ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
30ad57baab
TenantAtlas/specs/053-unify-runs-monitoring/contracts/admin-pages.openapi.yaml
ahmido 30ad57baab feat/053-unify-runs-monitoring (#60) 
Summary

This PR introduces Unified Operations Runs + Monitoring Hub (053).

Goal: Standardize how long-running operations are tracked and monitored using the existing tenant-scoped run record (BulkOperationRun) as the canonical “operation run”, and surface it in a single Monitoring → Operations hub (view-only, tenant-scoped, role-aware).

Phase 1 adoption scope (per spec):
	•	Drift generation (drift.generate)
	•	Backup Set “Add Policies” (backup_set.add_policies)

Note: This PR does not convert every run type yet (e.g. GroupSyncRuns / InventorySyncRuns remain separate for now). This is intentionally incremental.

⸻

What changed

Monitoring / Operations hub
	•	Moved/organized run monitoring under Monitoring → Operations
	•	Added:
	•	status buckets (queued / running / succeeded / partially succeeded / failed)
	•	filters (run type, status bucket, time range)
	•	run detail “Related” links (e.g. Drift findings, Backup Set context)
	•	All hub pages are DB-only and view-only (no rerun/cancel/delete actions)

Canonical run semantics
	•	Added canonical helpers on BulkOperationRun:
	•	runType() (resource.action)
	•	statusBucket() derived from status + counts (testable semantics)

Drift integration (Phase 1)
	•	Drift generation start behavior now:
	•	creates/reuses a BulkOperationRun with drift context payload (scope_key + baseline/current run ids)
	•	dispatches generation job
	•	emits DB notifications including “View run” link
	•	On generation failure: stores sanitized failure entries + sends failure notification

Permissions / tenant isolation
	•	Monitoring run list/view is tenant-scoped and returns 403 for cross-tenant access
	•	Readonly can view runs but cannot start drift generation

⸻

Tests

Added/updated Pest coverage:
	•	BulkOperationRunStatusBucketTest.php
	•	DriftGenerationDispatchTest.php
	•	GenerateDriftFindingsJobNotificationTest.php
	•	RunAuthorizationTenantIsolationTest.php

Validation run locally:
	•	./vendor/bin/pint --dirty
	•	targeted tests from feature quickstart / drift monitoring tests

⸻

Manual QA
	1.	Go to Monitoring → Operations
	•	verify filters (run type / status / time range)
	•	verify run detail shows counts + sanitized failures + “Related” links
	2.	Open Drift Landing
	•	with >=2 successful inventory runs for scope: should queue drift generation + show notification with “View run”
	•	as readonly: should not start generation
	3.	Run detail
	•	drift.generate runs show “Drift findings” related link
	•	failure entries are sanitized (no secrets/tokens/raw payload dumps)

⸻

Notes / Ops
	•	Queue workers must be restarted after deploy so they load the new code:
	•	php artisan queue:restart (or Sail equivalent)
	•	This PR standardizes monitoring for Phase 1 producers only; follow-ups will migrate additional run types into the unified pattern.

⸻

Spec / Docs
	•	SpecKit artifacts added under specs/053-unify-runs-monitoring/
	•	Checklists are complete:
	•	requirements checklist PASS
	•	writing checklist PASS

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #60
2026-01-16 15:10:31 +00:00

55 lines
1.5 KiB
YAML
Raw Blame History

openapi: 3.0.3
info:
title: TenantPilot Admin Monitoring Contracts (Feature 053)
version: 0.1.0
description: |
Minimal page-render contracts for the Monitoring/Operations hub.
These pages must render from the database only (no external tenant calls)
and display only sanitized failure detail (no secrets/tokens/raw payload dumps).
servers:
- url: /
paths:
/admin/t/{tenantExternalId}/bulk-operation-runs:
get:
operationId: monitoringOperationsIndex
summary: Monitoring → Operations (tenant-scoped)
parameters:
- name: tenantExternalId
in: path
required: true
schema:
type: string
responses:
'200':
description: Page renders successfully.
'302':
description: Redirect to login when unauthenticated.
/admin/t/{tenantExternalId}/bulk-operation-runs/{bulkOperationRunId}:
get:
operationId: monitoringOperationsView
summary: Operation run detail (tenant-scoped)
parameters:
- name: tenantExternalId
in: path
required: true
schema:
type: string
- name: bulkOperationRunId
in: path
required: true
schema:
type: integer
responses:
'200':
description: Page renders successfully.
'302':
description: Redirect to login when unauthenticated.
'403':
description: Forbidden when attempting cross-tenant access.
components: {}
Reference in New Issue View Git Blame Copy Permalink