ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects 1 Releases Wiki Activity
bda1d90fc4
TenantAtlas/tests/Feature/OperationRunServiceTest.php
ahmido bda1d90fc4 Spec 094: Assignment ops observability hardening (#113) 
Implements spec 094 (assignment fetch/restore observability hardening):

- Adds OperationRun tracking for assignment fetch (during backup) and assignment restore (during restore execution)
- Normalizes failure codes/reason_code and sanitizes failure messages
- Ensures exactly one audit log entry per assignment restore execution
- Enforces correct guard/membership vs capability semantics on affected admin surfaces
- Switches assignment Graph services to depend on GraphClientInterface

Also includes Postgres-only FK defense-in-depth check and a discoverable `composer test:pgsql` runner (scoped to the FK constraint test).

Tests:
- `vendor/bin/sail artisan test --compact` (passed)
- `vendor/bin/sail composer test:pgsql` (passed)

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #113
2026-02-15 14:08:14 +00:00

315 lines
10 KiB
PHP
Raw Blame History

<?php
use App\Models\OperationRun;
use App\Models\Tenant;
use App\Models\User;
use App\Services\OperationRunService;
it('creates a new operation run', function () {
$tenant = Tenant::factory()->create();
$user = User::factory()->create();
$service = new OperationRunService;
$run = $service->ensureRun($tenant, 'test.action', ['scope' => 'full'], $user);
expect($run)->toBeInstanceOf(OperationRun::class);
$this->assertDatabaseHas('operation_runs', [
'id' => $run->getKey(),
'tenant_id' => $tenant->getKey(),
'type' => 'test.action',
'status' => 'queued',
'initiator_name' => $user->name,
]);
});
it('reuses an active run (idempotent)', function () {
$tenant = Tenant::factory()->create();
$service = new OperationRunService;
$runA = $service->ensureRun($tenant, 'test.action', ['scope' => 'full']);
$runB = $service->ensureRun($tenant, 'test.action', ['scope' => 'full']);
expect($runA->getKey())->toBe($runB->getKey());
expect(OperationRun::query()->count())->toBe(1);
});
it('dedupes assignment run identities by type and scope', function () {
$tenant = Tenant::factory()->create();
$service = new OperationRunService;
$fetchRunA = $service->ensureRunWithIdentity(
tenant: $tenant,
type: 'assignments.fetch',
identityInputs: [
'backup_item_id' => 101,
],
context: [
'backup_item_id' => 101,
'phase' => 'capture',
],
);
$fetchRunB = $service->ensureRunWithIdentity(
tenant: $tenant,
type: 'assignments.fetch',
identityInputs: [
'backup_item_id' => 101,
],
context: [
'backup_item_id' => 101,
'phase' => 'capture-again',
],
);
$fetchRunDifferentScope = $service->ensureRunWithIdentity(
tenant: $tenant,
type: 'assignments.fetch',
identityInputs: [
'backup_item_id' => 102,
],
context: [
'backup_item_id' => 102,
'phase' => 'capture',
],
);
$restoreRunA = $service->ensureRunWithIdentity(
tenant: $tenant,
type: 'assignments.restore',
identityInputs: [
'restore_run_id' => 501,
],
context: [
'restore_run_id' => 501,
'phase' => 'execute',
],
);
$restoreRunB = $service->ensureRunWithIdentity(
tenant: $tenant,
type: 'assignments.restore',
identityInputs: [
'restore_run_id' => 501,
],
context: [
'restore_run_id' => 501,
'phase' => 'execute-again',
],
);
expect($fetchRunA->getKey())->toBe($fetchRunB->getKey());
expect($restoreRunA->getKey())->toBe($restoreRunB->getKey());
expect($fetchRunA->getKey())->not->toBe($fetchRunDifferentScope->getKey());
expect($fetchRunA->getKey())->not->toBe($restoreRunA->getKey());
});
it('does not replace the initiator when deduping', function () {
$tenant = Tenant::factory()->create();
$userA = User::factory()->create();
$userB = User::factory()->create();
$service = new OperationRunService;
$runA = $service->ensureRun($tenant, 'test.action', ['scope' => 'full'], $userA);
$runB = $service->ensureRun($tenant, 'test.action', ['scope' => 'full'], $userB);
expect($runA->getKey())->toBe($runB->getKey());
expect($runB->fresh()?->user_id)->toBe($userA->getKey());
expect($runB->fresh()?->initiator_name)->toBe($userA->name);
});
it('hashes inputs deterministically regardless of key order', function () {
$tenant = Tenant::factory()->create();
$service = new OperationRunService;
$runA = $service->ensureRun($tenant, 'test.action', ['b' => 2, 'a' => 1]);
$runB = $service->ensureRun($tenant, 'test.action', ['a' => 1, 'b' => 2]);
expect($runA->getKey())->toBe($runB->getKey());
});
it('hashes list inputs deterministically regardless of list order', function () {
$tenant = Tenant::factory()->create();
$service = new OperationRunService;
$runA = $service->ensureRun($tenant, 'test.action', ['ids' => [2, 1]]);
$runB = $service->ensureRun($tenant, 'test.action', ['ids' => [1, 2]]);
expect($runA->getKey())->toBe($runB->getKey());
});
it('handles unique-index race collisions by returning the active run', function () {
$tenant = Tenant::factory()->create();
$service = new OperationRunService;
$fired = false;
$dispatcher = OperationRun::getEventDispatcher();
