ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
d120ed7c92
TenantAtlas/specs/023-endpoint-security-restore/plan.md
ahmido d6a57c1828 feat/023-endpoint-security-restore (#24) 
## Summary
<!-- Kurz: Was ändert sich und warum? -->

## Spec-Driven Development (SDD)
- [ ] Es gibt eine Spec unter `specs/<NNN>-<feature>/`
- [ ] Enthaltene Dateien: `plan.md`, `tasks.md`, `spec.md`
- [ ] Spec beschreibt Verhalten/Acceptance Criteria (nicht nur Implementation)
- [ ] Wenn sich Anforderungen während der Umsetzung geändert haben: Spec/Plan/Tasks wurden aktualisiert

## Implementation
- [ ] Implementierung entspricht der Spec
- [ ] Edge cases / Fehlerfälle berücksichtigt
- [ ] Keine unbeabsichtigten Änderungen außerhalb des Scopes

## Tests
- [ ] Tests ergänzt/aktualisiert (Pest/PHPUnit)
- [ ] Relevante Tests lokal ausgeführt (`./vendor/bin/sail artisan test` oder `php artisan test`)

## Migration / Config / Ops (falls relevant)
- [ ] Migration(en) enthalten und getestet
- [ ] Rollback bedacht (rückwärts kompatibel, sichere Migration)
- [ ] Neue Env Vars dokumentiert (`.env.example` / Doku)
- [ ] Queue/cron/storage Auswirkungen geprüft

## UI (Filament/Livewire) (falls relevant)
- [ ] UI-Flows geprüft
- [ ] Screenshots/Notizen hinzugefügt

## Notes
<!-- Links, Screenshots, Follow-ups, offene Punkte -->

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #24
2026-01-03 03:27:28 +00:00

1.8 KiB
Raw Blame History

Plan: Endpoint Security Policy Restore (023)

Branch: feat/023-endpoint-security-restore Date: 2026-01-03 Input: spec.md

Goal

Enable full restore execution for Endpoint Security Policies (endpointSecurityPolicy) instead of preview-only, with defensive validation around templates and settings payloads.

Approach

  1. Enable restore execution in config/tenantpilot.php by switching endpointSecurityPolicy.restore from preview-only to enabled.
  2. Add template existence validation during restore preview:
    • Resolve the snapshots templateReference (family/id/display name where available).
    • Confirm the referenced template is resolvable in the target tenant before execution.
    • Surface warnings in preview and fail execution with a clear error when missing.
  3. Add settings instance validation prior to execution:
    • Resolve template definitions for the target tenant.
    • Validate that settings instances are structurally compatible with the resolved template.
    • Treat validation failures as preview warnings, and block execution when the payload cannot be made safe.
  4. Ensure restore uses the existing generic configuration policy create/update flow:
    • Create when no match exists; update when matched (per existing restore matching rules).
    • Apply assignments using existing mapping logic.
  5. Add targeted tests covering:
    • Create + update restore execution for endpointSecurityPolicy.
    • Preview warnings and execution failure when template is missing.
    • Settings validation failure paths.
    • Assignment application expectations.

Decisions / Notes

  • Assume template identifiers may differ across tenants; prefer mapping by templateFamily with display-name fallback when required.
  • Safety-first: if template resolution is ambiguous, treat as missing and block execution.