ahmido
6f8eb28ca2
## Summary - add the Spec 180 tenant backup-health resolver and value objects to derive absent, stale, degraded, healthy, and schedule-follow-up posture from existing backup and schedule truth - surface backup posture and reason-driven drillthroughs in the tenant dashboard and preserve continuity on backup-set and backup-schedule destinations - add deterministic local/testing browser-fixture seeding plus a local fixture-login helper for the blocked drillthrough `403` scenario, along with the related spec artifacts and focused regression coverage ## Testing - `vendor/bin/sail artisan test --compact tests/Feature/Auth/BackupHealthBrowserFixtureLoginTest.php tests/Feature/Console/TenantpilotSeedBackupHealthBrowserFixtureCommandTest.php` - `vendor/bin/sail artisan test --compact tests/Unit/Support/BackupHealth/TenantBackupHealthResolverTest.php tests/Feature/Filament/DashboardKpisWidgetTest.php tests/Feature/Filament/NeedsAttentionWidgetTest.php tests/Feature/Filament/TenantDashboardTruthAlignmentTest.php tests/Feature/Filament/TenantDashboardTenantScopeTest.php tests/Feature/Filament/TenantDashboardDbOnlyTest.php tests/Feature/Filament/BackupSetListContinuityTest.php tests/Feature/Filament/BackupSetEnterpriseDetailPageTest.php tests/Feature/BackupScheduling/BackupScheduleLifecycleTest.php tests/Feature/Auth/BackupHealthBrowserFixtureLoginTest.php tests/Feature/Console/TenantpilotSeedBackupHealthBrowserFixtureCommandTest.php` ## Notes - Filament v5 / Livewire v4 compliant; no panel-provider change was needed, so `bootstrap/providers.php` remains unchanged - no new globally searchable resource was introduced, so global-search behavior is unchanged - no new destructive action was added; existing destructive actions and confirmation behavior remain unchanged - no new asset registration was added; the existing deploy-time `php artisan filament:assets` step remains sufficient - the local fixture login helper route is limited to `local` and `testing` environments - the focused and broader Spec 180 packs are green; the full suite was not rerun after these changes Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #212
408 lines
14 KiB
PHP
408 lines
14 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\Resources\BackupScheduleResource;
|
|
use App\Filament\Resources\BackupSetResource;
|
|
use App\Filament\Resources\FindingResource;
|
|
use App\Filament\Widgets\Dashboard\DashboardKpis;
|
|
use App\Filament\Widgets\Dashboard\NeedsAttention;
|
|
use App\Models\BackupItem;
|
|
use App\Models\BackupSchedule;
|
|
use App\Models\BackupSet;
|
|
use App\Models\Finding;
|
|
use App\Models\OperationRun;
|
|
use App\Support\Auth\Capabilities;
|
|
use App\Support\BackupHealth\TenantBackupHealthAssessment;
|
|
use App\Support\OperationRunLinks;
|
|
use App\Support\OperationRunOutcome;
|
|
use App\Support\OperationRunStatus;
|
|
use App\Support\Rbac\UiTooltips;
|
|
use Carbon\CarbonImmutable;
|
|
use Filament\Facades\Filament;
|
|
use Filament\Widgets\StatsOverviewWidget\Stat;
|
|
use Illuminate\Support\Facades\Gate;
|
|
use Livewire\Livewire;
|
|
|
|
/**
|
|
* @return array<string, array{value:string,description:string|null,url:string|null}>
