ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
49ab849ca1
TenantAtlas/app/Support/OperationCatalog.php
ahmido ef380b67d1 feat(104): Provider Permission Posture (#127) 
Implements Spec 104: Provider Permission Posture.

What changed
- Generates permission posture findings after each tenant permission compare (queued)
- Stores immutable posture snapshots as StoredReports (JSONB payload)
- Adds global Finding resolved lifecycle (`resolved_at`, `resolved_reason`) with `resolve()` / `reopen()`
- Adds alert pipeline event type `permission_missing` (Alerts v1) and Filament option for Alert Rules
- Adds retention pruning command + daily schedule for StoredReports
- Adds badge mappings for `resolved` finding status and `permission_posture` finding type

UX fixes discovered during manual verification
- Hide “Diff” section for non-drift findings (only drift findings show diff)
- Required Permissions page: “Re-run verification” now links to Tenant view (not onboarding)
- Preserve Technical Details `<details>` open state across Livewire re-renders (Alpine state)

Verification
- Ran `vendor/bin/sail artisan test --compact --filter=PermissionPosture` (50 tests)
- Ran `vendor/bin/sail artisan test --compact --filter="FindingResolved|FindingBadge|PermissionMissingAlert"` (20 tests)
- Ran `vendor/bin/sail bin pint --dirty`

Filament v5 / Livewire v4 compliance
- Filament v5 + Livewire v4: no Livewire v3 usage.

Panel provider registration (Laravel 11+)
- No new panels added. Existing panel providers remain registered via `bootstrap/providers.php`.

Global search rule
- No changes to global-searchable resources.

Destructive actions
- No new destructive Filament actions were added in this PR.

Assets / deploy notes
- No new Filament assets registered. Existing deploy step `php artisan filament:assets` remains unchanged.

Test coverage
- New/updated Pest feature tests cover generator behavior, job integration, alerting, retention pruning, and resolved lifecycle.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #127
2026-02-21 22:32:52 +00:00

95 lines
3.6 KiB
PHP
Raw Blame History

<?php
namespace App\Support;
use App\Support\OpsUx\OperationSummaryKeys;
final class OperationCatalog
{
public const string TYPE_PERMISSION_POSTURE_CHECK = 'permission_posture_check';
/**
* @return array<string, string>
*/
public static function labels(): array
{
return [
'policy.sync' => 'Policy sync',
'policy.sync_one' => 'Policy sync',
'policy.capture_snapshot' => 'Policy snapshot',
'policy.delete' => 'Delete policies',
'policy.unignore' => 'Restore policies',
'policy.export' => 'Export policies to backup',
'provider.connection.check' => 'Provider connection check',
'inventory_sync' => 'Inventory sync',
'compliance.snapshot' => 'Compliance snapshot',
'entra_group_sync' => 'Directory groups sync',
'drift_generate_findings' => 'Drift generation',
'backup_set.add_policies' => 'Backup set update',
'backup_set.remove_policies' => 'Backup set update',
'backup_set.delete' => 'Archive backup sets',
'backup_set.restore' => 'Restore backup sets',
'backup_set.force_delete' => 'Delete backup sets',
'backup_schedule_run' => 'Backup schedule run',
'backup_schedule_retention' => 'Backup schedule retention',
'backup_schedule_purge' => 'Backup schedule purge',
'restore.execute' => 'Restore execution',
'assignments.fetch' => 'Assignment fetch',
'assignments.restore' => 'Assignment restore',
'ops.reconcile_adapter_runs' => 'Reconcile adapter runs',
'directory_role_definitions.sync' => 'Role definitions sync',
'restore_run.delete' => 'Delete restore runs',
'restore_run.restore' => 'Restore restore runs',
'restore_run.force_delete' => 'Force delete restore runs',
'tenant.sync' => 'Tenant sync',
'policy_version.prune' => 'Prune policy versions',
'policy_version.restore' => 'Restore policy versions',
'policy_version.force_delete' => 'Delete policy versions',
'alerts.evaluate' => 'Alerts evaluation',
'alerts.deliver' => 'Alerts delivery',
'baseline_capture' => 'Baseline capture',
'baseline_compare' => 'Baseline compare',
'permission_posture_check' => 'Permission posture check',
];
}
public static function label(string $operationType): string
{
$operationType = trim($operationType);
if ($operationType === '') {
return 'Operation';
}
return self::labels()[$operationType] ?? 'Unknown operation';
}
public static function expectedDurationSeconds(string $operationType): ?int
{
return match (trim($operationType)) {
'policy.sync', 'policy.sync_one' => 90,
'provider.connection.check' => 30,
'policy.export' => 120,
'inventory_sync' => 180,
'compliance.snapshot' => 180,
'entra_group_sync' => 120,
'drift_generate_findings' => 240,
'assignments.fetch', 'assignments.restore' => 60,
'ops.reconcile_adapter_runs' => 120,
'alerts.evaluate', 'alerts.deliver' => 120,
'baseline_capture' => 120,
'baseline_compare' => 120,
'permission_posture_check' => 30,
default => null,
};
}
/**
* @return array<int, string>
*/
public static function allowedSummaryKeys(): array
{
return OperationSummaryKeys::all();
}
}
Reference in New Issue View Git Blame Copy Permalink