ahmido
ce0615a9c1
## Summary - move the Laravel application into `apps/platform` and keep the repository root for orchestration, docs, and tooling - update the local command model, Sail/Docker wiring, runtime paths, and ignore rules around the new platform location - add relocation quickstart/contracts plus focused smoke coverage for bootstrap, command model, routes, and runtime behavior ## Validation - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/PlatformRelocation` - integrated browser smoke validated `/up`, `/`, `/admin`, `/admin/choose-workspace`, and tenant route semantics for `200`, `403`, and `404` ## Remaining Rollout Checks - validate Dokploy build context and working-directory assumptions against the new `apps/platform` layout - confirm web, queue, and scheduler processes all start from the expected working directory in staging/production - verify no legacy volume mounts or asset-publish paths still point at the old root-level `public/` or `storage/` locations Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #213
116 lines
4.2 KiB
PHP
116 lines
4.2 KiB
PHP
<?php
|
|
|
|
use App\Filament\Pages\BaselineCompareLanding;
|
|
use App\Models\BaselineProfile;
|
|
use App\Models\BaselineSnapshot;
|
|
use App\Models\BaselineTenantAssignment;
|
|
use App\Models\Finding;
|
|
use App\Models\OperationRun;
|
|
use App\Support\OperationRunOutcome;
|
|
use App\Support\OperationRunStatus;
|
|
use App\Support\OperationRunType;
|
|
use Filament\Facades\Filament;
|
|
use Livewire\Livewire;
|
|
|
|
it('shows RBAC-specific baseline compare labels and assignment exclusion messaging', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
$this->actingAs($user);
|
|
|
|
$tenant->makeCurrent();
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$profile = BaselineProfile::factory()->active()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'name' => 'RBAC Baseline',
|
|
'scope_jsonb' => [
|
|
'policy_types' => [],
|
|
'foundation_types' => ['intuneRoleDefinition'],
|
|
],
|
|
]);
|
|
|
|
$snapshot = BaselineSnapshot::factory()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
]);
|
|
|
|
$profile->update(['active_snapshot_id' => (int) $snapshot->getKey()]);
|
|
|
|
BaselineTenantAssignment::factory()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
]);
|
|
|
|
OperationRun::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'type' => OperationRunType::BaselineCompare->value,
|
|
'status' => OperationRunStatus::Completed->value,
|
|
'outcome' => OperationRunOutcome::Succeeded->value,
|
|
'completed_at' => now(),
|
|
'context' => [
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
'baseline_snapshot_id' => (int) $snapshot->getKey(),
|
|
'baseline_compare' => [
|
|
'reason_code' => 'drift_detected',
|
|
'rbac_role_definitions' => [
|
|
'total_compared' => 4,
|
|
'unchanged' => 1,
|
|
'modified' => 1,
|
|
'missing' => 1,
|
|
'unexpected' => 1,
|
|
],
|
|
'coverage' => [
|
|
'effective_types' => ['intuneRoleDefinition'],
|
|
'covered_types' => ['intuneRoleDefinition'],
|
|
'uncovered_types' => [],
|
|
'proof' => true,
|
|
],
|
|
'fidelity' => 'content',
|
|
],
|
|
],
|
|
]);
|
|
|
|
Finding::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'finding_type' => Finding::FINDING_TYPE_DRIFT,
|
|
'source' => 'baseline.compare',
|
|
'scope_key' => 'baseline_profile:'.$profile->getKey(),
|
|
'severity' => Finding::SEVERITY_HIGH,
|
|
'status' => Finding::STATUS_NEW,
|
|
'subject_type' => 'policy',
|
|
'subject_external_id' => 'rbac-role-1',
|
|
'evidence_fidelity' => 'content',
|
|
'evidence_jsonb' => [
|
|
'change_type' => 'different_version',
|
|
'policy_type' => 'intuneRoleDefinition',
|
|
'subject_key' => hash('sha256', 'intuneRoleDefinition|rbac-role-1'),
|
|
'display_name' => 'Security Reader',
|
|
'summary' => [
|
|
'kind' => 'rbac_role_definition',
|
|
],
|
|
'baseline' => ['policy_version_id' => 10],
|
|
'current' => ['policy_version_id' => 11],
|
|
'rbac_role_definition' => [
|
|
'diff_kind' => 'permission_change',
|
|
],
|
|
'fidelity' => 'content',
|
|
'provenance' => [
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
'baseline_snapshot_id' => (int) $snapshot->getKey(),
|
|
'compare_operation_run_id' => 1,
|
|
'inventory_sync_run_id' => 1,
|
|
],
|
|
],
|
|
]);
|
|
|
|
Livewire::test(BaselineCompareLanding::class)
|
|
->assertSee('Intune RBAC Role Definitions')
|
|
->assertSee('Compared')
|
|
->assertSee('Modified')
|
|
->assertSee('Missing')
|
|
->assertSee('Unexpected')
|
|
->assertSee('Role Assignments are not included')
|
|
->assertDontSee('RBAC restore');
|
|
});
|