ahmido
8ae7a7234e
Summary Implements Inventory Core (Spec 040): a tenant-scoped, mutable “last observed” inventory catalog + sync run logging, with deterministic selection hashing and safe derived “missing” semantics. This establishes the foundation for Inventory UI (041), Dependencies Graph (042), Compare/Promotion (043), and Drift (044). What’s included • DB schema • inventory_items (unique: tenant_id + policy_type + external_id; indexes; last_seen_at, last_seen_run_id) • inventory_sync_runs (tenant_id, selection_hash/payload, status, started/finished, counts, error_codes, correlation_id) • Selection hashing • Deterministic selection_hash via canonical JSON (sorted keys + sorted arrays) + sha256 • Sync semantics • Idempotent upsert (no duplicates) • Updates last_seen_* when observed • Enforces tenant scoping for all reads/writes • Guardrail: inventory sync does not create snapshots/backups • Missing semantics (derived) • “missing” computed relative to latest completed run for same (tenant_id, selection_hash) • Low confidence when latest run is partial/failed or had_errors=true • Selection isolation (runs for other selections don’t affect missing) • deleted is reserved (not produced here) • Safety • meta_jsonb whitelist enforced (unknown keys dropped; never fail sync) • Safe error persistence (no bearer tokens / secrets) • Locking to prevent overlapping runs for same tenant+selection • Concurrency limiter (global + per-tenant) and throttling resilience (429/503 backoff + jitter) Tests Added Pest coverage for: • selection_hash determinism (array order invariant) • upsert idempotency + last_seen updates • missing derived semantics + selection isolation • low confidence missing on partial/had_errors • meta whitelist drop (no exception) • lock prevents overlapping runs • no snapshots/backups side effects • safe error persistence (no bearer tokens) Non-goals • Inventory UI pages/resources (Spec 041) • Dependency graph hydration (Spec 042) • Cross-tenant compare/promotion flows (Spec 043) • Drift analysis dashboards (Spec 044) Review focus • Data model correctness + indexes/constraints • Selection hash canonicalization (determinism) • Missing semantics (latest completed run + confidence rule) • Guardrails (no snapshot/backups side effects) • Safety: error_code taxonomy + safe persistence/logging Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local> Reviewed-on: #43
24 lines
750 B
PHP
24 lines
750 B
PHP
<?php
|
|
|
|
use App\Services\Inventory\InventorySelectionHasher;
|
|
|
|
it('computes the same selection_hash regardless of array ordering', function () {
|
|
$hasher = app(InventorySelectionHasher::class);
|
|
|
|
$payloadA = [
|
|
'policy_types' => ['deviceCompliancePolicy', 'deviceConfiguration'],
|
|
'categories' => ['Compliance', 'Configuration'],
|
|
'include_foundations' => true,
|
|
'include_dependencies' => false,
|
|
];
|
|
|
|
$payloadB = [
|
|
'include_dependencies' => false,
|
|
'include_foundations' => true,
|
|
'categories' => ['Configuration', 'Compliance'],
|
|
'policy_types' => ['deviceConfiguration', 'deviceCompliancePolicy'],
|
|
];
|
|
|
|
expect($hasher->hash($payloadA))->toBe($hasher->hash($payloadB));
|
|
});
|