ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
d939d45bcf
TenantAtlas/specs/007-device-config-compliance/tasks.md
ahmido d939d45bcf fix: improve assignment capture/restore and filter name handling (#8) 
Resolves assignment filter names when Graph stores filter IDs at assignment root.
Tracks assignment fetch success/failure and shows clearer UI states for versions.
Adds scope tag fallback display in backup set items.
Restored versions now capture applied assignments consistently.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #8
2025-12-28 13:59:12 +00:00

4.2 KiB
Raw Blame History

Tasks: Device Configuration and Compliance Coverage (007)

Branch: feat/007-device-config-compliance | Date: 2025-12-26
Input: spec.md, plan.md

Task Format

  • Checkbox: - [ ] for incomplete, - [x] for complete
  • Task ID: Sequential T001, T002, T003...
  • [P] marker: Task can run in parallel (different files, no blocking dependencies)
  • [Story] label: User story tag (US1, US2, US3...)
  • File path: Always include exact file path in description

Phase 1: Policy Types, Contracts, Permissions

Purpose: Add missing device configuration, compliance, scripts, and update ring types with Graph contract coverage.

  • T001 [P] Expand policy type registry for device configuration, compliance, scripts, and update rings in config/tenantpilot.php (labels, categories, restore mode, risk).
  • T002 [P] Add/update Graph contracts and assignment endpoints for new policy types in config/graph_contracts.php.
  • T003 [P] Verify and extend permissions for the new workloads in config/intune_permissions.php.
  • T004 Update type metadata helpers and filters in app/Filament/Resources/PolicyResource.php and app/Filament/Resources/BackupSetResource/RelationManagers/BackupItemsRelationManager.php.

Checkpoint: New policy types are recognized across UI metadata and Graph contract registry.

Phase 2: Snapshot Capture and Metadata

Purpose: Ensure snapshots, assignments, and scope tags are captured for the new workloads.

  • T005 Update app/Services/Intune/PolicySnapshotService.php to fetch and hydrate the new policy types correctly (filters, select fields).
  • T006 Extend app/Services/Intune/PolicyCaptureOrchestrator.php to capture assignments and scope tags for the new types with existing resolvers.
  • T007 Update app/Services/Intune/BackupService.php to capture snapshots for the new types and propagate warnings.
  • T008 Add or extend normalization support in app/Services/Intune/PolicyNormalizer.php for the new policy types.

Checkpoint: Backups include snapshots and metadata for configuration/compliance policies.

Phase 3: Restore Logic and Mapping

Purpose: Restore new policy types safely using assignment and foundation mappings.

  • T009 Update app/Services/Intune/RestoreService.php to restore the new policy types using Graph contracts.
  • T010 Extend app/Services/AssignmentRestoreService.php for assignment endpoints of the new types.
  • T011 Ensure compliance notification templates are restored and referenced via mapping in app/Services/Intune/RestoreService.php.
  • T012 Add audit coverage for compliance action mapping outcomes in app/Services/Intune/AuditLogger.php.

Checkpoint: Restore applies policies and assignments or skips with clear reasons.

Phase 4: Admin UX

Purpose: Surface restore and compliance details clearly in the UI.

  • T013 Update resources/views/filament/infolists/entries/restore-preview.blade.php to surface compliance action/template warnings.
  • T014 Update resources/views/filament/infolists/entries/restore-results.blade.php to show compliance action mapping outcomes and skip reasons.

Checkpoint: Admins can see compliance related mapping results in preview and results.

Phase 5: Tests and Verification

Purpose: Cover new workloads with Pest tests and verify formatting.

  • T015 Add unit tests for snapshot and normalization coverage in tests/Unit/PolicySnapshotServiceTest.php and tests/Unit/PolicyNormalizerTest.php.
  • T016 Add feature tests for backup and restore flows in tests/Feature/Filament/RestorePreviewTest.php and tests/Feature/Filament/RestoreExecutionTest.php.
  • T017 Run tests: ./vendor/bin/sail artisan test tests/Unit/PolicySnapshotServiceTest.php tests/Unit/PolicyNormalizerTest.php tests/Feature/Filament/RestorePreviewTest.php tests/Feature/Filament/RestoreExecutionTest.php
  • T018 Run Pint: ./vendor/bin/pint --dirty

Checkpoint: Tests pass and formatting is clean.

Deferred / Backlog

  • T019 [Deferred] Add inventory/properties catalog policies (deviceManagement/inventoryPolicies) once required permissions are confirmed; include contracts, sync, snapshot hydration via /settings, and normalized UI display.