ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
c125fd48fd
TenantAtlas/apps/platform/tests/Feature/SupportDiagnostics/TenantSupportDiagnosticActionTest.php
Ahmed Darrazi c125fd48fd
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 3m58s
Details
feat(ui): implement diagnostic entry point consolidation 
Applied diagnostic surface contract rules to Audit Log inspect modal and Support Diagnostics action context, consolidating raw diagnostic data into safe modals according to Spec 374.
2026-06-13 03:06:33 +02:00

211 lines
9.1 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Filament\Pages\EnvironmentDashboard;
use App\Models\AuditLog;
use App\Models\EnvironmentReview;
use App\Models\EvidenceSnapshot;
use App\Models\Finding;
use App\Models\ManagedEnvironment;
use App\Models\ManagedEnvironmentMembership;
use App\Models\OperationRun;
use App\Models\ProviderConnection;
use App\Models\ReviewPack;
use App\Models\StoredReport;
use App\Models\User;
use App\Models\WorkspaceMembership;
use App\Support\Auth\UiTooltips;
use App\Support\EnvironmentReviewStatus;
use App\Support\OperationRunOutcome;
use App\Support\OperationRunStatus;
use App\Support\OperationRunType;
use App\Support\Providers\ProviderReasonCodes;
use App\Support\Providers\ProviderVerificationStatus;
use App\Support\Workspaces\WorkspaceContext;
use Filament\Actions\Action;
use Livewire\Livewire;
function tenantSupportDiagnosticsComponent(User $user, ManagedEnvironment $tenant): \Livewire\Features\SupportTesting\Testable
{
test()->actingAs($user);
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
setAdminEnvironmentContext($tenant);
return Livewire::actingAs($user)->test(EnvironmentDashboard::class);
}
it('opens a redacted tenant support diagnostic bundle from the tenant dashboard', function (): void {
$tenant = ManagedEnvironment::factory()->create(['name' => 'Contoso Support ManagedEnvironment']);
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'operator');
$connection = ProviderConnection::factory()
->withCredential()
->create([
'managed_environment_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'display_name' => 'Contoso Microsoft connection',
'verification_status' => ProviderVerificationStatus::Blocked->value,
'last_error_reason_code' => ProviderReasonCodes::ProviderPermissionMissing,
'last_error_message' => 'raw-provider-secret-message',
'last_health_check_at' => now()->subMinutes(15),
]);
$run = OperationRun::factory()
->forTenant($tenant)
->create([
'type' => OperationRunType::BaselineCompare->value,
'status' => OperationRunStatus::Completed->value,
'outcome' => OperationRunOutcome::Failed->value,
'context' => [
'provider_connection_id' => (int) $connection->getKey(),
'raw_response_body' => 'secret-provider-body',
],
'failure_summary' => [[
'message' => 'Compare failed after provider permission validation.',
]],
'completed_at' => now()->subMinutes(10),
]);
$finding = Finding::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'current_operation_run_id' => (int) $run->getKey(),
'severity' => Finding::SEVERITY_HIGH,
'last_seen_at' => now()->subMinutes(8),
]);
StoredReport::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'report_type' => StoredReport::REPORT_TYPE_PERMISSION_POSTURE,
'payload' => [
'raw_response_body' => 'stored-report-secret-body',
],
'fingerprint' => 'permission-fingerprint',
]);
$evidenceSnapshot = EvidenceSnapshot::query()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'operation_run_id' => (int) $run->getKey(),
'initiated_by_user_id' => (int) $user->getKey(),
'fingerprint' => fake()->sha256(),
'status' => 'active',
'completeness_state' => 'complete',
'summary' => [
'dimension_count' => 1,
'missing_dimensions' => 0,
'stale_dimensions' => 0,
],
'generated_at' => now()->subMinutes(7),
]);
$review = EnvironmentReview::factory()->ready()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'evidence_snapshot_id' => (int) $evidenceSnapshot->getKey(),
'operation_run_id' => (int) $run->getKey(),
'status' => EnvironmentReviewStatus::Ready->value,
'generated_at' => now()->subMinutes(7),
]);
