ahmido
4d3fcd28a9
What Implements tenant-scoped backup scheduling end-to-end: schedules CRUD, minute-based dispatch, queued execution, run history, manual “Run now/Retry”, retention (keep last N), and auditability. Key changes Filament UI: Backup Schedules resource with tenant scoping + SEC-002 role gating. Scheduler + queue: tenantpilot:schedules:dispatch command wired in scheduler (runs every minute), creates idempotent BackupScheduleRun records and dispatches jobs. Execution: RunBackupScheduleJob syncs policies, creates immutable backup sets, updates run status, writes audit logs, applies retry/backoff mapping, and triggers retention. Run history: Relation manager + “View” modal rendering run details. UX polish: row actions grouped; bulk actions grouped (run now / retry / delete). Bulk dispatch writes DB notifications (shows in notifications panel). Validation: policy type hard-validation on save; unknown policy types handled safely at runtime (skipped/partial). Tests: comprehensive Pest coverage for CRUD/scoping/validation, idempotency, job outcomes, error mapping, retention, view modal, run-now/retry notifications, bulk delete (incl. operator forbidden). Files / Areas Filament: BackupScheduleResource.php and app/Filament/Resources/BackupScheduleResource/* Scheduling/Jobs: app/Console/Commands/TenantpilotDispatchBackupSchedules.php, app/Jobs/RunBackupScheduleJob.php, app/Jobs/ApplyBackupScheduleRetentionJob.php, console.php Models/Migrations: app/Models/BackupSchedule.php, app/Models/BackupScheduleRun.php, database/migrations/backup_schedules, backup_schedule_runs Notifications: BackupScheduleRunDispatchedNotification.php Specs: specs/032-backup-scheduling-mvp/* (tasks/checklist/quickstart updates) How to test (Sail) Run tests: ./vendor/bin/sail artisan test tests/Feature/BackupScheduling Run formatter: ./vendor/bin/sail php ./vendor/bin/pint --dirty Apply migrations: ./vendor/bin/sail artisan migrate Manual dispatch: ./vendor/bin/sail artisan tenantpilot:schedules:dispatch Notes Uses DB notifications for queued UI actions to ensure they appear in the notifications panel even under queue fakes in tests. Checklist gate for 032 is PASS; tasks updated accordingly. Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local> Reviewed-on: #34
276 lines
9.5 KiB
PHP
276 lines
9.5 KiB
PHP
<?php
|
|
|
|
namespace App\Jobs;
|
|
|
|
use App\Models\BackupSchedule;
|
|
use App\Models\BackupScheduleRun;
|
|
use App\Services\BackupScheduling\PolicyTypeResolver;
|
|
use App\Services\BackupScheduling\RunErrorMapper;
|
|
use App\Services\BackupScheduling\ScheduleTimeService;
|
|
use App\Services\Intune\AuditLogger;
|
|
use App\Services\Intune\BackupService;
|
|
use App\Services\Intune\PolicySyncService;
|
|
use Carbon\CarbonImmutable;
|
|
use Illuminate\Bus\Queueable;
|
|
use Illuminate\Contracts\Queue\ShouldQueue;
|
|
use Illuminate\Foundation\Bus\Dispatchable;
|
|
use Illuminate\Queue\InteractsWithQueue;
|
|
use Illuminate\Queue\SerializesModels;
|
|
use Illuminate\Support\Arr;
|
|
use Illuminate\Support\Facades\Bus;
|
|
use Illuminate\Support\Facades\Cache;
|
|
|
|
class RunBackupScheduleJob implements ShouldQueue
|
|
{
|
|
use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
|
|
|
|
public int $tries = 3;
|
|
|
|
public function __construct(public int $backupScheduleRunId) {}
|
|
|
|
public function handle(
|
|
PolicySyncService $policySyncService,
|
|
