ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
37873829fd
TenantAtlas/app/Services/Inventory/DependencyTargets/DependencyTargetResolver.php
ahmido da18d3cb14 feat/042-inventory-dependencies-graph (#50) 
Dieses PR liefert den Inventory Dependencies Graph end-to-end: Abhängigkeiten (Edges) werden aus Inventory-Sync-Daten extrahiert, tenant-sicher gespeichert und in der Inventory Item Detailansicht angezeigt.

Ziel: Admins können Prerequisites + Blast Radius (direct) schnell erkennen, ohne Snapshot/Restore anzufassen.

⸻

Was ist drin?

Dependency Graph (Edges)
	•	inventory_links Schema + Indizes + idempotentes Upsert (Unique Key)
	•	Relationship Types (u.a.):
	•	assigned_to_include, assigned_to_exclude
	•	uses_assignment_filter
	•	scoped_by_scope_tag
	•	UI: Inventory Item → Dependencies Section
	•	Direction Filter: All / Inbound / Outbound
	•	Relationship Filter: All + spezifische Relationship Types
	•	Missing-Badge + sicheres Tooltip (safe subset)

Safety / Observability
	•	Unknown/unsupported Shapes erzeugen keine Edges, sondern:
	•	Warning in InventorySyncRun.error_context.warnings[]
	•	optional info-log (ohne Secrets)
	•	Limit-only Semantik (MVP): bis zu 50 Edges pro Richtung (max 100 bei “All”)
	•	Blast Radius in MVP = direct only (kein depth>1 traversal)

Name Resolution (lokal, ohne Entra Calls)
	•	Resolver/DTO Layer für deterministische Labels (kein “Unknown” mehr)
	•	Auflösung aus lokaler DB nur für Foundations, wenn vorhanden:
	•	scope_tag → roleScopeTag
	•	assignment_filter → assignmentFilter
	•	aad_group bleibt bewusst external ref: “Group (external): …” (keine Graph/Entra Lookups im UI)
	•	Zentraler FoundationTypeMap als Source-of-Truth (keine Hardcodings)

⸻

Out of Scope / Follow-up
	•	Entra Group Name Resolution (braucht eigenes “Group Inventory” Modul + Permissions)
	•	Foundations als Inventory Items / Coverage Tab (Scope Tags / Assignment Filters sichtbar & syncbar)
→ folgt als separater PR (Inventory Core/UI), damit 042 sauber “Edges-only” bleibt.

⸻

Tests / Verifikation
	•	Targeted Pest Tests (Unit + Feature + UI smoke) für:
	•	deterministische Edge-Erzeugung + idempotent upsert
	•	tenant isolation (UI/Query)
	•	warnings auf Run Record
	•	resolver/name rendering + links (wo möglich)
	•	pint --dirty ausgeführt

⸻

Manual QA (UI)
	1.	Inventory Sync Run mit include_dependencies=true starten
	2.	Inventory Item öffnen → Dependencies prüfen:
	•	include/exclude + filter + scoped_by sichtbar (wenn vorhanden)
	•	Relationship/Direction Filter funktionieren
	•	keine “Unknown” Labels mehr, sondern deterministische Labels

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #50
2026-01-10 12:50:08 +00:00

