ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
2e95ae480c
TenantAtlas/specs/006-sot-foundations-assignments/quickstart.md
ahmido b9c47e7973 feat/006-sot-foundations-assignments (#6) 
## Summary
<!-- Kurz: Was ändert sich und warum? -->

## Spec-Driven Development (SDD)
- [ ] Es gibt eine Spec unter `specs/<NNN>-<feature>/`
- [ ] Enthaltene Dateien: `plan.md`, `tasks.md`, `spec.md`
- [ ] Spec beschreibt Verhalten/Acceptance Criteria (nicht nur Implementation)
- [ ] Wenn sich Anforderungen während der Umsetzung geändert haben: Spec/Plan/Tasks wurden aktualisiert

## Implementation
- [ ] Implementierung entspricht der Spec
- [ ] Edge cases / Fehlerfälle berücksichtigt
- [ ] Keine unbeabsichtigten Änderungen außerhalb des Scopes

## Tests
- [ ] Tests ergänzt/aktualisiert (Pest/PHPUnit)
- [ ] Relevante Tests lokal ausgeführt (`./vendor/bin/sail artisan test` oder `php artisan test`)

## Migration / Config / Ops (falls relevant)
- [ ] Migration(en) enthalten und getestet
- [ ] Rollback bedacht (rückwärts kompatibel, sichere Migration)
- [ ] Neue Env Vars dokumentiert (`.env.example` / Doku)
- [ ] Queue/cron/storage Auswirkungen geprüft

## UI (Filament/Livewire) (falls relevant)
- [ ] UI-Flows geprüft
- [ ] Screenshots/Notizen hinzugefügt

## Notes
<!-- Links, Screenshots, Follow-ups, offene Punkte -->

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #6
2025-12-25 14:25:16 +00:00

2.1 KiB
Raw Blame History

Quickstart: SoT Foundations & Assignments (006)

This is a developer/operator checklist to validate foundations-first restore and assignment-aware restore.

Prerequisites

  • Local dev via Sail.
  • A tenant configured for Graph access with sufficient permissions for:
    • Assignment filters: DeviceManagementConfiguration.ReadWrite.All
    • Scope tags: DeviceManagementRBAC.ReadWrite.All
    • Notification templates: DeviceManagementServiceConfig.ReadWrite.All

Scenario A: Foundations backup + restore

  1. In a test tenant, create:
    • 12 assignment filters
    • 12 scope tags (non-built-in)
    • 1 notification message template
  2. Run a sync + backup via the apps existing workflow.
  3. In the target tenant, ensure those objects do not exist.
  4. Run restore in preview:
    • Verify preview includes a “Foundations” section.
    • Verify it reports old→new mapping decisions.
  5. Run restore in execute:
    • Verify missing foundations are created.
    • Verify collisions result in “created_copy” behavior (if you intentionally create same-named items beforehand).

Scenario B: Assignment-aware restore

  1. Create a policy that has assignments:
    • Group targeting
    • Assignment filters (include/exclude)
    • Scope tags where applicable
  2. Back up the tenant.
  3. Restore into a target tenant where:
    • some foundations exist
    • some foundations are missing
  4. Run restore preview:
    • Verify assignments are marked “applied” only when mappings exist.
    • Verify unsafe assignments are “skipped” with explicit reasons (no broad targeting).
  5. Run restore execute:
    • Verify the policy is restored.
    • Verify assignment application uses the mapping.

Scenario C: Conditional Access preview-only

  1. Ensure the backup contains at least one Conditional Access policy.
  2. Run restore preview:
    • Verify CA items appear with a clear preview-only marker.
  3. Run restore execute:
    • Verify CA changes are not applied and are recorded as skipped/preview-only.

Notes

  • If UI changes dont appear, run the projects dev/build pipeline (composer run dev / pnpm dev) according to existing repo conventions.