ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
ec71c2d4e7
TenantAtlas/tests/Unit/Onboarding/OnboardingLifecycleServiceTest.php
ahmido b0a724acef feat: harden canonical run viewer and onboarding draft state (#173) 
## Summary
- harden the canonical operation run viewer so mismatched, missing, archived, onboarding, and selector-excluded tenant context no longer invalidates authorized canonical run viewing
- extend canonical route, header-context, deep-link, and presentation coverage for Spec 144 and add the full spec artifact set under `specs/144-canonical-operation-viewer-context-decoupling/`
- harden onboarding draft provider-connection resume logic so stale persisted provider connections fall back to the connect-provider step instead of resuming invalid state
- add architecture-audit follow-up candidate material and prompt assets for the next governance hardening wave

## Testing
- `vendor/bin/sail bin pint --dirty --format agent`
- `vendor/bin/sail artisan test --compact tests/Feature/144/CanonicalOperationViewerContextMismatchTest.php tests/Feature/144/CanonicalOperationViewerDeepLinkTrustTest.php tests/Feature/Operations/TenantlessOperationRunViewerTest.php tests/Feature/OpsUx/OperateHubShellTest.php tests/Feature/Monitoring/OperationsTenantScopeTest.php tests/Feature/RunAuthorizationTenantIsolationTest.php tests/Feature/Filament/OperationRunEnterpriseDetailPageTest.php tests/Feature/Monitoring/HeaderContextBarTest.php tests/Feature/Monitoring/OperationRunResolvedReferencePresentationTest.php tests/Feature/Monitoring/OperationsCanonicalUrlsTest.php`
- `vendor/bin/sail artisan test --compact tests/Feature/ManagedTenantOnboardingWizardTest.php tests/Unit/Onboarding/OnboardingDraftStageResolverTest.php tests/Unit/Onboarding/OnboardingLifecycleServiceTest.php`

## Notes
- branch: `144-canonical-operation-viewer-context-decoupling`
- base: `dev`

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #173
2026-03-15 18:32:04 +00:00

269 lines
11 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Models\OperationRun;
use App\Models\ProviderConnection;
use App\Models\Tenant;
use App\Services\Onboarding\OnboardingLifecycleService;
use App\Support\Onboarding\OnboardingCheckpoint;
use App\Support\Onboarding\OnboardingLifecycleState;
use App\Support\OperationRunOutcome;
use App\Support\OperationRunStatus;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('marks a draft as action required when the provider connection changed before verification reruns', function (): void {
$tenant = Tenant::factory()->create();
$connection = ProviderConnection::factory()->create([
'workspace_id' => (int) $tenant->workspace_id,
'tenant_id' => (int) $tenant->getKey(),
]);
$draft = createOnboardingDraft([
'workspace' => $tenant->workspace,
'tenant' => $tenant,
'current_step' => 'verify',
'state' => [
'entra_tenant_id' => (string) $tenant->tenant_id,
'tenant_name' => (string) $tenant->name,
'provider_connection_id' => (int) $connection->getKey(),
'connection_recently_updated' => true,
],
]);
$snapshot = app(OnboardingLifecycleService::class)->snapshot($draft);
expect($snapshot['lifecycle_state'])->toBe(OnboardingLifecycleState::ActionRequired)
->and($snapshot['current_checkpoint'])->toBe(OnboardingCheckpoint::VerifyAccess)
->and($snapshot['last_completed_checkpoint'])->toBe(OnboardingCheckpoint::ConnectProvider)
->and($snapshot['reason_code'])->toBe('provider_connection_changed')
->and($snapshot['blocking_reason_code'])->toBe('provider_connection_changed');
});
it('treats a missing persisted provider connection as connect-provider state instead of verify state', function (): void {
$tenant = Tenant::factory()->create();
$draft = createOnboardingDraft([
