feat: Implement provisioning pipelines for subscription management

- Add ReactivatePipeline to handle subscription reactivation, including scaling Docker services, health verification, status updates, audit logging, and broadcasting status changes. - Introduce RotateCredentialsPipeline for OAuth2 credential rotation, managing the deletion of old apps, creation of new ones, credential storage, access verification, and audit logging. - Create StepRunner to manage job step execution, including lifecycle management and progress broadcasting via SignalR. - Implement SuspendPipeline for subscription suspension, scaling down services, updating statuses, logging audits, and broadcasting changes. - Add UpdateScreenLimitPipeline to update Xibo CMS screen limits and record snapshots. - Introduce XiboFeatureManifests for hardcoded feature ACLs per role. - Add docker-compose.dev.yml for local development with PostgreSQL setup.
2026-03-18 10:27:26 -04:00
parent c2e03de8bb
commit c6d46098dd
77 changed files with 9412 additions and 29 deletions
--- a/OTSSignsOrchestrator.Server/Data/Entities/AuditLog.cs
+++ b/OTSSignsOrchestrator.Server/Data/Entities/AuditLog.cs
@@ -0,0 +1,13 @@
+namespace OTSSignsOrchestrator.Server.Data.Entities;
+
+public class AuditLog
+{
+    public Guid Id { get; set; }
+    public Guid? InstanceId { get; set; }
+    public string Actor { get; set; } = string.Empty;
+    public string Action { get; set; } = string.Empty;
+    public string Target { get; set; } = string.Empty;
+    public string? Outcome { get; set; }
+    public string? Detail { get; set; }
+    public DateTime OccurredAt { get; set; }
+}
--- a/OTSSignsOrchestrator.Server/Data/Entities/AuthentikMetrics.cs
+++ b/OTSSignsOrchestrator.Server/Data/Entities/AuthentikMetrics.cs
@@ -0,0 +1,17 @@
+namespace OTSSignsOrchestrator.Server.Data.Entities;
+
+public enum AuthentikMetricsStatus
+{
+    Healthy,
+    Degraded,
+    Critical
+}
+
+public class AuthentikMetrics
+{
+    public Guid Id { get; set; }
+    public DateTime CheckedAt { get; set; }
+    public AuthentikMetricsStatus Status { get; set; }
+    public int LatencyMs { get; set; }
+    public string? ErrorMessage { get; set; }
+}
--- a/OTSSignsOrchestrator.Server/Data/Entities/ByoiConfig.cs
+++ b/OTSSignsOrchestrator.Server/Data/Entities/ByoiConfig.cs
@@ -0,0 +1,16 @@
+namespace OTSSignsOrchestrator.Server.Data.Entities;
+
+public class ByoiConfig
+{
+    public Guid Id { get; set; }
+    public Guid InstanceId { get; set; }
+    public string Slug { get; set; } = string.Empty;
+    public string EntityId { get; set; } = string.Empty;
+    public string SsoUrl { get; set; } = string.Empty;
+    public string CertPem { get; set; } = string.Empty;
+    public DateTime CertExpiry { get; set; }
+    public bool Enabled { get; set; }
+    public DateTime CreatedAt { get; set; }
+
+    public Instance Instance { get; set; } = null!;
+}
--- a/OTSSignsOrchestrator.Server/Data/Entities/Customer.cs
+++ b/OTSSignsOrchestrator.Server/Data/Entities/Customer.cs
@@ -0,0 +1,38 @@
+namespace OTSSignsOrchestrator.Server.Data.Entities;
+
+public enum CustomerPlan
+{
+    Essentials,
+    Pro
+}
+
+public enum CustomerStatus
+{
+    PendingPayment,
+    Provisioning,
+    Active,
+    Suspended,
+    Decommissioned
+}
+
+public class Customer
+{
+    public Guid Id { get; set; }
+    public string Abbreviation { get; set; } = string.Empty;
+    public string CompanyName { get; set; } = string.Empty;
+    public string AdminEmail { get; set; } = string.Empty;
+    public string AdminFirstName { get; set; } = string.Empty;
