ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
3cea084def
TenantAtlas/specs/056-remove-legacy-bulkops/data-model.md
Ahmed Darrazi bcdeeb5525 spec: refine 056 docs
2026-01-18 18:29:06 +01:00

2.8 KiB
Raw Blame History

Phase 1 — Data Model: Remove Legacy BulkOperationRun & Canonicalize Operations (v1.0)

This document describes the domain entities and data contracts impacted by Feature 056.

Entities

OperationRun (canonical)

Represents a single observable operation execution. Tenant-scoped.

Core fields (existing):

  • tenant_id: Tenant scope for isolation.
  • user_id: Initiator user (nullable for system).
  • initiator_name: Human name for display.
  • type: Operation type (stable identifier).
  • status: queued | running | completed.
  • outcome: pending | succeeded | partial | failed (exact naming per existing app semantics).
  • run_identity_hash: Deterministic identity used for dedupe of active runs.
  • context: JSON object containing operation inputs and metadata.
  • summary_counts: JSON object with canonical metrics keys.
  • failure_summary: JSON array/object with stable reason codes + sanitized messages.
  • started_at, completed_at: Timestamps.

Invariants:

  • Active-run dedupe is tenant-wide.
  • Monitoring renders from DB only.
  • summary_counts keys are constrained to the canonical registry.
  • Failure messages are sanitized and do not include secrets.

Operation Type (logical)

A stable identifier used to categorize runs, label them for admins, and enforce consistent UX.

Attributes:

  • type (string): e.g., policy_version.prune, backup_set.delete, etc.
  • label (string): human readable name.
  • expected_duration_seconds (optional): typical duration.
  • allowed_summary_keys: canonical registry.

Target Scope (logical)

A directory/remote tenant scope that an operation targets.

Context fields (when applicable):

  • entra_tenant_id: Azure AD / Entra tenant GUID.
  • directory_context_id: Internal directory context identifier.

At least one of the above must be present for directory-targeted operations.

Bulk Selection Identity (logical)

Deterministic definition of “what the bulk action applies to”, required for idempotency.

Decision: Hybrid identity.

  • Explicit selection: selection.ids_hash
  • Query/filter selection (“select all”): selection.query_hash

Properties:

  • selection.kind: ids | query
  • selection.ids_hash: sha256 of stable, sorted IDs.
  • selection.query_hash: sha256 of normalized filter/query payload.

Bulk Idempotency Fingerprint (logical)

Deterministic fingerprint used to dedupe active runs and prevent duplicated work.

Components:

  • operation type
  • target scope (entra_tenant_id or directory_context_id)
  • selection identity (hybrid)

Removed Entity

BulkOperationRun (legacy)

This entity is removed by Feature 056.

  • Legacy model/service/table are deleted.
  • No new writes to legacy tables after cutover.
  • Historical import into OperationRun is not performed.