OperationRun::creating(function (OperationRun $model) use (&$fired, $tenant): void {
if ($fired) {
return;
}
$fired = true;
OperationRun::withoutEvents(function () use ($model, $tenant): void {
OperationRun::query()->create([
'workspace_id' => (int) $tenant->workspace_id,
'tenant_id' => $model->tenant_id,
'user_id' => $model->user_id,
'initiator_name' => $model->initiator_name,
'type' => $model->type,
'status' => $model->status,
'outcome' => $model->outcome,
'run_identity_hash' => $model->run_identity_hash,
'context' => $model->context,
]);
});
});
try {
$run = $service->ensureRun($tenant, 'test.race', ['scope' => 'full']);
} finally {
OperationRun::flushEventListeners();
OperationRun::setEventDispatcher($dispatcher);
}
expect($run)->toBeInstanceOf(OperationRun::class);
expect(OperationRun::query()->where('tenant_id', $tenant->getKey())->where('type', 'test.race')->count())
->toBe(1);
});
it('creates a new run after the previous one completed', function () {
$tenant = Tenant::factory()->create();
$service = new OperationRunService;
$runA = $service->ensureRun($tenant, 'test.action', ['scope' => 'full']);
$runA->update(['status' => 'completed']);
$runB = $service->ensureRun($tenant, 'test.action', ['scope' => 'full']);
expect($runA->getKey())->not->toBe($runB->getKey());
expect(OperationRun::query()->count())->toBe(2);
});
it('reuses the same run even after completion when using strict identity', function () {
$tenant = Tenant::factory()->create();
$service = new OperationRunService;
$runA = $service->ensureRunWithIdentityStrict(
tenant: $tenant,
type: 'backup_schedule_run',
identityInputs: ['backup_schedule_id' => 123, 'scheduled_for' => '2026-01-05 10:00:00'],
context: ['backup_schedule_id' => 123, 'scheduled_for' => '2026-01-05 10:00:00'],
);
$runA->update(['status' => 'completed', 'outcome' => 'succeeded']);
$runB = $service->ensureRunWithIdentityStrict(
tenant: $tenant,
type: 'backup_schedule_run',
identityInputs: ['backup_schedule_id' => 123, 'scheduled_for' => '2026-01-05 10:00:00'],
context: ['backup_schedule_id' => 123, 'scheduled_for' => '2026-01-05 10:00:00'],
);
expect($runA->getKey())->toBe($runB->getKey());
expect(OperationRun::query()->count())->toBe(1);
});
it('handles strict unique-index race collisions by returning the existing run', function () {
$tenant = Tenant::factory()->create();
$service = new OperationRunService;
$fired = false;
$dispatcher = OperationRun::getEventDispatcher();
OperationRun::creating(function (OperationRun $model) use (&$fired, $tenant): void {
if ($fired) {
return;
}
$fired = true;
OperationRun::withoutEvents(function () use ($model, $tenant): void {
OperationRun::query()->create([
'workspace_id' => (int) $tenant->workspace_id,
'tenant_id' => $model->tenant_id,
'user_id' => $model->user_id,
'initiator_name' => $model->initiator_name,
'type' => $model->type,
'status' => $model->status,
'outcome' => $model->outcome,
'run_identity_hash' => $model->run_identity_hash,
'context' => $model->context,
]);
});
});
try {
$run = $service->ensureRunWithIdentityStrict(
tenant: $tenant,
type: 'backup_schedule_run',
identityInputs: ['backup_schedule_id' => 123, 'scheduled_for' => '2026-01-05 10:00:00'],
context: ['backup_schedule_id' => 123, 'scheduled_for' => '2026-01-05 10:00:00'],
);
} finally {
OperationRun::flushEventListeners();
OperationRun::setEventDispatcher($dispatcher);
}
expect($run)->toBeInstanceOf(OperationRun::class);
expect(OperationRun::query()->where('tenant_id', $tenant->getKey())->where('type', 'backup_schedule_run')->count())
->toBe(1);
});
it('updates run lifecycle fields and summaries', function () {
$tenant = Tenant::factory()->create();
$service = new OperationRunService;
$run = $service->ensureRun($tenant, 'test.action', []);
$service->updateRun($run, 'running');
$fresh = $run->fresh();
expect($fresh?->status)->toBe('running');
expect($fresh?->started_at)->not->toBeNull();
$service->updateRun($run, 'completed', 'succeeded', ['succeeded' => 1]);
$fresh = $run->fresh();
expect($fresh?->status)->toBe('completed');
expect($fresh?->outcome)->toBe('succeeded');
expect($fresh?->completed_at)->not->toBeNull();
expect($fresh?->summary_counts)->toBe(['succeeded' => 1]);
});
it('sanitizes failure messages and redacts obvious secrets', function () {
$tenant = Tenant::factory()->create();
$service = new OperationRunService;
$run = $service->ensureRun($tenant, 'test.action', []);
try {
throw new RuntimeException('Authorization: Bearer abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789');
} catch (Throwable $e) {
$service->failRun($run, $e);
}
$fresh = $run->fresh();
expect($fresh?->status)->toBe('completed');
expect($fresh?->outcome)->toBe('failed');
expect($fresh?->failure_summary)->toBeArray();
$message = (string) (($fresh?->failure_summary[0]['message'] ?? ''));
expect($message)->not->toContain('abcdefghijklmnopqrstuvwxyz');
expect($message)->toContain('[REDACTED');
});
Reference in New Issue View Git Blame Copy Permalink