ahmido
b9c47e7973
## Summary <!-- Kurz: Was ändert sich und warum? --> ## Spec-Driven Development (SDD) - [ ] Es gibt eine Spec unter `specs/<NNN>-<feature>/` - [ ] Enthaltene Dateien: `plan.md`, `tasks.md`, `spec.md` - [ ] Spec beschreibt Verhalten/Acceptance Criteria (nicht nur Implementation) - [ ] Wenn sich Anforderungen während der Umsetzung geändert haben: Spec/Plan/Tasks wurden aktualisiert ## Implementation - [ ] Implementierung entspricht der Spec - [ ] Edge cases / Fehlerfälle berücksichtigt - [ ] Keine unbeabsichtigten Änderungen außerhalb des Scopes ## Tests - [ ] Tests ergänzt/aktualisiert (Pest/PHPUnit) - [ ] Relevante Tests lokal ausgeführt (`./vendor/bin/sail artisan test` oder `php artisan test`) ## Migration / Config / Ops (falls relevant) - [ ] Migration(en) enthalten und getestet - [ ] Rollback bedacht (rückwärts kompatibel, sichere Migration) - [ ] Neue Env Vars dokumentiert (`.env.example` / Doku) - [ ] Queue/cron/storage Auswirkungen geprüft ## UI (Filament/Livewire) (falls relevant) - [ ] UI-Flows geprüft - [ ] Screenshots/Notizen hinzugefügt ## Notes <!-- Links, Screenshots, Follow-ups, offene Punkte --> Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local> Reviewed-on: #6
3.0 KiB
3.0 KiB
Data Model: SoT Foundations & Assignments (006)
This feature reuses existing snapshot and restore run entities, and introduces a consistent JSON “mapping + decisions” report.
Existing Entities (today)
BackupSet
- Purpose: Groups a point-in-time capture for a tenant.
- Relationships: hasMany
BackupItem.
BackupItem
- Purpose: Stores an immutable snapshot item.
- Key fields (relevant):
tenant_id,backup_set_idpolicy_id(nullable)policy_identifier(Graph id)policy_type(logical type)payload(raw JSON)metadata(normalized JSON)
RestoreRun
- Purpose: Tracks restore preview/execution lifecycle.
- Key fields (relevant):
is_dry_runrequested_items(selection)preview(dry-run decision report)results(execution report)metadata(extra structured info)
New / Extended Concepts (this feature)
FoundationSnapshot (logical concept)
Represented as a backup_items row.
-
policy_type(new keys):assignmentFilterroleScopeTagnotificationMessageTemplate
-
policy_identifier: source Graphid -
policy_id:null -
payload: raw Graph resource JSON -
metadata(proposed, shape):{ "displayName": "...", "kind": "assignmentFilter|roleScopeTag|notificationMessageTemplate", "graph": { "resource": "deviceManagement/assignmentFilters", "apiVersion": "v1.0" } }
RestoreMappingReport (logical concept)
Stored within restore_runs.preview/restore_runs.results.
-
mappings.foundations[](proposed shape):{ "type": "assignmentFilter", "sourceId": "<old-guid>", "sourceName": "Filter A", "decision": "mapped_existing|created|created_copy|failed", "targetId": "<new-guid>", "targetName": "Filter A (Copy)", "reason": "..." }
AssignmentDecisionReport (logical concept)
Stored within restore_runs.preview/restore_runs.results.
-
assignments[]entries (proposed shape):{ "policyType": "settingsCatalogPolicy", "sourcePolicyId": "...", "targetPolicyId": "...", "decision": "applied|skipped|failed", "reason": "missing_filter_mapping|missing_group_mapping|preview_only|graph_error", "details": { "sourceAssignmentCount": 3, "appliedAssignmentCount": 2 } }
Relationships / Flow
BackupSetcontains both “policy snapshots” and “foundation snapshots” asBackupItemrows.RestoreRunconsumes aBackupSetand produces:- foundation mapping report
- policy restore decisions
- assignment application decisions
Validation & State Transitions
- Restore execution is single-writer per tenant (existing safety requirement FR-009).
- Restore behavior:
- Preview (
is_dry_run=true): builds mapping/decisions, no Graph writes. - Execute (
is_dry_run=false): creates missing foundations, restores policies, applies assignments when safe. - Conditional Access entries are always recorded as preview-only/skipped in execute.
- Preview (