c3bdcf4d2d
BREAKING CHANGE: Assignment capture flow completely refactored Core Changes: - Created PolicyCaptureOrchestrator service for centralized capture coordination - Refactored BackupService to use orchestrator (version-first approach) - Fixed domain model bug: PolicyVersion now stores assignments (source of truth) - BackupItem references PolicyVersion and copies assignments for restore Database: - Added assignments, scope_tags, assignments_hash, scope_tags_hash to policy_versions - Added policy_version_id foreign key to backup_items - Migrations: 2025_12_22_171525, 2025_12_22_171545 Services: - PolicyCaptureOrchestrator: Intelligent version reuse, idempotent backfilling - VersionService: Enhanced to capture assignments during version creation - BackupService: Uses orchestrator, version-first capture flow UI: - Moved assignments widget from Policy to PolicyVersion view - Created PolicyVersionAssignmentsWidget Livewire component - Updated BackupItemsRelationManager columns for new assignment fields Tests: - Deleted BackupWithAssignmentsTest (old behavior) - Created BackupWithAssignmentsConsistencyTest (4 tests, all passing) - Fixed AssignmentFetcherTest and GroupResolverTest for GraphResponse - All 162 tests passing Issue: Assignments/scope tags not displaying in BackupSet items table (UI only) Status: Database contains correct data, UI column definitions need adjustment
180 lines
5.3 KiB
PHP
180 lines
5.3 KiB
PHP
<?php
|
|
|
|
use App\Services\Graph\GraphException;
|
|
use App\Services\Graph\GraphResponse;
|
|
use App\Services\Graph\GroupResolver;
|
|
use App\Services\Graph\MicrosoftGraphClient;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Support\Facades\Cache;
|
|
use Tests\TestCase;
|
|
|
|
uses(TestCase::class, RefreshDatabase::class);
|
|
|
|
beforeEach(function () {
|
|
Cache::flush();
|
|
$this->graphClient = Mockery::mock(MicrosoftGraphClient::class);
|
|
$this->resolver = new GroupResolver($this->graphClient);
|
|
});
|
|
|
|
test('resolves all groups', function () {
|
|
$tenantId = 'tenant-123';
|
|
$groupIds = ['group-1', 'group-2', 'group-3'];
|
|
$graphData = [
|
|
'value' => [
|
|
['id' => 'group-1', 'displayName' => 'All Users'],
|
|
['id' => 'group-2', 'displayName' => 'HR Team'],
|
|
['id' => 'group-3', 'displayName' => 'Contractors'],
|
|
],
|
|
];
|
|
|
|
$response = new GraphResponse(
|
|
success: true,
|
|
data: $graphData
|
|
);
|
|
|
|
$this->graphClient
|
|
->shouldReceive('request')
|
|
->once()
|
|
->with('POST', '/directoryObjects/getByIds', [
|
|
'tenant' => $tenantId,
|
|
'json' => [
|
|
'ids' => $groupIds,
|
|
'types' => ['group'],
|
|
],
|
|
])
|
|
->andReturn($response);
|
|
|
|
$result = $this->resolver->resolveGroupIds($groupIds, $tenantId);
|
|
|
|
expect($result)->toHaveKey('group-1')
|
|
->and($result['group-1'])->toBe([
|
|
'id' => 'group-1',
|
|
'displayName' => 'All Users',
|
|
'orphaned' => false,
|
|
])
|
|
->and($result)->toHaveKey('group-2')
|
|
->and($result['group-2']['orphaned'])->toBeFalse()
|
|
->and($result)->toHaveKey('group-3')
|
|
->and($result['group-3']['orphaned'])->toBeFalse();
|
|
});
|
|
|
|
test('handles orphaned ids', function () {
|
|
$tenantId = 'tenant-123';
|
|
$groupIds = ['group-1', 'group-2', 'group-3'];
|
|
$graphData = [
|
|
'value' => [
|
|
['id' => 'group-1', 'displayName' => 'All Users'],
