ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
d8e331e92f
TenantAtlas/apps/platform/tests/Feature/PermissionPosture/PermissionPostureIntegrationTest.php
ahmido 3c38192405 Spec 206: implement test suite governance foundation (#239) 
## Summary

This PR implements Spec 206 end to end and establishes the first checked-in test suite governance foundation for the platform app.

Key changes:
- add manifest-backed test lanes for fast-feedback, confidence, browser, heavy-governance, profiling, and junit
- add budget and report helpers plus app-local artifact generation under `apps/platform/storage/logs/test-lanes`
- add repo-root Sail-friendly lane/report wrappers
- switch the default contributor test path to the fast-feedback lane
- introduce explicit fixture profiles and cheaper defaults for shared tenant/provider test setup
- add minimal/heavy factory states for tenant and provider connection setup
- migrate the first high-usage and provider-sensitive tests to explicit fixture profiles
- document budgets, taxonomy rules, DB reset guidance, and the full Spec 206 plan/contracts/tasks set

## Validation

Executed during implementation:
- focused Spec 206 guard/support/factory validation pack: 31 passed
- provider-sensitive regression pack: 29 passed
- first high-usage caller migration pack: 120 passed
- lane routing and wrapper validation succeeded
- pint completed successfully

Measured lane baselines captured in docs:
- fast-feedback: 176.74s
- confidence: 394.38s
- heavy-governance: 83.66s
- browser: 128.87s
- junit: 380.14s
- profiling: 2701.51s
- full-suite baseline anchor: 2624.60s

## Notes

- Livewire v4 / Filament v5 runtime behavior is unchanged by this PR.
- No new runtime routes, product UI flows, or database migrations are introduced.
- Panel provider registration remains unchanged in `bootstrap/providers.php`.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #239
2026-04-16 13:58:50 +00:00

