ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
8cbf1f7fe3
TenantAtlas/apps/platform/tests/Unit/Support/TenantConfiguration/Spec417CoverageIdentityStrategyRegistryTest.php
ahmido 8cbf1f7fe3 feat: implement canonical identity engine (#484) 
Automated PR provided by Codex via Gitea API.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #484
2026-06-26 06:50:25 +00:00

38 lines
1.5 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Services\TenantConfiguration\CoverageIdentityStrategyRegistry;
it('Spec417 defines canonical identity strategies for the initial Coverage v2 resource types', function (): void {
$strategies = app(CoverageIdentityStrategyRegistry::class)->strategies();
expect(array_keys($strategies))->toBe([
'deviceAndAppManagementAssignmentFilter',
'deviceEnrollmentLimitRestriction',
'deviceEnrollmentPlatformRestriction',
'deviceEnrollmentStatusPageWindows10',
'appProtectionPolicyAndroid',
'appProtectionPolicyiOS',
'notificationMessageTemplate',
'roleScopeTag',
]);
foreach ($strategies as $canonicalType => $strategy) {
expect($strategy['strategy_identifier'])->toBeString()->not->toBe('')
->and($strategy['preferred_identity_fields'])->toBeArray()->not->toBeEmpty()
->and($strategy['display_fields'])->toContain('displayName')
->and($strategy['requires_provider_connection_scope'])->toBeTrue()
->and($strategy['derived_claims_allowed'])->toBeFalse("{$canonicalType} must not certify derived identity by default");
}
});
it('Spec417 keeps beta identity experimental and claim-blocked by default', function (): void {
$strategy = app(CoverageIdentityStrategyRegistry::class)->strategies()['roleScopeTag'];
expect($strategy['allows_experimental_identity'])->toBeTrue()
->and($strategy['allows_derived_identity'])->toBeTrue()
->and($strategy['derived_claims_allowed'])->toBeFalse();
});
Reference in New Issue View Git Blame Copy Permalink