ahmido
0dc79520a4
Implements provider access hardening for Intune write operations: - RBAC-based write gate with configurable staleness thresholds - Gate enforced at restore start and in jobs (execute + assignments) - UI affordances: disabled rerun action, tenant RBAC status card, refresh RBAC action - Audit logging for blocked writes - Ops UX label: `rbac.health_check` now displays as “RBAC health check” - Adds/updates Pest tests and SpecKit artifacts for feature 108 Notes: - Filament v5 / Livewire v4 compliant. - Destructive actions require confirmation. - Assets: no new global assets. Tested: - `vendor/bin/sail artisan test --compact` (suite previously green) + focused OpsUx tests for OperationCatalog labels. - `vendor/bin/sail bin pint --dirty`. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #132
68 lines
2.8 KiB
Markdown
68 lines
2.8 KiB
Markdown
# Specification Quality Checklist: Provider Access Hardening v1
|
|
|
|
**Purpose**: Validate specification completeness and quality before proceeding to planning
|
|
**Created**: 2026-02-22
|
|
**Feature**: [spec.md](../spec.md)
|
|
|
|
## Content Quality
|
|
|
|
- [x] No implementation details (languages, frameworks, APIs)
|
|
- [x] Focused on user value and business needs
|
|
- [x] Written for non-technical stakeholders
|
|
- [x] All mandatory sections completed
|
|
|
|
## Requirement Completeness
|
|
|
|
- [x] No [NEEDS CLARIFICATION] markers remain
|
|
- [x] Requirements are testable and unambiguous
|
|
- [x] Success criteria are measurable
|
|
- [x] Success criteria are technology-agnostic (no implementation details)
|
|
- [x] All acceptance scenarios are defined
|
|
- [x] Edge cases are identified
|
|
- [x] Scope is clearly bounded
|
|
- [x] Dependencies and assumptions identified
|
|
|
|
## Feature Readiness
|
|
|
|
- [x] All functional requirements have clear acceptance criteria
|
|
- [x] User scenarios cover primary flows
|
|
- [x] Feature meets measurable outcomes defined in Success Criteria
|
|
- [x] No implementation details leak into specification
|
|
|
|
## Notes
|
|
|
|
- Spec is ready for `/speckit.clarify` or `/speckit.plan`.
|
|
- No [NEEDS CLARIFICATION] markers — all decisions were informed by the detailed user input and existing codebase context.
|
|
- The spec references existing codebase concepts (OperationRun, ProviderOperationStartGate, rbac_status fields) as domain terms, not implementation details.
|
|
|
|
## Implementation Validation (2025-07-16)
|
|
|
|
### Runtime Behavior
|
|
- [x] Config toggle (`hardening.intune_write_gate.enabled`) allows disabling the gate
|
|
- [x] Gate bypass logs a warning for operational visibility
|
|
- [x] Gate evaluates RBAC status before any write operation
|
|
- [x] Stale health check threshold is configurable (`freshness_threshold_hours`)
|
|
- [x] Blocked operations produce audit log entries with sanitized metadata
|
|
- [x] UI disables write actions when gate would block
|
|
- [x] Badge component renders all RBAC status values (ok, degraded, stale, failed, error, not_configured)
|
|
|
|
### Security & Audit
|
|
- [x] No secrets/tokens stored in audit log metadata
|
|
- [x] AuditContextSanitizer applied to all logged metadata
|
|
- [x] Operation type and reason code recorded for blocked writes
|
|
- [x] Tenant-scoped audit entries with actor identification
|
|
|
|
### Testing Coverage
|
|
- [x] Gate blocks for not_configured status (T006)
|
|
- [x] Gate blocks for unhealthy statuses (T007)
|
|
- [x] Gate blocks for stale health check (T008)
|
|
- [x] Gate passes for ok + fresh (T009)
|
|
- [x] Gate bypass when disabled (T010)
|
|
- [x] Job-level enforcement — ExecuteRestoreRunJob (T013)
|
|
- [x] Job-level enforcement — RestoreAssignmentsJob (T014)
|
|
- [x] Zero HTTP leakage when gate blocks (T015b)
|
|
- [x] UI disabled state for blocked actions (T019)
|
|
- [x] RBAC card rendering in TenantResource (T020)
|
|
- [x] Audit log creation on blocked writes (T022)
|
|
- [x] Badge mapping for all status values (T024)
|