feat: Implement provisioning pipelines for subscription management

- Add ReactivatePipeline to handle subscription reactivation, including scaling Docker services, health verification, status updates, audit logging, and broadcasting status changes. - Introduce RotateCredentialsPipeline for OAuth2 credential rotation, managing the deletion of old apps, creation of new ones, credential storage, access verification, and audit logging. - Create StepRunner to manage job step execution, including lifecycle management and progress broadcasting via SignalR. - Implement SuspendPipeline for subscription suspension, scaling down services, updating statuses, logging audits, and broadcasting changes. - Add UpdateScreenLimitPipeline to update Xibo CMS screen limits and record snapshots. - Introduce XiboFeatureManifests for hardcoded feature ACLs per role. - Add docker-compose.dev.yml for local development with PostgreSQL setup.
2026-03-18 10:27:26 -04:00
parent c2e03de8bb
commit c6d46098dd
77 changed files with 9412 additions and 29 deletions
--- a/OTSSignsOrchestrator.Server/Health/Checks/XiboApiHealthCheck.cs
+++ b/OTSSignsOrchestrator.Server/Health/Checks/XiboApiHealthCheck.cs
@@ -0,0 +1,61 @@
+using OTSSignsOrchestrator.Server.Clients;
+using OTSSignsOrchestrator.Server.Data.Entities;
+
+namespace OTSSignsOrchestrator.Server.Health.Checks;
+
+/// <summary>
+/// Verifies the Xibo CMS API is reachable by calling GET /about and expecting a 200 response.
+/// </summary>
+public sealed class XiboApiHealthCheck : IHealthCheck
+{
+    private readonly XiboClientFactory _clientFactory;
+    private readonly IServiceProvider _services;
+    private readonly ILogger<XiboApiHealthCheck> _logger;
+
+    public string CheckName => "XiboApi";
+    public bool AutoRemediate => false;
+
+    public XiboApiHealthCheck(
+        XiboClientFactory clientFactory,
+        IServiceProvider services,
+        ILogger<XiboApiHealthCheck> logger)
+    {
+        _clientFactory = clientFactory;
+        _services = services;
+        _logger = logger;
+    }
+
+    public async Task<HealthCheckResult> RunAsync(Instance instance, CancellationToken ct)
+    {
+        var client = await ResolveClientAsync(instance);
+        if (client is null)
+            return new HealthCheckResult(HealthStatus.Critical, "No OAuth app registered — cannot reach API");
+
+        try
+        {
+            var response = await client.GetAboutAsync();
+            return response.IsSuccessStatusCode
+                ? new HealthCheckResult(HealthStatus.Healthy, "Xibo API reachable")
+                : new HealthCheckResult(HealthStatus.Critical,
+                    $"Xibo API returned {response.StatusCode}",
+                    response.Error?.Content);
+        }
+        catch (Exception ex)
+        {
+            return new HealthCheckResult(HealthStatus.Critical, $"Xibo API unreachable: {ex.Message}");
+        }
+    }
+
+    private async Task<IXiboApiClient?> ResolveClientAsync(Instance instance)
+    {
+        var oauthApp = instance.OauthAppRegistries.FirstOrDefault();
+        if (oauthApp is null) return null;
+
+        var settings = _services.GetRequiredService<OTSSignsOrchestrator.Core.Services.SettingsService>();
+        var abbrev = instance.Customer.Abbreviation;
+        var secret = await settings.GetAsync(Core.Services.SettingsService.InstanceOAuthSecretId(abbrev));
+        if (string.IsNullOrEmpty(secret)) return null;
+
+        return await _clientFactory.CreateAsync(instance.XiboUrl, oauthApp.ClientId, secret);
+    }
+}