ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
a73a8f5882
TenantAtlas/apps/platform/tests/Feature/TenantConfiguration/Spec420M365NoOverclaimTest.php
ahmido a73a8f5882 feat: complete m365 generic evidence coverage pack (#487) 
Committing and publishing the current Spec 420 package changes.

Includes updated services, coverage tests, browser smoke coverage, and the spec/plan/tasks artifacts for the package.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #487
2026-06-27 12:24:00 +00:00

96 lines
3.7 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Models\ProviderConnection;
use App\Models\TenantConfigurationResource;
use App\Services\Graph\GraphClientInterface;
use App\Services\Graph\GraphResponse;
use App\Services\TenantConfiguration\GenericContentEvidenceCaptureService;
use App\Services\TenantConfiguration\ResourceTypeRegistry;
use App\Support\TenantConfiguration\ClaimState;
it('Spec420 captured generic M365 evidence remains internal-only and not customer-ready', function (): void {
app(ResourceTypeRegistry::class)->syncDefaults();
[$user, $environment] = createMinimalUserWithTenant(role: 'owner');
$connection = ProviderConnection::factory()->withCredential()->create([
'workspace_id' => (int) $environment->workspace_id,
'managed_environment_id' => (int) $environment->getKey(),
]);
app()->instance(GraphClientInterface::class, spec420NoOverclaimGraphClient());
$run = spec420NoOverclaimRun($user, $environment, $connection);
app(GenericContentEvidenceCaptureService::class)->capture(
tenant: $environment,
providerConnection: $connection,
operationRun: $run,
canonicalTypes: ['conditionalAccessPolicy'],
);
$resource = TenantConfigurationResource::query()->sole();
expect($resource->latest_claim_state)->toBe(ClaimState::InternalOnly)
->and($resource->source_metadata['source_contract_key'])->toBe('conditionalAccessPolicy')
->and($resource->source_metadata)->not->toHaveKey('certified')
->and($resource->source_metadata)->not->toHaveKey('restore_ready')
->and($resource->source_metadata)->not->toHaveKey('customer_ready');
});
function spec420NoOverclaimGraphClient(): GraphClientInterface
{
return new class implements GraphClientInterface
{
public function listPolicies(string $policyType, array $options = []): GraphResponse
{
return new GraphResponse(true, [
['id' => 'cap-1', 'displayName' => 'Require MFA'],
]);
}
public function getPolicy(string $policyType, string $policyId, array $options = []): GraphResponse
{
return new GraphResponse(false, [], 501);
}
public function getOrganization(array $options = []): GraphResponse
{
return new GraphResponse(false, [], 501);
}
public function applyPolicy(string $policyType, string $policyId, array $payload, array $options = []): GraphResponse
{
return new GraphResponse(false, [], 501);
}
public function getServicePrincipalPermissions(array $options = []): GraphResponse
{
return new GraphResponse(false, [], 501);
}
public function request(string $method, string $path, array $options = []): GraphResponse
{
return new GraphResponse(false, [], 501);
}
};
}
function spec420NoOverclaimRun($user, $environment, ProviderConnection $connection): \App\Models\OperationRun
{
return \App\Models\OperationRun::factory()->withUser($user)->forTenant($environment)->create([
'type' => \App\Support\OperationRunType::TenantConfigurationCapture->value,
'status' => \App\Support\OperationRunStatus::Queued->value,
'outcome' => \App\Support\OperationRunOutcome::Pending->value,
'context' => [
'target_scope' => [
'workspace_id' => (int) $environment->workspace_id,
'managed_environment_id' => (int) $environment->getKey(),
'provider_connection_id' => (int) $connection->getKey(),
],
'resource_types' => ['conditionalAccessPolicy'],
'required_capability' => 'evidence.manage',
],
]);
}
Reference in New Issue View Git Blame Copy Permalink