ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
d14ad7b525
TenantAtlas/specs/006-sot-foundations-assignments/data-model.md
Ahmed Darrazi d14ad7b525 spec(006): add plan artifacts
2025-12-25 14:52:28 +01:00

3.0 KiB
Raw Blame History

Data Model: SoT Foundations & Assignments (006)

This feature reuses existing snapshot and restore run entities, and introduces a consistent JSON “mapping + decisions” report.

Existing Entities (today)

BackupSet

  • Purpose: Groups a point-in-time capture for a tenant.
  • Relationships: hasMany BackupItem.

BackupItem

  • Purpose: Stores an immutable snapshot item.
  • Key fields (relevant):
    • tenant_id, backup_set_id
    • policy_id (nullable)
    • policy_identifier (Graph id)
    • policy_type (logical type)
    • payload (raw JSON)
    • metadata (normalized JSON)

RestoreRun

  • Purpose: Tracks restore preview/execution lifecycle.
  • Key fields (relevant):
    • is_dry_run
    • requested_items (selection)
    • preview (dry-run decision report)
    • results (execution report)
    • metadata (extra structured info)

New / Extended Concepts (this feature)

FoundationSnapshot (logical concept)

Represented as a backup_items row.

  • policy_type (new keys):

    • assignmentFilter
    • roleScopeTag
    • notificationMessageTemplate

  • policy_identifier: source Graph id

  • policy_id: null

  • payload: raw Graph resource JSON

  • metadata (proposed, shape):

    {
  "displayName": "...",
  "kind": "assignmentFilter|roleScopeTag|notificationMessageTemplate",
  "graph": {
    "resource": "deviceManagement/assignmentFilters",
    "apiVersion": "v1.0"
  }
}

RestoreMappingReport (logical concept)

Stored within restore_runs.preview/restore_runs.results.

  • mappings.foundations[] (proposed shape):

    {
  "type": "assignmentFilter",
  "sourceId": "<old-guid>",
  "sourceName": "Filter A",
  "decision": "mapped_existing|created|created_copy|failed",
  "targetId": "<new-guid>",
  "targetName": "Filter A (Copy)",
  "reason": "..."
}

AssignmentDecisionReport (logical concept)

Stored within restore_runs.preview/restore_runs.results.

  • assignments[] entries (proposed shape):

    {
  "policyType": "settingsCatalogPolicy",
  "sourcePolicyId": "...",
  "targetPolicyId": "...",
  "decision": "applied|skipped|failed",
  "reason": "missing_filter_mapping|missing_group_mapping|preview_only|graph_error",
  "details": {
    "sourceAssignmentCount": 3,
    "appliedAssignmentCount": 2
  }
}

Relationships / Flow

  • BackupSet contains both “policy snapshots” and “foundation snapshots” as BackupItem rows.
  • RestoreRun consumes a BackupSet and produces:
    • foundation mapping report
    • policy restore decisions
    • assignment application decisions

Validation & State Transitions

  • Restore execution is single-writer per tenant (existing safety requirement FR-009).
  • Restore behavior:
    • Preview (is_dry_run=true): builds mapping/decisions, no Graph writes.
    • Execute (is_dry_run=false): creates missing foundations, restores policies, applies assignments when safe.
    • Conditional Access entries are always recorded as preview-only/skipped in execute.