'workspace' => $tenant->workspace,
'tenant' => $tenant,
'current_step' => 'verify',
'state' => [
'entra_tenant_id' => (string) $tenant->tenant_id,
'tenant_name' => (string) $tenant->name,
'provider_connection_id' => 42,
],
]);
$snapshot = app(OnboardingLifecycleService::class)->snapshot($draft);
expect($snapshot['lifecycle_state'])->toBe(OnboardingLifecycleState::Draft)
->and($snapshot['current_checkpoint'])->toBe(OnboardingCheckpoint::ConnectProvider)
->and($snapshot['last_completed_checkpoint'])->toBe(OnboardingCheckpoint::Identify)
->and($snapshot['reason_code'])->toBeNull()
->and($snapshot['blocking_reason_code'])->toBeNull();
});
it('marks a draft as ready for activation when verification succeeded for the selected connection', function (): void {
$tenant = Tenant::factory()->create();
$connection = ProviderConnection::factory()->create([
'workspace_id' => (int) $tenant->workspace_id,
'tenant_id' => (int) $tenant->getKey(),
]);
$draft = createOnboardingDraft([
'workspace' => $tenant->workspace,
'tenant' => $tenant,
'current_step' => 'verify',
'state' => [
'entra_tenant_id' => (string) $tenant->tenant_id,
'tenant_name' => (string) $tenant->name,
'provider_connection_id' => (int) $connection->getKey(),
],
]);
$run = OperationRun::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'status' => OperationRunStatus::Completed->value,
'outcome' => OperationRunOutcome::Succeeded->value,
'context' => [
'provider_connection_id' => (int) $connection->getKey(),
],
]);
$draft->forceFill([
'state' => array_merge($draft->state ?? [], [
'verification_operation_run_id' => (int) $run->getKey(),
]),
])->save();
$service = app(OnboardingLifecycleService::class);
$snapshot = $service->snapshot($draft->fresh());
expect($snapshot['lifecycle_state'])->toBe(OnboardingLifecycleState::ReadyForActivation)
->and($snapshot['current_checkpoint'])->toBe(OnboardingCheckpoint::CompleteActivate)
->and($snapshot['last_completed_checkpoint'])->toBe(OnboardingCheckpoint::VerifyAccess)
->and($service->isReadyForActivation($draft->fresh()))->toBeTrue();
});
it('marks a draft as bootstrapping while a selected bootstrap run is still active', function (): void {
$tenant = Tenant::factory()->create();
$connection = ProviderConnection::factory()->create([
'workspace_id' => (int) $tenant->workspace_id,
'tenant_id' => (int) $tenant->getKey(),
]);
$verificationRun = OperationRun::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'status' => OperationRunStatus::Completed->value,
'outcome' => OperationRunOutcome::Succeeded->value,
'context' => [
'provider_connection_id' => (int) $connection->getKey(),
],
]);
$bootstrapRun = OperationRun::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'status' => OperationRunStatus::Running->value,
'outcome' => OperationRunOutcome::Pending->value,
'type' => 'inventory_sync',
'context' => [
'provider_connection_id' => (int) $connection->getKey(),
],
]);
$draft = createOnboardingDraft([
'workspace' => $tenant->workspace,
'tenant' => $tenant,
'current_step' => 'bootstrap',
'state' => [
'entra_tenant_id' => (string) $tenant->tenant_id,
'tenant_name' => (string) $tenant->name,
'provider_connection_id' => (int) $connection->getKey(),
'verification_operation_run_id' => (int) $verificationRun->getKey(),
'bootstrap_operation_types' => ['inventory_sync'],
'bootstrap_operation_runs' => [
'inventory_sync' => (int) $bootstrapRun->getKey(),
],
],
]);
$service = app(OnboardingLifecycleService::class);
$snapshot = $service->snapshot($draft);
expect($snapshot['lifecycle_state'])->toBe(OnboardingLifecycleState::Bootstrapping)
->and($snapshot['current_checkpoint'])->toBe(OnboardingCheckpoint::Bootstrap)
->and($snapshot['last_completed_checkpoint'])->toBe(OnboardingCheckpoint::VerifyAccess)
