## Summary - Adds the Spec 431 Exchange PowerShell invocation gate and operation registration slice. - Introduces trusted provider operation start handling and read-only Exchange PowerShell runner abstractions. - Updates provider capability/readiness evaluation and coverage for Exchange PowerShell invocation safety. ## Verification - `cd apps/platform && ./vendor/bin/sail artisan test tests/Feature/Providers/ProviderCapabilityEvaluationTest.php tests/Feature/Providers/ProviderOperationCapabilityGateTest.php tests/Feature/TenantConfiguration/Spec431ExchangePowerShellInvocationGateTest.php tests/Unit/Providers/ProviderCapabilityRegistryTest.php tests/Unit/Providers/ProviderOperationStartGateTest.php tests/Unit/Support/TenantConfiguration/Spec430ExchangePowerShellCommandAllowlistTest.php tests/Unit/Support/TenantConfiguration/Spec431ExchangePowerShellOperationRegistrationTest.php tests/Unit/Verification/ManagedEnvironmentPermissionCapabilityMappingTest.php` - Result: 80 passed, 685 assertions. ## Product Surface / Ops - Rendered UI surface changed: N/A. - Filament/Livewire surface changed: N/A. - Deployment impact: config/runtime service changes only; no migrations, queues, or assets added. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #498
44 lines
2.0 KiB
PHP
44 lines
2.0 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Support\Badges\BadgeCatalog;
|
|
use App\Support\Badges\BadgeDomain;
|
|
use App\Support\Providers\Capabilities\ProviderCapabilityRegistry;
|
|
|
|
it('defines the canonical provider capability keys and operation mappings', function (): void {
|
|
$registry = app(ProviderCapabilityRegistry::class);
|
|
|
|
expect($registry->keys())->toBe([
|
|
'provider_connection_check',
|
|
'inventory_read',
|
|
'configuration_read',
|
|
'restore_execute',
|
|
'directory_groups_read',
|
|
'directory_role_definitions_read',
|
|
'exchange_powershell_invoke',
|
|
])
|
|
->and($registry->keysForOperationType('inventory.sync'))->toBe(['inventory_read'])
|
|
->and($registry->keysForOperationType('directory.role_definitions.sync'))->toBe(['directory_role_definitions_read'])
|
|
->and($registry->keysForOperationType('tenant_configuration.exchange_powershell_invocation'))->toBe(['exchange_powershell_invoke'])
|
|
->and($registry->get('restore_execute')->providerRequirementKeys)->toBe([
|
|
'permissions.intune_configuration',
|
|
'permissions.intune_rbac_assignments',
|
|
])
|
|
->and($registry->get('directory_role_definitions_read')->providerRequirementKeys)->toBe([
|
|
'provider.directory_role_definitions',
|
|
'permissions.admin_consent',
|
|
])
|
|
->and($registry->get('exchange_powershell_invoke')->providerRequirementKeys)->toBe([
|
|
'provider.exchange_powershell_invocation',
|
|
'permissions.admin_consent',
|
|
]);
|
|
});
|
|
|
|
it('registers provider capability status badge semantics', function (): void {
|
|
expect(BadgeCatalog::spec(BadgeDomain::ProviderCapabilityStatus, 'supported')->label)->toBe('Supported')
|
|
->and(BadgeCatalog::spec(BadgeDomain::ProviderCapabilityStatus, 'missing')->color)->toBe('warning')
|
|
->and(BadgeCatalog::spec(BadgeDomain::ProviderCapabilityStatus, 'blocked')->color)->toBe('danger')
|
|
->and(BadgeCatalog::spec(BadgeDomain::ProviderCapabilityStatus, 'not_applicable')->label)->toBe('Not applicable');
|
|
});
|