BackupService $backupService,
|
|
PolicyTypeResolver $policyTypeResolver,
|
|
ScheduleTimeService $scheduleTimeService,
|
|
AuditLogger $auditLogger,
|
|
RunErrorMapper $errorMapper,
|
|
): void {
|
|
$run = BackupScheduleRun::query()
|
|
->with(['schedule', 'tenant'])
|
|
->find($this->backupScheduleRunId);
|
|
|
|
if (! $run) {
|
|
return;
|
|
}
|
|
|
|
$schedule = $run->schedule;
|
|
|
|
if (! $schedule instanceof BackupSchedule) {
|
|
$run->update([
|
|
'status' => BackupScheduleRun::STATUS_FAILED,
|
|
'error_code' => RunErrorMapper::ERROR_UNKNOWN,
|
|
'error_message' => 'Schedule not found.',
|
|
'finished_at' => CarbonImmutable::now('UTC'),
|
|
]);
|
|
|
|
return;
|
|
}
|
|
|
|
$tenant = $run->tenant;
|
|
|
|
if (! $tenant) {
|
|
$run->update([
|
|
'status' => BackupScheduleRun::STATUS_FAILED,
|
|
'error_code' => RunErrorMapper::ERROR_UNKNOWN,
|
|
'error_message' => 'Tenant not found.',
|
|
'finished_at' => CarbonImmutable::now('UTC'),
|
|
]);
|
|
|
|
return;
|
|
}
|
|
|
|
$lock = Cache::lock("backup_schedule:{$schedule->id}", 900);
|
|
|
|
if (! $lock->get()) {
|
|
$this->finishRun(
|
|
run: $run,
|
|
schedule: $schedule,
|
|
status: BackupScheduleRun::STATUS_SKIPPED,
|
|
errorCode: 'CONCURRENT_RUN',
|
|
errorMessage: 'Another run is already in progress for this schedule.',
|
|
summary: ['reason' => 'concurrent_run'],
|
|
scheduleTimeService: $scheduleTimeService,
|
|
);
|
|
|
|
return;
|
|
}
|
|
|
|
try {
|
|
$nowUtc = CarbonImmutable::now('UTC');
|
|
|
|
$run->forceFill([
|
|
'started_at' => $run->started_at ?? $nowUtc,
|
|
'status' => BackupScheduleRun::STATUS_RUNNING,
|
|
])->save();
|
|
|
|
$auditLogger->log(
|
|
tenant: $tenant,
|
|
action: 'backup_schedule.run_started',
|
|
context: [
|
|
'metadata' => [
|
|
'backup_schedule_id' => $schedule->id,
|
|
'backup_schedule_run_id' => $run->id,
|
|
'scheduled_for' => $run->scheduled_for?->toDateTimeString(),
|
|
],
|
|
],
|
|
resourceType: 'backup_schedule_run',
|
|
resourceId: (string) $run->id,
|
|
status: 'success'
|
|
);
|
|
|
|
$runtime = $policyTypeResolver->resolveRuntime((array) ($schedule->policy_types ?? []));
|
|
$validTypes = $runtime['valid'];
|
|
$unknownTypes = $runtime['unknown'];
|
|
|
|
if (empty($validTypes)) {
|
|
$this->finishRun(
|
|
run: $run,
|
|
schedule: $schedule,
|
|
status: BackupScheduleRun::STATUS_SKIPPED,
|
|
errorCode: 'UNKNOWN_POLICY_TYPE',
|
|
errorMessage: 'All configured policy types are unknown.',
|
|
summary: [
|
|
'unknown_policy_types' => $unknownTypes,
|
|
],
|
|
scheduleTimeService: $scheduleTimeService,
|
|
);
|
|
|
|
return;
|
|
}
|
|
|
|
$supported = array_values(array_filter(
|
|
config('tenantpilot.supported_policy_types', []),
|
|
fn (array $typeConfig): bool => in_array($typeConfig['type'] ?? null, $validTypes, true),
|
|
));
|
|
|
|
$syncReport = $policySyncService->syncPoliciesWithReport($tenant, $supported);
|
|
|
|
$policyIds = $syncReport['synced'] ?? [];
|
|
$syncFailures = $syncReport['failures'] ?? [];
|
|
|
|
$backupSet = $backupService->createBackupSet(
|
|
tenant: $tenant,
|
|
policyIds: $policyIds,
|
|
actorEmail: null,
|
|
actorName: null,
|
|
name: 'Scheduled backup: '.$schedule->name,
|
|
includeAssignments: false,
|
|
includeScopeTags: false,
|
|
includeFoundations: (bool) ($schedule->include_foundations ?? false),
|
|
);
|
|
|
|
$status = match ($backupSet->status) {
|
|
'completed' => BackupScheduleRun::STATUS_SUCCESS,
|
|
