', $restoreRun);
$this->assertDatabaseMissing('restore_runs', ['id' => $restoreRun->id]);
$this->assertDatabaseHas('audit_logs', [
'resource_type' => 'restore_run',
'resource_id' => (string) $restoreRun->id,
'action' => 'restore_run.force_deleted',
]);
});
test('policy version can be archived with audit log', function () {
$tenant = Tenant::create([
'tenant_id' => 'tenant-3',
'name' => 'Tenant 3',
]);
$policy = Policy::create([
'tenant_id' => $tenant->id,
'external_id' => 'pol-1',
'policy_type' => 'deviceConfiguration',
'display_name' => 'Policy',
]);
$version = PolicyVersion::create([
'tenant_id' => $tenant->id,
'policy_id' => $policy->id,
'version_number' => 1,
'policy_type' => 'deviceConfiguration',
'snapshot' => ['id' => 'pol-1'],
]);
$user = User::factory()->create();
$this->actingAs($user);
Livewire::test(ListPolicyVersions::class)
->callTableAction('archive', $version);
$this->assertSoftDeleted('policy_versions', ['id' => $version->id]);
$this->assertDatabaseHas('audit_logs', [
'resource_type' => 'policy_version',
'resource_id' => (string) $version->id,
'action' => 'policy_version.deleted',
]);
});
test('policy version can be force deleted when trashed', function () {
$tenant = Tenant::create([
'tenant_id' => 'tenant-3b',
'name' => 'Tenant 3b',
]);
$policy = Policy::create([
'tenant_id' => $tenant->id,
'external_id' => 'pol-1b',
'policy_type' => 'deviceConfiguration',
'display_name' => 'Policy B',
]);
$version = PolicyVersion::create([
'tenant_id' => $tenant->id,
'policy_id' => $policy->id,
'version_number' => 1,
'policy_type' => 'deviceConfiguration',
'snapshot' => ['id' => 'pol-1b'],
]);
$user = User::factory()->create();
$this->actingAs($user);
Livewire::test(ListPolicyVersions::class)
->callTableAction('archive', $version)
->set('tableFilters.trashed.value', 1)
->callTableAction('forceDelete', $version);
$this->assertDatabaseMissing('policy_versions', ['id' => $version->id]);
$this->assertDatabaseHas('audit_logs', [
'resource_type' => 'policy_version',
'resource_id' => (string) $version->id,
'action' => 'policy_version.force_deleted',
]);
});
test('tenant can be archived and hidden from default lists', function () {
$tenant = Tenant::create([
'tenant_id' => 'tenant-4',
'name' => 'Tenant 4',
]);
$user = User::factory()->create();
$this->actingAs($user);
Livewire::test(ListTenants::class)
->callTableAction('archive', $tenant);
expect(Tenant::count())->toBe(0);
$this->assertSoftDeleted('tenants', ['id' => $tenant->id]);
$this->assertDatabaseHas('audit_logs', [
'resource_type' => 'tenant',
'resource_id' => (string) $tenant->id,
'action' => 'tenant.archived',
]);
});
test('tenant must be trashed before force delete and removes permanently', function () {
$tenant = Tenant::create([
'tenant_id' => 'tenant-5',
'name' => 'Tenant 5',
]);
$tenant->delete();
$tenant->forceDelete();
$this->assertDatabaseMissing('tenants', ['id' => $tenant->id]);
});
test('tenant table archive filter toggles active and archived tenants', function () {
$active = Tenant::create([
'tenant_id' => 'tenant-active',
'name' => 'Active Tenant',
]);
$archived = Tenant::create([
'tenant_id' => 'tenant-archived',
'name' => 'Archived Tenant',
]);
$archived->delete();
$user = User::factory()->create();
$this->actingAs($user);
$component = Livewire::test(ListTenants::class)
->assertSee($active->name)
->assertSee($archived->name);
$component
->set('tableFilters.trashed.value', null)
->assertSee($active->name)
->assertDontSee($archived->name);
$component
->set('tableFilters.trashed.value', 0)
->assertSee($archived->name)
->assertDontSee($active->name);
});
test('archived tenant can be restored from the table', function () {
$tenant = Tenant::create([
'tenant_id' => 'tenant-restore',
'name' => 'Restore Tenant',
]);
$tenant->delete();
$user = User::factory()->create();
$this->actingAs($user);
Livewire::test(ListTenants::class)
->set('tableFilters.trashed.value', 1)
->callTableAction('restore', $tenant);
$this->assertDatabaseHas('tenants', [
'id' => $tenant->id,
'deleted_at' => null,
'status' => 'active',
]);
$this->assertDatabaseHas('audit_logs', [
'resource_type' => 'tenant',
'resource_id' => (string) $tenant->id,
'action' => 'tenant.restored',
]);
});
Reference in New Issue View Git Blame Copy Permalink