|
|
*/
|
|
function dashboardKpiStatPayloads($component): array
|
|
{
|
|
$method = new ReflectionMethod(DashboardKpis::class, 'getStats');
|
|
$method->setAccessible(true);
|
|
|
|
return collect($method->invoke($component->instance()))
|
|
->mapWithKeys(fn (Stat $stat): array => [
|
|
(string) $stat->getLabel() => [
|
|
'value' => (string) $stat->getValue(),
|
|
'description' => $stat->getDescription(),
|
|
'url' => $stat->getUrl(),
|
|
],
|
|
])
|
|
->all();
|
|
}
|
|
|
|
/**
|
|
* @return array{value:string,description:string|null,url:string|null}
|
|
*/
|
|
function backupPostureStatPayload(\App\Models\Tenant $tenant): array
|
|
{
|
|
Filament::setCurrentPanel(Filament::getPanel('tenant'));
|
|
Filament::setTenant($tenant, true);
|
|
|
|
return dashboardKpiStatPayloads(Livewire::test(DashboardKpis::class))['Backup posture'];
|
|
}
|
|
|
|
function makeBackupHealthScheduleForKpi(\App\Models\Tenant $tenant, array $attributes = []): BackupSchedule
|
|
{
|
|
return BackupSchedule::query()->create(array_merge([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'name' => 'KPI schedule',
|
|
'is_enabled' => true,
|
|
'timezone' => 'UTC',
|
|
'frequency' => 'daily',
|
|
'time_of_day' => '01:00:00',
|
|
'days_of_week' => null,
|
|
'policy_types' => ['deviceConfiguration'],
|
|
'include_foundations' => true,
|
|
'retention_keep_last' => 30,
|
|
'next_run_at' => now()->addHour(),
|
|
], $attributes));
|
|
}
|
|
|
|
afterEach(function (): void {
|
|
CarbonImmutable::setTestNow();
|
|
});
|
|
|
|
it('aligns dashboard KPI counts and drill-throughs to canonical findings and operations semantics', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
$this->actingAs($user);
|
|
|
|
Finding::factory()->for($tenant)->create([
|
|
'finding_type' => Finding::FINDING_TYPE_DRIFT,
|
|
'status' => Finding::STATUS_NEW,
|
|
'severity' => Finding::SEVERITY_LOW,
|
|
]);
|
|
|
|
Finding::factory()->for($tenant)->create([
|
|
'finding_type' => Finding::FINDING_TYPE_DRIFT,
|
|
'status' => Finding::STATUS_TRIAGED,
|
|
'severity' => Finding::SEVERITY_MEDIUM,
|
|
]);
|
|
|
|
Finding::factory()->for($tenant)->create([
|
|
'finding_type' => Finding::FINDING_TYPE_DRIFT,
|
|
'status' => Finding::STATUS_REOPENED,
|
|
'severity' => Finding::SEVERITY_CRITICAL,
|
|
]);
|
|
|
|
Finding::factory()->for($tenant)->create([
|
|
'finding_type' => Finding::FINDING_TYPE_PERMISSION_POSTURE,
|
|
'status' => Finding::STATUS_IN_PROGRESS,
|
|
'severity' => Finding::SEVERITY_HIGH,
|
|
]);
|
|
|
|
Finding::factory()->for($tenant)->create([
|
|
'finding_type' => Finding::FINDING_TYPE_DRIFT,
|
|
'status' => Finding::STATUS_RESOLVED,
|
|
'severity' => Finding::SEVERITY_HIGH,
|
|
]);
|
|
|
|
OperationRun::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'type' => 'inventory_sync',
|
|
'status' => OperationRunStatus::Queued->value,
|
|
'outcome' => OperationRunOutcome::Pending->value,
|
|
'created_at' => now()->subMinute(),
|
|
]);
|
|
|
|
OperationRun::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'type' => 'inventory_sync',
|
|
'status' => OperationRunStatus::Queued->value,
|
|
'outcome' => OperationRunOutcome::Pending->value,
