ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
d120ed7c92
TenantAtlas/specs/023-endpoint-security-restore/plan.md
ahmido d6a57c1828 feat/023-endpoint-security-restore (#24) 
## Summary
<!-- Kurz: Was ändert sich und warum? -->

## Spec-Driven Development (SDD)
- [ ] Es gibt eine Spec unter `specs/<NNN>-<feature>/`
- [ ] Enthaltene Dateien: `plan.md`, `tasks.md`, `spec.md`
- [ ] Spec beschreibt Verhalten/Acceptance Criteria (nicht nur Implementation)
- [ ] Wenn sich Anforderungen während der Umsetzung geändert haben: Spec/Plan/Tasks wurden aktualisiert

## Implementation
- [ ] Implementierung entspricht der Spec
- [ ] Edge cases / Fehlerfälle berücksichtigt
- [ ] Keine unbeabsichtigten Änderungen außerhalb des Scopes

## Tests
- [ ] Tests ergänzt/aktualisiert (Pest/PHPUnit)
- [ ] Relevante Tests lokal ausgeführt (`./vendor/bin/sail artisan test` oder `php artisan test`)

## Migration / Config / Ops (falls relevant)
- [ ] Migration(en) enthalten und getestet
- [ ] Rollback bedacht (rückwärts kompatibel, sichere Migration)
- [ ] Neue Env Vars dokumentiert (`.env.example` / Doku)
- [ ] Queue/cron/storage Auswirkungen geprüft

## UI (Filament/Livewire) (falls relevant)
- [ ] UI-Flows geprüft
- [ ] Screenshots/Notizen hinzugefügt

## Notes
<!-- Links, Screenshots, Follow-ups, offene Punkte -->

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #24
2026-01-03 03:27:28 +00:00

33 lines
1.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Plan: Endpoint Security Policy Restore (023)
**Branch**: `feat/023-endpoint-security-restore`
**Date**: 2026-01-03
**Input**: [spec.md](./spec.md)
## Goal
Enable full restore execution for Endpoint Security Policies (`endpointSecurityPolicy`) instead of preview-only, with defensive validation around templates and settings payloads.
## Approach
1. Enable restore execution in `config/tenantpilot.php` by switching `endpointSecurityPolicy.restore` from `preview-only` to `enabled`.
2. Add template existence validation during restore preview:
- Resolve the snapshots `templateReference` (family/id/display name where available).
- Confirm the referenced template is resolvable in the target tenant before execution.
- Surface warnings in preview and fail execution with a clear error when missing.
3. Add settings instance validation prior to execution:
- Resolve template definitions for the target tenant.
- Validate that settings instances are structurally compatible with the resolved template.
- Treat validation failures as preview warnings, and block execution when the payload cannot be made safe.
4. Ensure restore uses the existing generic configuration policy create/update flow:
- Create when no match exists; update when matched (per existing restore matching rules).
- Apply assignments using existing mapping logic.
5. Add targeted tests covering:
- Create + update restore execution for `endpointSecurityPolicy`.
- Preview warnings and execution failure when template is missing.
- Settings validation failure paths.
- Assignment application expectations.
## Decisions / Notes
- Assume template identifiers may differ across tenants; prefer mapping by `templateFamily` with display-name fallback when required.
- Safety-first: if template resolution is ambiguous, treat as missing and block execution.
Reference in New Issue View Git Blame Copy Permalink