ahmido
d96abc65fb
Some checks failed
Main Confidence / confidence (push) Failing after 1m23s
Removes the Findings lifecycle backfill from the Operational Controls UI and OperationalControlCatalog. This patch is a safe, controls-only change; runbooks, jobs and other runtime artifacts are NOT removed yet. Follow-up work will delete the runbook service/scope, jobs, commands, and update tests. Files changed: - apps/platform/app/Filament/System/Pages/Ops/Controls.php - apps/platform/app/Support/OperationalControls/OperationalControlCatalog.php - apps/platform/tests/Feature/System/OpsControls/OperationalControlManagementTest.php - apps/platform/tests/Unit/Support/OperationalControls/OperationalControlCatalogTest.php - apps/platform/tests/Unit/Support/OperationalControls/OperationalControlScopeResolutionTest.php Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #280
89 lines
2.8 KiB
PHP
89 lines
2.8 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\System\Pages\Ops\Runbooks;
|
|
use App\Models\AuditLog;
|
|
use App\Models\Finding;
|
|
use App\Models\OperationalControlActivation;
|
|
use App\Models\OperationRun;
|
|
use App\Models\PlatformUser;
|
|
use App\Models\Tenant;
|
|
use App\Support\Audit\AuditActionId;
|
|
use App\Support\Auth\PlatformCapabilities;
|
|
use Filament\Facades\Filament;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Support\Facades\Queue;
|
|
use Livewire\Livewire;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
beforeEach(function (): void {
|
|
Filament::setCurrentPanel('system');
|
|
Filament::bootCurrentPanel();
|
|
|
|
Tenant::factory()->create([
|
|
'tenant_id' => null,
|
|
'external_id' => 'platform',
|
|
'name' => 'Platform',
|
|
]);
|
|
});
|
|
|
|
it('blocks all-tenant findings lifecycle runbooks when the control is globally paused', function (): void {
|
|
Queue::fake();
|
|
|
|
$platformTenant = Tenant::query()->where('external_id', 'platform')->firstOrFail();
|
|
|
|
$tenant = Tenant::factory()->create([
|
|
'workspace_id' => (int) $platformTenant->workspace_id,
|
|
]);
|
|
|
|
Finding::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'due_at' => null,
|
|
]);
|
|
|
|
OperationalControlActivation::factory()->forGlobalScope()->create([
|
|
'control_key' => 'findings.lifecycle.backfill',
|
|
'reason_text' => 'Paused during incident response.',
|
|
]);
|
|
|
|
$user = PlatformUser::factory()->create([
|
|
'capabilities' => [
|
|
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
|
PlatformCapabilities::OPS_VIEW,
|
|
PlatformCapabilities::RUNBOOKS_VIEW,
|
|
PlatformCapabilities::RUNBOOKS_RUN,
|
|
PlatformCapabilities::RUNBOOKS_FINDINGS_LIFECYCLE_BACKFILL,
|
|
],
|
|
'is_active' => true,
|
|
]);
|
|
|
|
$this->actingAs($user, 'platform');
|
|
|
|
Livewire::test(Runbooks::class)
|
|
->callAction('preflight', data: [
|
|
'scope_mode' => 'all_tenants',
|
|
])
|
|
->assertSet('preflight.affected_count', 1)
|
|
->callAction('run', data: [
|
|
'typed_confirmation' => 'BACKFILL',
|
|
'reason_code' => 'DATA_REPAIR',
|
|
'reason_text' => 'Attempt blocked by control',
|
|
])
|
|
->assertNotified('Findings lifecycle backfill paused');
|
|
|
|
expect(OperationRun::query()->where('type', 'findings.lifecycle.backfill')->count())->toBe(0);
|
|
|
|
$audit = AuditLog::query()
|
|
->where('action', AuditActionId::OperationalControlExecutionBlocked->value)
|
|
->latest('id')
|
|
->first();
|
|
|
|
expect($audit)->not->toBeNull()
|
|
->and($audit?->workspace_id)->toBeNull()
|
|
->and($audit?->tenant_id)->toBeNull()
|
|
->and($audit?->status)->toBe('blocked')
|
|
->and($audit?->metadata['control_key'] ?? null)->toBe('findings.lifecycle.backfill')
|
|
->and($audit?->metadata['requested_scope'] ?? null)->toBe('all_tenants');
|
|
}); |