ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity
189-portfolio-triage-review-state
TenantAtlas/apps/platform/app/Services/Providers/MicrosoftProviderHealthCheck.php
ahmido 1655cc481e Spec 188: canonical provider connection state cleanup (#219) 
## Summary
- migrate provider connections to the canonical three-dimension state model: lifecycle via `is_enabled`, consent via `consent_status`, and verification via `verification_status`
- remove legacy provider status and health badge paths, update admin and system directory surfaces, and align onboarding, consent callback, verification, resolver, and mutation flows with the new model
- add the Spec 188 artifact set, schema migrations, guard coverage, and expanded provider-state tests across admin, system, onboarding, verification, and rendering paths

## Verification
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Auth/SystemPanelAuthTest.php tests/Feature/Filament/TenantGlobalSearchLifecycleScopeTest.php tests/Feature/ProviderConnections/ProviderConnectionEnableDisableTest.php tests/Feature/ProviderConnections/ProviderConnectionTruthCleanupSpec179Test.php`
- integrated browser smoke: validated admin provider list/detail/edit, tenant provider summary, system directory tenant detail, provider-connection search exclusion, and cleaned up the temporary smoke record afterward

## Filament / implementation notes
- Livewire v4.0+ compliance: preserved; this change targets Filament v5 on Livewire v4 and does not introduce older APIs
- Provider registration location: unchanged; Laravel 11+ panel providers remain registered in `bootstrap/providers.php`
- Globally searchable resources: `ProviderConnectionResource` remains intentionally excluded from global search; tenant global search remains enabled and continues to resolve to view pages
- Destructive actions: no new destructive action surface was introduced without confirmation or authorization; existing capability checks continue to gate provider mutations
- Asset strategy: unchanged; no new Filament assets were added, so deploy behavior for `php artisan filament:assets` remains unchanged
- Testing plan covered: system auth, tenant global search, provider lifecycle enable/disable behavior, and provider truth cleanup cutover behavior

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #219
2026-04-10 11:22:56 +00:00

100 lines
3.5 KiB
PHP
Raw Permalink Blame History

<?php
namespace App\Services\Providers;
use App\Models\ProviderConnection;
use App\Services\Graph\GraphResponse;
use App\Services\Providers\Contracts\HealthResult;
use App\Services\Providers\Contracts\ProviderHealthCheck;
use App\Support\OpsUx\RunFailureSanitizer;
use App\Support\Providers\ProviderReasonCodes;
use App\Support\Providers\ProviderVerificationStatus;
use Throwable;
final class MicrosoftProviderHealthCheck implements ProviderHealthCheck
{
public function __construct(private readonly ProviderGateway $gateway) {}
public function check(ProviderConnection $connection): HealthResult
{
try {
$response = $this->gateway->getOrganization($connection);
} catch (Throwable $throwable) {
$message = RunFailureSanitizer::sanitizeMessage($throwable->getMessage());
$reasonCode = RunFailureSanitizer::normalizeReasonCode($throwable->getMessage());
return HealthResult::failed(
reasonCode: $reasonCode,
message: $message !== '' ? $message : 'Health check failed.',
verificationStatus: $this->verificationStatusForReason($reasonCode),
);
}
if ($response->successful()) {
return HealthResult::ok(
meta: [
'organization_id' => $response->data['id'] ?? null,
'organization_display_name' => $response->data['displayName'] ?? null,
],
);
}
$reasonCode = $this->reasonCodeForResponse($response);
$message = RunFailureSanitizer::sanitizeMessage($this->messageForResponse($response));
return HealthResult::failed(
reasonCode: $reasonCode,
message: $message !== '' ? $message : 'Health check failed.',
verificationStatus: $this->verificationStatusForReason($reasonCode),
meta: [
'http_status' => $response->status,
],
);
}
private function reasonCodeForResponse(GraphResponse $response): string
{
$candidate = match ((int) ($response->status ?? 0)) {
401 => ProviderReasonCodes::ProviderAuthFailed,
403 => ProviderReasonCodes::ProviderPermissionDenied,
429 => ProviderReasonCodes::RateLimited,
500, 502, 503, 504 => ProviderReasonCodes::NetworkUnreachable,
default => ProviderReasonCodes::UnknownError,
};
return RunFailureSanitizer::normalizeReasonCode($candidate);
}
private function messageForResponse(GraphResponse $response): string
{
$error = $response->errors[0] ?? null;
if (is_string($error)) {
return $error;
}
if (is_array($error)) {
$message = $error['message'] ?? null;
if (is_string($message) && $message !== '') {
return $message;
}
return json_encode($error, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) ?: 'Health check failed.';
}
return 'Health check failed.';
}
private function verificationStatusForReason(string $reasonCode): string
{
return match ($reasonCode) {
ProviderReasonCodes::RateLimited => ProviderVerificationStatus::Degraded->value,
ProviderReasonCodes::ProviderConsentMissing,
ProviderReasonCodes::ProviderConsentFailed,
ProviderReasonCodes::ProviderConsentRevoked => ProviderVerificationStatus::Blocked->value,
default => ProviderVerificationStatus::Error->value,
};
}
}
Reference in New Issue View Git Blame Copy Permalink