ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
788efee1c2
TenantAtlas/apps/platform/tests/Feature/Filament/BaselineSnapshotStructuredRenderingTest.php
ahmido 788efee1c2 feat(baselines): implement baseline matching canonicalization (#453) 
Replaced legacy tenant and environment bindings in the BaselineDriftEngine with the new ProviderResourceIdentity framework as defined in Spec 382. This ensures cross-environment compatibility and deterministic baseline matching.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #453
2026-06-15 22:48:48 +00:00

126 lines
5.1 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Filament\Resources\BaselineProfileResource;
use App\Filament\Resources\BaselineSnapshotResource;
use App\Models\BaselineProfile;
use App\Models\BaselineSnapshot;
use App\Models\BaselineSnapshotItem;
use App\Support\Baselines\BaselineSubjectKey;
use App\Support\Baselines\SubjectClass;
it('renders the baseline snapshot detail page as summary-first with grouped governed-subject browsing', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'readonly');
$profile = BaselineProfile::factory()->active()->create([
'workspace_id' => (int) $tenant->workspace_id,
'name' => 'Security Baseline',
]);
$snapshot = BaselineSnapshot::factory()->create([
'workspace_id' => (int) $tenant->workspace_id,
'baseline_profile_id' => (int) $profile->getKey(),
'summary_jsonb' => [
'total_items' => 3,
'policy_type_counts' => [
'intuneRoleDefinition' => 1,
'deviceCompliancePolicy' => 1,
'mysteryPolicyType' => 1,
],
'fidelity_counts' => ['content' => 2, 'meta' => 1],
'gaps' => ['count' => 1, 'by_reason' => ['meta_fallback' => 1]],
],
]);
$rbacSubjectKey = baselineProviderResourceSubjectKeyForTest(
'intuneRoleDefinition',
'security-reader',
SubjectClass::FoundationBacked,
);
$complianceSubjectKey = baselineProviderResourceSubjectKeyForTest('deviceCompliancePolicy', 'bitlocker-require');
$fallbackSubjectKey = baselineProviderResourceSubjectKeyForTest('mysteryPolicyType', 'mystery-policy');
BaselineSnapshotItem::factory()->create([
'baseline_snapshot_id' => (int) $snapshot->getKey(),
'policy_type' => 'intuneRoleDefinition',
'subject_key' => $rbacSubjectKey,
'subject_external_id' => BaselineSubjectKey::workspaceSafeSubjectExternalId('intuneRoleDefinition', $rbacSubjectKey),
'meta_jsonb' => [
'display_name' => 'Security Reader',
'evidence' => [
'fidelity' => 'content',
'source' => 'policy_version',
'observed_at' => '2026-03-09T12:00:00+00:00',
],
'identity' => ['strategy' => 'provider_resource'],
'rbac' => [
'is_built_in' => false,
'role_permission_count' => 2,
],
'version_reference' => ['policy_version_id' => 42],
],
]);
BaselineSnapshotItem::factory()->create([
'baseline_snapshot_id' => (int) $snapshot->getKey(),
'policy_type' => 'deviceCompliancePolicy',
'subject_key' => $complianceSubjectKey,
'subject_external_id' => BaselineSubjectKey::workspaceSafeSubjectExternalId('deviceCompliancePolicy', $complianceSubjectKey),
'meta_jsonb' => [
'display_name' => 'Bitlocker Require',
'platform' => 'windows',
'assignment_target_count' => 3,
'evidence' => [
'fidelity' => 'meta',
'source' => 'inventory',
'observed_at' => '2026-03-09T11:00:00+00:00',
],
],
]);
BaselineSnapshotItem::factory()->create([
'baseline_snapshot_id' => (int) $snapshot->getKey(),
'policy_type' => 'mysteryPolicyType',
'subject_key' => $fallbackSubjectKey,
'subject_external_id' => BaselineSubjectKey::workspaceSafeSubjectExternalId('mysteryPolicyType', $fallbackSubjectKey),
'meta_jsonb' => [
'display_name' => 'Mystery Policy',
'platform' => 'windows',
'evidence' => [
'fidelity' => 'content',
'source' => 'policy_version',
'observed_at' => '2026-03-09T10:00:00+00:00',
],
],
]);
$this->actingAs($user)
->get(BaselineSnapshotResource::getUrl('view', ['record' => $snapshot], panel: 'admin'))
->assertOk()
->assertSee('Outcome summary')
->assertSee('Snapshot status')
->assertSee('Outcome details')
->assertSee('Coverage')
->assertSee('Capture timing')
->assertSee('Related context')
->assertSee(BaselineProfileResource::getUrl('view', ['record' => $profile], panel: 'admin'), false)
->assertSeeInOrder(['Outcome summary', 'Coverage summary', 'Captured governed subjects', 'Technical detail'])
->assertSee('Security Reader')
->assertSee('Bitlocker Require')
->assertSee('Mystery Policy')
->assertSee('Intune RBAC Role Definition')
->assertSee('Device Compliance')
->assertSee('Mystery Policy Type')
->assertSee('Governed subject')
->assertDontSee('Artifact truth')
->assertDontSee('Intune RBAC Role Definition References');
$this->actingAs($user)
->get(BaselineSnapshotResource::getUrl(panel: 'admin'))
->assertOk()
->assertSee('View baseline profile')
->assertSee(BaselineSnapshotResource::getUrl('view', ['record' => $snapshot], panel: 'admin'))
->assertDontSee('>View<', escape: false);
});
Reference in New Issue View Git Blame Copy Permalink