|
|
'created_at' => now()->subHour(),
|
|
]);
|
|
|
|
OperationRun::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'type' => 'policy.sync',
|
|
'status' => OperationRunStatus::Completed->value,
|
|
'outcome' => OperationRunOutcome::PartiallySucceeded->value,
|
|
]);
|
|
|
|
OperationRun::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'type' => 'policy.sync',
|
|
'status' => OperationRunStatus::Completed->value,
|
|
'outcome' => OperationRunOutcome::Failed->value,
|
|
]);
|
|
|
|
Filament::setCurrentPanel(Filament::getPanel('tenant'));
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$stats = dashboardKpiStatPayloads(Livewire::test(DashboardKpis::class));
|
|
|
|
expect($stats)->toMatchArray([
|
|
'Open drift findings' => [
|
|
'value' => '3',
|
|
'description' => 'active drift workflow items',
|
|
'url' => FindingResource::getUrl('index', [
|
|
'tab' => 'needs_action',
|
|
'finding_type' => Finding::FINDING_TYPE_DRIFT,
|
|
], panel: 'tenant', tenant: $tenant),
|
|
],
|
|
'High severity active findings' => [
|
|
'value' => '2',
|
|
'description' => 'high or critical findings needing review',
|
|
'url' => FindingResource::getUrl('index', [
|
|
'tab' => 'needs_action',
|
|
'high_severity' => 1,
|
|
], panel: 'tenant', tenant: $tenant),
|
|
],
|
|
'Active operations' => [
|
|
'value' => '1',
|
|
'description' => 'healthy queued or running tenant work',
|
|
'url' => OperationRunLinks::index($tenant, activeTab: 'active'),
|
|
],
|
|
'Likely stale operations' => [
|
|
'value' => '1',
|
|
'description' => 'queued or running past the lifecycle window',
|
|
'url' => OperationRunLinks::index(
|
|
$tenant,
|
|
activeTab: OperationRun::PROBLEM_CLASS_ACTIVE_STALE_ATTENTION,
|
|
problemClass: OperationRun::PROBLEM_CLASS_ACTIVE_STALE_ATTENTION,
|
|
),
|
|
],
|
|
'Terminal follow-up operations' => [
|
|
'value' => '2',
|
|
'description' => 'blocked, partial, failed, or auto-reconciled runs',
|
|
'url' => OperationRunLinks::index(
|
|
$tenant,
|
|
activeTab: OperationRun::PROBLEM_CLASS_TERMINAL_FOLLOW_UP,
|
|
problemClass: OperationRun::PROBLEM_CLASS_TERMINAL_FOLLOW_UP,
|
|
),
|
|
],
|
|
]);
|
|
});
|
|
|
|
it('keeps findings KPI truth visible while disabling dead-end drill-throughs for members without findings access', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
$this->actingAs($user);
|
|
|
|
Finding::factory()->for($tenant)->create([
|
|
'finding_type' => Finding::FINDING_TYPE_DRIFT,
|
|
'status' => Finding::STATUS_NEW,
|
|
'severity' => Finding::SEVERITY_CRITICAL,
|
|
]);
|
|
|
|
Gate::define(Capabilities::TENANT_FINDINGS_VIEW, fn (): bool => false);
|
|
|
|
Filament::setCurrentPanel(Filament::getPanel('tenant'));
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$stats = dashboardKpiStatPayloads(Livewire::test(DashboardKpis::class));
|
|
|
|
expect($stats['Open drift findings'])->toMatchArray([
|
|
'value' => '1',
|
|
'description' => UiTooltips::INSUFFICIENT_PERMISSION,
|
|
'url' => null,
|
|
]);
|
|
|
|
expect($stats['High severity active findings'])->toMatchArray([
|
|
'value' => '1',
|
|
'description' => UiTooltips::INSUFFICIENT_PERMISSION,
|
|
'url' => null,
|
|