190 lines
6.8 KiB
PHP
Raw Blame History

<?php
namespace App\Services\Inventory\DependencyTargets;
use App\Models\InventoryItem;
use App\Models\Tenant;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Support\Arr;
use Illuminate\Support\Collection;
class DependencyTargetResolver
{
public function __construct(private readonly FoundationTypeMap $foundationTypeMap) {}
/**
* @param Collection<int, mixed> $edges
* @return Collection<int, array<string, mixed>>
*/
public function attachRenderedTargets(Collection $edges, Tenant $tenant): Collection
{
$edgeRows = $edges
->map(fn ($edge) => $edge instanceof Model ? $edge->toArray() : (array) $edge)
->values();
$targetIdsByFoundationType = [];
foreach ($edgeRows as $edge) {
$targetType = Arr::get($edge, 'target_type');
if ($targetType !== 'foundation_object') {
continue;
}
$foundationType = Arr::get($edge, 'metadata.foundation_type');
$targetId = Arr::get($edge, 'target_id');
if (! is_string($foundationType) || $foundationType === '') {
continue;
}
if (! is_string($targetId) || $targetId === '') {
continue;
}
$targetIdsByFoundationType[$foundationType] ??= [];
$targetIdsByFoundationType[$foundationType][] = $targetId;
}
$resolvedMaps = $this->resolveFoundationTargetsFromDb($tenant, $targetIdsByFoundationType);
return $edgeRows->map(function (array $edge) use ($tenant, $resolvedMaps) {
$targetType = Arr::get($edge, 'target_type');
if ($targetType === 'missing') {
$edge['rendered_target'] = DependencyTargetDto::missing()->toArray();
return $edge;
}
if ($targetType === 'foundation_object') {
$foundationType = Arr::get($edge, 'metadata.foundation_type');
$targetId = Arr::get($edge, 'target_id');
if (! is_string($targetId) || $targetId === '') {
$edge['rendered_target'] = DependencyTargetDto::externalReference('')->toArray();
return $edge;
}
$foundationType = is_string($foundationType) ? $foundationType : null;
$mapRow = $this->foundationTypeMap->get($foundationType);
if ($foundationType === 'aad_group') {
$label = $mapRow['label'] ?? 'Group (external)';
$edge['rendered_target'] = DependencyTargetDto::externalGroupWithLabel($targetId, $label)->toArray();
return $edge;
}
if (! $mapRow) {
$edge['rendered_target'] = DependencyTargetDto::externalReference($targetId, $foundationType)->toArray();
return $edge;
}
$label = $mapRow['label'] ?? 'External reference';
$resolved = $foundationType ? ($resolvedMaps[$foundationType][$targetId] ?? null) : null;
if (! is_array($resolved) || ! array_key_exists('inventory_item_id', $resolved)) {
$edge['rendered_target'] = DependencyTargetDto::unresolvedFoundation($label, $foundationType, $targetId)->toArray();
return $edge;
}
$displayName = $resolved['display_name'] ?? null;
if (! is_string($displayName) || $displayName === '') {
$edge['rendered_target'] = DependencyTargetDto::unresolvedFoundation($label, $foundationType, $targetId)->toArray();
return $edge;
}
$linkable = (bool) ($mapRow['linkable'] ?? false);
$edge['rendered_target'] = DependencyTargetDto::resolvedFoundation(
$label,
$foundationType,
$targetId,
$displayName,
$linkable ? (int) $resolved['inventory_item_id'] : null,
$tenant,
)->toArray();
return $edge;
}
$targetId = Arr::get($edge, 'target_id');
if (is_string($targetId) && $targetId !== '') {
$edge['rendered_target'] = DependencyTargetDto::externalReference($targetId, $targetType)->toArray();
return $edge;
}
$edge['rendered_target'] = DependencyTargetDto::externalReference('', $targetType)->toArray();
return $edge;
});
}
/**
* @param array<string, list<string>> $targetIdsByFoundationType
* @return array<string, array<string, array{inventory_item_id:int,display_name:?string}>>
*/
private function resolveFoundationTargetsFromDb(Tenant $tenant, array $targetIdsByFoundationType): array
{
$resolvableTypes = $this->foundationTypeMap->resolvableFoundationTypes();
$policyTypeToFoundationType = $this->foundationTypeMap->policyTypeToFoundationType();
$policyTypes = [];
$allExternalIds = [];
foreach ($targetIdsByFoundationType as $foundationType => $targetIds) {
if (! in_array($foundationType, $resolvableTypes, true)) {
continue;
}
$row = $this->foundationTypeMap->get($foundationType);
$policyType = $row['inventory_policy_type'] ?? null;
if (! is_string($policyType) || $policyType === '') {
continue;
}
$policyTypes[] = $policyType;
foreach ($targetIds as $id) {
if (is_string($id) && $id !== '') {
$allExternalIds[] = $id;
}
}
}
$policyTypes = array_values(array_unique($policyTypes));
$allExternalIds = array_values(array_unique($allExternalIds));
if ($policyTypes === [] || $allExternalIds === []) {
return [];
}
$items = InventoryItem::query()
->where('tenant_id', $tenant->getKey())
->whereIn('policy_type', $policyTypes)
->whereIn('external_id', $allExternalIds)
->get(['id', 'tenant_id', 'policy_type', 'external_id', 'display_name']);
$resolved = [];
foreach ($items as $item) {
$foundationType = $policyTypeToFoundationType[$item->policy_type] ?? null;
if (! is_string($foundationType) || $foundationType === '') {
continue;
}
$resolved[$foundationType] ??= [];
$resolved[$foundationType][$item->external_id] = [
'inventory_item_id' => (int) $item->getKey(),
'display_name' => is_string($item->display_name) ? $item->display_name : null,
];
}
return $resolved;
}
}
Reference in New Issue View Git Blame Copy Permalink