ahmido
bda1d90fc4
Implements spec 094 (assignment fetch/restore observability hardening): - Adds OperationRun tracking for assignment fetch (during backup) and assignment restore (during restore execution) - Normalizes failure codes/reason_code and sanitizes failure messages - Ensures exactly one audit log entry per assignment restore execution - Enforces correct guard/membership vs capability semantics on affected admin surfaces - Switches assignment Graph services to depend on GraphClientInterface Also includes Postgres-only FK defense-in-depth check and a discoverable `composer test:pgsql` runner (scoped to the FK constraint test). Tests: - `vendor/bin/sail artisan test --compact` (passed) - `vendor/bin/sail composer test:pgsql` (passed) Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #113
62 lines
2.2 KiB
PHP
62 lines
2.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Services\Graph\AssignmentFetcher;
|
|
use App\Services\Graph\AssignmentFilterResolver;
|
|
use App\Services\Graph\GraphClientInterface;
|
|
use App\Services\Graph\GraphResponse;
|
|
use App\Services\Graph\GroupResolver;
|
|
|
|
it('resolves assignment graph services through the GraphClientInterface binding', function (): void {
|
|
$fake = new class implements GraphClientInterface
|
|
{
|
|
public function listPolicies(string $policyType, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function getPolicy(string $policyType, string $policyId, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function getOrganization(array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function applyPolicy(string $policyType, string $policyId, array $payload, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function request(string $method, string $path, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function getServicePrincipalPermissions(array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
};
|
|
|
|
app()->instance(GraphClientInterface::class, $fake);
|
|
|
|
$fetcher = app(AssignmentFetcher::class);
|
|
$groupResolver = app(GroupResolver::class);
|
|
$filterResolver = app(AssignmentFilterResolver::class);
|
|
|
|
$fetcherProperty = new \ReflectionProperty(AssignmentFetcher::class, 'graphClient');
|
|
$fetcherProperty->setAccessible(true);
|
|
$groupResolverProperty = new \ReflectionProperty(GroupResolver::class, 'graphClient');
|
|
$groupResolverProperty->setAccessible(true);
|
|
$filterResolverProperty = new \ReflectionProperty(AssignmentFilterResolver::class, 'graphClient');
|
|
$filterResolverProperty->setAccessible(true);
|
|
|
|
expect($fetcherProperty->getValue($fetcher))->toBe($fake);
|
|
expect($groupResolverProperty->getValue($groupResolver))->toBe($fake);
|
|
expect($filterResolverProperty->getValue($filterResolver))->toBe($fake);
|
|
});
|