]);
|
|
});
|
|
|
|
it('shows absent backup posture and routes the KPI to the backup-set list', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(ensureDefaultMicrosoftProviderConnection: false);
|
|
$this->actingAs($user);
|
|
|
|
$stat = backupPostureStatPayload($tenant);
|
|
|
|
expect($stat)->toMatchArray([
|
|
'value' => 'Absent',
|
|
'url' => BackupSetResource::getUrl('index', [
|
|
'backup_health_reason' => TenantBackupHealthAssessment::REASON_NO_BACKUP_BASIS,
|
|
], panel: 'tenant', tenant: $tenant),
|
|
]);
|
|
|
|
expect($stat['description'])->toContain('Create or finish a backup set');
|
|
});
|
|
|
|
it('shows stale backup posture and routes the KPI to the latest backup detail', function (): void {
|
|
CarbonImmutable::setTestNow(CarbonImmutable::create(2026, 4, 7, 12, 0, 0, 'UTC'));
|
|
|
|
[$user, $tenant] = createUserWithTenant(ensureDefaultMicrosoftProviderConnection: false);
|
|
$this->actingAs($user);
|
|
|
|
$backupSet = BackupSet::factory()->for($tenant)->create([
|
|
'name' => 'Stale latest backup',
|
|
'item_count' => 1,
|
|
'completed_at' => now()->subDays(2),
|
|
]);
|
|
|
|
BackupItem::factory()->for($tenant)->for($backupSet)->create([
|
|
'payload' => ['id' => 'policy-stale'],
|
|
'metadata' => [],
|
|
'assignments' => [],
|
|
]);
|
|
|
|
$stat = backupPostureStatPayload($tenant);
|
|
|
|
expect($stat)->toMatchArray([
|
|
'value' => 'Stale',
|
|
'url' => BackupSetResource::getUrl('view', [
|
|
'record' => (int) $backupSet->getKey(),
|
|
'backup_health_reason' => TenantBackupHealthAssessment::REASON_LATEST_BACKUP_STALE,
|
|
], panel: 'tenant', tenant: $tenant),
|
|
]);
|
|
|
|
expect($stat['description'])->toContain('2 days');
|
|
});
|
|
|
|
it('shows degraded backup posture and routes the KPI to the latest backup detail', function (): void {
|
|
CarbonImmutable::setTestNow(CarbonImmutable::create(2026, 4, 7, 12, 0, 0, 'UTC'));
|
|
|
|
[$user, $tenant] = createUserWithTenant(ensureDefaultMicrosoftProviderConnection: false);
|
|
$this->actingAs($user);
|
|
|
|
$backupSet = BackupSet::factory()->for($tenant)->create([
|
|
'name' => 'Degraded latest backup',
|
|
'item_count' => 1,
|
|
'completed_at' => now()->subMinutes(45),
|
|
]);
|
|
|
|
BackupItem::factory()->for($tenant)->for($backupSet)->create([
|
|
'payload' => [],
|
|
'metadata' => [
|
|
'source' => 'metadata_only',
|
|
'assignments_fetch_failed' => true,
|
|
],
|
|
'assignments' => [],
|
|
]);
|
|
|
|
$stat = backupPostureStatPayload($tenant);
|
|
|
|
expect($stat)->toMatchArray([
|
|
'value' => 'Degraded',
|
|
'url' => BackupSetResource::getUrl('view', [
|
|
'record' => (int) $backupSet->getKey(),
|
|
'backup_health_reason' => TenantBackupHealthAssessment::REASON_LATEST_BACKUP_DEGRADED,
|
|
], panel: 'tenant', tenant: $tenant),
|
|
]);
|
|
|
|
expect($stat['description'])->toContain('degraded input quality');
|
|
});
|
|
|
|
it('shows healthy backup posture when the latest backup is recent and clean', function (): void {
|
|
CarbonImmutable::setTestNow(CarbonImmutable::create(2026, 4, 7, 12, 0, 0, 'UTC'));
|
|
|
|
[$user, $tenant] = createUserWithTenant(ensureDefaultMicrosoftProviderConnection: false);
|
|
