ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
0ab31b2b81
TenantAtlas/app/Services/Baselines/BaselineSnapshotIdentity.php
Ahmed Darrazi 0ab31b2b81 feat: add Intune RBAC baseline compare support
2026-03-09 19:43:13 +01:00

79 lines
2.5 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Services\Baselines;
use App\Services\Drift\DriftHasher;
use App\Support\Baselines\BaselineSubjectKey;
/**
* Computes the snapshot_identity_hash for baseline snapshot content dedupe.
*
* The identity hash is a sha256 over normalized snapshot items, enabling
* detection of "nothing changed" when capturing the same inventory state.
*/
final class BaselineSnapshotIdentity
{
public function __construct(
private readonly DriftHasher $hasher,
private readonly InventoryMetaContract $metaContract,
) {}
/**
* Compute identity hash over a set of snapshot items.
*
* Each item is represented as an associative array with:
* - policy_type, subject_key, baseline_hash
*
* @param array<int, array{policy_type: string, subject_key: ?string, baseline_hash: string}> $items
*/
public function computeIdentity(array $items): string
{
if ($items === []) {
return hash('sha256', '[]');
}
$normalized = array_map(
fn (array $item): string => implode('|', [
trim((string) ($item['policy_type'] ?? '')),
trim((string) ($item['subject_key'] ?? '')),
trim((string) ($item['baseline_hash'] ?? '')),
]),
$items,
);
sort($normalized, SORT_STRING);
return hash('sha256', implode("\n", $normalized));
}
public function subjectKey(string $policyType, ?string $displayName = null, ?string $subjectExternalId = null): ?string
{
return BaselineSubjectKey::forPolicy($policyType, $displayName, $subjectExternalId);
}
public function workspaceSafeSubjectExternalId(string $policyType, ?string $displayName = null, ?string $subjectExternalId = null): ?string
{
return BaselineSubjectKey::workspaceSafeSubjectExternalIdForPolicy($policyType, $displayName, $subjectExternalId);
}
/**
* Compute a stable content hash for a single inventory item's metadata.
*
* Hashes ONLY the Spec 116 meta contract output (not the full meta_jsonb payload).
*
* @param array<string, mixed> $metaJsonb
*/
public function hashItemContent(string $policyType, string $subjectExternalId, array $metaJsonb): string
{
$contract = $this->metaContract->build(
policyType: $policyType,
subjectExternalId: $subjectExternalId,
metaJsonb: $metaJsonb,
);
return $this->hasher->hashNormalized($contract);
}
}
Reference in New Issue View Git Blame Copy Permalink