ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
ce0615a9c1
TenantAtlas/apps/platform/tests/Unit/Baselines/BaselinePolicyVersionResolverTest.php
ahmido ce0615a9c1 Spec 182: relocate Laravel platform to apps/platform (#213) 
## Summary
- move the Laravel application into `apps/platform` and keep the repository root for orchestration, docs, and tooling
- update the local command model, Sail/Docker wiring, runtime paths, and ignore rules around the new platform location
- add relocation quickstart/contracts plus focused smoke coverage for bootstrap, command model, routes, and runtime behavior

## Validation
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/PlatformRelocation`
- integrated browser smoke validated `/up`, `/`, `/admin`, `/admin/choose-workspace`, and tenant route semantics for `200`, `403`, and `404`

## Remaining Rollout Checks
- validate Dokploy build context and working-directory assumptions against the new `apps/platform` layout
- confirm web, queue, and scheduler processes all start from the expected working directory in staging/production
- verify no legacy volume mounts or asset-publish paths still point at the old root-level `public/` or `storage/` locations

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #213
2026-04-08 08:40:47 +00:00

167 lines
5.3 KiB
PHP
Raw Blame History

<?php
use App\Models\Policy;
use App\Models\PolicyVersion;
use App\Models\Tenant;
use App\Services\Baselines\Evidence\BaselinePolicyVersionResolver;
use App\Support\Baselines\BaselineSubjectKey;
use Carbon\CarbonImmutable;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
beforeEach(function () {
$this->resolver = new BaselinePolicyVersionResolver;
});
test('resolves baseline policy version id within observed second', function () {
$tenant = Tenant::factory()->create();
$displayName = 'Policy Alpha';
$subjectKey = BaselineSubjectKey::fromDisplayName($displayName);
expect($subjectKey)->not->toBeNull();
$policy = Policy::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'policy_type' => 'settingsCatalogPolicy',
'display_name' => $displayName,
]);
$capturedAt = CarbonImmutable::parse('2026-03-05 12:00:00.123456');
$version = PolicyVersion::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'policy_id' => (int) $policy->getKey(),
'policy_type' => (string) $policy->policy_type,
'version_number' => 1,
'captured_at' => $capturedAt,
]);
$resolved = $this->resolver->resolve(
tenant: $tenant,
policyType: (string) $policy->policy_type,
subjectKey: (string) $subjectKey,
observedAt: $capturedAt->toIso8601String(),
);
expect($resolved)->toBe((int) $version->getKey());
});
test('returns null when no policy matches subject key', function () {
$tenant = Tenant::factory()->create();
Policy::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'policy_type' => 'settingsCatalogPolicy',
'display_name' => 'Some Other Policy',
]);
$resolved = $this->resolver->resolve(
tenant: $tenant,
policyType: 'settingsCatalogPolicy',
subjectKey: 'missing-subject-key',
observedAt: CarbonImmutable::parse('2026-03-05 12:00:00')->toIso8601String(),
);
expect($resolved)->toBeNull();
});
test('returns null when observed_at is invalid', function () {
$tenant = Tenant::factory()->create();
$policy = Policy::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'policy_type' => 'settingsCatalogPolicy',
'display_name' => 'Policy Alpha',
]);
$subjectKey = BaselineSubjectKey::fromDisplayName((string) $policy->display_name);
expect($subjectKey)->not->toBeNull();
$resolved = $this->resolver->resolve(
tenant: $tenant,
policyType: (string) $policy->policy_type,
subjectKey: (string) $subjectKey,
observedAt: 'not-a-date',
);
expect($resolved)->toBeNull();
});
test('uses a deterministic tie-breaker when multiple candidates exist', function () {
$tenant = Tenant::factory()->create();
$displayName = 'Policy Alpha';
$subjectKey = BaselineSubjectKey::fromDisplayName($displayName);
expect($subjectKey)->not->toBeNull();
$policy = Policy::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'policy_type' => 'settingsCatalogPolicy',
'display_name' => $displayName,
]);
$versionEarly = PolicyVersion::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'policy_id' => (int) $policy->getKey(),
'policy_type' => (string) $policy->policy_type,
'version_number' => 1,
'captured_at' => CarbonImmutable::parse('2026-03-05 12:00:00.100000'),
]);
$versionLate = PolicyVersion::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'policy_id' => (int) $policy->getKey(),
'policy_type' => (string) $policy->policy_type,
'version_number' => 2,
'captured_at' => CarbonImmutable::parse('2026-03-05 12:00:00.900000'),
]);
$resolved = $this->resolver->resolve(
tenant: $tenant,
policyType: (string) $policy->policy_type,
subjectKey: (string) $subjectKey,
observedAt: CarbonImmutable::parse('2026-03-05 12:00:00')->toIso8601String(),
);
expect($resolved)
->toBe((int) $versionLate->getKey())
->and($resolved)->not->toBe((int) $versionEarly->getKey());
});
test('resolves intune role definition versions by external-id identity', function () {
$tenant = Tenant::factory()->create();
$policy = Policy::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'policy_type' => 'intuneRoleDefinition',
'external_id' => 'role-def-42',
'display_name' => 'Security Reader',
]);
$capturedAt = CarbonImmutable::parse('2026-03-08 12:00:00.123456');
$version = PolicyVersion::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'policy_id' => (int) $policy->getKey(),
'policy_type' => (string) $policy->policy_type,
'version_number' => 1,
'captured_at' => $capturedAt,
]);
$subjectKey = BaselineSubjectKey::forPolicy('intuneRoleDefinition', 'Security Reader', 'role-def-42');
expect($subjectKey)->not->toBeNull();
$resolved = $this->resolver->resolve(
tenant: $tenant,
policyType: 'intuneRoleDefinition',
subjectKey: (string) $subjectKey,
observedAt: $capturedAt->toIso8601String(),
);
expect($resolved)->toBe((int) $version->getKey());
});
Reference in New Issue View Git Blame Copy Permalink