OTSSignsOrchestrator.Server/Health/Checks/GroupStructureHealthCheck.cs

using OTSSignsOrchestrator.Server.Clients;
using OTSSignsOrchestrator.Server.Data;
using OTSSignsOrchestrator.Server.Data.Entities;

namespace OTSSignsOrchestrator.Server.Health.Checks;

/// <summary>
/// Verifies all 4 expected Xibo groups exist for the instance:
/// <c>{abbrev}-viewer</c>, <c>{abbrev}-editor</c>, <c>{abbrev}-admin</c>, <c>ots-it-{abbrev}</c>.
/// Uses <see cref="XiboApiClientExtensions.GetAllPagesAsync{T}"/> to avoid pagination truncation.
/// </summary>
public sealed class GroupStructureHealthCheck : IHealthCheck
{
    private readonly XiboClientFactory _clientFactory;
    private readonly IServiceProvider _services;
    private readonly ILogger<GroupStructureHealthCheck> _logger;

    public string CheckName => "GroupStructure";
    public bool AutoRemediate => true;

    public GroupStructureHealthCheck(
        XiboClientFactory clientFactory,
        IServiceProvider services,
        ILogger<GroupStructureHealthCheck> logger)
    {
        _clientFactory = clientFactory;
        _services = services;
        _logger = logger;
    }

    public async Task<HealthCheckResult> RunAsync(Instance instance, CancellationToken ct)
    {
        var (client, abbrev) = await ResolveAsync(instance);
        if (client is null)
            return new HealthCheckResult(HealthStatus.Critical, "No OAuth app — cannot verify groups");

        var expected = ExpectedGroups(abbrev);
        var groups = await client.GetAllPagesAsync(
            (start, length) => client.GetGroupsAsync(start, length));

        var existing = groups
            .Select(g => g.TryGetValue("group", out var n) ? n?.ToString() : null)
            .Where(n => n is not null)
            .ToHashSet(StringComparer.OrdinalIgnoreCase);

        var missing = expected.Where(e => !existing.Contains(e)).ToList();

        if (missing.Count == 0)
            return new HealthCheckResult(HealthStatus.Healthy, "All 4 expected groups present");

        return new HealthCheckResult(
            HealthStatus.Critical,
            $"Missing groups: {string.Join(", ", missing)}",
            $"Expected: {string.Join(", ", expected)}");
    }

    public async Task<bool> RemediateAsync(Instance instance, CancellationToken ct)
    {
        var (client, abbrev) = await ResolveAsync(instance);
        if (client is null) return false;

        await using var scope = _services.CreateAsyncScope();
        var db = scope.ServiceProvider.GetRequiredService<OrchestratorDbContext>();

        var expected = ExpectedGroups(abbrev);
        var groups = await client.GetAllPagesAsync(
            (start, length) => client.GetGroupsAsync(start, length));

        var existing = groups
            .Select(g => g.TryGetValue("group", out var n) ? n?.ToString() : null)
            .Where(n => n is not null)
            .ToHashSet(StringComparer.OrdinalIgnoreCase);

        var allFixed = true;
        foreach (var name in expected.Where(e => !existing.Contains(e)))
        {
            var resp = await client.CreateGroupAsync(new CreateGroupRequest(name, $"Auto-created by health check for {abbrev}"));
            if (resp.IsSuccessStatusCode)
            {
                db.AuditLogs.Add(new AuditLog
                {
                    Id = Guid.NewGuid(),
                    InstanceId = instance.Id,
                    Actor = "HealthCheckEngine:GroupStructure",
                    Action = "CreateGroup",
                    Target = name,
                    Outcome = "Success",
                    Detail = $"Recreated missing group {name}",
                    OccurredAt = DateTime.UtcNow,
                });
            }
            else
            {
                _logger.LogError("Failed to create group {Group}: {Err}", name, resp.Error?.Content);
                allFixed = false;
            }
        }

        await db.SaveChangesAsync(ct);
        return allFixed;
    }

    private static string[] ExpectedGroups(string abbrev) =>
    [
        $"{abbrev}-viewer",
        $"{abbrev}-editor",
        $"{abbrev}-admin",
        $"ots-it-{abbrev}",
    ];

    private async Task<(IXiboApiClient? Client, string Abbrev)> ResolveAsync(Instance instance)
    {
        var abbrev = instance.Customer.Abbreviation;
        var oauthApp = instance.OauthAppRegistries.FirstOrDefault();
        if (oauthApp is null) return (null, abbrev);

        var settings = _services.GetRequiredService<Core.Services.SettingsService>();
        var secret = await settings.GetAsync(Core.Services.SettingsService.InstanceOAuthSecretId(abbrev));
        if (string.IsNullOrEmpty(secret)) return (null, abbrev);

        var client = await _clientFactory.CreateAsync(instance.XiboUrl, oauthApp.ClientId, secret);
        return (client, abbrev);
    }
}
feat: Implement provisioning pipelines for subscription management - Add ReactivatePipeline to handle subscription reactivation, including scaling Docker services, health verification, status updates, audit logging, and broadcasting status changes. - Introduce RotateCredentialsPipeline for OAuth2 credential rotation, managing the deletion of old apps, creation of new ones, credential storage, access verification, and audit logging. - Create StepRunner to manage job step execution, including lifecycle management and progress broadcasting via SignalR. - Implement SuspendPipeline for subscription suspension, scaling down services, updating statuses, logging audits, and broadcasting changes. - Add UpdateScreenLimitPipeline to update Xibo CMS screen limits and record snapshots. - Introduce XiboFeatureManifests for hardcoded feature ACLs per role. - Add docker-compose.dev.yml for local development with PostgreSQL setup. 2026-03-18 10:27:26 -04:00			`using OTSSignsOrchestrator.Server.Clients;`
			`using OTSSignsOrchestrator.Server.Data;`
			`using OTSSignsOrchestrator.Server.Data.Entities;`

