ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
50cc0af961
TenantAtlas/specs/073-unified-managed-tenant-onboarding-wizard/tasks.md
ahmido 8e34b6084f 073-unified-managed-tenant-onboarding-wizard (#90) 
Kontext / Ziel
Diese PR liefert den einzigen kanonischen Onboarding-Entry unter /admin/onboarding (workspace-first, tenantless bis zur Aktivierung) und ergänzt einen tenantless OperationRun-Viewer unter /admin/operations/{run} mit membership→404 Semantik.

Was ist enthalten?
Single entry point: /admin/onboarding ist der einzige Einstieg; Legacy Entry Points liefern echte 404 (keine Redirects).
Wizard v1 (Enterprise): idempotentes Identifizieren eines Managed Tenants (per Entra Tenant ID), resumable Session-Flow.
Provider Connection Step: Auswahl oder Erstellung, Secrets werden nie erneut gerendert / nicht in Session-State persistiert.
Verification als OperationRun: async/queued, DB-only Rendering im Wizard (keine Graph-Calls beim Rendern).
Tenantless Run Viewing: /admin/operations/{run} funktioniert ohne ausgewählten Workspace/Tenant, aber bleibt über Workspace-Mitgliedschaft autorisiert (non-member → 404).
RBAC-UX Semantik: non-member → 404, member ohne Capability → UI disabled + tooltip, server-side Action → 403.
Auditability: Aktivierung/Overrides sind auditierbar, stable action IDs, keine Secrets.
Tech / Version-Safety
Filament v5 / Livewire v4.0+ kompatibel.
Laravel 11+: Panel Provider Registrierung in providers.php (unverändert).
Tests / Format
vendor/bin/sail bin pint --dirty
Full suite: vendor/bin/sail artisan test --no-ansi → 984 passed, 5 skipped (exit 0)
Ops / Deployment Notes
Keine zusätzlichen Services vorausgesetzt.
Falls Assets registriert wurden: Deployment weiterhin mit php artisan filament:assets (wie üblich im Projekt).

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.fritz.box>
Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #90
2026-02-04 23:30:55 +00:00

12 KiB
Raw Blame History

description
Tasks for Managed Tenant Onboarding Wizard V1 (Enterprise) (073)

Tasks: Managed Tenant Onboarding Wizard V1 (Enterprise)

Input: Design documents from specs/073-unified-managed-tenant-onboarding-wizard/ Prerequisites: plan.md (required), spec.md (required), research.md, data-model.md, contracts/

Tests: Required (Pest). Use vendor/bin/sail artisan test --compact ....

Phase 1: Setup (Shared Infrastructure)

Purpose: Confirm baseline environment is ready for implementing and testing runtime behavior changes.

  • T001 Confirm Sail is running using docker-compose.yml (command: vendor/bin/sail up -d)
  • T002 Run a baseline test subset using phpunit.xml and tests/ (command: vendor/bin/sail artisan test --compact)

Phase 2: Foundational (Blocking Prerequisites)

Purpose: Shared primitives required by all user stories (capabilities, resumable session model, tenant status semantics).

  • T003 Define wizard capabilities (per-step/per-action) in app/Support/Auth/Capabilities.php
  • T004 [P] Map wizard capabilities to roles (least privilege) in app/Services/Auth/WorkspaceRoleCapabilityMap.php
  • T005 Implement server-side authorization checks for wizard actions in app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php (no role-string checks)
  • T006 Ensure Tenant lifecycle supports draft|onboarding|active|archived in app/Models/Tenant.php
  • T007 Update onboarding session schema to match data-model (safe state only) in app/Models/TenantOnboardingSession.php
  • T008 Update onboarding session migration constraints for idempotency in database/migrations/2026_02_04_090010_update_tenant_onboarding_sessions_constraints.php
  • T009 [P] Add foundational capability + tenant lifecycle tests in tests/Feature/Onboarding/OnboardingFoundationsTest.php

Checkpoint: Foundation ready — user story implementation can begin.

Phase 3: User Story 1 — Single entry point onboarding (Priority: P1) 🎯 MVP

Goal: Provide /admin/onboarding as the sole onboarding entry point, redirect to workspace chooser if none selected, and implement Step 1 idempotent identification with strict 404/403 semantics.

Independent Test: Visit /admin/onboarding with and without a selected workspace, complete Step 1, and verify exactly one tenant/session is created and cross-workspace attempts behave as 404.