153 lines
6.1 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Jobs\GeneratePermissionPostureFindingsJob;
use App\Models\Finding;
use App\Models\OperationRun;
use App\Models\StoredReport;
use App\Services\PermissionPosture\FindingGeneratorContract;
use App\Support\OperationCatalog;
use App\Support\OperationRunOutcome;
use App\Support\OperationRunStatus;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('full posture check flow: findings, report, score, operations', function (): void {
[$user, $tenant] = createUserWithTenant(fixtureProfile: 'provider-enabled');
$comparison = [
'overall_status' => 'missing',
'permissions' => [
['key' => 'DeviceManagementConfiguration.ReadWrite.All', 'type' => 'application', 'status' => 'missing', 'features' => ['backup', 'restore']],
['key' => 'DeviceManagementApps.ReadWrite.All', 'type' => 'application', 'status' => 'granted', 'features' => ['app_management']],
['key' => 'DeviceManagementManagedDevices.ReadWrite.All', 'type' => 'application', 'status' => 'missing', 'features' => ['compliance']],
['key' => 'Group.Read.All', 'type' => 'application', 'status' => 'granted', 'features' => ['assignments']],
['key' => 'User.Read', 'type' => 'delegated', 'status' => 'granted', 'features' => []],
],
'last_refreshed_at' => now()->toIso8601String(),
];
$start = microtime(true);
$job = new GeneratePermissionPostureFindingsJob($tenant->getKey(), $comparison);
$job->handle(
app(FindingGeneratorContract::class),
app(\App\Services\OperationRunService::class),
);
$elapsed = (microtime(true) - $start) * 1000;
// --- Timing assertion ---
expect($elapsed)->toBeLessThan(5000);
// --- Findings ---
$findings = Finding::query()
->where('tenant_id', $tenant->getKey())
->where('finding_type', Finding::FINDING_TYPE_PERMISSION_POSTURE)
->get();
$missingFindings = $findings->where('status', Finding::STATUS_NEW);
expect($missingFindings)->toHaveCount(2); // 2 missing permissions
// --- StoredReport ---
$report = StoredReport::query()
->where('tenant_id', $tenant->getKey())
->where('report_type', StoredReport::REPORT_TYPE_PERMISSION_POSTURE)
->first();
expect($report)->not->toBeNull()
->and($report->payload['posture_score'])->toBe(60) // 3/5 = 60%
->and($report->payload['required_count'])->toBe(5)
->and($report->payload['granted_count'])->toBe(3)
->and($report->payload['permissions'])->toHaveCount(5);
// --- OperationRun ---
$run = OperationRun::query()
->where('tenant_id', $tenant->getKey())
->where('type', OperationCatalog::TYPE_PERMISSION_POSTURE_CHECK)
->first();
expect($run)->not->toBeNull()
->and($run->status)->toBe(OperationRunStatus::Completed->value)
->and($run->outcome)->toBe(OperationRunOutcome::Succeeded->value)
->and($run->summary_counts['findings_created'])->toBe(2)
->and($run->summary_counts['posture_score'])->toBe(60);
});
it('second run auto-resolves findings for newly granted permissions', function (): void {
[$user, $tenant] = createUserWithTenant(fixtureProfile: 'provider-enabled');
$generator = app(FindingGeneratorContract::class);
// First run: 2 missing permissions
$comparison1 = [
'overall_status' => 'missing',
'permissions' => [
['key' => 'Perm.A', 'type' => 'application', 'status' => 'missing', 'features' => ['a']],
['key' => 'Perm.B', 'type' => 'application', 'status' => 'missing', 'features' => ['b']],
['key' => 'Perm.C', 'type' => 'application', 'status' => 'granted', 'features' => ['c']],
],
'last_refreshed_at' => now()->toIso8601String(),
];
$result1 = $generator->generate($tenant, $comparison1);
expect($result1->findingsCreated)->toBe(2)
->and($result1->postureScore)->toBe(33);
// Second run: Perm.A now granted
$comparison2 = [
'overall_status' => 'missing',
'permissions' => [
['key' => 'Perm.A', 'type' => 'application', 'status' => 'granted', 'features' => ['a']],
['key' => 'Perm.B', 'type' => 'application', 'status' => 'missing', 'features' => ['b']],
['key' => 'Perm.C', 'type' => 'application', 'status' => 'granted', 'features' => ['c']],
],
'last_refreshed_at' => now()->toIso8601String(),
];
$result2 = $generator->generate($tenant, $comparison2);
expect($result2->findingsResolved)->toBe(1)
->and($result2->findingsUnchanged)->toBe(1)
->and($result2->postureScore)->toBe(67);
// Verify the resolved finding
$resolvedFinding = Finding::query()
->where('tenant_id', $tenant->getKey())
->where('finding_type', Finding::FINDING_TYPE_PERMISSION_POSTURE)
->where('status', Finding::STATUS_RESOLVED)
->first();
expect($resolvedFinding)->not->toBeNull()
->and($resolvedFinding->resolved_reason)->toBe('permission_granted');
});
it('alert events are produced for new missing permission findings', function (): void {
[$user, $tenant] = createUserWithTenant(fixtureProfile: 'provider-enabled');
$generator = app(FindingGeneratorContract::class);
$comparison = [
'overall_status' => 'missing',
'permissions' => [
['key' => 'Perm.Dangerous', 'type' => 'application', 'status' => 'missing', 'features' => ['backup', 'restore', 'sync']],
],
'last_refreshed_at' => now()->toIso8601String(),
];
$result = $generator->generate($tenant, $comparison);
expect($result->findingsCreated)->toBe(1);
// Verify the finding was created and has proper data for alert pipeline
$finding = Finding::query()
->where('tenant_id', $tenant->getKey())
->where('finding_type', Finding::FINDING_TYPE_PERMISSION_POSTURE)
->where('status', Finding::STATUS_NEW)
->first();
expect($finding)->not->toBeNull()
->and($finding->evidence_jsonb)->toHaveKey('permission_key')
->and($finding->evidence_jsonb['permission_key'])->toBe('Perm.Dangerous');
});
Reference in New Issue View Git Blame Copy Permalink