dd9512ed10
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m12s
Replaced legacy tenant and environment bindings in the BaselineDriftEngine with the new ProviderResourceIdentity framework as defined in Spec 382.
112 lines
4.3 KiB
PHP
112 lines
4.3 KiB
PHP
<?php
|
|
|
|
use App\Jobs\CaptureBaselineSnapshotJob;
|
|
use App\Models\BaselineProfile;
|
|
use App\Models\BaselineSnapshot;
|
|
use App\Models\BaselineSnapshotItem;
|
|
use App\Models\InventoryItem;
|
|
use App\Models\OperationRun;
|
|
use App\Models\Policy;
|
|
use App\Services\Baselines\BaselineSnapshotIdentity;
|
|
use App\Services\Baselines\InventoryMetaContract;
|
|
use App\Services\Intune\AuditLogger;
|
|
use App\Services\OperationRunService;
|
|
use App\Support\Baselines\BaselineCaptureMode;
|
|
use App\Support\Baselines\BaselineSubjectKey;
|
|
use App\Support\OperationRunOutcome;
|
|
use App\Support\OperationRunStatus;
|
|
use App\Support\OperationRunType;
|
|
|
|
it('Baseline capture degrades to meta fidelity in opportunistic mode when PolicyVersion evidence is missing', function () {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$profile = BaselineProfile::factory()->active()->create([
|
|
'workspace_id' => $tenant->workspace_id,
|
|
'capture_mode' => BaselineCaptureMode::Opportunistic->value,
|
|
'scope_jsonb' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
|
|
]);
|
|
|
|
$policy = Policy::factory()->create([
|
|
'managed_environment_id' => (int) $tenant->getKey(),
|
|
'policy_type' => 'deviceConfiguration',
|
|
'external_id' => 'policy-capture-meta',
|
|
'platform' => 'windows',
|
|
'display_name' => 'Policy Capture Meta',
|
|
]);
|
|
|
|
$lastSeenRun = createInventorySyncOperationRunWithCoverage($tenant, [
|
|
'deviceConfiguration' => 'succeeded',
|
|
], attributes: [
|
|
'completed_at' => now(),
|
|
]);
|
|
|
|
$inventory = InventoryItem::factory()->create([
|
|
'managed_environment_id' => (int) $tenant->getKey(),
|
|
'policy_type' => (string) $policy->policy_type,
|
|
'external_id' => (string) $policy->external_id,
|
|
'display_name' => (string) $policy->display_name,
|
|
'meta_jsonb' => [
|
|
'odata_type' => '#microsoft.graph.deviceConfiguration',
|
|
'etag' => 'E_META_ONLY',
|
|
'scope_tag_ids' => [],
|
|
'assignment_target_count' => 1,
|
|
],
|
|
'last_seen_operation_run_id' => (int) $lastSeenRun->getKey(),
|
|
'last_seen_at' => now()->subHour(),
|
|
]);
|
|
|
|
$expectedMetaHash = app(BaselineSnapshotIdentity::class)->hashItemContent(
|
|
policyType: (string) $inventory->policy_type,
|
|
subjectExternalId: (string) $inventory->external_id,
|
|
metaJsonb: is_array($inventory->meta_jsonb) ? $inventory->meta_jsonb : [],
|
|
);
|
|
|
|
$opService = app(OperationRunService::class);
|
|
$run = $opService->ensureRunWithIdentity(
|
|
tenant: $tenant,
|
|
type: OperationRunType::BaselineCapture->value,
|
|
identityInputs: ['baseline_profile_id' => (int) $profile->getKey()],
|
|
context: [
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
'source_environment_id' => (int) $tenant->getKey(),
|
|
'effective_scope' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
|
|
],
|
|
initiator: $user,
|
|
);
|
|
|
|
(new CaptureBaselineSnapshotJob($run))->handle(
|
|
app(BaselineSnapshotIdentity::class),
|
|
app(InventoryMetaContract::class),
|
|
app(AuditLogger::class),
|
|
$opService,
|
|
);
|
|
|
|
$run->refresh();
|
|
expect($run->status)->toBe(OperationRunStatus::Completed->value);
|
|
expect($run->outcome)->toBe(OperationRunOutcome::Succeeded->value);
|
|
|
|
$snapshot = BaselineSnapshot::query()
|
|
->where('baseline_profile_id', (int) $profile->getKey())
|
|
->sole();
|
|
|
|
$subjectKey = baselineProviderResourceSubjectKeyForTest((string) $policy->policy_type, (string) $policy->external_id);
|
|
expect($subjectKey)->not->toBeNull();
|
|
|
|
$workspaceSafeExternalId = BaselineSubjectKey::workspaceSafeSubjectExternalId(
|
|
policyType: (string) $policy->policy_type,
|
|
subjectKey: (string) $subjectKey,
|
|
);
|
|
|
|
$item = BaselineSnapshotItem::query()
|
|
->where('baseline_snapshot_id', (int) $snapshot->getKey())
|
|
->where('subject_external_id', $workspaceSafeExternalId)
|
|
->sole();
|
|
|
|
expect($item->baseline_hash)->toBe($expectedMetaHash);
|
|
|
|
$meta = is_array($item->meta_jsonb) ? $item->meta_jsonb : [];
|
|
expect(data_get($meta, 'evidence.fidelity'))->toBe('meta');
|
|
expect(data_get($meta, 'evidence.source'))->toBe('inventory');
|
|
expect(data_get($meta, 'evidence.observed_operation_run_id'))->toBeNull();
|
|
});
|