TenantAtlas/apps/platform/tests/Unit/Support/TenantConfiguration/Spec417CoverageIdentityStrategyRegistryTest.php
ahmido f7d06621a0 feat: implement Exchange Teams evidence identity readiness (#493)
Automated PR for spec 426 exchange teams core evidence identity readiness. Includes service changes and coverage/requirement/spec updates from commit fb4dc20c.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #493
2026-07-03 11:43:11 +00:00

43 lines
1.7 KiB
PHP

<?php
declare(strict_types=1);
use App\Services\TenantConfiguration\CoverageIdentityStrategyRegistry;
it('Spec417 defines canonical identity strategies for the initial Coverage v2 resource types', function (): void {
$strategies = app(CoverageIdentityStrategyRegistry::class)->strategies();
expect(array_keys($strategies))->toBe([
'deviceAndAppManagementAssignmentFilter',
'deviceEnrollmentLimitRestriction',
'deviceEnrollmentPlatformRestriction',
'deviceEnrollmentStatusPageWindows10',
'appProtectionPolicyAndroid',
'appProtectionPolicyiOS',
'conditionalAccessPolicy',
'securityDefaults',
'transportRule',
'acceptedDomain',
'appPermissionPolicy',
'meetingPolicy',
'notificationMessageTemplate',
'roleScopeTag',
]);
foreach ($strategies as $canonicalType => $strategy) {
expect($strategy['strategy_identifier'])->toBeString()->not->toBe('')
->and($strategy['preferred_identity_fields'])->toBeArray()->not->toBeEmpty()
->and($strategy['display_fields'])->toContain('displayName')
->and($strategy['requires_provider_connection_scope'])->toBeTrue()
->and($strategy['derived_claims_allowed'])->toBeFalse("{$canonicalType} must not certify derived identity by default");
}
});
it('Spec417 keeps beta identity experimental and claim-blocked by default', function (): void {
$strategy = app(CoverageIdentityStrategyRegistry::class)->strategies()['roleScopeTag'];
expect($strategy['allows_experimental_identity'])->toBeTrue()
->and($strategy['allows_derived_identity'])->toBeTrue()
->and($strategy['derived_claims_allowed'])->toBeFalse();
});