Tests (write first)

  • T010 [P] [US1] Add entry-point routing tests in tests/Feature/Onboarding/OnboardingEntryPointTest.php
  • T011 [P] [US1] Add RBAC semantics tests (404 non-member, disabled UI + 403 action) in tests/Feature/Onboarding/OnboardingRbacSemanticsTest.php
  • T012 [P] [US1] Add idempotency + cross-workspace isolation tests in tests/Feature/Onboarding/OnboardingIdentifyTenantTest.php

Implementation

  • T013 [US1] Make /admin/onboarding the canonical wizard route in app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php (set slug; remove workspace route parameter dependency)
  • T014 [US1] Resolve the current workspace from session context in app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php (redirect when missing; 404 when non-member)
  • T015 [US1] Keep page visible for members without capability (disable controls + tooltip) in app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php
  • T016 [US1] Implement Step 1 inputs per spec (tenant name, environment, Entra Tenant ID, optional domain/notes) in app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php
  • T017 [US1] Implement Step 1 idempotent upsert + onboarding session resume (deny-as-not-found if tenant exists in another workspace) in app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php
  • T018 [US1] Ensure no pre-activation tenant-scoped links are generated in app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php

Remove legacy entry points (must be true 404, no redirects)

  • T019 [US1] Remove tenant registration surface from app/Providers/Filament/AdminPanelProvider.php (drop ->tenantRegistration(...) if present)
  • T020 [US1] Remove/404 legacy routes in routes/web.php (/admin/new, /admin/register-tenant, /admin/managed-tenants/onboarding)
  • T021 [P] [US1] Add legacy route regression tests in tests/Feature/Onboarding/OnboardingLegacyRoutesTest.php

Checkpoint: US1 complete — /admin/onboarding is canonical, legacy entry points are 404, and Step 1 is safe + idempotent.

Phase 4: User Story 2 — Provider connection selection/creation (Priority: P2)

Goal: Allow selecting an existing workspace-owned provider connection or creating a new one, without ever re-displaying secrets.

Independent Test: Complete Step 2 in both modes (existing vs new), verify the onboarding session stores only non-secret state, and verify the provider connection is workspace-scoped and bound to the managed tenant by default.

Tests (write first)

  • T022 [P] [US2] Add connection selection/creation tests in tests/Feature/Onboarding/OnboardingProviderConnectionTest.php
  • T023 [P] [US2] Add secret-safety regression tests in tests/Feature/Onboarding/OnboardingSecretSafetyTest.php

Implementation

  • T024 [US2] Implement workspace-owned ProviderConnection schema changes in database/migrations/2026_02_04_090020_make_provider_connections_workspace_owned.php
  • T025 [US2] Update ProviderConnection model relationships + scoping in app/Models/ProviderConnection.php
  • T026 [US2] Update ProviderConnection authorization for workspace scope in app/Policies/ProviderConnectionPolicy.php
  • T027 [US2] Update ProviderConnection admin resource scoping in app/Filament/Resources/ProviderConnectionResource.php
  • T028 [US2] Update Step 2 schema + persistence (no secrets in onboarding session state) in app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php
  • T029 [US2] Store provider_connection_id in onboarding session safe state in app/Models/TenantOnboardingSession.php

Checkpoint: US2 complete — Provider connections are workspace-owned, default-bound to one tenant, and secrets are never re-shown.

Phase 5: User Story 3 — Verification + tenantless run viewing + activation (Priority: P3)

Goal: Start verification as an OperationRun, render DB-only reports with correct status mapping, and support tenantless viewing at /admin/operations/{run} without requiring selected workspace or tenant context.

Independent Test: Start verification from the wizard, dedupe active runs, open /admin/operations/{run} without a selected workspace, and enforce membership-based 404 semantics.

Tests (write first)

  • T030 [P] [US3] Add tenantless run viewer access tests in tests/Feature/Operations/TenantlessOperationRunViewerTest.php
  • T031 [P] [US3] Add verification start + dedupe tests in tests/Feature/Onboarding/OnboardingVerificationTest.php
  • T032 [P] [US3] Add owner-only activation + override audit tests in tests/Feature/Onboarding/OnboardingActivationTest.php
  • T052 [P] [US3] Add Graph contract registry coverage tests (organization + service principal permission probes) in tests/Unit/GraphContractRegistryOnboardingProbesTest.php

