ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
4db8030f2a
TenantAtlas/app/Services/Providers/ProviderConnectionResolver.php
ahmido 4db8030f2a Spec 081: Provider connection cutover (#98) 
Implements Spec 081 provider-connection cutover.

Highlights:
- Adds provider connection resolution + gating for operations/verification.
- Adds provider credential observer wiring.
- Updates Filament tenant verify flow to block with next-steps when provider connection isn’t ready.
- Adds spec docs under specs/081-provider-connection-cutover/ and extensive Spec081 test coverage.

Tests:
- vendor/bin/sail artisan test --compact tests/Feature/Filament/TenantSetupTest.php
- Focused suites for ProviderConnections/Verification ran during implementation (see local logs).

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #98
2026-02-08 11:28:51 +00:00

125 lines
4.5 KiB
PHP
Raw Blame History

<?php
namespace App\Services\Providers;
use App\Models\ProviderConnection;
use App\Models\ProviderCredential;
use App\Models\Tenant;
use App\Support\Providers\ProviderReasonCodes;
final class ProviderConnectionResolver
{
public function resolveDefault(Tenant $tenant, string $provider): ProviderConnectionResolution
{
$defaults = ProviderConnection::query()
->where('tenant_id', (int) $tenant->getKey())
->where('provider', $provider)
->where('is_default', true)
->orderBy('id')
->get();
if ($defaults->count() === 0) {
return ProviderConnectionResolution::blocked(
ProviderReasonCodes::ProviderConnectionMissing,
'No default provider connection is configured for this tenant/provider.',
);
}
if ($defaults->count() > 1) {
return ProviderConnectionResolution::blocked(
ProviderReasonCodes::ProviderConnectionInvalid,
'Multiple default provider connections were detected.',
'ext.multiple_defaults_detected',
);
}
/** @var ProviderConnection $connection */
$connection = $defaults->first();
return $this->validateConnection($tenant, $provider, $connection);
}
public function validateConnection(Tenant $tenant, string $provider, ProviderConnection $connection): ProviderConnectionResolution
{
if ((int) $connection->tenant_id !== (int) $tenant->getKey() || (string) $connection->provider !== $provider) {
return ProviderConnectionResolution::blocked(
ProviderReasonCodes::ProviderConnectionInvalid,
'Provider connection does not match tenant/provider scope.',
'ext.connection_scope_mismatch',
$connection,
);
}
if ((string) $connection->status === 'disabled') {
return ProviderConnectionResolution::blocked(
ProviderReasonCodes::ProviderConnectionInvalid,
'Provider connection is disabled.',
'ext.connection_disabled',
$connection,
);
}
if ((string) $connection->status === 'needs_consent') {
return ProviderConnectionResolution::blocked(
ProviderReasonCodes::ProviderConsentMissing,
'Provider connection requires admin consent before use.',
'ext.connection_needs_consent',
$connection,
);
}
if ($connection->entra_tenant_id === null || trim((string) $connection->entra_tenant_id) === '') {
return ProviderConnectionResolution::blocked(
ProviderReasonCodes::ProviderConnectionInvalid,
'Provider connection is missing target tenant scope.',
'ext.connection_tenant_missing',
$connection,
);
}
$credential = $connection->credential()->first();
if (! $credential instanceof ProviderCredential) {
return ProviderConnectionResolution::blocked(
ProviderReasonCodes::ProviderCredentialMissing,
'Provider connection is missing credentials.',
connection: $connection,
);
}
if ($credential->type !== 'client_secret') {
return ProviderConnectionResolution::blocked(
ProviderReasonCodes::ProviderCredentialInvalid,
'Provider credential type is invalid.',
'ext.invalid_credential_type',
$connection,
);
}
$payload = $credential->payload;
if (! is_array($payload)) {
return ProviderConnectionResolution::blocked(
ProviderReasonCodes::ProviderCredentialInvalid,
'Provider credential payload is invalid.',
'ext.invalid_credential_payload',
$connection,
);
}
$clientId = trim((string) ($payload['client_id'] ?? ''));
$clientSecret = trim((string) ($payload['client_secret'] ?? ''));
if ($clientId === '' || $clientSecret === '') {
return ProviderConnectionResolution::blocked(
ProviderReasonCodes::ProviderCredentialInvalid,
'Provider credential payload is missing required fields.',
'ext.missing_credential_fields',
$connection,
);
}
return ProviderConnectionResolution::resolved($connection);
}
}
Reference in New Issue View Git Blame Copy Permalink