ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
9405058433
TenantAtlas/apps/platform/tests/Browser/Spec420M365GenericEvidenceOperatorSurfaceSmokeTest.php
Ahmed Darrazi 9405058433
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 5m46s
Details
feat: complete m365 generic evidence coverage pack
2026-06-27 13:00:22 +02:00

263 lines
11 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Filament\Pages\TenantConfiguration\CoverageV2Readiness;
use App\Models\ManagedEnvironment;
use App\Models\OperationRun;
use App\Models\ProviderConnection;
use App\Models\TenantConfigurationResource;
use App\Models\TenantConfigurationResourceEvidence;
use App\Models\TenantConfigurationResourceType;
use App\Models\TenantConfigurationSupportedScope;
use App\Models\User;
use App\Services\TenantConfiguration\ResourceTypeRegistry;
use App\Support\OperationRunOutcome;
use App\Support\OperationRunStatus;
use App\Support\OperationRunType;
use App\Support\TenantConfiguration\CanonicalKeyKind;
use App\Support\TenantConfiguration\CaptureOutcome;
use App\Support\TenantConfiguration\ClaimState;
use App\Support\TenantConfiguration\CoverageLevel;
use App\Support\TenantConfiguration\EvidenceState;
use App\Support\TenantConfiguration\IdentityState;
use App\Support\TenantConfiguration\SourceClass;
use App\Support\Workspaces\WorkspaceContext;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
pest()->browser()->timeout(60_000);
it('Spec420 smokes the existing Coverage v2 surface for internal M365 generic evidence', function (): void {
[$user, $environment] = spec420CoverageV2BrowserFixture();
spec420AuthenticateCoverageV2Browser($this, $user, $environment);
$page = visit(CoverageV2Readiness::getUrl(tenant: $environment, panel: 'admin'))
->resize(1440, 1100)
->waitForText('Coverage v2 Readiness')
->waitForText('Spec420 Browser Conditional Access policy')
->assertSee('Resource type registry')
->assertSee('Resource instances')
->assertSee('Conditional Access policy')
->assertSee('Coverage level')
->assertSee('Evidence state')
->assertSee('Identity state')
->assertSee('Claim state')
->assertSee('Content backed')
->assertSee('Internal only')
->assertDontSee('M365 covered')
->assertDontSee('certified')
->assertDontSee('restore-ready')
->assertDontSee('customer-ready')
->assertDontSee('spec420-raw-secret')
->assertDontSee('spec420-normalized-secret')
->assertDontSee('spec420-permission-secret')
->assertScript('typeof window.Livewire !== "undefined"', true)
->assertScript('(() => document.querySelectorAll("table tbody tr").length > 0)()', true)
->assertScript("(() => performance.getEntriesByType('resource').filter((entry) => /graph\\.microsoft\\.com|\\/tcm\\b|provider-remote/i.test(entry.name)).length)()", 0)
->assertScript("(() => Array.from(document.querySelectorAll('main button, main a')).map((element) => element.textContent.trim()).filter(Boolean).some((label) => /^(Capture|Restore|Certify|Export|Download)$/i.test(label)))()", false)
->assertNoJavaScriptErrors()
->assertNoConsoleLogs();
$page->script(<<<'JS'
(() => {
const rows = Array.from(document.querySelectorAll('table tbody tr'));
const row = rows.find((candidate) => candidate.textContent.includes('Spec420 Browser Conditional Access policy'));
const inspect = Array.from(row?.querySelectorAll('button, a') ?? [])
.find((element) => element.textContent.includes('Spec420 Browser Conditional Access policy'));
inspect?.click();
})()
JS);
$page
->waitForText('Coverage: Content backed')
->assertSee('Evidence: Content backed')
->assertSee('Identity: Stable')
->assertSee('Claim: Internal only')
->assertSee('Spec420 Browser Microsoft provider')
->assertSee('conditionalAccessPolicy:graph_object_id:cap-browser-1')
->assertSee('conditionalAccessPolicy')
->assertSee('v1.0')
->assertSee('spec420-browser-schema-hash')
->assertSee('Operation #')
->assertDontSee('M365 covered')
->assertDontSee('certified')
->assertDontSee('restore-ready')
->assertDontSee('customer-ready')
->assertDontSee('spec420-raw-secret')
->assertDontSee('spec420-normalized-secret')
->assertDontSee('spec420-permission-secret')
->assertNoJavaScriptErrors()
->assertNoConsoleLogs()
->screenshot(true, 'spec420-m365-generic-evidence-operator-surface');
});
/**
* @return array{0: User, 1: ManagedEnvironment}
*/
function spec420CoverageV2BrowserFixture(): array
{
app(ResourceTypeRegistry::class)->syncDefaults();
$environment = ManagedEnvironment::factory()->active()->create([
'name' => 'Spec420 Browser Environment',
'external_id' => 'spec420-browser-environment',
]);
[$user, $environment] = createUserWithTenant(
tenant: $environment,
role: 'owner',
workspaceRole: 'owner',
clearCapabilityCaches: true,
);
$connection = ProviderConnection::factory()->create([
'workspace_id' => (int) $environment->workspace_id,
'managed_environment_id' => (int) $environment->getKey(),
'display_name' => 'Spec420 Browser Microsoft provider',
]);
$resourceType = TenantConfigurationResourceType::query()
->where('canonical_type', 'conditionalAccessPolicy')
->where('source_class', SourceClass::Tcm->value)
->firstOrFail();
