132 lines
6.0 KiB
Markdown
132 lines
6.0 KiB
Markdown
# Quickstart: Backup Quality Truth Surfaces
|
|
|
|
## Goal
|
|
|
|
Validate that backup-set, backup-item, policy-version, and restore-selection surfaces now communicate backup quality truth early and explicitly without overstating restore safety, restore readiness, or tenant recoverability.
|
|
|
|
## Prerequisites
|
|
|
|
1. Start Sail if it is not already running.
|
|
2. Ensure the workspace has representative fixtures for:
|
|
- a backup set with only full-payload items
|
|
- a backup set with at least one metadata-only item
|
|
- a backup set with assignment fetch failure metadata
|
|
- a backup set with orphaned-assignment metadata
|
|
- one policy version captured as full payload
|
|
- one policy version captured as metadata-only
|
|
- one user with `TENANT_VIEW` but without restore capability
|
|
- one user with restore capability for the same tenant
|
|
3. Ensure the acting users are valid workspace and tenant members.
|
|
4. Ensure archived backup-set and policy-version fixtures exist if lifecycle plus quality combinations need validation.
|
|
|
|
## Focused Automated Verification
|
|
|
|
Run the smallest existing backup, version, and restore-selection pack first:
|
|
|
|
```bash
|
|
vendor/bin/sail artisan test --compact tests/Feature/Filament/BackupSetEnterpriseDetailPageTest.php
|
|
vendor/bin/sail artisan test --compact tests/Feature/Filament/BackupItemsRelationManagerFiltersTest.php
|
|
vendor/bin/sail artisan test --compact tests/Feature/Filament/BackupSetUiEnforcementTest.php
|
|
vendor/bin/sail artisan test --compact tests/Feature/Filament/PolicyVersionTest.php
|
|
vendor/bin/sail artisan test --compact tests/Feature/Filament/PolicyVersionRestoreViaWizardTest.php
|
|
vendor/bin/sail artisan test --compact tests/Feature/Filament/RestoreItemSelectionTest.php
|
|
vendor/bin/sail artisan test --compact tests/Feature/Rbac/BackupItemsRelationManagerUiEnforcementTest.php
|
|
vendor/bin/sail artisan test --compact tests/Feature/Rbac/PolicyVersionsRestoreToIntuneUiEnforcementTest.php
|
|
vendor/bin/sail artisan test --compact tests/Feature/Rbac/CreateRestoreRunAuthorizationTest.php
|
|
vendor/bin/sail artisan test --compact tests/Feature/RestoreRiskChecksWizardTest.php
|
|
vendor/bin/sail artisan test --compact tests/Unit/AssignmentBackupServiceTest.php
|
|
vendor/bin/sail artisan test --compact tests/Unit/BackupItemTest.php
|
|
```
|
|
|
|
Expected new or expanded spec-scoped tests:
|
|
|
|
```bash
|
|
vendor/bin/sail artisan test --compact tests/Feature/Filament/BackupQualityTruthSurfaceTest.php
|
|
vendor/bin/sail artisan test --compact tests/Feature/Filament/PolicyVersionQualityTruthSurfaceTest.php
|
|
vendor/bin/sail artisan test --compact tests/Feature/Filament/RestoreSelectionQualityTruthTest.php
|
|
vendor/bin/sail artisan test --compact tests/Feature/Rbac/BackupQualityVisibilityTest.php
|
|
vendor/bin/sail artisan test --compact tests/Unit/Support/BackupQuality/
|
|
```
|
|
|
|
Use `--filter` for a smaller pass while iterating.
|
|
|
|
## Manual Validation Pass
|
|
|
|
### 1. Verify backup-set list truth
|
|
|
|
Open `/admin/t/{tenant}/backup-sets` and confirm:
|
|
|
|
- lifecycle status remains visible and separate from backup-quality summary
|
|
- a full-quality set reads as `no degradations detected` or equivalent without implying safe restore
|
|
- a degraded set shows metadata-only, assignment issues, orphaned assignments, or degraded-item count within one scan
|
|
|
|
### 2. Verify backup-set detail summary-first layout
|
|
|
|
Open a degraded backup set and confirm:
|
|
|
|
- the first visible summary answers whether the set is strong or weak as recovery input
|
|
- metadata-only count, assignment issue count, and orphaned-assignment count appear before raw metadata
|
|
- one primary next action is visible when degraded truth exists
|
|
|
|
### 3. Verify backup-items relation truth
|
|
|
|
Within the same backup-set detail page, confirm the relation table shows:
|
|
|
|
- snapshot mode per item
|
|
- assignment capture issue truth per item
|
|
- orphaned-assignment truth per item
|
|
- current inspect model and action placement remain unchanged
|
|
|
|
### 4. Verify policy-version list and detail truth
|
|
|
|
Open `/admin/t/{tenant}/policy-versions` and confirm:
|
|
|
|
- metadata-only versions are visible at scan speed in the list itself
|
|
- full-payload and degraded versions are distinguishable without hovering disabled actions
|
|
|
|
Open a degraded policy version and confirm:
|
|
|
|
- an explicit backup-quality section appears on the detail surface
|
|
- the page explains degraded input quality without claiming safe restore or meaningful rollback certainty
|
|
|
|
### 5. Verify restore-selection truth before risk checks
|
|
|
|
Open `/admin/t/{tenant}/restore-runs/create` and confirm:
|
|
|
|
- step 1 backup-set choices expose degraded input before the wizard reaches checks or preview
|
|
- step 2 item descriptions expose metadata-only and assignment-quality truth before risk checks run
|
|
- the page still treats backup quality as input truth, not restore safety approval
|
|
|
|
### 6. Verify RBAC-safe truth visibility
|
|
|
|
Repeat the list and detail checks as a user with `TENANT_VIEW` but without restore permission and confirm:
|
|
|
|
- backup-quality truth remains visible
|
|
- restore entry points remain unavailable or disabled with the current RBAC behavior
|
|
- non-members still receive deny-as-not-found behavior rather than resource hints
|
|
|
|
## Non-Regression Checks
|
|
|
|
Confirm the feature did not change:
|
|
|
|
- tenant route identity for backup, version, or restore pages
|
|
- current archive, restore, force-delete, or remove confirmation behavior
|
|
- existing restore-safety blocking behavior for metadata-only input
|
|
- existing assignment capture semantics and orphaned-assignment detection
|
|
- current global asset registration and deployment requirements
|
|
|
|
## Formatting And Final Verification
|
|
|
|
Before finalizing implementation work:
|
|
|
|
```bash
|
|
vendor/bin/sail bin pint --dirty --format agent
|
|
```
|
|
|
|
Then rerun the smallest affected test set and offer the full suite only after the focused backup-quality pack passes.
|
|
|
|
Close the feature only after manual validation confirms:
|
|
|
|
- an operator can identify degraded versus full-looking backup input within 10 seconds on backup-set list and detail surfaces
|
|
- the first restore selection step exposes weak inputs before risk-check work begins
|
|
- reduced-permission users still see truthful quality signals without gaining restore capability |