38 lines
1.6 KiB
PHP
38 lines
1.6 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Services\TenantConfiguration\CoverageIdentityStrategyRegistry;
|
|
|
|
it('Spec417 defines canonical identity strategies for the initial Coverage v2 resource types', function (): void {
|
|
$strategies = app(CoverageIdentityStrategyRegistry::class)->strategies();
|
|
|
|
expect(array_keys($strategies))->toBe([
|
|
'deviceAndAppManagementAssignmentFilter',
|
|
'deviceEnrollmentLimitRestriction',
|
|
'deviceEnrollmentPlatformRestriction',
|
|
'deviceEnrollmentStatusPageWindows10',
|
|
'appProtectionPolicyAndroid',
|
|
'appProtectionPolicyiOS',
|
|
'conditionalAccessPolicy',
|
|
'notificationMessageTemplate',
|
|
'roleScopeTag',
|
|
]);
|
|
|
|
foreach ($strategies as $canonicalType => $strategy) {
|
|
expect($strategy['strategy_identifier'])->toBeString()->not->toBe('')
|
|
->and($strategy['preferred_identity_fields'])->toBeArray()->not->toBeEmpty()
|
|
->and($strategy['display_fields'])->toContain('displayName')
|
|
->and($strategy['requires_provider_connection_scope'])->toBeTrue()
|
|
->and($strategy['derived_claims_allowed'])->toBeFalse("{$canonicalType} must not certify derived identity by default");
|
|
}
|
|
});
|
|
|
|
it('Spec417 keeps beta identity experimental and claim-blocked by default', function (): void {
|
|
$strategy = app(CoverageIdentityStrategyRegistry::class)->strategies()['roleScopeTag'];
|
|
|
|
expect($strategy['allows_experimental_identity'])->toBeTrue()
|
|
->and($strategy['allows_derived_identity'])->toBeTrue()
|
|
->and($strategy['derived_claims_allowed'])->toBeFalse();
|
|
});
|