ahmido
0dc79520a4
Implements provider access hardening for Intune write operations: - RBAC-based write gate with configurable staleness thresholds - Gate enforced at restore start and in jobs (execute + assignments) - UI affordances: disabled rerun action, tenant RBAC status card, refresh RBAC action - Audit logging for blocked writes - Ops UX label: `rbac.health_check` now displays as “RBAC health check” - Adds/updates Pest tests and SpecKit artifacts for feature 108 Notes: - Filament v5 / Livewire v4 compliant. - Destructive actions require confirmation. - Assets: no new global assets. Tested: - `vendor/bin/sail artisan test --compact` (suite previously green) + focused OpsUx tests for OperationCatalog labels. - `vendor/bin/sail bin pint --dirty`. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #132
248 lines
8.3 KiB
PHP
248 lines
8.3 KiB
PHP
<?php
|
|
|
|
namespace App\Jobs;
|
|
|
|
use App\Contracts\Hardening\WriteGateInterface;
|
|
use App\Exceptions\Hardening\ProviderAccessHardeningRequired;
|
|
use App\Listeners\SyncRestoreRunToOperationRun;
|
|
use App\Models\OperationRun;
|
|
use App\Models\RestoreRun;
|
|
use App\Models\User;
|
|
use App\Notifications\RunStatusChangedNotification;
|
|
use App\Services\Intune\AuditLogger;
|
|
use App\Services\Intune\RestoreService;
|
|
use App\Support\OpsUx\RunFailureSanitizer;
|
|
use App\Support\RestoreRunStatus;
|
|
use Carbon\CarbonImmutable;
|
|
use Illuminate\Bus\Queueable;
|
|
use Illuminate\Contracts\Queue\ShouldQueue;
|
|
use Illuminate\Foundation\Bus\Dispatchable;
|
|
use Illuminate\Queue\InteractsWithQueue;
|
|
use Illuminate\Queue\SerializesModels;
|
|
use Throwable;
|
|
|
|
class ExecuteRestoreRunJob implements ShouldQueue
|
|
{
|
|
use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
|
|
|
|
public ?OperationRun $operationRun = null;
|
|
|
|
public function __construct(
|
|
public int $restoreRunId,
|
|
public ?string $actorEmail = null,
|
|
public ?string $actorName = null,
|
|
?OperationRun $operationRun = null,
|
|
) {
|
|
$this->operationRun = $operationRun;
|
|
}
|
|
|
|
public function handle(RestoreService $restoreService, AuditLogger $auditLogger): void
|
|
{
|
|
if (! $this->operationRun) {
|
|
$this->fail(new \RuntimeException('OperationRun context is required for ExecuteRestoreRunJob.'));
|
|
|
|
return;
|
|
}
|
|
|
|
$restoreRun = RestoreRun::with(['tenant', 'backupSet'])->find($this->restoreRunId);
|
|
|
|
if (! $restoreRun) {
|
|
return;
|
|
}
|
|
|
|
if ((int) ($restoreRun->operation_run_id ?? 0) !== (int) $this->operationRun->getKey()) {
|
|
RestoreRun::withoutEvents(function () use ($restoreRun): void {
|
|
$restoreRun->forceFill(['operation_run_id' => $this->operationRun?->getKey()])->save();
|
|
});
|
|
}
|
|
|
|
if ($restoreRun->status !== RestoreRunStatus::Queued->value) {
|
|
return;
|
|
}
|
|
|
|
$this->notifyStatus($restoreRun, 'queued');
|
|
app(SyncRestoreRunToOperationRun::class)->handle($restoreRun);
|
|
|
|
$tenant = $restoreRun->tenant;
|
|
$backupSet = $restoreRun->backupSet;
|
|
|
|
if (! $tenant || ! $backupSet || $backupSet->trashed()) {
|
|
$restoreRun->update([
|
|
'status' => RestoreRunStatus::Failed->value,
|
|
'failure_reason' => 'Backup set is archived or unavailable.',
|
|
'completed_at' => CarbonImmutable::now(),
|
|
]);
|
|
|
|
app(SyncRestoreRunToOperationRun::class)->handle($restoreRun->refresh());
|
|
|
|
$this->notifyStatus($restoreRun->refresh(), 'failed');
|
|
|
|
if ($tenant) {
|
|
$auditLogger->log(
|
|
tenant: $tenant,
|
|
action: 'restore.failed',
|
|
context: [
|
|
'metadata' => [
|
|
'restore_run_id' => $restoreRun->id,
|
|
'backup_set_id' => $restoreRun->backup_set_id,
|
|
'reason' => 'Backup set is archived or unavailable.',
|
|
],
|
|
],
|
|
actorEmail: $this->actorEmail,
|
|
actorName: $this->actorName,
|
|
resourceType: 'restore_run',
|
|
resourceId: (string) $restoreRun->id,
|
|
status: 'failed',
|
|
);
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
try {
|
|
app(WriteGateInterface::class)->evaluate($tenant, 'restore.execute');
|
|
} catch (ProviderAccessHardeningRequired $e) {
|
|
$restoreRun->update([
|
|
'status' => RestoreRunStatus::Failed->value,
|
|
'failure_reason' => $e->reasonMessage,
|
|
'completed_at' => CarbonImmutable::now(),
|
|
]);
|
|
|
|
if ($this->operationRun) {
|
|
app(\App\Services\OperationRunService::class)->updateRun(
|
|
$this->operationRun,
|
|
status: \App\Support\OperationRunStatus::Completed->value,
|
|
outcome: \App\Support\OperationRunOutcome::Failed->value,
|
|
failures: [[
|
|
'code' => 'hardening.write_blocked',
|
|
'reason_code' => $e->reasonCode,
|
|
'message' => $e->reasonMessage,
|
|
]],
|
|
);
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
$restoreRun->update([
|
|
'status' => RestoreRunStatus::Running->value,
|
|
'started_at' => CarbonImmutable::now(),
|
|
'failure_reason' => null,
|
|
]);
|
|
|
|
// Keep the canonical Monitoring/Operations adapter row in sync even if downstream
|
|
// code performs restore-run updates without firing model events.
