dd9512ed10
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m12s
Replaced legacy tenant and environment bindings in the BaselineDriftEngine with the new ProviderResourceIdentity framework as defined in Spec 382.
96 lines
4.8 KiB
PHP
96 lines
4.8 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Support\Baselines\BaselineSupportCapabilityGuard;
|
|
use App\Support\Baselines\OperatorActionCategory;
|
|
use App\Support\Baselines\ResolutionOutcome;
|
|
use App\Support\Baselines\ResolutionPath;
|
|
use App\Support\Baselines\SubjectClass;
|
|
use App\Support\Baselines\SubjectResolver;
|
|
|
|
it('derives truthful runtime capability and descriptors for supported policy and foundation types', function (): void {
|
|
$resolver = app(SubjectResolver::class);
|
|
|
|
$policyDescriptor = $resolver->describeForCompare('deviceConfiguration', 'policy-1', 'deviceconfiguration|policy-1');
|
|
$foundationDescriptor = $resolver->describeForCapture('roleScopeTag', 'scope-tag-1', 'rolescopetag|baseline');
|
|
$rbacDescriptor = $resolver->describeForCompare('intuneRoleDefinition', 'role-def-1', 'rbac-role');
|
|
|
|
expect($policyDescriptor->subjectClass)->toBe(SubjectClass::PolicyBacked)
|
|
->and($policyDescriptor->resolutionPath)->toBe(ResolutionPath::Policy)
|
|
->and($policyDescriptor->supportMode)->toBe('supported')
|
|
->and($policyDescriptor->sourceModelExpected)->toBe('policy');
|
|
|
|
expect($foundationDescriptor->subjectClass)->toBe(SubjectClass::FoundationBacked)
|
|
->and($foundationDescriptor->resolutionPath)->toBe(ResolutionPath::FoundationInventory)
|
|
->and($foundationDescriptor->supportMode)->toBe('limited')
|
|
->and($foundationDescriptor->sourceModelExpected)->toBe('inventory');
|
|
|
|
expect($rbacDescriptor->subjectClass)->toBe(SubjectClass::FoundationBacked)
|
|
->and($rbacDescriptor->resolutionPath)->toBe(ResolutionPath::FoundationPolicy)
|
|
->and($rbacDescriptor->supportMode)->toBe('supported')
|
|
->and($rbacDescriptor->sourceModelExpected)->toBe('policy');
|
|
});
|
|
|
|
it('maps structural and operational outcomes without flattening them into policy_not_found', function (): void {
|
|
$resolver = app(SubjectResolver::class);
|
|
|
|
$foundationDescriptor = $resolver->describeForCapture('notificationMessageTemplate', 'template-1', 'template-subject');
|
|
$policyDescriptor = $resolver->describeForCompare('deviceConfiguration', 'policy-1', 'policy-subject');
|
|
|
|
$structuralOutcome = $resolver->structuralInventoryOnly($foundationDescriptor);
|
|
$missingPolicyOutcome = $resolver->missingExpectedRecord($policyDescriptor);
|
|
$throttledOutcome = $resolver->throttled($policyDescriptor);
|
|
|
|
expect($structuralOutcome->resolutionOutcome)->toBe(ResolutionOutcome::FoundationInventoryOnly)
|
|
->and($structuralOutcome->reasonCode)->toBe('foundation_not_policy_backed')
|
|
->and($structuralOutcome->operatorActionCategory)->toBe(OperatorActionCategory::ProductFollowUp)
|
|
->and($structuralOutcome->structural)->toBeTrue();
|
|
|
|
expect($missingPolicyOutcome->resolutionOutcome)->toBe(ResolutionOutcome::PolicyRecordMissing)
|
|
->and($missingPolicyOutcome->reasonCode)->toBe('policy_record_missing')
|
|
->and($missingPolicyOutcome->operatorActionCategory)->toBe(OperatorActionCategory::RunPolicySyncOrBackup)
|
|
->and($missingPolicyOutcome->structural)->toBeFalse();
|
|
|
|
expect($throttledOutcome->resolutionOutcome)->toBe(ResolutionOutcome::Throttled)
|
|
->and($throttledOutcome->retryable)->toBeTrue()
|
|
->and($throttledOutcome->operatorActionCategory)->toBe(OperatorActionCategory::Retry);
|
|
});
|
|
|
|
it('guards unsupported or invalid support declarations before runtime work starts', function (): void {
|
|
$guard = app(BaselineSupportCapabilityGuard::class);
|
|
|
|
config()->set('tenantpilot.foundation_types', [
|
|
[
|
|
'type' => 'intuneRoleAssignment',
|
|
'label' => 'Intune RBAC Role Assignment',
|
|
'baseline_compare' => [
|
|
'supported' => false,
|
|
'identity_strategy' => 'provider_resource',
|
|
],
|
|
],
|
|
[
|
|
'type' => 'brokenFoundation',
|
|
'label' => 'Broken Foundation',
|
|
'baseline_compare' => [
|
|
'supported' => true,
|
|
'resolution' => [
|
|
'subject_class' => SubjectClass::FoundationBacked->value,
|
|
'resolution_path' => 'broken',
|
|
'compare_capability' => 'supported',
|
|
'capture_capability' => 'supported',
|
|
'source_model_expected' => 'inventory',
|
|
],
|
|
],
|
|
],
|
|
]);
|
|
|
|
$result = $guard->guardTypes(['intuneRoleAssignment', 'brokenFoundation'], 'compare');
|
|
|
|
expect($result['allowed_types'])->toBe([])
|
|
->and($result['unsupported_types'])->toBe(['brokenFoundation', 'intuneRoleAssignment'])
|
|
->and($result['invalid_support_types'])->toBe(['brokenFoundation'])
|
|
->and(data_get($result, 'capabilities.brokenFoundation.support_mode'))->toBe('invalid_support_config')
|
|
->and(data_get($result, 'capabilities.intuneRoleAssignment.support_mode'))->toBe('excluded');
|
|
});
|