->and($service->hasActiveCheckpoint($draft))->toBeTrue();
});
it('marks a draft as action required when a selected bootstrap run fails', function (): void {
$tenant = Tenant::factory()->create();
$connection = ProviderConnection::factory()->create([
'workspace_id' => (int) $tenant->workspace_id,
'tenant_id' => (int) $tenant->getKey(),
]);
$verificationRun = OperationRun::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'status' => OperationRunStatus::Completed->value,
'outcome' => OperationRunOutcome::Succeeded->value,
'context' => [
'provider_connection_id' => (int) $connection->getKey(),
],
]);
$bootstrapRun = OperationRun::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'status' => OperationRunStatus::Completed->value,
'outcome' => OperationRunOutcome::Failed->value,
'type' => 'inventory_sync',
'context' => [
'provider_connection_id' => (int) $connection->getKey(),
],
]);
$draft = createOnboardingDraft([
'workspace' => $tenant->workspace,
'tenant' => $tenant,
'current_step' => 'bootstrap',
'state' => [
'entra_tenant_id' => (string) $tenant->tenant_id,
'tenant_name' => (string) $tenant->name,
'provider_connection_id' => (int) $connection->getKey(),
'verification_operation_run_id' => (int) $verificationRun->getKey(),
'bootstrap_operation_types' => ['inventory_sync'],
'bootstrap_operation_runs' => [
'inventory_sync' => (int) $bootstrapRun->getKey(),
],
],
]);
$snapshot = app(OnboardingLifecycleService::class)->snapshot($draft);
expect($snapshot['lifecycle_state'])->toBe(OnboardingLifecycleState::ActionRequired)
->and($snapshot['current_checkpoint'])->toBe(OnboardingCheckpoint::Bootstrap)
->and($snapshot['last_completed_checkpoint'])->toBe(OnboardingCheckpoint::VerifyAccess)
->and($snapshot['reason_code'])->toBe('bootstrap_failed')
->and($snapshot['blocking_reason_code'])->toBe('bootstrap_failed');
});
it('applies the canonical lifecycle fields and normalizes the version floor', function (): void {
$tenant = Tenant::factory()->create();
$connection = ProviderConnection::factory()->create([
'workspace_id' => (int) $tenant->workspace_id,
'tenant_id' => (int) $tenant->getKey(),
]);
$draft = createOnboardingDraft([
'workspace' => $tenant->workspace,
'tenant' => $tenant,
'version' => 0,
'lifecycle_state' => OnboardingLifecycleState::Draft->value,
'current_checkpoint' => OnboardingCheckpoint::Identify->value,
'last_completed_checkpoint' => null,
'current_step' => 'verify',
'state' => [
'entra_tenant_id' => (string) $tenant->tenant_id,
'tenant_name' => (string) $tenant->name,
'provider_connection_id' => (int) $connection->getKey(),
'connection_recently_updated' => true,
],
]);
$changed = app(OnboardingLifecycleService::class)->applySnapshot($draft, false);
expect($changed)->toBeTrue()
->and($draft->version)->toBe(1)
->and($draft->lifecycle_state)->toBe(OnboardingLifecycleState::ActionRequired)
->and($draft->current_checkpoint)->toBe(OnboardingCheckpoint::VerifyAccess)
->and($draft->reason_code)->toBe('provider_connection_changed');
});
it('keeps linked archived tenants loaded while suppressing onboarding resume affordances', function (): void {
$tenant = Tenant::factory()->archived()->create();
$draft = createOnboardingDraft([
'workspace' => $tenant->workspace,
'tenant' => $tenant,
'state' => [
'entra_tenant_id' => (string) $tenant->tenant_id,
'tenant_name' => (string) $tenant->name,
],
]);
$draft = $draft->fresh()->load('tenant');
$service = app(OnboardingLifecycleService::class);
expect($draft->tenant)->toBeInstanceOf(Tenant::class)
->and($draft->tenant?->trashed())->toBeTrue()
->and($draft->isWorkflowResumable())->toBeTrue()
->and($service->canResumeDraft($draft))->toBeFalse();
});
Reference in New Issue View Git Blame Copy Permalink