+    public string AdminLastName { get; set; } = string.Empty;
+    public CustomerPlan Plan { get; set; }
+    public int ScreenCount { get; set; }
+    public string? StripeCustomerId { get; set; }
+    public string? StripeSubscriptionId { get; set; }
+    public string? StripeCheckoutSessionId { get; set; }
+    public CustomerStatus Status { get; set; }
+    public int FailedPaymentCount { get; set; }
+    public DateTime? FirstPaymentFailedAt { get; set; }
+    public DateTime CreatedAt { get; set; }
+
+    public ICollection<Instance> Instances { get; set; } = [];
+    public ICollection<Job> Jobs { get; set; } = [];
+}
--- a/OTSSignsOrchestrator.Server/Data/Entities/HealthEvent.cs
+++ b/OTSSignsOrchestrator.Server/Data/Entities/HealthEvent.cs
@@ -0,0 +1,21 @@
+namespace OTSSignsOrchestrator.Server.Data.Entities;
+
+public enum HealthEventStatus
+{
+    Healthy,
+    Degraded,
+    Critical
+}
+
+public class HealthEvent
+{
+    public Guid Id { get; set; }
+    public Guid InstanceId { get; set; }
+    public string CheckName { get; set; } = string.Empty;
+    public HealthEventStatus Status { get; set; }
+    public string? Message { get; set; }
+    public bool Remediated { get; set; }
+    public DateTime OccurredAt { get; set; }
+
+    public Instance Instance { get; set; } = null!;
+}
--- a/OTSSignsOrchestrator.Server/Data/Entities/Instance.cs
+++ b/OTSSignsOrchestrator.Server/Data/Entities/Instance.cs
@@ -0,0 +1,30 @@
+namespace OTSSignsOrchestrator.Server.Data.Entities;
+
+public enum HealthStatus
+{
+    Unknown,
+    Healthy,
+    Degraded,
+    Critical
+}
+
+public class Instance
+{
+    public Guid Id { get; set; }
+    public Guid CustomerId { get; set; }
+    public string XiboUrl { get; set; } = string.Empty;
+    public string DockerStackName { get; set; } = string.Empty;
+    public string MysqlDatabase { get; set; } = string.Empty;
+    public string NfsPath { get; set; } = string.Empty;
+    public string? CmsAdminPassRef { get; set; }
+    public string? AuthentikProviderId { get; set; }
+    public HealthStatus HealthStatus { get; set; }
+    public DateTime? LastHealthCheck { get; set; }
+    public DateTime CreatedAt { get; set; }
+
+    public Customer Customer { get; set; } = null!;
+    public ICollection<HealthEvent> HealthEvents { get; set; } = [];
+    public ICollection<ScreenSnapshot> ScreenSnapshots { get; set; } = [];
+    public ICollection<OauthAppRegistry> OauthAppRegistries { get; set; } = [];
+    public ICollection<ByoiConfig> ByoiConfigs { get; set; } = [];
+}
--- a/OTSSignsOrchestrator.Server/Data/Entities/Job.cs
+++ b/OTSSignsOrchestrator.Server/Data/Entities/Job.cs
@@ -0,0 +1,26 @@
+namespace OTSSignsOrchestrator.Server.Data.Entities;
+
+public enum JobStatus
+{
+    Queued,
+    Running,
+    Completed,
+    Failed
+}
+
+public class Job
+{
+    public Guid Id { get; set; }
+    public Guid CustomerId { get; set; }
+    public string JobType { get; set; } = string.Empty;
+    public JobStatus Status { get; set; }
+    public string? TriggeredBy { get; set; }
+    public string? Parameters { get; set; }
+    public DateTime CreatedAt { get; set; }
+    public DateTime? StartedAt { get; set; }
+    public DateTime? CompletedAt { get; set; }
+    public string? ErrorMessage { get; set; }
+
+    public Customer Customer { get; set; } = null!;
+    public ICollection<JobStep> Steps { get; set; } = [];
+}
--- a/OTSSignsOrchestrator.Server/Data/Entities/JobStep.cs
+++ b/OTSSignsOrchestrator.Server/Data/Entities/JobStep.cs
@@ -0,0 +1,22 @@
+namespace OTSSignsOrchestrator.Server.Data.Entities;
