ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
ae0e0a0674
TenantAtlas/apps/platform/tests/Feature/Audit/ProviderConnectionIdentityAuditTest.php
ahmido 023274c46c feat: normalize provider connection scope contracts (#339) 
## Summary
- normalize provider-neutral target-scope and identity contracts across provider connection resolution, operation-start gating, verification reporting, and boundary configuration
- align provider connection resource, onboarding, tenant summaries, and operation follow-up on the same shared scope contract while keeping Microsoft-specific profile details in provider-owned metadata
- add Spec 281 artifacts and focused feature/browser coverage for the new provider-scope contract
- move the tenant dashboard context-chip rail into Filament header widgets so the metadata row renders directly under the page subtitle

## Validation
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Providers/ProviderConnectionTargetScopeNeutralityTest.php tests/Feature/Providers/ProviderIdentityResolutionNeutralityTest.php tests/Feature/Providers/ProviderOperationStartGateTargetScopeContextTest.php tests/Feature/Filament/ProviderConnectionResourceScopeSummaryTest.php tests/Feature/Onboarding/ManagedTenantOnboardingProviderConnectionScopeTest.php tests/Feature/Guards/ProviderConnectionMicrosoftScopeLeakGuardTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Dashboard/TenantDashboardProductizationSummaryTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Dashboard/TenantDashboardProductizationSmokeTest.php`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`

## Notes
- Filament remains on v5 with Livewire v4-compatible surfaces only.
- Provider registration location is unchanged; Laravel 11+ providers stay in `apps/platform/bootstrap/providers.php`.
- `ProviderConnectionResource` remains non-globally-searchable and still exposes View/Edit pages.
- No new asset registration was added; deploy-time `filament:assets` expectations are unchanged.
- No new destructive action path was introduced; existing server authorization and confirmation handling remain in place where applicable.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #339
2026-05-07 19:28:42 +00:00

125 lines
4.2 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Filament\Resources\ProviderConnectionResource\Pages\CreateProviderConnection;
use App\Models\AuditLog;
use App\Models\ProviderConnection;
use App\Models\ManagedEnvironment;
use App\Models\User;
use Filament\Facades\Filament;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Livewire\Livewire;
uses(RefreshDatabase::class);
it('keeps provider connection identity audit payloads aligned across consent and migration flows', function (): void {
config()->set('graph.client_id', 'platform-client-id');
config()->set('graph.client_secret', 'platform-client-secret');
$user = User::factory()->create();
$tenant = ManagedEnvironment::factory()->create([
'managed_environment_id' => 'identity-audit-tenant-id',
]);
[$user, $tenant] = createUserWithTenant(tenant: $tenant, user: $user, role: 'owner', ensureDefaultMicrosoftProviderConnection: false);
$response = $this->actingAs($user)->get(route('admin.consent.start', [
'tenant' => $tenant->external_id,
]));
$response->assertRedirect();
$state = session('tenant_onboard_state');
$this->get(route('admin.consent.callback', [
'tenant' => $tenant->managed_environment_id,
'state' => $state,
'admin_consent' => 'True',
]))->assertSuccessful();
$this->artisan('tenantpilot:provider-connections:classify', ['--write' => true])
->assertSuccessful();
$logs = AuditLog::query()
->where('managed_environment_id', (int) $tenant->getKey())
->whereIn('action', [
'provider_connection.consent_started',
'provider_connection.consent_result',
'provider_connection.migration_classification_applied',
])
->orderBy('id')
->get();
expect($logs)->toHaveCount(3);
foreach ($logs as $log) {
expect($log->resource_type)->toBe('provider_connection')
->and($log->resource_id)->not->toBeNull();
$metadata = is_array($log->metadata) ? $log->metadata : [];
expect($metadata)->toHaveKeys([
'provider_connection_id',
'provider',
'connection_type',
'source',
]);
}
});
it('records provider connection create audits with neutral target-scope metadata', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner', ensureDefaultMicrosoftProviderConnection: false);
$this->actingAs($user);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
Livewire::actingAs($user)
->test(CreateProviderConnection::class)
->fillForm([
'display_name' => 'Audit target scope connection',
'entra_tenant_id' => '88888888-8888-8888-8888-888888888888',
'is_default' => true,
])
->call('create')
->assertHasNoFormErrors();
$connection = ProviderConnection::query()
->where('managed_environment_id', (int) $tenant->getKey())
->where('display_name', 'Audit target scope connection')
->firstOrFail();
$log = AuditLog::query()
->where('managed_environment_id', (int) $tenant->getKey())
->where('action', 'provider_connection.created')
->where('resource_id', (string) $connection->getKey())
->firstOrFail();
$metadata = is_array($log->metadata) ? $log->metadata : [];
expect($metadata)->toHaveKeys([
'provider_connection_id',
'provider',
'target_scope',
'provider_context',
'connection_type',
])
->and($metadata)->not->toHaveKey('entra_tenant_id')
->and($metadata['target_scope'])->toMatchArray([
'provider' => 'microsoft',
'scope_kind' => 'tenant',
'scope_identifier' => '88888888-8888-8888-8888-888888888888',
'shared_label' => 'Target scope',
])
->and($metadata['provider_context'] ?? [])->toMatchArray([
'provider' => 'microsoft',
])
->and($metadata['provider_context']['details'][0] ?? [])->toMatchArray([
'provider' => 'microsoft',
'detail_key' => 'microsoft_tenant_id',
'detail_label' => 'Microsoft tenant ID',
'detail_value' => '88888888-8888-8888-8888-888888888888',
]);
});
Reference in New Issue View Git Blame Copy Permalink