ahmido
ef380b67d1
Implements Spec 104: Provider Permission Posture. What changed - Generates permission posture findings after each tenant permission compare (queued) - Stores immutable posture snapshots as StoredReports (JSONB payload) - Adds global Finding resolved lifecycle (`resolved_at`, `resolved_reason`) with `resolve()` / `reopen()` - Adds alert pipeline event type `permission_missing` (Alerts v1) and Filament option for Alert Rules - Adds retention pruning command + daily schedule for StoredReports - Adds badge mappings for `resolved` finding status and `permission_posture` finding type UX fixes discovered during manual verification - Hide “Diff” section for non-drift findings (only drift findings show diff) - Required Permissions page: “Re-run verification” now links to Tenant view (not onboarding) - Preserve Technical Details `<details>` open state across Livewire re-renders (Alpine state) Verification - Ran `vendor/bin/sail artisan test --compact --filter=PermissionPosture` (50 tests) - Ran `vendor/bin/sail artisan test --compact --filter="FindingResolved|FindingBadge|PermissionMissingAlert"` (20 tests) - Ran `vendor/bin/sail bin pint --dirty` Filament v5 / Livewire v4 compliance - Filament v5 + Livewire v4: no Livewire v3 usage. Panel provider registration (Laravel 11+) - No new panels added. Existing panel providers remain registered via `bootstrap/providers.php`. Global search rule - No changes to global-searchable resources. Destructive actions - No new destructive Filament actions were added in this PR. Assets / deploy notes - No new Filament assets registered. Existing deploy step `php artisan filament:assets` remains unchanged. Test coverage - New/updated Pest feature tests cover generator behavior, job integration, alerting, retention pruning, and resolved lifecycle. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #127
130 lines
4.7 KiB
PHP
130 lines
4.7 KiB
PHP
<?php
|
|
|
|
namespace App\Support\Badges;
|
|
|
|
use BackedEnum;
|
|
use Stringable;
|
|
use Throwable;
|
|
|
|
final class BadgeCatalog
|
|
{
|
|
/**
|
|
* @var array<string, class-string<BadgeMapper>>
|
|
*/
|
|
private const DOMAIN_MAPPERS = [
|
|
BadgeDomain::OperationRunStatus->value => Domains\OperationRunStatusBadge::class,
|
|
BadgeDomain::OperationRunOutcome->value => Domains\OperationRunOutcomeBadge::class,
|
|
BadgeDomain::BackupSetStatus->value => Domains\BackupSetStatusBadge::class,
|
|
BadgeDomain::RestoreRunStatus->value => Domains\RestoreRunStatusBadge::class,
|
|
BadgeDomain::RestoreCheckSeverity->value => Domains\RestoreCheckSeverityBadge::class,
|
|
BadgeDomain::FindingStatus->value => Domains\FindingStatusBadge::class,
|
|
BadgeDomain::FindingSeverity->value => Domains\FindingSeverityBadge::class,
|
|
BadgeDomain::BooleanEnabled->value => Domains\BooleanEnabledBadge::class,
|
|
BadgeDomain::BooleanHasErrors->value => Domains\BooleanHasErrorsBadge::class,
|
|
BadgeDomain::TenantStatus->value => Domains\TenantStatusBadge::class,
|
|
BadgeDomain::TenantAppStatus->value => Domains\TenantAppStatusBadge::class,
|
|
BadgeDomain::TenantRbacStatus->value => Domains\TenantRbacStatusBadge::class,
|
|
BadgeDomain::TenantPermissionStatus->value => Domains\TenantPermissionStatusBadge::class,
|
|
