TenantAtlas/apps/platform/tests/Unit/Providers/ProviderCapabilityRegistryTest.php
ahmido 9374260ae1 feat: add Exchange PowerShell invocation gate (#498)
## Summary
- Adds the Spec 431 Exchange PowerShell invocation gate and operation registration slice.
- Introduces trusted provider operation start handling and read-only Exchange PowerShell runner abstractions.
- Updates provider capability/readiness evaluation and coverage for Exchange PowerShell invocation safety.

## Verification
- `cd apps/platform && ./vendor/bin/sail artisan test tests/Feature/Providers/ProviderCapabilityEvaluationTest.php tests/Feature/Providers/ProviderOperationCapabilityGateTest.php tests/Feature/TenantConfiguration/Spec431ExchangePowerShellInvocationGateTest.php tests/Unit/Providers/ProviderCapabilityRegistryTest.php tests/Unit/Providers/ProviderOperationStartGateTest.php tests/Unit/Support/TenantConfiguration/Spec430ExchangePowerShellCommandAllowlistTest.php tests/Unit/Support/TenantConfiguration/Spec431ExchangePowerShellOperationRegistrationTest.php tests/Unit/Verification/ManagedEnvironmentPermissionCapabilityMappingTest.php`
- Result: 80 passed, 685 assertions.

## Product Surface / Ops
- Rendered UI surface changed: N/A.
- Filament/Livewire surface changed: N/A.
- Deployment impact: config/runtime service changes only; no migrations, queues, or assets added.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #498
2026-07-07 15:23:29 +00:00

44 lines
2.0 KiB
PHP

<?php
declare(strict_types=1);
use App\Support\Badges\BadgeCatalog;
use App\Support\Badges\BadgeDomain;
use App\Support\Providers\Capabilities\ProviderCapabilityRegistry;
it('defines the canonical provider capability keys and operation mappings', function (): void {
$registry = app(ProviderCapabilityRegistry::class);
expect($registry->keys())->toBe([
'provider_connection_check',
'inventory_read',
'configuration_read',
'restore_execute',
'directory_groups_read',
'directory_role_definitions_read',
'exchange_powershell_invoke',
])
->and($registry->keysForOperationType('inventory.sync'))->toBe(['inventory_read'])
->and($registry->keysForOperationType('directory.role_definitions.sync'))->toBe(['directory_role_definitions_read'])
->and($registry->keysForOperationType('tenant_configuration.exchange_powershell_invocation'))->toBe(['exchange_powershell_invoke'])
->and($registry->get('restore_execute')->providerRequirementKeys)->toBe([
'permissions.intune_configuration',
'permissions.intune_rbac_assignments',
])
->and($registry->get('directory_role_definitions_read')->providerRequirementKeys)->toBe([
'provider.directory_role_definitions',
'permissions.admin_consent',
])
->and($registry->get('exchange_powershell_invoke')->providerRequirementKeys)->toBe([
'provider.exchange_powershell_invocation',
'permissions.admin_consent',
]);
});
it('registers provider capability status badge semantics', function (): void {
expect(BadgeCatalog::spec(BadgeDomain::ProviderCapabilityStatus, 'supported')->label)->toBe('Supported')
->and(BadgeCatalog::spec(BadgeDomain::ProviderCapabilityStatus, 'missing')->color)->toBe('warning')
->and(BadgeCatalog::spec(BadgeDomain::ProviderCapabilityStatus, 'blocked')->color)->toBe('danger')
->and(BadgeCatalog::spec(BadgeDomain::ProviderCapabilityStatus, 'not_applicable')->label)->toBe('Not applicable');
});