ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
c46a5df243
TenantAtlas/specs/009-app-protection-policy/plan.md
Ahmed Darrazi c46a5df243 spec: app protection policy coverage (009)
2025-12-29 16:18:31 +01:00

1.5 KiB
Raw Blame History

Implementation Plan: App Protection Policy Type (009)

Branch: feat/009-app-protection-policy
Date: 2025-12-29
Spec Source: spec.md

Summary

Make appProtectionPolicy reliable by:

  • Filtering non-policy objects during sync (targetedManagedAppConfiguration).
  • Adding Graph contract coverage for assignments + @odata.type family.
  • Adding targeted Pest tests to lock in behavior.

Execution Steps

  1. Update config/graph_contracts.php for appProtectionPolicy:
    • Add assignments list + assign action endpoints (and payload key if needed).
    • Expand type_family to the common App Protection @odata.type values.
  2. Update app/Services/Intune/PolicySyncService.php:
    • Skip #microsoft.graph.targetedManagedAppConfiguration entries when syncing appProtectionPolicy.
  3. Fix restore endpoints for assignments + policy updates:
    • Use derived endpoints (e.g. /androidManagedAppProtections/{id} and /androidManagedAppProtections/{id}/assign) based on @odata.type.
  4. Add admin-friendly normalization:
    • Add AppProtectionPolicyNormalizer for boolean/duration formatting and Intune-like sections.
  5. Add/extend tests:
    • tests/Unit/GraphContractRegistryActualDataTest.php for appProtectionPolicy contract coverage.
    • tests/Feature/Jobs/* to assert sync filtering behavior.
    • tests/Unit/* to assert normalizer output and endpoint resolution.
  6. Run formatting + tests:
    • ./vendor/bin/pint --dirty
    • ./vendor/bin/sail artisan test --filter=appProtectionPolicy