ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
cc93329672
TenantAtlas/tests/Feature/Auth/BreakGlassWorkspaceOwnerRecoveryTest.php
ahmido da1adbdeb5 Spec 119: Drift cutover to Baseline Compare (golden master) (#144) 
Implements Spec 119 (Drift Golden Master Cutover):

- Baseline Compare is the only drift writer (`source = baseline.compare`).
- Drift findings now store diff-compatible `evidence_jsonb` (summary.kind, baseline/current policy_version_id refs, fidelity + provenance).
- Findings UI renders one-sided diffs for `missing_policy`/`unexpected_policy` when a single ref exists; otherwise shows explicit “diff unavailable”.
- Removes legacy drift generator runtime (jobs/services/UI) and related tests.
- Adds one-time migration to delete legacy drift findings (`finding_type=drift` where source is null or != baseline.compare).
- Scopes baseline capture & landing duplicate warnings to latest completed inventory sync.
- Canonicalizes compliance `scheduledActionsForRule` drift signal and keeps legacy snapshots comparable.

Tests:
- `vendor/bin/sail artisan test --compact` (full suite per tasks)
- Focused pack: BaselinePolicyVersionResolverTest, BaselineCompareDriftEvidenceContractTest, DriftFindingDiffUnavailableTest, LegacyDriftFindingsCleanupMigrationTest, ComplianceNoncomplianceActionsDriftTest

Notes:
- Livewire v4+ / Filament v5 compatible (no legacy APIs).
- No new external dependencies.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #144
2026-03-06 14:30:49 +00:00

91 lines
2.8 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Filament\System\Pages\Dashboard;
use App\Filament\System\Pages\RepairWorkspaceOwners;
use App\Models\AuditLog;
use App\Models\PlatformUser;
use App\Models\Tenant;
use App\Models\User;
use App\Models\Workspace;
use App\Models\WorkspaceMembership;
use App\Support\Auth\PlatformCapabilities;
use App\Support\Auth\WorkspaceRole;
use Filament\Facades\Filament;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Livewire\Livewire;
uses(RefreshDatabase::class);
beforeEach(function () {
Filament::setCurrentPanel('system');
Filament::bootCurrentPanel();
Tenant::factory()->create([
'tenant_id' => null,
'external_id' => 'platform',
'name' => 'Platform',
]);
config()->set('tenantpilot.break_glass.enabled', true);
config()->set('tenantpilot.break_glass.ttl_minutes', 15);
});
it('can assign a workspace owner via break-glass and audits it', function () {
$platformUser = PlatformUser::factory()->create([
'capabilities' => [
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
PlatformCapabilities::CONSOLE_VIEW,
PlatformCapabilities::USE_BREAK_GLASS,
],
]);
$this->actingAs($platformUser, 'platform');
$workspace = Workspace::factory()->create();
$targetUser = User::factory()->create();
// Ensure the workspace is in a "broken" state: zero owners.
WorkspaceMembership::factory()->create([
'workspace_id' => $workspace->getKey(),
'user_id' => $targetUser->getKey(),
'role' => WorkspaceRole::Operator->value,
]);
Livewire::test(Dashboard::class)
->callAction('enter_break_glass', data: [
'reason' => 'Recover workspace ownership',
]);
Livewire::test(RepairWorkspaceOwners::class)
->callAction('assign_owner', data: [
'workspace_id' => (int) $workspace->getKey(),
'target_user_id' => (int) $targetUser->getKey(),
'reason' => 'Fix last owner removed via DB edit',
]);
$membership = WorkspaceMembership::query()
->where('workspace_id', $workspace->getKey())
->where('user_id', $targetUser->getKey())
->firstOrFail();
expect($membership->role)->toBe(WorkspaceRole::Owner->value);
$audit = AuditLog::query()
->where('workspace_id', $workspace->getKey())
->where('action', 'workspace_membership.break_glass.assign_owner')
->where('status', 'success')
->latest('id')
->first();
expect($audit)->not->toBeNull();
expect($audit->metadata)->toMatchArray([
'workspace_id' => (int) $workspace->getKey(),
'actor_user_id' => (int) $platformUser->getKey(),
'target_user_id' => (int) $targetUser->getKey(),
'attempted_role' => WorkspaceRole::Owner->value,
'source' => 'break_glass',
]);
});
Reference in New Issue View Git Blame Copy Permalink