ahmido
ce0615a9c1
## Summary - move the Laravel application into `apps/platform` and keep the repository root for orchestration, docs, and tooling - update the local command model, Sail/Docker wiring, runtime paths, and ignore rules around the new platform location - add relocation quickstart/contracts plus focused smoke coverage for bootstrap, command model, routes, and runtime behavior ## Validation - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/PlatformRelocation` - integrated browser smoke validated `/up`, `/`, `/admin`, `/admin/choose-workspace`, and tenant route semantics for `200`, `403`, and `404` ## Remaining Rollout Checks - validate Dokploy build context and working-directory assumptions against the new `apps/platform` layout - confirm web, queue, and scheduler processes all start from the expected working directory in staging/production - verify no legacy volume mounts or asset-publish paths still point at the old root-level `public/` or `storage/` locations Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #213
116 lines
4.0 KiB
PHP
116 lines
4.0 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Jobs;
|
|
|
|
use App\Models\ProviderConnection;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Services\EntraAdminRoles\EntraAdminRolesFindingGenerator;
|
|
use App\Services\EntraAdminRoles\EntraAdminRolesReportService;
|
|
use App\Services\OperationRunService;
|
|
use App\Support\OperationRunOutcome;
|
|
use App\Support\OperationRunStatus;
|
|
use App\Support\OpsUx\RunFailureSanitizer;
|
|
use Illuminate\Bus\Queueable;
|
|
use Illuminate\Contracts\Queue\ShouldQueue;
|
|
use Illuminate\Foundation\Bus\Dispatchable;
|
|
use Illuminate\Queue\InteractsWithQueue;
|
|
use Illuminate\Queue\SerializesModels;
|
|
use Throwable;
|
|
|
|
class ScanEntraAdminRolesJob implements ShouldQueue
|
|
{
|
|
use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
|
|
|
|
public function __construct(
|
|
public readonly int $tenantId,
|
|
public readonly int $workspaceId,
|
|
public readonly ?int $initiatorUserId = null,
|
|
) {}
|
|
|
|
public function handle(
|
|
EntraAdminRolesReportService $reportService,
|
|
EntraAdminRolesFindingGenerator $findingGenerator,
|
|
OperationRunService $operationRuns,
|
|
): void {
|
|
$tenant = Tenant::query()->find($this->tenantId);
|
|
|
|
if (! $tenant instanceof Tenant) {
|
|
return;
|
|
}
|
|
|
|
// FR-018: Skip tenants without active provider connection
|
|
$hasConnection = ProviderConnection::query()
|
|
->where('tenant_id', $tenant->getKey())
|
|
->where('status', 'connected')
|
|
->exists();
|
|
|
|
if (! $hasConnection) {
|
|
return;
|
|
}
|
|
|
|
$initiator = $this->initiatorUserId !== null
|
|
? User::query()->find($this->initiatorUserId)
|
|
: null;
|
|
|
|
$operationRun = $operationRuns->ensureRunWithIdentity(
|
|
tenant: $tenant,
|
|
type: 'entra.admin_roles.scan',
|
|
identityInputs: [
|
|
'tenant_id' => $this->tenantId,
|
|
'trigger' => 'scan',
|
|
],
|
|
context: [
|
|
'workspace_id' => $this->workspaceId,
|
|
'initiator_user_id' => $this->initiatorUserId,
|
|
],
|
|
initiator: $initiator instanceof User ? $initiator : null,
|
|
);
|
|
|
|
$operationRuns->updateRun(
|
|
$operationRun,
|
|
status: OperationRunStatus::Running->value,
|
|
outcome: OperationRunOutcome::Pending->value,
|
|
);
|
|
|
|
try {
|
|
$reportResult = $reportService->generate($tenant, $operationRun);
|
|
|
|
$findingResult = $findingGenerator->generate($tenant, $reportResult->payload, $operationRun);
|
|
|
|
$operationRuns->updateRun(
|
|
$operationRun,
|
|
status: OperationRunStatus::Completed->value,
|
|
outcome: OperationRunOutcome::Succeeded->value,
|
|
summaryCounts: [
|
|
'report_created' => $reportResult->created ? 1 : 0,
|
|
'report_deduped' => $reportResult->created ? 0 : 1,
|
|
'findings_created' => $findingResult->created,
|
|
'findings_resolved' => $findingResult->resolved,
|
|
'findings_reopened' => $findingResult->reopened,
|
|
'findings_unchanged' => $findingResult->unchanged,
|
|
'alert_events_produced' => $findingResult->alertEventsProduced,
|
|
],
|
|
);
|
|
} catch (Throwable $e) {
|
|
$message = RunFailureSanitizer::sanitizeMessage($e->getMessage());
|
|
$reasonCode = RunFailureSanitizer::normalizeReasonCode($e->getMessage());
|
|
|
|
$operationRuns->updateRun(
|
|
$operationRun,
|
|
status: OperationRunStatus::Completed->value,
|
|
outcome: OperationRunOutcome::Failed->value,
|
|
failures: [[
|
|
'code' => 'entra.admin_roles.scan.failed',
|
|
'reason_code' => $reasonCode,
|
|
'message' => $message !== '' ? $message : 'Entra admin roles scan failed.',
|
|
]],
|
|
);
|
|
|
|
throw $e;
|
|
}
|
|
}
|
|
}
|