			`namespace OTSSignsOrchestrator.Server.Health.Checks;`

			`/// <summary>`
			`/// Verifies all 4 expected Xibo groups exist for the instance:`
			`/// <c>{abbrev}-viewer</c>, <c>{abbrev}-editor</c>, <c>{abbrev}-admin</c>, <c>ots-it-{abbrev}</c>.`
			`/// Uses <see cref="XiboApiClientExtensions.GetAllPagesAsync{T}"/> to avoid pagination truncation.`
			`/// </summary>`
			`public sealed class GroupStructureHealthCheck : IHealthCheck`
			`{`
			`private readonly XiboClientFactory _clientFactory;`
			`private readonly IServiceProvider _services;`
			`private readonly ILogger<GroupStructureHealthCheck> _logger;`

			`public string CheckName => "GroupStructure";`
			`public bool AutoRemediate => true;`

			`public GroupStructureHealthCheck(`
			`XiboClientFactory clientFactory,`
			`IServiceProvider services,`
			`ILogger<GroupStructureHealthCheck> logger)`
			`{`
			`_clientFactory = clientFactory;`
			`_services = services;`
			`_logger = logger;`
			`}`

			`public async Task<HealthCheckResult> RunAsync(Instance instance, CancellationToken ct)`
			`{`
			`var (client, abbrev) = await ResolveAsync(instance);`
			`if (client is null)`
			`return new HealthCheckResult(HealthStatus.Critical, "No OAuth app — cannot verify groups");`

			`var expected = ExpectedGroups(abbrev);`
			`var groups = await client.GetAllPagesAsync(`
			`(start, length) => client.GetGroupsAsync(start, length));`

			`var existing = groups`
			`.Select(g => g.TryGetValue("group", out var n) ? n?.ToString() : null)`
			`.Where(n => n is not null)`
			`.ToHashSet(StringComparer.OrdinalIgnoreCase);`

			`var missing = expected.Where(e => !existing.Contains(e)).ToList();`

			`if (missing.Count == 0)`
			`return new HealthCheckResult(HealthStatus.Healthy, "All 4 expected groups present");`

			`return new HealthCheckResult(`
			`HealthStatus.Critical,`
			`$"Missing groups: {string.Join(", ", missing)}",`
			`$"Expected: {string.Join(", ", expected)}");`
			`}`

			`public async Task<bool> RemediateAsync(Instance instance, CancellationToken ct)`
			`{`
			`var (client, abbrev) = await ResolveAsync(instance);`
			`if (client is null) return false;`

			`await using var scope = _services.CreateAsyncScope();`
			`var db = scope.ServiceProvider.GetRequiredService<OrchestratorDbContext>();`

			`var expected = ExpectedGroups(abbrev);`
			`var groups = await client.GetAllPagesAsync(`
			`(start, length) => client.GetGroupsAsync(start, length));`

			`var existing = groups`
			`.Select(g => g.TryGetValue("group", out var n) ? n?.ToString() : null)`
			`.Where(n => n is not null)`
			`.ToHashSet(StringComparer.OrdinalIgnoreCase);`

			`var allFixed = true;`
			`foreach (var name in expected.Where(e => !existing.Contains(e)))`
			`{`
			`var resp = await client.CreateGroupAsync(new CreateGroupRequest(name, $"Auto-created by health check for {abbrev}"));`
			`if (resp.IsSuccessStatusCode)`
			`{`
			`db.AuditLogs.Add(new AuditLog`
			`{`
			`Id = Guid.NewGuid(),`
			`InstanceId = instance.Id,`
			`Actor = "HealthCheckEngine:GroupStructure",`
			`Action = "CreateGroup",`
			`Target = name,`
			`Outcome = "Success",`
			`Detail = $"Recreated missing group {name}",`
			`OccurredAt = DateTime.UtcNow,`
			`});`
			`}`
			`else`
			`{`
			`_logger.LogError("Failed to create group {Group}: {Err}", name, resp.Error?.Content);`
			`allFixed = false;`
			`}`
			`}`

			`await db.SaveChangesAsync(ct);`
			`return allFixed;`
			`}`

			`private static string[] ExpectedGroups(string abbrev) =>`
			`[`
			`$"{abbrev}-viewer",`
			`$"{abbrev}-editor",`
			`$"{abbrev}-admin",`
			`$"ots-it-{abbrev}",`
			`];`

			`private async Task<(IXiboApiClient? Client, string Abbrev)> ResolveAsync(Instance instance)`
			`{`
			`var abbrev = instance.Customer.Abbreviation;`
			`var oauthApp = instance.OauthAppRegistries.FirstOrDefault();`
			`if (oauthApp is null) return (null, abbrev);`

			`var settings = _services.GetRequiredService<Core.Services.SettingsService>();`
			`var secret = await settings.GetAsync(Core.Services.SettingsService.InstanceOAuthSecretId(abbrev));`
			`if (string.IsNullOrEmpty(secret)) return (null, abbrev);`

			`var client = await _clientFactory.CreateAsync(instance.XiboUrl, oauthApp.ClientId, secret);`
			`return (client, abbrev);`
			`}`
			`}`