TenantAtlas/apps/platform/tests/Unit/Support/TenantConfiguration/Spec423SecurityComplianceRenderableSummaryBuilderTest.php
ahmido c49784b305 feat: complete spec 423 security compliance readiness pack (#490)
Spec 423 security compliance readiness pack implementation. Head commit: c49acba7.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #490
2026-06-30 16:03:01 +00:00

92 lines
3.4 KiB
PHP

<?php
declare(strict_types=1);
use App\Services\TenantConfiguration\SecurityComplianceRenderableSummaryBuilder;
it('Spec423 renders operator-safe Security and Compliance summaries', function (string $canonicalType, array $payload, string $resourceType, string $expectedText): void {
$summary = app(SecurityComplianceRenderableSummaryBuilder::class)->build($canonicalType, $payload, [
'claim_state' => 'internal_only',
'identity_state' => 'stable',
'last_captured' => 'Jun 30, 2026 07:30 AM',
]);
$encoded = json_encode($summary, JSON_THROW_ON_ERROR);
expect($summary)->toBeArray()
->and($summary['resource_type'])->toBe($resourceType)
->and($encoded)->toContain($expectedText)
->and($encoded)->toContain('internal_only')
->and($encoded)->toContain('Ready for operator review')
->and($encoded)->not->toContain('raw_payload')
->and($encoded)->not->toContain('source_endpoint');
})->with([
'retention policy' => [
'retentionCompliancePolicy',
[
'DisplayName' => 'Spec423 Retention',
'RetentionDuration' => 7,
'RetentionDurationUnit' => 'Years',
'DispositionAction' => 'Delete',
'IncludedLocations' => ['Exchange'],
],
'Retention compliance policy',
'7 Years',
],
'label policy' => [
'labelPolicy',
[
'DisplayName' => 'Spec423 Labels',
'PublishedLabels' => [['displayName' => 'Highly Confidential']],
'Mandatory' => true,
],
'Label policy',
'Highly Confidential',
],
'dlp policy' => [
'dlpCompliancePolicy',
[
'DisplayName' => 'Spec423 DLP',
'Mode' => 'Enforce',
'Locations' => ['Exchange'],
'Rules' => [['Name' => 'Rule', 'Actions' => ['BlockAccess']]],
],
'DLP compliance policy',
'BlockAccess',
],
]);
it('Spec423 summaries hide raw JSON, provider responses, secrets, fingerprints, and content payloads', function (): void {
$summary = app(SecurityComplianceRenderableSummaryBuilder::class)->build('dlpCompliancePolicy', [
'DisplayName' => 'Spec423 DLP',
'Mode' => 'Enforce',
'providerResponse' => ['body' => 'spec423-provider-response'],
'fingerprint' => 'spec423-fingerprint',
'clientSecret' => 'spec423-render-secret',
'Rules' => [
[
'Name' => 'Rule',
'Actions' => ['BlockAccess'],
'DlpIncidentContent' => 'spec423-dlp-incident-content',
'MailContent' => 'spec423-mail-content',
'FileContent' => 'spec423-file-content',
],
],
]);
$encoded = json_encode($summary, JSON_THROW_ON_ERROR);
expect($summary['redacted_fields'])->toContain(
'providerResponse',
'fingerprint',
'clientSecret',
'Rules.0.DlpIncidentContent',
'Rules.0.MailContent',
'Rules.0.FileContent',
)
->and($encoded)->not->toContain('spec423-provider-response')
->and($encoded)->not->toContain('spec423-fingerprint')
->and($encoded)->not->toContain('spec423-render-secret')
->and($encoded)->not->toContain('spec423-dlp-incident-content')
->and($encoded)->not->toContain('spec423-mail-content')
->and($encoded)->not->toContain('spec423-file-content');
});