BadgeDomain::PolicySnapshotMode->value => Domains\PolicySnapshotModeBadge::class,
|
|
BadgeDomain::PolicyRestoreMode->value => Domains\PolicyRestoreModeBadge::class,
|
|
BadgeDomain::PolicyRisk->value => Domains\PolicyRiskBadge::class,
|
|
BadgeDomain::IgnoredAt->value => Domains\IgnoredAtBadge::class,
|
|
BadgeDomain::RestorePreviewDecision->value => Domains\RestorePreviewDecisionBadge::class,
|
|
BadgeDomain::RestoreResultStatus->value => Domains\RestoreResultStatusBadge::class,
|
|
BadgeDomain::ProviderConnectionStatus->value => Domains\ProviderConnectionStatusBadge::class,
|
|
BadgeDomain::ProviderConnectionHealth->value => Domains\ProviderConnectionHealthBadge::class,
|
|
BadgeDomain::ManagedTenantOnboardingVerificationStatus->value => Domains\ManagedTenantOnboardingVerificationStatusBadge::class,
|
|
BadgeDomain::VerificationCheckStatus->value => Domains\VerificationCheckStatusBadge::class,
|
|
BadgeDomain::VerificationCheckSeverity->value => Domains\VerificationCheckSeverityBadge::class,
|
|
BadgeDomain::VerificationReportOverall->value => Domains\VerificationReportOverallBadge::class,
|
|
BadgeDomain::AlertDeliveryStatus->value => Domains\AlertDeliveryStatusBadge::class,
|
|
BadgeDomain::AlertDestinationLastTestStatus->value => Domains\AlertDestinationLastTestStatusBadge::class,
|
|
BadgeDomain::BaselineProfileStatus->value => Domains\BaselineProfileStatusBadge::class,
|
|
BadgeDomain::FindingType->value => Domains\FindingTypeBadge::class,
|
|
];
|
|
|
|
/**
|
|
* @var array<string, BadgeMapper|null>
|
|
*/
|
|
private static array $mapperCache = [];
|
|
|
|
public static function spec(BadgeDomain $domain, mixed $value): BadgeSpec
|
|
{
|
|
$mapper = self::mapper($domain);
|
|
|
|
if (! $mapper) {
|
|
return BadgeSpec::unknown();
|
|
}
|
|
|
|
try {
|
|
return $mapper->spec($value);
|
|
} catch (Throwable) {
|
|
return BadgeSpec::unknown();
|
|
}
|
|
}
|
|
|
|
public static function mapper(BadgeDomain $domain): ?BadgeMapper
|
|
{
|
|
$key = $domain->value;
|
|
|
|
if (array_key_exists($key, self::$mapperCache)) {
|
|
return self::$mapperCache[$key];
|
|
}
|
|
|
|
$mapper = self::buildMapper($domain);
|
|
|
|
self::$mapperCache[$key] = $mapper;
|
|
|
|
return $mapper;
|
|
}
|
|
|
|
public static function normalizeState(mixed $value): ?string
|
|
{
|
|
if ($value === null) {
|
|
return null;
|
|
}
|
|
|
|
if ($value instanceof BackedEnum) {
|
|
$value = $value->value;
|
|
}
|
|
|
|
if ($value instanceof Stringable) {
|
|
$value = (string) $value;
|
|
}
|
|
|
|
if (is_bool($value)) {
|
|
return $value ? 'true' : 'false';
|
|
}
|
|
|
|
if (is_int($value) || is_float($value)) {
|
|
return (string) $value;
|
|
}
|
|
|
|
if (! is_string($value)) {
|
|
return null;
|
|
}
|
|
|
|
$normalized = strtolower(trim($value));
|
|
$normalized = str_replace([' ', '-'], '_', $normalized);
|
|
|
|
return $normalized === '' ? null : $normalized;
|
|
}
|
|
|
|
private static function buildMapper(BadgeDomain $domain): ?BadgeMapper
|
|
{
|
|
$mapperClass = self::DOMAIN_MAPPERS[$domain->value] ?? null;
|
|
|
|
if (! $mapperClass) {
|
|
return null;
|
|
}
|
|
|
|
if (! class_exists($mapperClass)) {
|
|
return null;
|
|
}
|
|
|
|
$mapper = new $mapperClass;
|
|
|
|
return $mapper instanceof BadgeMapper ? $mapper : null;
|
|
}
|
|
}
|