ahmido
fbb9748725
Summary add appProtectionPolicy coverage for assignments, normalize settings for UI, and skip targetedManagedAppConfiguration noise during inventory wire up derived Graph endpoints/contracts so restores use the correct /assign paths per platform and assignments no longer rely on unsupported $expand add normalization logic/tests plus Pact/Plan updates so capture+restore behave more like Intune’s app protection workflows and no longer expose unsupported fields Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local> Reviewed-on: #11
1.5 KiB
1.5 KiB
Implementation Plan: App Protection Policy Type (009)
Branch: feat/009-app-protection-policy
Date: 2025-12-29
Spec Source: spec.md
Summary
Make appProtectionPolicy reliable by:
- Filtering non-policy objects during sync (
targetedManagedAppConfiguration). - Adding Graph contract coverage for assignments +
@odata.typefamily. - Adding targeted Pest tests to lock in behavior.
Execution Steps
- Update
config/graph_contracts.phpforappProtectionPolicy:- Add assignments list + assign action endpoints (and payload key if needed).
- Expand
type_familyto the common App Protection@odata.typevalues.
- Update
app/Services/Intune/PolicySyncService.php:- Skip
#microsoft.graph.targetedManagedAppConfigurationentries when syncingappProtectionPolicy.
- Skip
- Fix restore endpoints for assignments + policy updates:
- Use derived endpoints (e.g.
/androidManagedAppProtections/{id}and/androidManagedAppProtections/{id}/assign) based on@odata.type.
- Use derived endpoints (e.g.
- Add admin-friendly normalization:
- Add
AppProtectionPolicyNormalizerfor boolean/duration formatting and Intune-like sections.
- Add
- Add/extend tests:
tests/Unit/GraphContractRegistryActualDataTest.phpforappProtectionPolicycontract coverage.tests/Feature/Jobs/*to assert sync filtering behavior.tests/Unit/*to assert normalizer output and endpoint resolution.
- Run formatting + tests:
./vendor/bin/pint --dirty./vendor/bin/sail artisan test --filter=appProtectionPolicy