TenantConfigurationSupportedScope::factory()->create([
'scope_key' => 'spec420_browser_internal_m365_scope',
'display_name' => 'Spec420 Browser internal M365 scope',
'minimum_coverage_level' => CoverageLevel::ContentBacked->value,
'included_resource_types' => ['conditionalAccessPolicy'],
'allow_graph_fallback' => false,
'allow_beta' => false,
'customer_claims_allowed' => false,
]);
$run = OperationRun::factory()->create([
'workspace_id' => (int) $environment->workspace_id,
'managed_environment_id' => (int) $environment->getKey(),
'user_id' => (int) $user->getKey(),
'initiator_name' => (string) $user->name,
'type' => OperationRunType::TenantConfigurationCapture->value,
'status' => OperationRunStatus::Completed->value,
'outcome' => OperationRunOutcome::Succeeded->value,
'summary_counts' => [
'total' => 4,
'processed' => 4,
'succeeded' => 1,
'skipped' => 3,
'failed' => 0,
'errors_recorded' => 0,
],
'context' => [
'requested_resource_types' => [
'acceptedDomain',
'appPermissionPolicy',
'conditionalAccessPolicy',
'dlpCompliancePolicy',
],
'outcomes' => [
['canonical_type' => 'conditionalAccessPolicy', 'outcome' => CaptureOutcome::Captured->value],
['canonical_type' => 'acceptedDomain', 'outcome' => CaptureOutcome::BlockedMissingContract->value],
['canonical_type' => 'appPermissionPolicy', 'outcome' => CaptureOutcome::BlockedMissingContract->value],
['canonical_type' => 'dlpCompliancePolicy', 'outcome' => CaptureOutcome::BlockedMissingContract->value],
],
],
'started_at' => now()->subMinute(),
'completed_at' => now(),
]);
$resource = TenantConfigurationResource::factory()->create([
'workspace_id' => (int) $environment->workspace_id,
'managed_environment_id' => (int) $environment->getKey(),
'provider_connection_id' => (int) $connection->getKey(),
'resource_type_id' => (int) $resourceType->getKey(),
'canonical_type' => 'conditionalAccessPolicy',
'canonical_resource_key' => 'conditionalAccessPolicy:graph_object_id:cap-browser-1',
'canonical_key_kind' => CanonicalKeyKind::GraphObjectId->value,
'source_resource_id' => 'cap-browser-1',
'source_display_name' => 'Spec420 Browser Conditional Access policy',
'source_class' => SourceClass::Tcm->value,
'source_metadata' => [
'source_contract_key' => 'conditionalAccessPolicy',
'source_endpoint' => '/identity/conditionalAccess/policies',
'source_version' => 'v1.0',
'source_schema_hash' => 'spec420-browser-schema-hash',
'source_schema_hash_available' => true,
'registry_source_class' => SourceClass::Tcm->value,
'registry_support_state' => 'out_of_scope',
],
'identity_strategy' => 'graph.conditional_access_policy.v1',
'source_identity' => [
'primary_field' => 'id',
'primary_value' => 'cap-browser-1',
],
'secondary_identity_keys' => [
'state' => 'enabled',
'source_metadata.source_contract_key' => 'conditionalAccessPolicy',
'source_metadata.source_version' => 'v1.0',
],
'identity_diagnostics' => [
'reason_code' => 'graph_object_id',
],
'identity_evaluated_at' => now(),
'latest_evidence_state' => EvidenceState::ContentBacked->value,
'latest_identity_state' => IdentityState::Stable->value,
'latest_claim_state' => ClaimState::InternalOnly->value,
'latest_captured_at' => now(),
]);
$evidence = TenantConfigurationResourceEvidence::factory()->create([
'resource_id' => (int) $resource->getKey(),
'workspace_id' => (int) $environment->workspace_id,
'managed_environment_id' => (int) $environment->getKey(),
'provider_connection_id' => (int) $connection->getKey(),
'resource_type_id' => (int) $resourceType->getKey(),
'operation_run_id' => (int) $run->getKey(),
'source_contract_key' => 'conditionalAccessPolicy',
'source_endpoint' => '/identity/conditionalAccess/policies',
'source_version' => 'v1.0',
'source_schema_hash' => 'spec420-browser-schema-hash',
'source_metadata' => [
'registry_source_class' => SourceClass::Tcm->value,
'registry_support_state' => 'out_of_scope',
],
'raw_payload' => ['id' => 'cap-browser-1', 'secret' => 'spec420-raw-secret'],
'normalized_payload' => ['id' => 'cap-browser-1', 'secret' => 'spec420-normalized-secret'],
'payload_hash' => str_repeat('e', 64),
'permission_context' => ['token' => 'spec420-permission-secret'],
'evidence_state' => EvidenceState::ContentBacked->value,
'coverage_level' => CoverageLevel::ContentBacked->value,
'capture_outcome' => CaptureOutcome::Captured->value,
'captured_at' => now(),
]);
$resource->forceFill([
'latest_evidence_id' => (int) $evidence->getKey(),
'latest_payload_hash' => str_repeat('e', 64),
])->save();
return [$user, $environment->refresh()];
}
function spec420AuthenticateCoverageV2Browser(
mixed $test,
User $user,
ManagedEnvironment $environment,
): void {
$workspaceId = (int) $environment->workspace_id;
$test->actingAs($user)->withSession([
WorkspaceContext::SESSION_KEY => $workspaceId,
WorkspaceContext::LAST_ENVIRONMENT_IDS_SESSION_KEY => [
(string) $workspaceId => (int) $environment->getKey(),
],
]);
session()->put(WorkspaceContext::SESSION_KEY, $workspaceId);
session()->put(WorkspaceContext::LAST_ENVIRONMENT_IDS_SESSION_KEY, [
(string) $workspaceId => (int) $environment->getKey(),
]);
}
Reference in New Issue View Git Blame Copy Permalink