ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
9405058433
TenantAtlas/apps/platform/tests/Unit/Support/TenantConfiguration/Spec420M365CaptureIdentityStrategyTest.php
Ahmed Darrazi 9405058433
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 5m46s
Details
feat: complete m365 generic evidence coverage pack
2026-06-27 13:00:22 +02:00

49 lines
2.1 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Services\TenantConfiguration\CanonicalIdentityResolver;
use App\Services\TenantConfiguration\CoverageIdentityStrategyRegistry;
use App\Models\TenantConfigurationResourceType;
use App\Services\TenantConfiguration\ResourceTypeRegistry;
use App\Support\TenantConfiguration\CanonicalKeyKind;
use App\Support\TenantConfiguration\IdentityState;
it('Spec420 defines a narrow Conditional Access identity strategy using Graph object ids', function (): void {
$strategy = app(CoverageIdentityStrategyRegistry::class)->strategyFor(spec420IdentityResourceType());
expect($strategy['strategy_identifier'])->toBe('graph.conditional_access_policy.v1')
->and($strategy['preferred_identity_fields'])->toContain('id')
->and($strategy['stable_key_kind'])->toBe(CanonicalKeyKind::GraphObjectId->value)
->and($strategy['requires_provider_connection_scope'])->toBeTrue()
->and($strategy['derived_claims_allowed'])->toBeFalse();
});
it('Spec420 never treats Conditional Access display names as stable identity', function (): void {
$resolver = app(CanonicalIdentityResolver::class);
$resourceType = spec420IdentityResourceType();
$stable = $resolver->resolve($resourceType, [
'id' => 'cap-1',
'displayName' => 'Require MFA',
]);
$missing = $resolver->resolve($resourceType, [
'displayName' => 'Require MFA',
]);
expect($stable->identityState)->toBe(IdentityState::Stable)
->and($stable->keyKind)->toBe(CanonicalKeyKind::GraphObjectId)
->and($missing->identityState)->toBe(IdentityState::MissingExternalId)
->and($missing->canonicalResourceKey)->not->toContain('Require MFA');
});
function spec420IdentityResourceType(): TenantConfigurationResourceType
{
$definition = collect(ResourceTypeRegistry::defaultDefinitions())
->firstWhere('canonical_type', 'conditionalAccessPolicy');
expect($definition)->not->toBeNull('Missing default resource type definition for conditionalAccessPolicy.');
return new TenantConfigurationResourceType($definition);
}
Reference in New Issue View Git Blame Copy Permalink