Implementation — tenantless operation run viewer

  • T033 [US3] Add OperationRun workspace scoping fields + idempotency indexes in database/migrations/2026_02_04_090030_add_workspace_id_to_operation_runs_table.php
  • T034 [US3] Update OperationRun model for workspace relationship + nullable tenant_id in app/Models/OperationRun.php
  • T035 [US3] Update run identity/dedupe logic for tenantless runs in app/Services/OperationRunService.php
  • T036 [US3] Exempt /admin/operations/{run} from forced workspace selection in app/Http/Middleware/EnsureWorkspaceSelected.php
  • T037 [US3] Prevent tenant auto-selection side effects for /admin/operations/{run} in app/Support/Middleware/EnsureFilamentTenantSelected.php
  • T038 [US3] Authorize viewing runs by workspace membership (non-member → 404) in app/Policies/OperationRunPolicy.php
  • T039 [US3] Implement tenantless /admin/operations/{run} viewer page + route with membership-based 404 semantics (app/Filament/Pages/Operations/TenantlessOperationRunViewer.php, routes/web.php)

Implementation — verification + report + activation

  • T053 [US3] Register onboarding verification probe endpoints in config/graph_contracts.php (organization + service principal permission lookups)
  • T054 [US3] Refactor verification probe calls to resolve endpoints via GraphContractRegistry (no ad-hoc Graph paths; fail safe if contract missing) in app/Services/Graph/MicrosoftGraphClient.php and app/Services/Providers/ProviderGateway.php
  • T040 [US3] Implement Step 3 start verification (OperationRun + queued job) with 403 on capability denial in app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php
  • T041 [US3] Implement active-run dedupe (queued/running) and persist run IDs in app/Models/TenantOnboardingSession.php
  • T042 [US3] Implement DB-only “Refresh” and status mapping (Blocked/Needs attention/Ready) in app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php
  • T055 [US3] Render a stored verification report in Step 3 (clear empty-state + secondary “Open run details” link) in app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php
  • T056 [US3] Enhance tenantless operation run viewer UI (context + failures + timestamps + refresh) in app/Filament/Pages/Operations/TenantlessOperationRunViewer.php and resources/views/filament/pages/operations/tenantless-operation-run-viewer.blade.php
  • T057 [P] [US3] Add UI regression tests for wizard report and tenantless viewer details in tests/Feature/Onboarding/OnboardingVerificationTest.php and tests/Feature/Operations/TenantlessOperationRunViewerTest.php
  • T043 [US3] Ensure “View run” links are tenantless /admin/operations/{run} via app/Support/OperationRunLinks.php
  • T044 [US3] Implement optional bootstrap actions (per-action capability gating) in app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php
  • T045 [US3] Implement activation gating (owner-only) + blocked override reason + audit in app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php
  • T046 [US3] Add required audit events (stable action IDs; no secrets) in app/Services/Audit/WorkspaceAuditLogger.php

Checkpoint: US3 complete — verification is observable + deduped, runs are viewable tenantlessly, and activation is safe + audited.

Phase 6: Polish & Cross-Cutting Concerns

Purpose: Centralize badge semantics, harden RBAC-UX, and run formatting/tests.

  • T047 Add centralized badge mapping for onboarding/verification statuses in app/Support/Badges/Domains/
  • T048 [P] Add badge mapping tests in tests/Feature/Badges/OnboardingBadgeSemanticsTest.php
  • T049 [P] Add RBAC regression coverage for wizard actions in tests/Feature/Rbac/OnboardingWizardUiEnforcementTest.php
  • T050 Run formatter on touched files using composer.json scripts (command: vendor/bin/sail bin pint --dirty)
  • T051 Run targeted test suites using phpunit.xml (command: vendor/bin/sail artisan test --compact tests/Feature/Onboarding tests/Feature/Operations)

Verification note: Full suite re-run post-fixes is green (984 passed, 5 skipped).

Dependencies & Execution Order

Phase Dependencies

  • Setup (Phase 1) → Foundational (Phase 2) → US1 (Phase 3) → US2 (Phase 4) → US3 (Phase 5) → Polish (Phase 6)

User Story Dependencies

  • US1 (P1) depends on Phase 2 only.
  • US2 (P2) depends on US1 (managed tenant + onboarding session in place).
  • US3 (P3) depends on US2 (provider connection exists) and adds OperationRun viewer changes.

Parallel Opportunities

  • [P] tasks can be executed in parallel (different files, minimal coupling).
  • Within each story: tests can be authored in parallel before implementation.

Parallel Example: US1

Run in parallel:

  • T010 (entry point routing tests) in tests/Feature/Onboarding/OnboardingEntryPointTest.php
  • T011 (RBAC semantics tests) in tests/Feature/Onboarding/OnboardingRbacSemanticsTest.php
  • T012 (idempotency tests) in tests/Feature/Onboarding/OnboardingIdentifyTenantTest.php

Implementation Strategy

MVP First

MVP scope is US1 only: /admin/onboarding canonical entry point + Step 1 idempotent identification + strict 404/403 semantics + legacy routes 404 + tests.