ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
a4f2629493
TenantAtlas/tests/Feature/Filament/BaselineProfileFoundationScopeTest.php
ahmido ef41c9193a feat: add Intune RBAC baseline compare support (#156) 
## Summary
- add Intune RBAC Role Definition baseline scope support, capture references, compare classification, findings evidence, and landing/detail UI labels
- keep Intune Role Assignments explicitly excluded from baseline compare scope, summaries, findings, and restore messaging
- add focused Pest coverage for baseline scope selection, capture, compare behavior, recurrence, isolation, findings rendering, inventory anchoring, and RBAC summaries

## Verification
- `vendor/bin/sail bin pint --dirty --format agent`
- `vendor/bin/sail artisan test --compact tests/Unit/Inventory/InventoryPolicyTypeMetaBaselineSupportTest.php tests/Unit/Baselines/BaselinePolicyVersionResolverTest.php tests/Unit/Baselines/BaselineScopeTest.php tests/Unit/IntuneRoleDefinitionNormalizerTest.php tests/Feature/Baselines/BaselineCaptureRbacRoleDefinitionsTest.php tests/Feature/Baselines/BaselineCompareRbacRoleDefinitionsTest.php tests/Feature/Baselines/BaselineCompareDriftEvidenceContractRbacTest.php tests/Feature/Baselines/BaselineCompareCoverageGuardTest.php tests/Feature/Baselines/BaselineCompareCrossTenantMatchTest.php tests/Feature/Baselines/BaselineCompareFindingRecurrenceKeyTest.php tests/Feature/Baselines/BaselineCompareWhyNoFindingsReasonCodeTest.php tests/Feature/Filament/BaselineProfileFoundationScopeTest.php tests/Feature/Filament/BaselineSnapshotRbacRoleDefinitionsTest.php tests/Feature/Filament/BaselineCompareLandingRbacLabelsTest.php tests/Feature/Filament/FindingViewRbacEvidenceTest.php tests/Feature/Findings/FindingRecurrenceTest.php tests/Feature/Findings/DriftStaleAutoResolveTest.php tests/Feature/Inventory/InventorySyncButtonTest.php tests/Feature/Inventory/InventorySyncServiceTest.php tests/Feature/RunAuthorizationTenantIsolationTest.php`
- result: `71 passed (467 assertions)`

## Filament / Platform Notes
- Livewire compliance: unchanged and compatible with Livewire v4.0+
- Provider registration: no panel/provider changes; `bootstrap/providers.php` remains the registration location
- Global search: no new globally searchable resource added; existing global search behavior is unchanged
- Destructive actions: no new destructive actions introduced; existing confirmed actions remain unchanged
- Assets: no new Filament assets introduced; deploy asset handling remains unchanged, including `php artisan filament:assets`
- Testing plan covered: baseline profile scope, snapshot detail, compare job, findings recurrence, findings detail, compare landing labels, inventory sync anchoring, and tenant isolation

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #156
2026-03-09 18:49:20 +00:00

64 lines
2.3 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Filament\Resources\BaselineProfileResource\Pages\CreateBaselineProfile;
use App\Models\BaselineProfile;
use Filament\Forms\Components\Select;
use Livewire\Livewire;
it('shows only baseline-supported foundation types in the baseline profile scope picker', function (): void {
[$user] = createUserWithTenant(role: 'owner');
Livewire::actingAs($user)
->test(CreateBaselineProfile::class)
->assertOk()
->assertFormFieldExists('scope_jsonb.foundation_types', function (Select $field): bool {
$options = $field->getOptions();
return $field->isMultiple()
&& ($options['assignmentFilter'] ?? null) === 'Assignment Filter'
&& ($options['intuneRoleDefinition'] ?? null) === 'Intune RBAC Role Definition'
&& ! array_key_exists('intuneRoleAssignment', $options);
});
});
it('persists baseline-supported foundation types on baseline profile create', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
Livewire::actingAs($user)
->test(CreateBaselineProfile::class)
->fillForm([
'name' => 'RBAC baseline',
'scope_jsonb.policy_types' => [],
'scope_jsonb.foundation_types' => ['intuneRoleDefinition'],
])
->call('create')
->assertHasNoFormErrors()
->assertNotified();
$profile = BaselineProfile::query()
->where('workspace_id', (int) $tenant->workspace_id)
->where('name', 'RBAC baseline')
->sole();
expect(data_get($profile->scope_jsonb, 'foundation_types'))
->toBe(['intuneRoleDefinition']);
});
it('rejects unsupported foundation types when baseline profile scope is submitted', function (): void {
[$user] = createUserWithTenant(role: 'owner');
Livewire::actingAs($user)
->test(CreateBaselineProfile::class)
->fillForm([
'name' => 'Invalid RBAC baseline',
'scope_jsonb.policy_types' => [],
'scope_jsonb.foundation_types' => ['intuneRoleAssignment'],
])
->call('create')
->assertHasFormErrors(['scope_jsonb.foundation_types.0' => ['in']]);
expect(BaselineProfile::query()->where('name', 'Invalid RBAC baseline')->exists())->toBeFalse();
});
Reference in New Issue View Git Blame Copy Permalink