ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
dd9512ed10
TenantAtlas/apps/platform/tests/Unit/Baselines/BaselinePolicyVersionResolverTest.php
Ahmed Darrazi dd9512ed10
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m12s
Details
feat(baselines): implement baseline matching canonicalization 
Replaced legacy tenant and environment bindings in the BaselineDriftEngine with the new ProviderResourceIdentity framework as defined in Spec 382.
2026-06-16 00:48:01 +02:00

167 lines
5.6 KiB
PHP
Raw Blame History

<?php
use App\Models\Policy;
use App\Models\PolicyVersion;
use App\Models\ManagedEnvironment;
use App\Services\Baselines\Evidence\BaselinePolicyVersionResolver;
use App\Support\Baselines\SubjectClass;
use Carbon\CarbonImmutable;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
beforeEach(function () {
$this->resolver = new BaselinePolicyVersionResolver;
});
test('resolves baseline policy version id within observed second', function () {
$tenant = ManagedEnvironment::factory()->create();
$policy = Policy::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'policy_type' => 'settingsCatalogPolicy',
'display_name' => 'Policy Alpha',
]);
$subjectKey = baselineProviderResourceSubjectKeyForTest((string) $policy->policy_type, (string) $policy->external_id);
expect($subjectKey)->not->toBeNull();
$capturedAt = CarbonImmutable::parse('2026-03-05 12:00:00.123456');
$version = PolicyVersion::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'policy_id' => (int) $policy->getKey(),
'policy_type' => (string) $policy->policy_type,
'version_number' => 1,
'captured_at' => $capturedAt,
]);
$resolved = $this->resolver->resolve(
tenant: $tenant,
policyType: (string) $policy->policy_type,
subjectKey: (string) $subjectKey,
observedAt: $capturedAt->toIso8601String(),
);
expect($resolved)->toBe((int) $version->getKey());
});
test('returns null when no policy matches subject key', function () {
$tenant = ManagedEnvironment::factory()->create();
Policy::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'policy_type' => 'settingsCatalogPolicy',
'display_name' => 'Some Other Policy',
]);
$resolved = $this->resolver->resolve(
tenant: $tenant,
policyType: 'settingsCatalogPolicy',
subjectKey: 'missing-subject-key',
observedAt: CarbonImmutable::parse('2026-03-05 12:00:00')->toIso8601String(),
);
expect($resolved)->toBeNull();
});
test('returns null when observed_at is invalid', function () {
$tenant = ManagedEnvironment::factory()->create();
$policy = Policy::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'policy_type' => 'settingsCatalogPolicy',
'display_name' => 'Policy Alpha',
]);
$subjectKey = baselineProviderResourceSubjectKeyForTest((string) $policy->policy_type, (string) $policy->external_id);
expect($subjectKey)->not->toBeNull();
$resolved = $this->resolver->resolve(
tenant: $tenant,
policyType: (string) $policy->policy_type,
subjectKey: (string) $subjectKey,
observedAt: 'not-a-date',
);
expect($resolved)->toBeNull();
});
test('uses a deterministic tie-breaker when multiple candidates exist', function () {
$tenant = ManagedEnvironment::factory()->create();
$policy = Policy::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'policy_type' => 'settingsCatalogPolicy',
'display_name' => 'Policy Alpha',
]);
$subjectKey = baselineProviderResourceSubjectKeyForTest((string) $policy->policy_type, (string) $policy->external_id);
expect($subjectKey)->not->toBeNull();
$versionEarly = PolicyVersion::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'policy_id' => (int) $policy->getKey(),
'policy_type' => (string) $policy->policy_type,
'version_number' => 1,
'captured_at' => CarbonImmutable::parse('2026-03-05 12:00:00.100000'),
]);
$versionLate = PolicyVersion::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'policy_id' => (int) $policy->getKey(),
'policy_type' => (string) $policy->policy_type,
'version_number' => 2,
'captured_at' => CarbonImmutable::parse('2026-03-05 12:00:00.900000'),
]);
$resolved = $this->resolver->resolve(
tenant: $tenant,
policyType: (string) $policy->policy_type,
subjectKey: (string) $subjectKey,
observedAt: CarbonImmutable::parse('2026-03-05 12:00:00')->toIso8601String(),
);
expect($resolved)
->toBe((int) $versionLate->getKey())
->and($resolved)->not->toBe((int) $versionEarly->getKey());
});
test('resolves intune role definition versions by external-id identity', function () {
$tenant = ManagedEnvironment::factory()->create();
$policy = Policy::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'policy_type' => 'intuneRoleDefinition',
'external_id' => 'role-def-42',
'display_name' => 'Security Reader',
]);
$capturedAt = CarbonImmutable::parse('2026-03-08 12:00:00.123456');
$version = PolicyVersion::factory()->create([
'managed_environment_id' => (int) $tenant->getKey(),
'policy_id' => (int) $policy->getKey(),
'policy_type' => (string) $policy->policy_type,
'version_number' => 1,
'captured_at' => $capturedAt,
]);
$subjectKey = baselineProviderResourceSubjectKeyForTest(
'intuneRoleDefinition',
'role-def-42',
SubjectClass::FoundationBacked,
);
expect($subjectKey)->not->toBeNull();
$resolved = $this->resolver->resolve(
tenant: $tenant,
policyType: 'intuneRoleDefinition',
subjectKey: (string) $subjectKey,
observedAt: $capturedAt->toIso8601String(),
);
expect($resolved)->toBe((int) $version->getKey());
});
Reference in New Issue View Git Blame Copy Permalink