ahmido
c6e7591d19
## Summary - add Intune RBAC role definitions and role assignments as foundation-backed inventory, backup, and versioned snapshot types - add RBAC-specific normalization, coverage, permission-warning handling, and preview-only restore safety behavior across existing Filament and service surfaces - add spec 127 artifacts, contracts, audits, and focused regression coverage for inventory, backup, versioning, verification, and authorization behavior ## Testing - `vendor/bin/sail bin pint --dirty --format agent` - `vendor/bin/sail artisan test --compact tests/Feature/Inventory/InventorySyncServiceTest.php tests/Feature/Filament/InventoryCoverageTableTest.php tests/Feature/FoundationBackupTest.php tests/Feature/Filament/RestoreExecutionTest.php tests/Feature/RestoreUnknownPolicyTypeSafetyTest.php tests/Unit/GraphContractRegistryTest.php tests/Unit/FoundationSnapshotServiceTest.php tests/Feature/Verification/IntuneRbacPermissionCoverageTest.php tests/Unit/IntuneRoleDefinitionNormalizerTest.php tests/Unit/IntuneRoleAssignmentNormalizerTest.php` ## Notes - tasks in `specs/127-rbac-inventory-backup/tasks.md` are complete except `T041`, which is the documented manual QA validation step Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #155
71 lines
2.0 KiB
JSON
71 lines
2.0 KiB
JSON
{
|
|
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
"$id": "https://tenantpilot.local/contracts/foundation-rbac-snapshot.schema.json",
|
|
"title": "Foundation RBAC Snapshot",
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": ["type", "sourceId", "payload", "metadata"],
|
|
"properties": {
|
|
"type": {
|
|
"type": "string",
|
|
"enum": ["intuneRoleDefinition", "intuneRoleAssignment"]
|
|
},
|
|
"policyId": {
|
|
"type": ["integer", "null"],
|
|
"description": "Synthetic tenant-scoped policy anchor used when immutable RBAC history is linked into the shared policy-version surfaces."
|
|
},
|
|
"policyVersionId": {
|
|
"type": ["integer", "null"],
|
|
"description": "Immutable policy version identifier for RBAC foundation snapshots when version linkage is present."
|
|
},
|
|
"sourceId": {
|
|
"type": "string",
|
|
"minLength": 1
|
|
},
|
|
"displayName": {
|
|
"type": ["string", "null"]
|
|
},
|
|
"payload": {
|
|
"type": "object",
|
|
"description": "Full immutable Graph payload captured for backup or version display."
|
|
},
|
|
"metadata": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"required": ["kind", "graph"],
|
|
"properties": {
|
|
"kind": {
|
|
"type": "string",
|
|
"enum": ["intuneRoleDefinition", "intuneRoleAssignment"]
|
|
},
|
|
"displayName": {
|
|
"type": ["string", "null"]
|
|
},
|
|
"graph": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": ["resource", "apiVersion"],
|
|
"properties": {
|
|
"resource": {
|
|
"type": "string",
|
|
"enum": [
|
|
"deviceManagement/roleDefinitions",
|
|
"deviceManagement/roleAssignments"
|
|
]
|
|
},
|
|
"apiVersion": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
},
|
|
"warnings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|