|
|
app(SyncRestoreRunToOperationRun::class)->handle($restoreRun->refresh());
|
|
|
|
$this->notifyStatus($restoreRun->refresh(), 'running');
|
|
|
|
$auditLogger->log(
|
|
tenant: $tenant,
|
|
action: 'restore.started',
|
|
context: [
|
|
'metadata' => [
|
|
'restore_run_id' => $restoreRun->id,
|
|
'backup_set_id' => $backupSet->id,
|
|
],
|
|
],
|
|
actorEmail: $this->actorEmail,
|
|
actorName: $this->actorName,
|
|
resourceType: 'restore_run',
|
|
resourceId: (string) $restoreRun->id,
|
|
status: 'success',
|
|
);
|
|
|
|
try {
|
|
$restoreService->executeForRun(
|
|
restoreRun: $restoreRun,
|
|
tenant: $tenant,
|
|
backupSet: $backupSet,
|
|
actorEmail: $this->actorEmail,
|
|
actorName: $this->actorName,
|
|
);
|
|
|
|
app(SyncRestoreRunToOperationRun::class)->handle($restoreRun->refresh());
|
|
|
|
$this->notifyStatus($restoreRun->refresh(), (string) $restoreRun->status);
|
|
} catch (Throwable $throwable) {
|
|
$restoreRun->refresh();
|
|
|
|
$safeReason = RunFailureSanitizer::sanitizeMessage($throwable->getMessage());
|
|
|
|
if ($restoreRun->status === RestoreRunStatus::Running->value) {
|
|
$restoreRun->update([
|
|
'status' => RestoreRunStatus::Failed->value,
|
|
'failure_reason' => $safeReason,
|
|
'completed_at' => CarbonImmutable::now(),
|
|
]);
|
|
}
|
|
|
|
app(SyncRestoreRunToOperationRun::class)->handle($restoreRun->refresh());
|
|
|
|
$this->notifyStatus($restoreRun->refresh(), (string) $restoreRun->status);
|
|
|
|
if ($tenant) {
|
|
$auditLogger->log(
|
|
tenant: $tenant,
|
|
action: 'restore.failed',
|
|
context: [
|
|
'metadata' => [
|
|
'restore_run_id' => $restoreRun->id,
|
|
'backup_set_id' => $backupSet->id,
|
|
'reason' => $safeReason,
|
|
],
|
|
],
|
|
actorEmail: $this->actorEmail,
|
|
actorName: $this->actorName,
|
|
resourceType: 'restore_run',
|
|
resourceId: (string) $restoreRun->id,
|
|
status: 'failed',
|
|
);
|
|
}
|
|
|
|
throw $throwable;
|
|
}
|
|
}
|
|
|
|
private function notifyStatus(RestoreRun $restoreRun, string $status): void
|
|
{
|
|
$email = $this->actorEmail;
|
|
|
|
if (! is_string($email) || $email === '') {
|
|
$email = is_string($restoreRun->requested_by) ? $restoreRun->requested_by : null;
|
|
}
|
|
|
|
if (! is_string($email) || $email === '') {
|
|
return;
|
|
}
|
|
|
|
$user = User::query()->where('email', $email)->first();
|
|
|
|
if (! $user) {
|
|
return;
|
|
}
|
|
|
|
$metadata = is_array($restoreRun->metadata) ? $restoreRun->metadata : [];
|
|
$counts = [];
|
|
|
|
foreach (['total', 'succeeded', 'failed', 'skipped'] as $key) {
|
|
if (array_key_exists($key, $metadata) && is_numeric($metadata[$key])) {
|
|
$counts[$key] = (int) $metadata[$key];
|
|
}
|
|
}
|
|
|
|
$payload = [
|
|
'tenant_id' => (int) $restoreRun->tenant_id,
|
|
'run_type' => 'restore',
|
|
'run_id' => (int) $restoreRun->getKey(),
|
|
'status' => $status,
|
|
];
|
|
|
|
if ($counts !== []) {
|
|
$payload['counts'] = $counts;
|
|
}
|
|
|
|
$user->notify(new RunStatusChangedNotification($payload));
|
|
}
|
|
}
|