|
|
// group-2 and group-3 are missing (deleted)
|
|
],
|
|
];
|
|
|
|
$response = new GraphResponse(
|
|
success: true,
|
|
data: $graphData
|
|
);
|
|
|
|
$this->graphClient
|
|
->shouldReceive('request')
|
|
->once()
|
|
->andReturn($response);
|
|
|
|
$result = $this->resolver->resolveGroupIds($groupIds, $tenantId);
|
|
|
|
expect($result)->toHaveKey('group-1')
|
|
->and($result['group-1']['orphaned'])->toBeFalse()
|
|
->and($result)->toHaveKey('group-2')
|
|
->and($result['group-2'])->toBe([
|
|
'id' => 'group-2',
|
|
'displayName' => null,
|
|
'orphaned' => true,
|
|
])
|
|
->and($result)->toHaveKey('group-3')
|
|
->and($result['group-3']['orphaned'])->toBeTrue();
|
|
});
|
|
|
|
test('caches results', function () {
|
|
$tenantId = 'tenant-123';
|
|
$groupIds = ['group-1', 'group-2'];
|
|
$graphData = [
|
|
'value' => [
|
|
['id' => 'group-1', 'displayName' => 'All Users'],
|
|
['id' => 'group-2', 'displayName' => 'HR Team'],
|
|
],
|
|
];
|
|
|
|
$response = new GraphResponse(
|
|
success: true,
|
|
data: $graphData
|
|
);
|
|
|
|
// First call - should hit Graph API
|
|
$this->graphClient
|
|
->shouldReceive('request')
|
|
->once()
|
|
->andReturn($response);
|
|
|
|
$result1 = $this->resolver->resolveGroupIds($groupIds, $tenantId);
|
|
|
|
// Second call - should use cache (no Graph API call)
|
|
$result2 = $this->resolver->resolveGroupIds($groupIds, $tenantId);
|
|
|
|
expect($result1)->toBe($result2)
|
|
->and($result1)->toHaveCount(2);
|
|
});
|
|
|
|
test('returns empty array for empty input', function () {
|
|
$result = $this->resolver->resolveGroupIds([], 'tenant-123');
|
|
|
|
expect($result)->toBe([]);
|
|
});
|
|
|
|
test('handles graph exception gracefully', function () {
|
|
$tenantId = 'tenant-123';
|
|
$groupIds = ['group-1', 'group-2'];
|
|
|
|
$this->graphClient
|
|
->shouldReceive('request')
|
|
->once()
|
|
->andThrow(new GraphException('Graph API error', 500, ['request_id' => 'request-id-123']));
|
|
|
|
$result = $this->resolver->resolveGroupIds($groupIds, $tenantId);
|
|
|
|
// All groups should be marked as orphaned on failure
|
|
expect($result)->toHaveKey('group-1')
|
|
->and($result['group-1']['orphaned'])->toBeTrue()
|
|
->and($result['group-1']['displayName'])->toBeNull()
|
|
->and($result)->toHaveKey('group-2')
|
|
->and($result['group-2']['orphaned'])->toBeTrue();
|
|
});
|
|
|
|
test('cache key is consistent regardless of array order', function () {
|
|
$tenantId = 'tenant-123';
|
|
$groupIds1 = ['group-1', 'group-2', 'group-3'];
|
|
$groupIds2 = ['group-3', 'group-1', 'group-2']; // Different order
|
|
$graphData = [
|
|
'value' => [
|
|
['id' => 'group-1', 'displayName' => 'All Users'],
|
|
['id' => 'group-2', 'displayName' => 'HR Team'],
|
|
['id' => 'group-3', 'displayName' => 'Contractors'],
|
|
],
|
|
];
|
|
|
|
$response = new GraphResponse(
|
|
success: true,
|
|
data: $graphData
|
|
);
|
|
|
|
// First call with groupIds1
|
|
$this->graphClient
|
|
->shouldReceive('request')
|
|
->once()
|
|
->andReturn($response);
|
|
|
|
$result1 = $this->resolver->resolveGroupIds($groupIds1, $tenantId);
|
|
|
|
// Second call with groupIds2 (different order) - should use cache
|
|
$result2 = $this->resolver->resolveGroupIds($groupIds2, $tenantId);
|
|
|
|
expect($result1)->toBe($result2);
|
|
});
|