ahmido
d2dbc52a32
## Summary - Capture and restore foundation types (assignment filters, scope tags, notification templates) with deterministic mapping. - Apply foundation mappings during restore (scope tags on policy payloads, assignment filter mapping with skip reasons). - Improve restore run UX (item selection, rerun action, preview-only badges). - Enforce preview-only policy types (e.g. Conditional Access) during execution. ## Testing - ./vendor/bin/sail artisan test tests/Feature/Filament/ConditionalAccessPreviewOnlyTest.php ## Notes - Specs/plan/tasks updated under specs/006-sot-foundations-assignments. - No migrations. Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local> Reviewed-on: #7
185 lines
5.5 KiB
PHP
185 lines
5.5 KiB
PHP
<?php
|
|
|
|
use App\Models\BackupItem;
|
|
use App\Models\BackupSet;
|
|
use App\Models\Policy;
|
|
use App\Models\PolicyVersion;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Services\Graph\GraphClientInterface;
|
|
use App\Services\Graph\GraphResponse;
|
|
use App\Services\Intune\FoundationMappingService;
|
|
use App\Services\Intune\RestoreService;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Mockery\MockInterface;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
test('restore execution applies items and records audit log', function () {
|
|
app()->bind(GraphClientInterface::class, fn () => new class implements GraphClientInterface
|
|
{
|
|
public function listPolicies(string $policyType, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function getPolicy(string $policyType, string $policyId, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, ['payload' => []]);
|
|
}
|
|
|
|
public function getOrganization(array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function applyPolicy(string $policyType, string $policyId, array $payload, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function request(string $method, string $path, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function getServicePrincipalPermissions(array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
});
|
|
|
|
$tenant = Tenant::create([
|
|
'tenant_id' => 'tenant-1',
|
|
'name' => 'Tenant One',
|
|
'metadata' => [],
|
|
]);
|
|
|
|
$policy = Policy::create([
|
|
'tenant_id' => $tenant->id,
|
|
'external_id' => 'policy-1',
|
|
'policy_type' => 'deviceConfiguration',
|
|
'display_name' => 'Policy A',
|
|
'platform' => 'windows',
|
|
]);
|
|
|
|
$backupSet = BackupSet::create([
|
|
'tenant_id' => $tenant->id,
|
|
'name' => 'Backup',
|
|
'status' => 'completed',
|
|
'item_count' => 1,
|
|
]);
|
|
|
|
$backupItem = BackupItem::create([
|
|
'tenant_id' => $tenant->id,
|
|
'backup_set_id' => $backupSet->id,
|
|
'policy_id' => $policy->id,
|
|
'policy_identifier' => $policy->external_id,
|
|
'policy_type' => $policy->policy_type,
|
|
'platform' => $policy->platform,
|
|
'payload' => ['foo' => 'bar'],
|
|
]);
|
|
|
|
$user = User::factory()->create(['email' => 'tester@example.com']);
|
|
$this->actingAs($user);
|
|
|
|
$service = app(RestoreService::class);
|
|
$run = $service->execute(
|
|
tenant: $tenant,
|
|
backupSet: $backupSet,
|
|
selectedItemIds: [$backupItem->id],
|
|
dryRun: false,
|
|
actorEmail: $user->email,
|
|
actorName: $user->name,
|
|
);
|
|
|
|
expect($run->status)->toBe('completed');
|
|
expect($run->results[0]['status'])->toBe('applied');
|
|
|
|
$this->assertDatabaseHas('audit_logs', [
|
|
'action' => 'restore.executed',
|
|
'resource_id' => (string) $run->id,
|
|
]);
|
|
|
|
expect(PolicyVersion::where('policy_id', $policy->id)->count())->toBe(1);
|
|
});
|
|
|
|
test('restore execution records foundation mappings', function () {
|
|
config()->set('tenantpilot.foundation_types', [
|
|
[
|
|
'type' => 'assignmentFilter',
|
|
'label' => 'Assignment Filter',
|
|
'category' => 'Foundations',
|
|
'platform' => 'all',
|
|
'endpoint' => 'deviceManagement/assignmentFilters',
|
|
'backup' => 'full',
|
|
'restore' => 'enabled',
|
|
'risk' => 'low',
|
|
],
|
|
]);
|
|
|
|
$tenant = Tenant::factory()->create();
|
|
$backupSet = BackupSet::factory()->for($tenant)->create();
|
|
$backupItem = BackupItem::factory()
|
|
->for($tenant)
|
|
->for($backupSet)
|
|
->state([
|
|
'policy_id' => null,
|
|
'policy_identifier' => 'filter-1',
|
|
'policy_type' => 'assignmentFilter',
|
|
'platform' => 'all',
|
|
'payload' => [
|
|
'id' => 'filter-1',
|
|
'displayName' => 'Filter One',
|
|
],
|
|
'metadata' => [
|
|
'displayName' => 'Filter One',
|
|
],
|
|
])
|
|
->create();
|
|
|
|
$entries = [
|
|
[
|
|
'type' => 'assignmentFilter',
|
|
'sourceId' => 'filter-1',
|
|
'sourceName' => 'Filter One',
|
|
'decision' => 'created',
|
|
'targetId' => 'filter-2',
|
|
'targetName' => 'Filter One',
|
|
],
|
|
];
|
|
|
|
$this->mock(FoundationMappingService::class, function (MockInterface $mock) use ($entries) {
|
|
$mock->shouldReceive('map')
|
|
->twice()
|
|
->andReturn([
|
|
'entries' => $entries,
|
|
'mapping' => ['filter-1' => 'filter-2'],
|
|
'failed' => 0,
|
|
'skipped' => 0,
|
|
]);
|
|
});
|
|
|
|
$user = User::factory()->create(['email' => 'tester@example.com']);
|
|
$this->actingAs($user);
|
|
|
|
$service = app(RestoreService::class);
|
|
$run = $service->execute(
|
|
tenant: $tenant,
|
|
backupSet: $backupSet,
|
|
selectedItemIds: [$backupItem->id],
|
|
dryRun: false,
|
|
actorEmail: $user->email,
|
|
actorName: $user->name,
|
|
);
|
|
|
|
expect($run->status)->toBe('completed');
|
|
expect($run->results)->toHaveCount(1);
|
|
expect($run->results[0]['decision'])->toBe('created');
|
|
|
|
$this->assertDatabaseHas('audit_logs', [
|
|
'action' => 'restore.foundation.created',
|
|
'resource_id' => (string) $run->id,
|
|
]);
|
|
});
|