'partial' => BackupScheduleRun::STATUS_PARTIAL,
|
|
'failed' => BackupScheduleRun::STATUS_FAILED,
|
|
default => BackupScheduleRun::STATUS_SUCCESS,
|
|
};
|
|
|
|
$errorCode = null;
|
|
$errorMessage = null;
|
|
|
|
$summary = [
|
|
'policies_total' => count($policyIds),
|
|
'policies_backed_up' => (int) ($backupSet->item_count ?? 0),
|
|
'sync_failures' => $syncFailures,
|
|
];
|
|
|
|
if (! empty($unknownTypes)) {
|
|
$status = BackupScheduleRun::STATUS_PARTIAL;
|
|
$errorCode = 'UNKNOWN_POLICY_TYPE';
|
|
$errorMessage = 'Some configured policy types are unknown and were skipped.';
|
|
$summary['unknown_policy_types'] = $unknownTypes;
|
|
}
|
|
|
|
$this->finishRun(
|
|
run: $run,
|
|
schedule: $schedule,
|
|
status: $status,
|
|
errorCode: $errorCode,
|
|
errorMessage: $errorMessage,
|
|
summary: $summary,
|
|
scheduleTimeService: $scheduleTimeService,
|
|
backupSetId: (string) $backupSet->id,
|
|
);
|
|
|
|
$auditLogger->log(
|
|
tenant: $tenant,
|
|
action: 'backup_schedule.run_finished',
|
|
context: [
|
|
'metadata' => [
|
|
'backup_schedule_id' => $schedule->id,
|
|
'backup_schedule_run_id' => $run->id,
|
|
'status' => $status,
|
|
'error_code' => $errorCode,
|
|
],
|
|
],
|
|
resourceType: 'backup_schedule_run',
|
|
resourceId: (string) $run->id,
|
|
status: in_array($status, [BackupScheduleRun::STATUS_SUCCESS], true) ? 'success' : 'partial'
|
|
);
|
|
} catch (\Throwable $throwable) {
|
|
$attempt = (int) method_exists($this, 'attempts') ? $this->attempts() : 1;
|
|
$mapped = $errorMapper->map($throwable, $attempt, $this->tries);
|
|
|
|
if ($mapped['shouldRetry']) {
|
|
$this->release($mapped['delay']);
|
|
|
|
return;
|
|
}
|
|
|
|
$this->finishRun(
|
|
run: $run,
|
|
schedule: $schedule,
|
|
status: BackupScheduleRun::STATUS_FAILED,
|
|
errorCode: $mapped['error_code'],
|
|
errorMessage: $mapped['error_message'],
|
|
summary: [
|
|
'exception' => get_class($throwable),
|
|
'attempt' => $attempt,
|
|
],
|
|
scheduleTimeService: $scheduleTimeService,
|
|
);
|
|
|
|
$auditLogger->log(
|
|
tenant: $tenant,
|
|
action: 'backup_schedule.run_failed',
|
|
context: [
|
|
'metadata' => [
|
|
'backup_schedule_id' => $schedule->id,
|
|
'backup_schedule_run_id' => $run->id,
|
|
'error_code' => $mapped['error_code'],
|
|
],
|
|
],
|
|
resourceType: 'backup_schedule_run',
|
|
resourceId: (string) $run->id,
|
|
status: 'failed'
|
|
);
|
|
} finally {
|
|
optional($lock)->release();
|
|
}
|
|
}
|
|
|
|
private function finishRun(
|
|
BackupScheduleRun $run,
|
|
BackupSchedule $schedule,
|
|
string $status,
|
|
?string $errorCode,
|
|
?string $errorMessage,
|
|
array $summary,
|
|
ScheduleTimeService $scheduleTimeService,
|
|
?string $backupSetId = null,
|
|
): void {
|
|
$nowUtc = CarbonImmutable::now('UTC');
|
|
|
|
$run->forceFill([
|
|
'status' => $status,
|
|
'error_code' => $errorCode,
|
|
'error_message' => $errorMessage,
|
|
'summary' => Arr::wrap($summary),
|
|
'finished_at' => $nowUtc,
|
|
'backup_set_id' => $backupSetId,
|
|
])->save();
|
|
|
|
$schedule->forceFill([
|
|
'last_run_at' => $nowUtc,
|
|
'last_run_status' => $status,
|
|
'next_run_at' => $scheduleTimeService->nextRunFor($schedule, $nowUtc),
|
|
])->saveQuietly();
|
|
|
|
if ($backupSetId && in_array($status, [BackupScheduleRun::STATUS_SUCCESS, BackupScheduleRun::STATUS_PARTIAL], true)) {
|
|
Bus::dispatch(new ApplyBackupScheduleRetentionJob($schedule->id));
|
|
}
|
|
}
|
|
}
|