222a7e0a97
- T001-T014: Foundation - StoredReport model/migration, Finding resolved lifecycle, badge mappings (resolved status, permission_posture type), OperationCatalog + AlertRule constants - T015-T022: US1 - PermissionPostureFindingGenerator with fingerprint-based idempotent upsert, severity from feature-impact count, auto-resolve on grant, auto-reopen on revoke, error findings (FR-015), stale finding cleanup; GeneratePermissionPostureFindingsJob dispatched from health check; PostureResult VO + PostureScoreCalculator - T023-T026: US2+US4 - Stored report payload validation, temporal ordering, polymorphic reusability, score accuracy acceptance tests - T027-T029: US3 - EvaluateAlertsJob.permissionMissingEvents() wired into alert pipeline, AlertRuleResource event type option, cooldown/dedupe tests - T030-T034: Polish - PruneStoredReportsCommand with config retention, scheduled daily, end-to-end integration test, Pint clean UI bug fixes found during testing: - FindingResource: hide Diff section for non-drift findings - TenantRequiredPermissions: fix re-run verification link - tenant-required-permissions.blade.php: preserve details open state 70 tests (50 PermissionPosture + 20 FindingResolved/Badge/Alert), 216 assertions
94 lines
3.0 KiB
PHP
94 lines
3.0 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Jobs;
|
|
|
|
use App\Models\Tenant;
|
|
use App\Services\OperationRunService;
|
|
use App\Services\PermissionPosture\FindingGeneratorContract;
|
|
use App\Support\OperationCatalog;
|
|
use App\Support\OperationRunOutcome;
|
|
use App\Support\OperationRunStatus;
|
|
use Illuminate\Bus\Queueable;
|
|
use Illuminate\Contracts\Queue\ShouldQueue;
|
|
use Illuminate\Foundation\Bus\Dispatchable;
|
|
use Illuminate\Queue\InteractsWithQueue;
|
|
use Illuminate\Queue\SerializesModels;
|
|
use RuntimeException;
|
|
use Throwable;
|
|
|
|
class GeneratePermissionPostureFindingsJob implements ShouldQueue
|
|
{
|
|
use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
|
|
|
|
public function __construct(
|
|
public readonly int $tenantId,
|
|
public readonly array $permissionComparison,
|
|
) {}
|
|
|
|
public function handle(
|
|
FindingGeneratorContract $generator,
|
|
OperationRunService $operationRuns,
|
|
): void {
|
|
$tenant = Tenant::query()->find($this->tenantId);
|
|
|
|
if (! $tenant instanceof Tenant) {
|
|
throw new RuntimeException('Tenant not found: '.$this->tenantId);
|
|
}
|
|
|
|
// FR-016: Skip if tenant has no active provider connection
|
|
if ($tenant->providerConnections()->count() === 0) {
|
|
return;
|
|
}
|
|
|
|
$operationRun = $operationRuns->ensureRun(
|
|
tenant: $tenant,
|
|
type: OperationCatalog::TYPE_PERMISSION_POSTURE_CHECK,
|
|
inputs: [
|
|
'tenant_id' => $this->tenantId,
|
|
'trigger' => 'health_check',
|
|
],
|
|
initiator: null,
|
|
);
|
|
|
|
$operationRuns->updateRun(
|
|
$operationRun,
|
|
status: OperationRunStatus::Running->value,
|
|
outcome: OperationRunOutcome::Pending->value,
|
|
);
|
|
|
|
try {
|
|
$result = $generator->generate($tenant, $this->permissionComparison, $operationRun);
|
|
|
|
$operationRuns->updateRun(
|
|
$operationRun,
|
|
status: OperationRunStatus::Completed->value,
|
|
outcome: OperationRunOutcome::Succeeded->value,
|
|
summaryCounts: [
|
|
'findings_created' => $result->findingsCreated,
|
|
'findings_resolved' => $result->findingsResolved,
|
|
'findings_reopened' => $result->findingsReopened,
|
|
'findings_unchanged' => $result->findingsUnchanged,
|
|
'errors_recorded' => $result->errorsRecorded,
|
|
'posture_score' => $result->postureScore,
|
|
],
|
|
);
|
|
} catch (Throwable $e) {
|
|
$operationRuns->updateRun(
|
|
$operationRun,
|
|
status: OperationRunStatus::Completed->value,
|
|
outcome: OperationRunOutcome::Failed->value,
|
|
failures: [
|
|
[
|
|
'code' => 'permission_posture_check.failed',
|
|
'message' => $e->getMessage(),
|
|
],
|
|
],
|
|
);
|
|
|
|
throw $e;
|
|
}
|
|
}
|
|
}
|