88 lines
2.8 KiB
Markdown
88 lines
2.8 KiB
Markdown
# Phase 1 — Data Model: Remove Legacy BulkOperationRun & Canonicalize Operations (v1.0)
|
|
|
|
This document describes the domain entities and data contracts impacted by Feature 056.
|
|
|
|
## Entities
|
|
|
|
### OperationRun (canonical)
|
|
|
|
Represents a single observable operation execution. Tenant-scoped.
|
|
|
|
**Core fields (existing):**
|
|
|
|
- `tenant_id`: Tenant scope for isolation.
|
|
- `user_id`: Initiator user (nullable for system).
|
|
- `initiator_name`: Human name for display.
|
|
- `type`: Operation type (stable identifier).
|
|
- `status`: queued | running | completed.
|
|
- `outcome`: pending | succeeded | partial | failed (exact naming per existing app semantics).
|
|
- `run_identity_hash`: Deterministic identity used for dedupe of active runs.
|
|
- `context`: JSON object containing operation inputs and metadata.
|
|
- `summary_counts`: JSON object with canonical metrics keys.
|
|
- `failure_summary`: JSON array/object with stable reason codes + sanitized messages.
|
|
- `started_at`, `completed_at`: Timestamps.
|
|
|
|
**Invariants:**
|
|
|
|
- Active-run dedupe is tenant-wide.
|
|
- Monitoring renders from DB only.
|
|
- `summary_counts` keys are constrained to the canonical registry.
|
|
- Failure messages are sanitized and do not include secrets.
|
|
|
|
### Operation Type (logical)
|
|
|
|
A stable identifier used to categorize runs, label them for admins, and enforce consistent UX.
|
|
|
|
**Attributes:**
|
|
|
|
- `type` (string): e.g., `policy_version.prune`, `backup_set.delete`, etc.
|
|
- `label` (string): human readable name.
|
|
- `expected_duration_seconds` (optional): typical duration.
|
|
- `allowed_summary_keys`: canonical registry.
|
|
|
|
### Target Scope (logical)
|
|
|
|
A directory/remote tenant scope that an operation targets.
|
|
|
|
**Context fields (when applicable):**
|
|
|
|
- `entra_tenant_id`: Azure AD / Entra tenant GUID.
|
|
- `directory_context_id`: Internal directory context identifier.
|
|
|
|
At least one of the above must be present for directory-targeted operations.
|
|
|
|
### Bulk Selection Identity (logical)
|
|
|
|
Deterministic definition of “what the bulk action applies to”, required for idempotency.
|
|
|
|
**Decision**: Hybrid identity.
|
|
|
|
- Explicit selection: `selection.ids_hash`
|
|
- Query/filter selection (“select all”): `selection.query_hash`
|
|
|
|
**Properties:**
|
|
|
|
- `selection.kind`: `ids` | `query`
|
|
- `selection.ids_hash`: sha256 of stable, sorted IDs.
|
|
- `selection.query_hash`: sha256 of normalized filter/query payload.
|
|
|
|
### Bulk Idempotency Fingerprint (logical)
|
|
|
|
Deterministic fingerprint used to dedupe active runs and prevent duplicated work.
|
|
|
|
**Components:**
|
|
|
|
- operation `type`
|
|
- target scope (`entra_tenant_id` or `directory_context_id`)
|
|
- selection identity (hybrid)
|
|
|
|
## Removed Entity
|
|
|
|
### BulkOperationRun (legacy)
|
|
|
|
This entity is removed by Feature 056.
|
|
|
|
- Legacy model/service/table are deleted.
|
|
- No new writes to legacy tables after cutover.
|
|
- Historical import into OperationRun is not performed.
|