+
+public enum JobStepStatus
+{
+    Queued,
+    Running,
+    Completed,
+    Failed
+}
+
+public class JobStep
+{
+    public Guid Id { get; set; }
+    public Guid JobId { get; set; }
+    public string StepName { get; set; } = string.Empty;
+    public JobStepStatus Status { get; set; }
+    public string? LogOutput { get; set; }
+    public DateTime? StartedAt { get; set; }
+    public DateTime? CompletedAt { get; set; }
+
+    public Job Job { get; set; } = null!;
+}
--- a/OTSSignsOrchestrator.Server/Data/Entities/OauthAppRegistry.cs
+++ b/OTSSignsOrchestrator.Server/Data/Entities/OauthAppRegistry.cs
@@ -0,0 +1,11 @@
+namespace OTSSignsOrchestrator.Server.Data.Entities;
+
+public class OauthAppRegistry
+{
+    public Guid Id { get; set; }
+    public Guid InstanceId { get; set; }
+    public string ClientId { get; set; } = string.Empty;
+    public DateTime CreatedAt { get; set; }
+
+    public Instance Instance { get; set; } = null!;
+}
--- a/OTSSignsOrchestrator.Server/Data/Entities/Operator.cs
+++ b/OTSSignsOrchestrator.Server/Data/Entities/Operator.cs
@@ -0,0 +1,18 @@
+namespace OTSSignsOrchestrator.Server.Data.Entities;
+
+public enum OperatorRole
+{
+    Admin,
+    Viewer
+}
+
+public class Operator
+{
+    public Guid Id { get; set; }
+    public string Email { get; set; } = string.Empty;
+    public string PasswordHash { get; set; } = string.Empty;
+    public OperatorRole Role { get; set; }
+    public DateTime CreatedAt { get; set; }
+
+    public ICollection<RefreshToken> RefreshTokens { get; set; } = [];
+}
--- a/OTSSignsOrchestrator.Server/Data/Entities/RefreshToken.cs
+++ b/OTSSignsOrchestrator.Server/Data/Entities/RefreshToken.cs
@@ -0,0 +1,12 @@
+namespace OTSSignsOrchestrator.Server.Data.Entities;
+
+public class RefreshToken
+{
+    public Guid Id { get; set; }
+    public Guid OperatorId { get; set; }
+    public string Token { get; set; } = string.Empty;
+    public DateTime ExpiresAt { get; set; }
+    public DateTime? RevokedAt { get; set; }
+
+    public Operator Operator { get; set; } = null!;
+}
--- a/OTSSignsOrchestrator.Server/Data/Entities/ScreenSnapshot.cs
+++ b/OTSSignsOrchestrator.Server/Data/Entities/ScreenSnapshot.cs
@@ -0,0 +1,12 @@
+namespace OTSSignsOrchestrator.Server.Data.Entities;
+
+public class ScreenSnapshot
+{
+    public Guid Id { get; set; }
+    public Guid InstanceId { get; set; }
+    public DateOnly SnapshotDate { get; set; }
+    public int ScreenCount { get; set; }
+    public DateTime CreatedAt { get; set; }
+
+    public Instance Instance { get; set; } = null!;
+}
--- a/OTSSignsOrchestrator.Server/Data/Entities/StripeEvent.cs
+++ b/OTSSignsOrchestrator.Server/Data/Entities/StripeEvent.cs
@@ -0,0 +1,9 @@
+namespace OTSSignsOrchestrator.Server.Data.Entities;
+
+public class StripeEvent
+{
+    public string StripeEventId { get; set; } = string.Empty;
+    public string EventType { get; set; } = string.Empty;
+    public DateTime ProcessedAt { get; set; }
+    public string? Payload { get; set; }
+}
--- a/OTSSignsOrchestrator.Server/Data/OrchestratorDbContext.cs
+++ b/OTSSignsOrchestrator.Server/Data/OrchestratorDbContext.cs
@@ -0,0 +1,190 @@
+using Microsoft.EntityFrameworkCore;
+using OTSSignsOrchestrator.Server.Data.Entities;
+
+namespace OTSSignsOrchestrator.Server.Data;
+
+public class OrchestratorDbContext : DbContext
+{
+    public OrchestratorDbContext(DbContextOptions<OrchestratorDbContext> options)
+        : base(options) { }
+
+    public DbSet<Customer> Customers => Set<Customer>();
+    public DbSet<Instance> Instances => Set<Instance>();
