ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
788efee1c2
TenantAtlas/apps/platform/tests/Feature/Filament/BaselineSnapshotRbacRoleDefinitionsTest.php
ahmido 788efee1c2 feat(baselines): implement baseline matching canonicalization (#453) 
Replaced legacy tenant and environment bindings in the BaselineDriftEngine with the new ProviderResourceIdentity framework as defined in Spec 382. This ensures cross-environment compatibility and deterministic baseline matching.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #453
2026-06-15 22:48:48 +00:00

64 lines
2.2 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Filament\Resources\BaselineSnapshotResource;
use App\Models\BaselineProfile;
use App\Models\BaselineSnapshot;
use App\Models\BaselineSnapshotItem;
use App\Support\Baselines\BaselineSubjectKey;
use App\Support\Baselines\SubjectClass;
it('shows captured intune rbac role definition references on the baseline snapshot detail page', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'readonly');
$profile = BaselineProfile::factory()->active()->create([
'workspace_id' => (int) $tenant->workspace_id,
]);
$snapshot = BaselineSnapshot::factory()->create([
'workspace_id' => (int) $tenant->workspace_id,
'baseline_profile_id' => (int) $profile->getKey(),
]);
$rbacSubjectKey = baselineProviderResourceSubjectKeyForTest(
'intuneRoleDefinition',
'role-def-1',
SubjectClass::FoundationBacked,
);
BaselineSnapshotItem::factory()->create([
'baseline_snapshot_id' => (int) $snapshot->getKey(),
'subject_type' => 'policy',
'subject_external_id' => BaselineSubjectKey::workspaceSafeSubjectExternalId('intuneRoleDefinition', $rbacSubjectKey),
'subject_key' => $rbacSubjectKey,
'policy_type' => 'intuneRoleDefinition',
'baseline_hash' => hash('sha256', 'rbac-content'),
'meta_jsonb' => [
'display_name' => 'Security Reader',
'evidence' => [
'observed_at' => '2026-03-09T10:00:00+00:00',
],
'identity' => [
'strategy' => 'provider_resource',
],
'version_reference' => [
'policy_version_id' => 42,
],
'rbac' => [
'is_built_in' => false,
'role_permission_count' => 2,
],
],
]);
$this->actingAs($user)
->get(BaselineSnapshotResource::getUrl('view', ['record' => $snapshot], panel: 'admin'))
->assertOk()
->assertSee('Intune RBAC Role Definition')
->assertSee('Security Reader')
->assertSee('Custom')
->assertSee('Role definition ID')
->assertSee('Policy version #42')
->assertSee('2');
});
Reference in New Issue View Git Blame Copy Permalink