ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
788efee1c2
TenantAtlas/apps/platform/app/Services/Baselines/Matching/FoundationCoverageResolver.php
ahmido 788efee1c2 feat(baselines): implement baseline matching canonicalization (#453) 
Replaced legacy tenant and environment bindings in the BaselineDriftEngine with the new ProviderResourceIdentity framework as defined in Spec 382. This ensures cross-environment compatibility and deterministic baseline matching.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #453
2026-06-15 22:48:48 +00:00

97 lines
3.8 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Services\Baselines\Matching;
use App\Support\Baselines\BaselineSupportCapabilityGuard;
use App\Support\Inventory\InventoryPolicyTypeMeta;
use App\Support\Resources\ResourceIdentity;
final readonly class FoundationCoverageResolver
{
public function __construct(
private BaselineSupportCapabilityGuard $capabilityGuard,
) {}
/**
* @return array{
* policy_type: string,
* coverage: string,
* compare_capability: string,
* capture_capability: string,
* source_model_expected: ?string,
* support_mode: string,
* reason_code: ?string,
* identity_kind: ?string
* }
*/
public function coverageFor(string $policyType, ?ResourceIdentity $identity = null): array
{
$capability = $this->capabilityGuard->inspectType($policyType);
$supportMode = $capability->supportModeFor('compare');
$identityKind = $identity?->identityKind;
$isFoundation = InventoryPolicyTypeMeta::isFoundation($policyType);
if ($supportMode === 'invalid_support_config') {
return $this->record($policyType, 'unsupported', $capability->compareCapability, $capability->captureCapability, $capability->sourceModelExpected, $supportMode, 'invalid_support_config', $identityKind);
}
if ($supportMode === 'excluded') {
return $this->record($policyType, 'unsupported', $capability->compareCapability, $capability->captureCapability, $capability->sourceModelExpected, $supportMode, 'unsupported_subject', $identityKind);
}
if ($identity instanceof ResourceIdentity && in_array($identity->identityKind, [
ResourceIdentity::CanonicalBuiltin,
ResourceIdentity::CanonicalDefault,
ResourceIdentity::CanonicalVirtualTarget,
], true)) {
return $this->record($policyType, 'canonical_only', $capability->compareCapability, $capability->captureCapability, $capability->sourceModelExpected, $supportMode, null, $identityKind);
}
if ($isFoundation && $capability->sourceModelExpected === 'inventory') {
return $this->record($policyType, 'inventory_only', $capability->compareCapability, $capability->captureCapability, $capability->sourceModelExpected, $supportMode, 'foundation_not_policy_backed', $identityKind);
}
if ($supportMode === 'limited') {
return $this->record($policyType, 'identity_only', $capability->compareCapability, $capability->captureCapability, $capability->sourceModelExpected, $supportMode, 'accepted_limitation', $identityKind);
}
return $this->record($policyType, 'fully_comparable', $capability->compareCapability, $capability->captureCapability, $capability->sourceModelExpected, $supportMode, null, $identityKind);
}
/**
* @return array{
* policy_type: string,
* coverage: string,
* compare_capability: string,
* capture_capability: string,
* source_model_expected: ?string,
* support_mode: string,
* reason_code: ?string,
* identity_kind: ?string
* }
*/
private function record(
string $policyType,
string $coverage,
string $compareCapability,
string $captureCapability,
?string $sourceModelExpected,
string $supportMode,
?string $reasonCode,
?string $identityKind,
): array {
return [
'policy_type' => $policyType,
'coverage' => $coverage,
'compare_capability' => $compareCapability,
'capture_capability' => $captureCapability,
'source_model_expected' => $sourceModelExpected,
'support_mode' => $supportMode,
'reason_code' => $reasonCode,
'identity_kind' => $identityKind,
];
}
}
Reference in New Issue View Git Blame Copy Permalink