29 lines
1.4 KiB
PHP
29 lines
1.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Support\Governance\PlatformVocabularyGlossary;
|
|
use App\Support\RbacReason;
|
|
|
|
it('translates manual RBAC assignment reasons into operator guidance', function (): void {
|
|
$envelope = RbacReason::ManualAssignmentRequired->toReasonResolutionEnvelope();
|
|
|
|
expect($envelope->operatorLabel)->toBe('Manual role assignment required')
|
|
->and($envelope->actionability)->toBe('prerequisite_missing')
|
|
->and($envelope->shortExplanation)->toContain('manual Intune RBAC role assignment')
|
|
->and($envelope->ownerLayer())->toBe('domain_owned')
|
|
->and($envelope->ownerNamespace())->toBe('rbac.intune')
|
|
->and($envelope->platformReasonFamily())->toBe('authorization')
|
|
->and(RbacReason::ManualAssignmentRequired->boundaryClassification())->toBe(PlatformVocabularyGlossary::BOUNDARY_INTUNE_SPECIFIC)
|
|
->and($envelope->guidanceText())->toBe('Next step: Complete the Intune role assignment manually, then refresh RBAC status.');
|
|
});
|
|
|
|
it('marks unsupported RBAC API cases as diagnostic-only operator states', function (): void {
|
|
$envelope = RbacReason::UnsupportedApi->toReasonResolutionEnvelope();
|
|
|
|
expect($envelope->actionability)->toBe('non_actionable')
|
|
->and($envelope->operatorLabel)->toBe('RBAC API unsupported')
|
|
->and($envelope->ownerNamespace())->toBe('rbac.intune')
|
|
->and($envelope->guidanceText())->toBe('No action needed.');
|
|
});
|