ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
dd9512ed10
TenantAtlas/apps/platform/tests/Feature/BaselineDriftEngine/CaptureBaselineFullContentOnDemandTest.php
Ahmed Darrazi dd9512ed10
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m12s
Details
feat(baselines): implement baseline matching canonicalization 
Replaced legacy tenant and environment bindings in the BaselineDriftEngine with the new ProviderResourceIdentity framework as defined in Spec 382.
2026-06-16 00:48:01 +02:00

175 lines
6.6 KiB
PHP
Raw Blame History

<?php
use App\Jobs\CaptureBaselineSnapshotJob;
use App\Models\BaselineProfile;
use App\Models\BaselineSnapshot;
use App\Models\BaselineSnapshotItem;
use App\Models\InventoryItem;
use App\Models\Policy;
use App\Models\PolicyVersion;
use App\Models\ManagedEnvironment;
use App\Services\Baselines\BaselineContentCapturePhase;
use App\Services\Baselines\BaselineSnapshotIdentity;
use App\Services\Baselines\CurrentStateHashResolver;
use App\Services\Baselines\InventoryMetaContract;
use App\Services\Intune\AuditLogger;
use App\Services\Intune\PolicyCaptureOrchestrator;
use App\Services\OperationRunService;
use App\Support\Baselines\BaselineCaptureMode;
use App\Support\Baselines\BaselineSubjectKey;
use App\Support\Baselines\PolicyVersionCapturePurpose;
use App\Support\OperationRunType;
it('Baseline capture (full content) captures evidence on demand when missing', function () {
config()->set('tenantpilot.baselines.full_content_capture.enabled', true);
[$user, $tenant] = createUserWithTenant(role: 'owner');
$profile = BaselineProfile::factory()->active()->create([
'workspace_id' => $tenant->workspace_id,
'capture_mode' => BaselineCaptureMode::FullContent->value,
'scope_jsonb' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
]);
$inventorySyncRun = createInventorySyncOperationRunWithCoverage($tenant, [
'deviceConfiguration' => 'succeeded',
]);
$policy = Policy::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'policy_type' => 'deviceConfiguration',
'external_id' => 'policy-on-demand',
'platform' => 'windows',
'display_name' => 'Policy On Demand',
]);
InventoryItem::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'policy_type' => (string) $policy->policy_type,
'external_id' => (string) $policy->external_id,
'display_name' => (string) $policy->display_name,
'meta_jsonb' => [
'odata_type' => '#microsoft.graph.deviceConfiguration',
'etag' => 'E_ON_DEMAND',
'scope_tag_ids' => [],
'assignment_target_count' => 1,
],
'last_seen_at' => now()->subHour(),
'last_seen_operation_run_id' => (int) $inventorySyncRun->getKey(),
]);
expect(PolicyVersion::query()->where('policy_id', (int) $policy->getKey())->count())->toBe(0);
$fakeOrchestrator = new class extends PolicyCaptureOrchestrator
{
/**
* @var list<array<string, mixed>>
*/
public array $calls = [];
public function __construct() {}
public function capture(
Policy $policy,
ManagedEnvironment $tenant,
bool $includeAssignments = false,
bool $includeScopeTags = false,
?string $createdBy = null,
array $metadata = [],
PolicyVersionCapturePurpose $capturePurpose = PolicyVersionCapturePurpose::Backup,
?int $operationRunId = null,
?int $baselineProfileId = null,
): array {
$this->calls[] = [
'policy_id' => (int) $policy->getKey(),
'capture_purpose' => $capturePurpose->value,
'operation_run_id' => $operationRunId,
'baseline_profile_id' => $baselineProfileId,
];
$version = PolicyVersion::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'policy_id' => (int) $policy->getKey(),
'policy_type' => (string) $policy->policy_type,
'platform' => (string) $policy->platform,
'captured_at' => now(),
'snapshot' => [
'settings' => [
['displayName' => 'SettingX', 'value' => 1],
],
],
'assignments' => [],
'scope_tags' => [],
'capture_purpose' => $capturePurpose,
'operation_run_id' => $operationRunId,
'baseline_profile_id' => $baselineProfileId,
]);
return [
'version' => $version,
'captured' => [
'payload' => $version->snapshot,
'assignments' => [],
'scope_tags' => [],
],
];
}
};
$contentCapturePhase = new BaselineContentCapturePhase($fakeOrchestrator);
$opService = app(OperationRunService::class);
$run = $opService->ensureRunWithIdentity(
tenant: $tenant,
type: OperationRunType::BaselineCapture->value,
identityInputs: ['baseline_profile_id' => (int) $profile->getKey()],
context: [
'baseline_profile_id' => (int) $profile->getKey(),
'source_environment_id' => (int) $tenant->getKey(),
'effective_scope' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
],
initiator: $user,
);
(new CaptureBaselineSnapshotJob($run))->handle(
app(BaselineSnapshotIdentity::class),
app(InventoryMetaContract::class),
app(AuditLogger::class),
$opService,
app(CurrentStateHashResolver::class),
$contentCapturePhase,
);
expect($fakeOrchestrator->calls)->toHaveCount(1);
$version = PolicyVersion::query()
->where('managed_environment_id', (int) $tenant->getKey())
->where('policy_id', (int) $policy->getKey())
->latest('id')
->first();
expect($version)->not->toBeNull();
expect($version?->capture_purpose)->toBe(PolicyVersionCapturePurpose::BaselineCapture);
expect($version?->operation_run_id)->toBe((int) $run->getKey());
expect($version?->baseline_profile_id)->toBe((int) $profile->getKey());
$snapshot = BaselineSnapshot::query()
->where('baseline_profile_id', (int) $profile->getKey())
->sole();
$subjectKey = baselineProviderResourceSubjectKeyForTest((string) $policy->policy_type, (string) $policy->external_id);
expect($subjectKey)->not->toBeNull();
$workspaceSafeExternalId = BaselineSubjectKey::workspaceSafeSubjectExternalId(
policyType: (string) $policy->policy_type,
subjectKey: (string) $subjectKey,
);
$item = BaselineSnapshotItem::query()
->where('baseline_snapshot_id', (int) $snapshot->getKey())
->where('subject_external_id', $workspaceSafeExternalId)
->sole();
$meta = is_array($item->meta_jsonb) ? $item->meta_jsonb : [];
expect(data_get($meta, 'evidence.fidelity'))->toBe('content');
});
Reference in New Issue View Git Blame Copy Permalink