$this->actingAs($user);
|
|
|
|
$backupSet = BackupSet::factory()->for($tenant)->create([
|
|
'name' => 'Healthy latest backup',
|
|
'item_count' => 1,
|
|
'completed_at' => now()->subMinutes(20),
|
|
]);
|
|
|
|
BackupItem::factory()->for($tenant)->for($backupSet)->create([
|
|
'payload' => ['id' => 'healthy-policy'],
|
|
'metadata' => [],
|
|
'assignments' => [],
|
|
]);
|
|
|
|
$stat = backupPostureStatPayload($tenant);
|
|
|
|
expect($stat)->toMatchArray([
|
|
'value' => 'Healthy',
|
|
'url' => null,
|
|
]);
|
|
|
|
expect($stat['description'])->toContain('20 minutes');
|
|
});
|
|
|
|
it('keeps the posture healthy but routes the KPI to schedules when backup automation needs follow-up', function (): void {
|
|
CarbonImmutable::setTestNow(CarbonImmutable::create(2026, 4, 7, 12, 0, 0, 'UTC'));
|
|
|
|
[$user, $tenant] = createUserWithTenant(ensureDefaultMicrosoftProviderConnection: false);
|
|
$this->actingAs($user);
|
|
|
|
$backupSet = BackupSet::factory()->for($tenant)->create([
|
|
'name' => 'Healthy latest backup',
|
|
'item_count' => 1,
|
|
'completed_at' => now()->subMinutes(15),
|
|
]);
|
|
|
|
BackupItem::factory()->for($tenant)->for($backupSet)->create([
|
|
'payload' => ['id' => 'healthy-policy'],
|
|
'metadata' => [],
|
|
'assignments' => [],
|
|
]);
|
|
|
|
makeBackupHealthScheduleForKpi($tenant, [
|
|
'name' => 'Overdue KPI schedule',
|
|
'last_run_at' => null,
|
|
'last_run_status' => null,
|
|
'next_run_at' => now()->subHours(2),
|
|
]);
|
|
|
|
$stat = backupPostureStatPayload($tenant);
|
|
|
|
expect($stat)->toMatchArray([
|
|
'value' => 'Healthy',
|
|
'url' => BackupScheduleResource::getUrl('index', [
|
|
'backup_health_reason' => TenantBackupHealthAssessment::REASON_SCHEDULE_FOLLOW_UP,
|
|
], panel: 'tenant', tenant: $tenant),
|
|
]);
|
|
|
|
expect($stat['description'])->toContain('not produced a successful run');
|
|
});
|
|
|
|
it('keeps backup posture truth visible while disabling backup drill-throughs for members without backup view access', function (): void {
|
|
CarbonImmutable::setTestNow(CarbonImmutable::create(2026, 4, 7, 12, 0, 0, 'UTC'));
|
|
|
|
[$user, $tenant] = createUserWithTenant(ensureDefaultMicrosoftProviderConnection: false);
|
|
$this->actingAs($user);
|
|
|
|
$backupSet = BackupSet::factory()->for($tenant)->create([
|
|
'name' => 'Stale inaccessible backup',
|
|
'item_count' => 1,
|
|
'completed_at' => now()->subDays(2),
|
|
]);
|
|
|
|
BackupItem::factory()->for($tenant)->for($backupSet)->create([
|
|
'payload' => ['id' => 'policy-stale'],
|
|
'metadata' => [],
|
|
'assignments' => [],
|
|
]);
|
|
|
|
Gate::define(Capabilities::TENANT_VIEW, fn (): bool => false);
|
|
|
|
$stat = backupPostureStatPayload($tenant);
|
|
|
|
expect($stat)->toMatchArray([
|
|
'value' => 'Stale',
|
|
'url' => null,
|
|
]);
|
|
|
|
expect($stat['description'])
|
|
->toContain('2 days')
|
|
->toContain(UiTooltips::INSUFFICIENT_PERMISSION);
|
|
|
|
Filament::setCurrentPanel(Filament::getPanel('tenant'));
|
|
Filament::setTenant($tenant, true);
|
|
|
|
Livewire::test(NeedsAttention::class)
|
|
->assertSee('Latest backup is stale')
|
|
->assertSee(UiTooltips::INSUFFICIENT_PERMISSION);
|
|
});
|