OTSSigns/OTSSignsOrchestrator
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c6d46098dd5caf610dc255f5a4ffd31b571583dc
OTSSignsOrchestrator/OTSSignsOrchestrator.Server/Health/Checks/ByoiCertExpiryHealthCheck.cs
Matt Batchelder c6d46098dd feat: Implement provisioning pipelines for subscription management 
- Add ReactivatePipeline to handle subscription reactivation, including scaling Docker services, health verification, status updates, audit logging, and broadcasting status changes.
- Introduce RotateCredentialsPipeline for OAuth2 credential rotation, managing the deletion of old apps, creation of new ones, credential storage, access verification, and audit logging.
- Create StepRunner to manage job step execution, including lifecycle management and progress broadcasting via SignalR.
- Implement SuspendPipeline for subscription suspension, scaling down services, updating statuses, logging audits, and broadcasting changes.
- Add UpdateScreenLimitPipeline to update Xibo CMS screen limits and record snapshots.
- Introduce XiboFeatureManifests for hardcoded feature ACLs per role.
- Add docker-compose.dev.yml for local development with PostgreSQL setup.
2026-03-18 10:27:26 -04:00

70 lines
2.8 KiB
C#
Raw Blame History

using OTSSignsOrchestrator.Server.Data.Entities;
namespace OTSSignsOrchestrator.Server.Health.Checks;
/// <summary>
/// For Pro plan BYOI customers: checks certificate expiry from <see cref="ByoiConfig"/>.
/// Alerts at 60-day (Warning), 30-day (Warning), 7-day (Critical) thresholds.
/// AutoRemediate=false — customer must rotate their IdP certificate via the portal.
/// </summary>
public sealed class ByoiCertExpiryHealthCheck : IHealthCheck
{
/// <summary>Alert thresholds in days (descending).</summary>
internal static readonly int[] AlertThresholdDays = [60, 30, 7];
/// <summary>Days at or below which severity escalates to Critical.</summary>
internal const int CriticalThresholdDays = 7;
public string CheckName => "ByoiCertExpiry";
public bool AutoRemediate => false;
public Task<HealthCheckResult> RunAsync(Instance instance, CancellationToken ct)
{
// Only applies to instances with an enabled BYOI config
var byoiConfig = instance.ByoiConfigs.FirstOrDefault(b => b.Enabled);
if (byoiConfig is null)
{
return Task.FromResult(new HealthCheckResult(HealthStatus.Healthy,
"No BYOI config — check not applicable"));
}
// Only Pro customers have BYOI
if (instance.Customer.Plan != CustomerPlan.Pro)
{
return Task.FromResult(new HealthCheckResult(HealthStatus.Healthy,
"Non-Pro plan — BYOI check not applicable"));
}
var daysRemaining = (byoiConfig.CertExpiry - DateTime.UtcNow).TotalDays;
if (daysRemaining <= 0)
{
return Task.FromResult(new HealthCheckResult(HealthStatus.Critical,
$"BYOI certificate has EXPIRED (expired {Math.Abs((int)daysRemaining)} days ago)",
"Customer must rotate their IdP certificate via the portal immediately"));
}
if (daysRemaining <= CriticalThresholdDays)
{
return Task.FromResult(new HealthCheckResult(HealthStatus.Critical,
$"BYOI certificate expires in {(int)daysRemaining} days",
"Urgent: customer must rotate their IdP certificate"));
}
// Check warning thresholds (60 and 30 days)
foreach (var threshold in AlertThresholdDays)
{
if (threshold <= CriticalThresholdDays) continue;
if (daysRemaining <= threshold)
{
return Task.FromResult(new HealthCheckResult(HealthStatus.Degraded,
$"BYOI certificate expires in {(int)daysRemaining} days (threshold: {threshold}d)",
"Customer should plan certificate rotation"));
}
}
return Task.FromResult(new HealthCheckResult(HealthStatus.Healthy,
$"BYOI certificate valid for {(int)daysRemaining} more days"));
}
}
Reference in New Issue View Git Blame Copy Permalink