ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
840e4686f9
TenantAtlas/tests/Feature/Filament/GroupPolicyConfigurationHydrationTest.php
ahmido 61b0b1bc23 feat(010): Administrative Templates – restore from PolicyVersion + version visibility (#13) 
Problem: Restore nutzt bisher den Snapshot aus dem BackupSet (BackupItem). Wenn der Snapshot “unvollständig”/nicht der gewünschte Stand ist, landen nach Restore nur wenige Admin-Template-Settings in Intune.
Lösung:
Neue Action “Restore to Intune” direkt an einer konkreten PolicyVersion (inkl. Dry-Run Toggle) → reproduzierbarer Rollback auf exakt diese Version.
Restore-UI zeigt jetzt PolicyVersion-Nummer (version: X) in der Item-Auswahl + BackupSet Items Tabelle hat eine Version-Spalte.
Implementierung:
RestoreService::executeFromPolicyVersion() erzeugt dafür einen kleinen, temporären BackupSet+BackupItem aus der Version und startet einen normalen RestoreRun.
Pest-Test: PolicyVersionRestoreToIntuneTest.php
Specs/TODO:
Offene Follow-ups sind dokumentiert in tasks.md unter “Open TODOs (Follow-up)”.
QA (GUI):
Inventory → Policies → <Policy> → Versions → Restore to Intune (erst Dry-Run, dann Execute)
Backups & Restore → Restore Runs → Create (bei Items steht version: X)
Backups & Restore → Backup Sets → <Set> (Version-Spalte)
Tests: PolicyVersionRestoreToIntuneTest.php

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #13
2025-12-30 01:50:05 +00:00

145 lines
5.0 KiB
PHP
Raw Blame History

<?php
use App\Models\Policy;
use App\Models\Tenant;
use App\Models\User;
use App\Services\Graph\GraphClientInterface;
use App\Services\Graph\GraphResponse;
use App\Services\Intune\BackupService;
use App\Services\Intune\VersionService;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
class GroupPolicyHydrationGraphClient implements GraphClientInterface
{
public array $requests = [];
public function listPolicies(string $policyType, array $options = []): GraphResponse
{
return new GraphResponse(true, []);
}
public function getPolicy(string $policyType, string $policyId, array $options = []): GraphResponse
{
$this->requests[] = ['getPolicy', $policyType, $policyId];
return new GraphResponse(true, ['payload' => [
'id' => $policyId,
'displayName' => 'Admin Templates Alpha',
'@odata.type' => '#microsoft.graph.groupPolicyConfiguration',
]]);
}
public function getOrganization(array $options = []): GraphResponse
{
return new GraphResponse(true, []);
}
public function applyPolicy(string $policyType, string $policyId, array $payload, array $options = []): GraphResponse
{
return new GraphResponse(true, []);
}
public function getServicePrincipalPermissions(array $options = []): GraphResponse
{
return new GraphResponse(true, []);
}
public function request(string $method, string $path, array $options = []): GraphResponse
{
$this->requests[] = [strtoupper($method), $path];
if (str_contains($path, '/definitionValues') && str_contains($path, '$expand=definition')) {
return new GraphResponse(true, [
'value' => [
[
'id' => 'dv-1',
'enabled' => true,
'definition' => [
'id' => 'def-1',
'displayName' => 'Block legacy auth',
'classType' => 'user',
'categoryPath' => 'Windows Components\\Security Options',
],
],
],
]);
}
if (str_contains($path, '/presentationValues') && str_contains($path, '$expand=presentation')) {
return new GraphResponse(true, [
'value' => [
[
'id' => 'pv-1',
'value' => 'enabled',
'presentation' => [
'id' => 'pres-1',
'label' => 'State',
],
],
],
]);
}
return new GraphResponse(true, []);
}
}
test('group policy configuration snapshot hydrates definition values and renders in policy detail', function () {
$client = new GroupPolicyHydrationGraphClient;
app()->instance(GraphClientInterface::class, $client);
$tenant = Tenant::create([
'tenant_id' => 'tenant-gpo-hydration',
'name' => 'Tenant One',
'metadata' => [],
'is_current' => true,
]);
putenv('INTUNE_TENANT_ID='.$tenant->tenant_id);
$_ENV['INTUNE_TENANT_ID'] = $tenant->tenant_id;
$_SERVER['INTUNE_TENANT_ID'] = $tenant->tenant_id;
$tenant->makeCurrent();
$policy = Policy::create([
'tenant_id' => $tenant->id,
'external_id' => 'gpo-hydrate',
'policy_type' => 'groupPolicyConfiguration',
'display_name' => 'Admin Templates Alpha',
'platform' => 'windows',
]);
/** @var BackupService $backupService */
$backupService = app(BackupService::class);
$backupSet = $backupService->createBackupSet($tenant, [$policy->id], actorEmail: 'tester@example.com');
$item = $backupSet->items()->first();
expect($item->payload)->toHaveKey('definitionValues');
expect($item->payload['definitionValues'])->toBeArray();
expect($item->payload['definitionValues'][0])->toHaveKey('definition@odata.bind');
expect($item->payload['definitionValues'][0])->toHaveKey('presentationValues');
expect($item->payload['definitionValues'][0]['presentationValues'][0])->toHaveKey('presentation@odata.bind');
expect($item->payload['definitionValues'][0]['#Definition_displayName'])->toBe('Block legacy auth');
expect($item->payload['definitionValues'][0]['presentationValues'][0]['#Presentation_Label'])->toBe('State');
/** @var VersionService $versions */
$versions = app(VersionService::class);
$versions->captureVersion(
policy: $policy,
payload: $item->payload,
createdBy: 'tester@example.com',
metadata: ['source' => 'test', 'backup_set_id' => $backupSet->id],
);
$user = User::factory()->create();
$response = $this
->actingAs($user)
->get(route('filament.admin.resources.policies.view', ['record' => $policy]));
$response->assertOk();
$response->assertSee('Block legacy auth');
$response->assertSee('State');
});
Reference in New Issue View Git Blame Copy Permalink