ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
a6c064cbf1
TenantAtlas/apps/platform/tests/Browser/Spec394ProviderFreshnessPermissionSmokeTest.php
ahmido a6c064cbf1 feat: improve provider readiness semantics and freshness guidance (#465) 
Automated PR created by Codex via Gitea API.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #465
2026-06-21 17:20:10 +00:00

191 lines
7.2 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Filament\Resources\ProviderConnectionResource;
use App\Models\ManagedEnvironment;
use App\Models\ManagedEnvironmentPermission;
use App\Models\ProviderConnection;
use App\Models\User;
use App\Models\Workspace;
use App\Support\Links\RequiredPermissionsLinks;
use App\Support\Workspaces\WorkspaceContext;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
pest()->browser()->timeout(40_000);
function spec394BrowserConfigurePermissions(): void
{
config()->set('intune_permissions.permissions', [
[
'key' => 'DeviceManagementApps.Read.All',
'type' => 'application',
'description' => 'Read Intune apps',
'features' => ['backup'],
],
[
'key' => 'Group.Read.All',
'type' => 'delegated',
'description' => 'Read groups',
'features' => ['restore'],
],
]);
config()->set('entra_permissions.permissions', []);
}
function spec394BrowserConnection(ManagedEnvironment $environment, array $attributes = []): ProviderConnection
{
return ProviderConnection::factory()
->platform()
->verifiedHealthy()
->create(array_replace([
'managed_environment_id' => (int) $environment->getKey(),
'workspace_id' => (int) $environment->workspace_id,
'provider' => 'microsoft',
'is_default' => true,
], $attributes));
}
function spec394BrowserPermission(
ManagedEnvironment $environment,
ProviderConnection $connection,
string $permissionKey,
string $status = 'granted',
): void {
ManagedEnvironmentPermission::query()->create([
'managed_environment_id' => (int) $environment->getKey(),
'workspace_id' => (int) $environment->workspace_id,
'permission_key' => $permissionKey,
'status' => $status,
'details' => [
'source' => 'spec394-browser-smoke',
'provider_connection_id' => (int) $connection->getKey(),
'managed_environment_id' => (int) $environment->getKey(),
'workspace_id' => (int) $environment->workspace_id,
'provider' => 'microsoft',
'grant_id' => 'raw-grant-id-must-not-render',
],
'last_checked_at' => now(),
]);
}
/**
* @return array{user: User, workspace: Workspace, staleEnvironment: ManagedEnvironment, staleConnection: ProviderConnection, readyEnvironment: ManagedEnvironment, missingEnvironment: ManagedEnvironment}
*/
function spec394BrowserFixture(): array
{
spec394BrowserConfigurePermissions();
[$user, $staleEnvironment] = createUserWithTenant(
role: 'owner',
workspaceRole: 'owner',
ensureDefaultMicrosoftProviderConnection: false,
);
$workspace = $staleEnvironment->workspace()->firstOrFail();
$staleEnvironment->forceFill(['name' => 'Spec394 Browser Stale Environment'])->save();
$readyEnvironment = ManagedEnvironment::factory()->create([
'workspace_id' => (int) $workspace->getKey(),
'name' => 'Spec394 Browser Ready Environment',
]);
$user->tenants()->syncWithoutDetaching([
(int) $readyEnvironment->getKey() => ['role' => 'owner'],
]);
$missingEnvironment = ManagedEnvironment::factory()->create([
'workspace_id' => (int) $workspace->getKey(),
'name' => 'Spec394 Browser Missing Permissions Environment',
]);
$user->tenants()->syncWithoutDetaching([
(int) $missingEnvironment->getKey() => ['role' => 'owner'],
]);
$staleConnection = spec394BrowserConnection($staleEnvironment, [
'display_name' => 'Spec394 Browser Expired Connection',
'last_health_check_at' => now()->subDays(31),
]);
spec394BrowserPermission($staleEnvironment, $staleConnection, 'DeviceManagementApps.Read.All');
spec394BrowserPermission($staleEnvironment, $staleConnection, 'Group.Read.All');
$readyConnection = spec394BrowserConnection($readyEnvironment, [
'display_name' => 'Spec394 Browser Ready Connection',
]);
spec394BrowserPermission($readyEnvironment, $readyConnection, 'DeviceManagementApps.Read.All');
spec394BrowserPermission($readyEnvironment, $readyConnection, 'Group.Read.All');
$missingConnection = spec394BrowserConnection($missingEnvironment, [
'display_name' => 'Spec394 Browser Missing Connection',
]);
spec394BrowserPermission($missingEnvironment, $missingConnection, 'DeviceManagementApps.Read.All', 'missing');
spec394BrowserPermission($missingEnvironment, $missingConnection, 'Group.Read.All', 'missing');
return [
'user' => $user,
'workspace' => $workspace,
'staleEnvironment' => $staleEnvironment,
'staleConnection' => $staleConnection,
'readyEnvironment' => $readyEnvironment,
'missingEnvironment' => $missingEnvironment,
];
}
function spec394BrowserActAs(User $user, Workspace $workspace, ManagedEnvironment $environment): void
{
test()->actingAs($user)->withSession([
WorkspaceContext::SESSION_KEY => (int) $workspace->getKey(),
WorkspaceContext::LAST_ENVIRONMENT_IDS_SESSION_KEY => [
(string) $workspace->getKey() => (int) $environment->getKey(),
],
]);
}
it('smokes stale provider freshness and ready required-permissions semantics', function (): void {
$fixture = spec394BrowserFixture();
spec394BrowserActAs($fixture['user'], $fixture['workspace'], $fixture['staleEnvironment']);
visit(ProviderConnectionResource::getUrl('view', [
'record' => $fixture['staleConnection'],
'environment_id' => (int) $fixture['staleEnvironment']->getKey(),
], panel: 'admin'))
->waitForText('Verification expired')
->assertDontSee('Healthy')
->assertDontSee('Ready -')
->assertNoJavaScriptErrors()
->assertNoConsoleLogs();
spec394BrowserActAs($fixture['user'], $fixture['workspace'], $fixture['readyEnvironment']);
visit(RequiredPermissionsLinks::requiredPermissions($fixture['readyEnvironment']))
->waitForText('2 permission(s) currently granted.')
->assertSee('Ready')
->assertSee('2 permission(s) currently granted.')
->assertSee('Out of 2 required permissions, 2 are currently granted.')
->assertDontSee('Present 0')
->assertDontSee('raw-grant-id-must-not-render')
->assertNoJavaScriptErrors()
->assertNoConsoleLogs();
spec394BrowserActAs($fixture['user'], $fixture['workspace'], $fixture['missingEnvironment']);
visit(RequiredPermissionsLinks::requiredPermissions($fixture['missingEnvironment'], ['status' => 'all']))
->waitForText('Missing application permissions')
->assertSee('Missing delegated permissions')
->assertSee('Required')
->assertSee('Granted')
->assertSee('Missing')
->assertSee('Blocked')
->assertSee('Expired')
->assertSee('Unknown')
->assertSee('Copy missing application permissions')
->assertSee('Copy missing delegated permissions')
->assertDontSee('Present 0')
->assertDontSee('Missing (app)')
->assertDontSee('raw-grant-id-must-not-render')
->assertNoJavaScriptErrors()
->assertNoConsoleLogs();
});
Reference in New Issue View Git Blame Copy Permalink