ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
a5e9c43f1a
TenantAtlas/app/Services/Inventory/InventoryMetaSanitizer.php
ahmido 8ae7a7234e feat/040-inventory-core (#43) 
Summary

Implements Inventory Core (Spec 040): a tenant-scoped, mutable “last observed” inventory catalog + sync run logging, with deterministic selection hashing and safe derived “missing” semantics.

This establishes the foundation for Inventory UI (041), Dependencies Graph (042), Compare/Promotion (043), and Drift (044).

What’s included
	•	DB schema
	•	inventory_items (unique: tenant_id + policy_type + external_id; indexes; last_seen_at, last_seen_run_id)
	•	inventory_sync_runs (tenant_id, selection_hash/payload, status, started/finished, counts, error_codes, correlation_id)
	•	Selection hashing
	•	Deterministic selection_hash via canonical JSON (sorted keys + sorted arrays) + sha256
	•	Sync semantics
	•	Idempotent upsert (no duplicates)
	•	Updates last_seen_* when observed
	•	Enforces tenant scoping for all reads/writes
	•	Guardrail: inventory sync does not create snapshots/backups
	•	Missing semantics (derived)
	•	“missing” computed relative to latest completed run for same (tenant_id, selection_hash)
	•	Low confidence when latest run is partial/failed or had_errors=true
	•	Selection isolation (runs for other selections don’t affect missing)
	•	deleted is reserved (not produced here)
	•	Safety
	•	meta_jsonb whitelist enforced (unknown keys dropped; never fail sync)
	•	Safe error persistence (no bearer tokens / secrets)
	•	Locking to prevent overlapping runs for same tenant+selection
	•	Concurrency limiter (global + per-tenant) and throttling resilience (429/503 backoff + jitter)

Tests

Added Pest coverage for:
	•	selection_hash determinism (array order invariant)
	•	upsert idempotency + last_seen updates
	•	missing derived semantics + selection isolation
	•	low confidence missing on partial/had_errors
	•	meta whitelist drop (no exception)
	•	lock prevents overlapping runs
	•	no snapshots/backups side effects
	•	safe error persistence (no bearer tokens)

Non-goals
	•	Inventory UI pages/resources (Spec 041)
	•	Dependency graph hydration (Spec 042)
	•	Cross-tenant compare/promotion flows (Spec 043)
	•	Drift analysis dashboards (Spec 044)

Review focus
	•	Data model correctness + indexes/constraints
	•	Selection hash canonicalization (determinism)
	•	Missing semantics (latest completed run + confidence rule)
	•	Guardrails (no snapshot/backups side effects)
	•	Safety: error_code taxonomy + safe persistence/logging

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #43
2026-01-07 14:54:24 +00:00

102 lines
2.8 KiB
PHP
Raw Blame History

<?php
namespace App\Services\Inventory;
class InventoryMetaSanitizer
{
/**
* @param array<string, mixed> $meta
* @return array{odata_type?: string, etag?: string|null, scope_tag_ids?: list<string>, assignment_target_count?: int|null, warnings?: list<string>}
*/
public function sanitize(array $meta): array
{
$sanitized = [];
$odataType = $meta['odata_type'] ?? null;
if (is_string($odataType) && trim($odataType) !== '') {
$sanitized['odata_type'] = trim($odataType);
}
$etag = $meta['etag'] ?? null;
if ($etag === null || is_string($etag)) {
$sanitized['etag'] = $etag === null ? null : trim($etag);
}
$scopeTagIds = $meta['scope_tag_ids'] ?? null;
if (is_array($scopeTagIds)) {
$sanitized['scope_tag_ids'] = $this->stringList($scopeTagIds);
}
$assignmentTargetCount = $meta['assignment_target_count'] ?? null;
if (is_int($assignmentTargetCount)) {
$sanitized['assignment_target_count'] = $assignmentTargetCount;
} elseif (is_numeric($assignmentTargetCount)) {
$sanitized['assignment_target_count'] = (int) $assignmentTargetCount;
} elseif ($assignmentTargetCount === null) {
$sanitized['assignment_target_count'] = null;
}
$warnings = $meta['warnings'] ?? null;
if (is_array($warnings)) {
$sanitized['warnings'] = $this->boundedStringList($warnings, 25, 200);
}
return array_filter(
$sanitized,
static fn (mixed $value): bool => $value !== null && $value !== [] && $value !== ''
);
}
/**
* @param list<mixed> $values
* @return list<string>
*/
private function stringList(array $values): array
{
$result = [];
foreach ($values as $value) {
if (! is_string($value)) {
continue;
}
$value = trim($value);
if ($value === '') {
continue;
}
$result[] = $value;
}
return array_values(array_unique($result));
}
/**
* @param list<mixed> $values
* @return list<string>
*/
private function boundedStringList(array $values, int $maxItems, int $maxLen): array
{
$items = [];
foreach ($values as $value) {
if (count($items) >= $maxItems) {
break;
}
if (! is_string($value)) {
continue;
}
$value = trim($value);
if ($value === '') {
continue;
}
$items[] = mb_substr($value, 0, $maxLen);
}
return array_values(array_unique($items));
}
}
Reference in New Issue View Git Blame Copy Permalink