dd9512ed10
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m12s
Replaced legacy tenant and environment bindings in the BaselineDriftEngine with the new ProviderResourceIdentity framework as defined in Spec 382.
126 lines
5.1 KiB
PHP
126 lines
5.1 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\Resources\BaselineProfileResource;
|
|
use App\Filament\Resources\BaselineSnapshotResource;
|
|
use App\Models\BaselineProfile;
|
|
use App\Models\BaselineSnapshot;
|
|
use App\Models\BaselineSnapshotItem;
|
|
use App\Support\Baselines\BaselineSubjectKey;
|
|
use App\Support\Baselines\SubjectClass;
|
|
|
|
it('renders the baseline snapshot detail page as summary-first with grouped governed-subject browsing', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'readonly');
|
|
|
|
$profile = BaselineProfile::factory()->active()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'name' => 'Security Baseline',
|
|
]);
|
|
|
|
$snapshot = BaselineSnapshot::factory()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
'summary_jsonb' => [
|
|
'total_items' => 3,
|
|
'policy_type_counts' => [
|
|
'intuneRoleDefinition' => 1,
|
|
'deviceCompliancePolicy' => 1,
|
|
'mysteryPolicyType' => 1,
|
|
],
|
|
'fidelity_counts' => ['content' => 2, 'meta' => 1],
|
|
'gaps' => ['count' => 1, 'by_reason' => ['meta_fallback' => 1]],
|
|
],
|
|
]);
|
|
|
|
$rbacSubjectKey = baselineProviderResourceSubjectKeyForTest(
|
|
'intuneRoleDefinition',
|
|
'security-reader',
|
|
SubjectClass::FoundationBacked,
|
|
);
|
|
$complianceSubjectKey = baselineProviderResourceSubjectKeyForTest('deviceCompliancePolicy', 'bitlocker-require');
|
|
$fallbackSubjectKey = baselineProviderResourceSubjectKeyForTest('mysteryPolicyType', 'mystery-policy');
|
|
|
|
BaselineSnapshotItem::factory()->create([
|
|
'baseline_snapshot_id' => (int) $snapshot->getKey(),
|
|
'policy_type' => 'intuneRoleDefinition',
|
|
'subject_key' => $rbacSubjectKey,
|
|
'subject_external_id' => BaselineSubjectKey::workspaceSafeSubjectExternalId('intuneRoleDefinition', $rbacSubjectKey),
|
|
'meta_jsonb' => [
|
|
'display_name' => 'Security Reader',
|
|
'evidence' => [
|
|
'fidelity' => 'content',
|
|
'source' => 'policy_version',
|
|
'observed_at' => '2026-03-09T12:00:00+00:00',
|
|
],
|
|
'identity' => ['strategy' => 'provider_resource'],
|
|
'rbac' => [
|
|
'is_built_in' => false,
|
|
'role_permission_count' => 2,
|
|
],
|
|
'version_reference' => ['policy_version_id' => 42],
|
|
],
|
|
]);
|
|
|
|
BaselineSnapshotItem::factory()->create([
|
|
'baseline_snapshot_id' => (int) $snapshot->getKey(),
|
|
'policy_type' => 'deviceCompliancePolicy',
|
|
'subject_key' => $complianceSubjectKey,
|
|
'subject_external_id' => BaselineSubjectKey::workspaceSafeSubjectExternalId('deviceCompliancePolicy', $complianceSubjectKey),
|
|
'meta_jsonb' => [
|
|
'display_name' => 'Bitlocker Require',
|
|
'platform' => 'windows',
|
|
'assignment_target_count' => 3,
|
|
'evidence' => [
|
|
'fidelity' => 'meta',
|
|
'source' => 'inventory',
|
|
'observed_at' => '2026-03-09T11:00:00+00:00',
|
|
],
|
|
],
|
|
]);
|
|
|
|
BaselineSnapshotItem::factory()->create([
|
|
'baseline_snapshot_id' => (int) $snapshot->getKey(),
|
|
'policy_type' => 'mysteryPolicyType',
|
|
'subject_key' => $fallbackSubjectKey,
|
|
'subject_external_id' => BaselineSubjectKey::workspaceSafeSubjectExternalId('mysteryPolicyType', $fallbackSubjectKey),
|
|
'meta_jsonb' => [
|
|
'display_name' => 'Mystery Policy',
|
|
'platform' => 'windows',
|
|
'evidence' => [
|
|
'fidelity' => 'content',
|
|
'source' => 'policy_version',
|
|
'observed_at' => '2026-03-09T10:00:00+00:00',
|
|
],
|
|
],
|
|
]);
|
|
|
|
$this->actingAs($user)
|
|
->get(BaselineSnapshotResource::getUrl('view', ['record' => $snapshot], panel: 'admin'))
|
|
->assertOk()
|
|
->assertSee('Outcome summary')
|
|
->assertSee('Snapshot status')
|
|
->assertSee('Outcome details')
|
|
->assertSee('Coverage')
|
|
->assertSee('Capture timing')
|
|
->assertSee('Related context')
|
|
->assertSee(BaselineProfileResource::getUrl('view', ['record' => $profile], panel: 'admin'), false)
|
|
->assertSeeInOrder(['Outcome summary', 'Coverage summary', 'Captured governed subjects', 'Technical detail'])
|
|
->assertSee('Security Reader')
|
|
->assertSee('Bitlocker Require')
|
|
->assertSee('Mystery Policy')
|
|
->assertSee('Intune RBAC Role Definition')
|
|
->assertSee('Device Compliance')
|
|
->assertSee('Mystery Policy Type')
|
|
->assertSee('Governed subject')
|
|
->assertDontSee('Artifact truth')
|
|
->assertDontSee('Intune RBAC Role Definition References');
|
|
|
|
$this->actingAs($user)
|
|
->get(BaselineSnapshotResource::getUrl(panel: 'admin'))
|
|
->assertOk()
|
|
->assertSee('View baseline profile')
|
|
->assertSee(BaselineSnapshotResource::getUrl('view', ['record' => $snapshot], panel: 'admin'))
|
|
->assertDontSee('>View<', escape: false);
|
|
});
|