+    public DbSet<Job> Jobs => Set<Job>();
+    public DbSet<JobStep> JobSteps => Set<JobStep>();
+    public DbSet<HealthEvent> HealthEvents => Set<HealthEvent>();
+    public DbSet<AuditLog> AuditLogs => Set<AuditLog>();
+    public DbSet<StripeEvent> StripeEvents => Set<StripeEvent>();
+    public DbSet<ScreenSnapshot> ScreenSnapshots => Set<ScreenSnapshot>();
+    public DbSet<OauthAppRegistry> OauthAppRegistries => Set<OauthAppRegistry>();
+    public DbSet<AuthentikMetrics> AuthentikMetrics => Set<AuthentikMetrics>();
+    public DbSet<Operator> Operators => Set<Operator>();
+    public DbSet<RefreshToken> RefreshTokens => Set<RefreshToken>();
+    public DbSet<ByoiConfig> ByoiConfigs => Set<ByoiConfig>();
+
+    protected override void OnModelCreating(ModelBuilder modelBuilder)
+    {
+        base.OnModelCreating(modelBuilder);
+
+        // ── Snake-case naming convention ─────────────────────────────────
+        foreach (var entity in modelBuilder.Model.GetEntityTypes())
+        {
+            entity.SetTableName(ToSnakeCase(entity.GetTableName()!));
+
+            foreach (var property in entity.GetProperties())
+                property.SetColumnName(ToSnakeCase(property.GetColumnName()));
+
+            foreach (var key in entity.GetKeys())
+                key.SetName(ToSnakeCase(key.GetName()!));
+
+            foreach (var fk in entity.GetForeignKeys())
+                fk.SetConstraintName(ToSnakeCase(fk.GetConstraintName()!));
+
+            foreach (var index in entity.GetIndexes())
+                index.SetDatabaseName(ToSnakeCase(index.GetDatabaseName()!));
+        }
+
+        // ── Customer ────────────────────────────────────────────────────
+        modelBuilder.Entity<Customer>(e =>
+        {
+            e.HasKey(c => c.Id);
+            e.Property(c => c.Abbreviation).HasMaxLength(8);
+            e.Property(c => c.Plan).HasConversion<string>();
+            e.Property(c => c.Status).HasConversion<string>();
+            e.Property(c => c.FailedPaymentCount).HasDefaultValue(0);
+            e.HasIndex(c => c.Abbreviation).IsUnique();
+            e.HasIndex(c => c.StripeCustomerId).IsUnique();
+        });
+
+        // ── Instance ────────────────────────────────────────────────────
+        modelBuilder.Entity<Instance>(e =>
+        {
+            e.HasKey(i => i.Id);
+            e.Property(i => i.HealthStatus).HasConversion<string>();
+            e.HasIndex(i => i.CustomerId);
+            e.HasIndex(i => i.DockerStackName).IsUnique();
+            e.HasOne(i => i.Customer)
+                .WithMany(c => c.Instances)
+                .HasForeignKey(i => i.CustomerId);
+        });
+
+        // ── Job ─────────────────────────────────────────────────────────
+        modelBuilder.Entity<Job>(e =>
+        {
+            e.HasKey(j => j.Id);
+            e.Property(j => j.Status).HasConversion<string>();
+            e.Property(j => j.Parameters).HasColumnType("text");
+            e.HasIndex(j => j.CustomerId);
+            e.HasOne(j => j.Customer)
+                .WithMany(c => c.Jobs)
+                .HasForeignKey(j => j.CustomerId);
+        });
+
+        // ── JobStep ─────────────────────────────────────────────────────
+        modelBuilder.Entity<JobStep>(e =>
+        {
+            e.HasKey(s => s.Id);
+            e.Property(s => s.Status).HasConversion<string>();
+            e.Property(s => s.LogOutput).HasColumnType("text");
+            e.HasIndex(s => s.JobId);
+            e.HasOne(s => s.Job)
+                .WithMany(j => j.Steps)
+                .HasForeignKey(s => s.JobId);
+        });