$pack = ReviewPack::factory()->ready()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'environment_review_id' => (int) $review->getKey(),
'operation_run_id' => (int) $run->getKey(),
'generated_at' => now()->subMinutes(6),
]);
$review->forceFill(['current_export_review_pack_id' => (int) $pack->getKey()])->save();
AuditLog::query()->create([
'workspace_id' => (int) $tenant->workspace_id,
'managed_environment_id' => (int) $tenant->getKey(),
'operation_run_id' => (int) $run->getKey(),
'action' => 'operation.failed',
'resource_type' => 'operation_run',
'resource_id' => (string) $run->getKey(),
'target_label' => 'Operation #'.$run->getKey(),
'metadata' => [
'raw_response_body' => 'audit-secret-body',
'reason_code' => 'provider_permission_missing',
],
'outcome' => 'success',
'recorded_at' => now()->subMinutes(5),
]);
bindFailHardGraphClient();
tenantSupportDiagnosticsComponent($user, $tenant)
->assertActionVisible('openSupportDiagnostics')
->assertActionEnabled('openSupportDiagnostics')
->assertActionExists('openSupportDiagnostics', fn (Action $action): bool => $action->getLabel() === 'Open support diagnostics')
->mountAction('openSupportDiagnostics')
->assertMountedActionModalSee('Support diagnostics')
->assertMountedActionModalSee('Recommended first check')
->assertMountedActionModalSee('Environment context')
->assertMountedActionModalSee('Check provider connection first')
->assertMountedActionModalSee('Start with the provider connection and required access')
->assertMountedActionModalSee('Contoso Support ManagedEnvironment')
->assertMountedActionModalSee('Permissions missing')
->assertMountedActionModalSee('provider app is missing required Microsoft Graph permissions')
->assertMountedActionModalSee('Operation #'.$run->getKey())
->assertMountedActionModalSee('High finding #'.$finding->getKey())
->assertMountedActionModalSee('permission posture report')
->assertMountedActionModalSee('Environment review #'.$review->getKey())
->assertMountedActionModalSee('Review pack #'.$pack->getKey())
->assertMountedActionModalSee('Operation failed')
->assertMountedActionModalSee('Redacted support view')
->assertMountedActionModalSee('Support scope')
->assertMountedActionModalSee('Read-only, redacted support view. Restricted provider details are excluded.')
->assertMountedActionModalSee('[REDACTED]')
->assertMountedActionModalDontSee('Boundary')
->assertMountedActionModalDontSee('Support diagnostics use a redacted support view. Secrets')
->assertMountedActionModalDontSee('default-redacted')
->assertMountedActionModalDontSee('raw-provider-secret-message')
->assertMountedActionModalDontSee('secret-provider-body')
->assertMountedActionModalDontSee('stored-report-secret-body')
->assertMountedActionModalDontSee('audit-secret-body');
});
it('denies non-entitled tenant dashboard access as not found', function (): void {
$tenant = ManagedEnvironment::factory()->create();
$user = User::factory()->create();
WorkspaceMembership::factory()->create([
'workspace_id' => (int) $tenant->workspace_id,
'user_id' => (int) $user->getKey(),
'role' => 'operator',
]);
$allowedTenant = ManagedEnvironment::factory()->create([
'workspace_id' => (int) $tenant->workspace_id,
]);
ManagedEnvironmentMembership::query()->create([
'managed_environment_id' => (int) $allowedTenant->getKey(),
'user_id' => (int) $user->getKey(),
'role' => 'operator',
'source' => 'manual',
'source_ref' => null,
'created_by_user_id' => null,
]);
$this
->actingAs($user)
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
->get(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant))
->assertNotFound();
});
it('shows support diagnostics as disabled for entitled members without the support capability', function (): void {
$tenant = ManagedEnvironment::factory()->create();
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
tenantSupportDiagnosticsComponent($user, $tenant)
->assertActionVisible('openSupportDiagnostics')
->assertActionDisabled('openSupportDiagnostics')
->assertActionExists('openSupportDiagnostics', fn (Action $action): bool => $action->getTooltip() === UiTooltips::insufficientPermission());
});
Reference in New Issue View Git Blame Copy Permalink