ahmido
788efee1c2
Replaced legacy tenant and environment bindings in the BaselineDriftEngine with the new ProviderResourceIdentity framework as defined in Spec 382. This ensures cross-environment compatibility and deterministic baseline matching. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #453
141 lines
5.3 KiB
PHP
141 lines
5.3 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Database\Factories;
|
|
|
|
use App\Models\ManagedEnvironment;
|
|
use App\Models\ProviderResourceBinding;
|
|
use App\Models\User;
|
|
use App\Support\Baselines\BaselineSubjectKey;
|
|
use App\Support\Baselines\SubjectClass;
|
|
use App\Support\Resources\ProviderResourceBindingStatus;
|
|
use App\Support\Resources\ProviderResourceResolutionMode;
|
|
use App\Support\Resources\ResourceIdentity;
|
|
use Illuminate\Database\Eloquent\Factories\Factory;
|
|
|
|
/**
|
|
* @extends Factory<ProviderResourceBinding>
|
|
*/
|
|
class ProviderResourceBindingFactory extends Factory
|
|
{
|
|
protected $model = ProviderResourceBinding::class;
|
|
|
|
/**
|
|
* @return array<string, mixed>
|
|
*/
|
|
public function definition(): array
|
|
{
|
|
$identity = ResourceIdentity::providerResource('fake-provider', 'policy', fake()->uuid());
|
|
$subjectDomain = 'baseline';
|
|
$subjectClass = SubjectClass::PolicyBacked;
|
|
$subjectTypeKey = 'deviceConfiguration';
|
|
|
|
return [
|
|
'managed_environment_id' => ManagedEnvironment::factory(),
|
|
'workspace_id' => function (array $attributes): int {
|
|
$tenantId = $attributes['managed_environment_id'] ?? null;
|
|
|
|
if (! is_numeric($tenantId)) {
|
|
return (int) ManagedEnvironment::factory()->create()->workspace_id;
|
|
}
|
|
|
|
$tenant = ManagedEnvironment::query()->whereKey((int) $tenantId)->firstOrFail();
|
|
|
|
return (int) $tenant->workspace_id;
|
|
},
|
|
'provider_key' => $identity->providerKey,
|
|
'provider_connection_id' => null,
|
|
'subject_domain' => $subjectDomain,
|
|
'subject_class' => $subjectClass->value,
|
|
'subject_type_key' => $subjectTypeKey,
|
|
'canonical_subject_key' => BaselineSubjectKey::forProviderResourceIdentity(
|
|
$subjectDomain,
|
|
$subjectClass,
|
|
$subjectTypeKey,
|
|
$identity,
|
|
),
|
|
'provider_resource_type' => $identity->providerResourceType,
|
|
'provider_resource_id' => $identity->providerResourceId,
|
|
'provider_resource_discriminator' => $identity->canonicalDiscriminator,
|
|
'provider_resource_identity_kind' => $identity->identityKind,
|
|
'provider_resource_fingerprint' => $identity->fingerprint(),
|
|
'display_label' => fake()->words(3, true),
|
|
'binding_status' => ProviderResourceBindingStatus::Active->value,
|
|
'resolution_mode' => ProviderResourceResolutionMode::ExactProviderIdentity->value,
|
|
'resolution_reason' => null,
|
|
'operator_note' => 'Binding decision recorded for test coverage.',
|
|
'source_operation_run_id' => null,
|
|
'source_baseline_snapshot_id' => null,
|
|
'source_inventory_item_id' => null,
|
|
'source_policy_version_id' => null,
|
|
'decided_by_user_id' => User::factory(),
|
|
'decided_at' => now(),
|
|
'ended_at' => null,
|
|
];
|
|
}
|
|
|
|
public function fakeProvider(): static
|
|
{
|
|
return $this->state(fn (): array => [
|
|
'provider_key' => 'fake-provider',
|
|
]);
|
|
}
|
|
|
|
public function providerResource(?ResourceIdentity $identity = null): static
|
|
{
|
|
$identity ??= ResourceIdentity::providerResource('fake-provider', 'policy', fake()->uuid());
|
|
|
|
return $this->withIdentity($identity, ProviderResourceResolutionMode::ExactProviderIdentity);
|
|
}
|
|
|
|
public function canonicalBuiltin(?ResourceIdentity $identity = null): static
|
|
{
|
|
$identity ??= ResourceIdentity::canonicalBuiltin('fake-provider', 'target', 'all-principals');
|
|
|
|
return $this->withIdentity($identity, ProviderResourceResolutionMode::CanonicalBuiltin);
|
|
}
|
|
|
|
public function revoked(): static
|
|
{
|
|
return $this->state(fn (): array => [
|
|
'binding_status' => ProviderResourceBindingStatus::Revoked->value,
|
|
'ended_at' => now(),
|
|
]);
|
|
}
|
|
|
|
public function superseded(): static
|
|
{
|
|
return $this->state(fn (): array => [
|
|
'binding_status' => ProviderResourceBindingStatus::Superseded->value,
|
|
'ended_at' => now(),
|
|
]);
|
|
}
|
|
|
|
private function withIdentity(ResourceIdentity $identity, ProviderResourceResolutionMode $resolutionMode): static
|
|
{
|
|
$subjectDomain = 'baseline';
|
|
$subjectClass = SubjectClass::PolicyBacked;
|
|
$subjectTypeKey = 'deviceConfiguration';
|
|
|
|
return $this->state(fn (): array => [
|
|
'provider_key' => $identity->providerKey,
|
|
'subject_domain' => $subjectDomain,
|
|
'subject_class' => $subjectClass->value,
|
|
'subject_type_key' => $subjectTypeKey,
|
|
'canonical_subject_key' => BaselineSubjectKey::forProviderResourceIdentity(
|
|
$subjectDomain,
|
|
$subjectClass,
|
|
$subjectTypeKey,
|
|
$identity,
|
|
),
|
|
'provider_resource_type' => $identity->providerResourceType,
|
|
'provider_resource_id' => $identity->providerResourceId,
|
|
'provider_resource_discriminator' => $identity->canonicalDiscriminator,
|
|
'provider_resource_identity_kind' => $identity->identityKind,
|
|
'provider_resource_fingerprint' => $identity->fingerprint(),
|
|
'resolution_mode' => $resolutionMode->value,
|
|
]);
|
|
}
|
|
}
|