+
+        // ── HealthEvent ─────────────────────────────────────────────────
+        modelBuilder.Entity<HealthEvent>(e =>
+        {
+            e.HasKey(h => h.Id);
+            e.Property(h => h.Status).HasConversion<string>();
+            e.HasIndex(h => h.InstanceId);
+            e.HasOne(h => h.Instance)
+                .WithMany(i => i.HealthEvents)
+                .HasForeignKey(h => h.InstanceId);
+        });
+
+        // ── AuditLog ────────────────────────────────────────────────────
+        modelBuilder.Entity<AuditLog>(e =>
+        {
+            e.HasKey(a => a.Id);
+            e.Property(a => a.Detail).HasColumnType("text");
+            e.HasIndex(a => a.InstanceId);
+            e.HasIndex(a => a.OccurredAt);
+        });
+
+        // ── StripeEvent ─────────────────────────────────────────────────
+        modelBuilder.Entity<StripeEvent>(e =>
+        {
+            e.HasKey(s => s.StripeEventId);
+            e.Property(s => s.Payload).HasColumnType("text");
+        });
+
+        // ── ScreenSnapshot ──────────────────────────────────────────────
+        modelBuilder.Entity<ScreenSnapshot>(e =>
+        {
+            e.HasKey(s => s.Id);
+            e.HasIndex(s => s.InstanceId);
+            e.HasOne(s => s.Instance)
+                .WithMany(i => i.ScreenSnapshots)
+                .HasForeignKey(s => s.InstanceId);
+        });
+
+        // ── OauthAppRegistry ────────────────────────────────────────────
+        modelBuilder.Entity<OauthAppRegistry>(e =>
+        {
+            e.HasKey(o => o.Id);
+            e.HasIndex(o => o.InstanceId);
+            e.HasIndex(o => o.ClientId).IsUnique();
+            e.HasOne(o => o.Instance)
+                .WithMany(i => i.OauthAppRegistries)
+                .HasForeignKey(o => o.InstanceId);
+        });
+
+        // ── AuthentikMetrics ────────────────────────────────────────────
+        modelBuilder.Entity<AuthentikMetrics>(e =>
+        {
+            e.HasKey(a => a.Id);
+            e.Property(a => a.Status).HasConversion<string>();
+        });
+
+        // ── Operator ────────────────────────────────────────────────────
+        modelBuilder.Entity<Operator>(e =>
+        {
+            e.HasKey(o => o.Id);
+            e.Property(o => o.Role).HasConversion<string>();
+            e.HasIndex(o => o.Email).IsUnique();
+        });
+
+        // ── RefreshToken ────────────────────────────────────────────────
+        modelBuilder.Entity<RefreshToken>(e =>
+        {
+            e.HasKey(r => r.Id);
+            e.HasIndex(r => r.Token).IsUnique();
+            e.HasIndex(r => r.OperatorId);
+            e.HasOne(r => r.Operator)
+                .WithMany(o => o.RefreshTokens)
+                .HasForeignKey(r => r.OperatorId);
+        });
+
+        // ── ByoiConfig ──────────────────────────────────────────────────
+        modelBuilder.Entity<ByoiConfig>(e =>
+        {
+            e.HasKey(b => b.Id);
+            e.Property(b => b.CertPem).HasColumnType("text");
+            e.HasIndex(b => b.InstanceId);
+            e.HasIndex(b => b.Slug).IsUnique();
+            e.HasOne(b => b.Instance)
+                .WithMany(i => i.ByoiConfigs)
+                .HasForeignKey(b => b.InstanceId);
+        });
+    }
+
+    private static string ToSnakeCase(string name)
+    {
+        return string.Concat(
+            name.Select((c, i) =>
+                i > 0 && char.IsUpper(c) && !char.IsUpper(name[i - 1])
+                    ? "_" + char.ToLowerInvariant(c)
+                    : char.ToLowerInvariant(c).ToString()));
+    }
+}