OTSSigns/OTSSignsOrchestrator
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c6d46098dd5caf610dc255f5a4ffd31b571583dc
OTSSignsOrchestrator/OTSSignsOrchestrator.Server/Health/Checks/InvitationFlowHealthCheck.cs
Matt Batchelder c6d46098dd feat: Implement provisioning pipelines for subscription management 
- Add ReactivatePipeline to handle subscription reactivation, including scaling Docker services, health verification, status updates, audit logging, and broadcasting status changes.
- Introduce RotateCredentialsPipeline for OAuth2 credential rotation, managing the deletion of old apps, creation of new ones, credential storage, access verification, and audit logging.
- Create StepRunner to manage job step execution, including lifecycle management and progress broadcasting via SignalR.
- Implement SuspendPipeline for subscription suspension, scaling down services, updating statuses, logging audits, and broadcasting changes.
- Add UpdateScreenLimitPipeline to update Xibo CMS screen limits and record snapshots.
- Introduce XiboFeatureManifests for hardcoded feature ACLs per role.
- Add docker-compose.dev.yml for local development with PostgreSQL setup.
2026-03-18 10:27:26 -04:00

64 lines
2.4 KiB
C#
Raw Blame History

using OTSSignsOrchestrator.Server.Clients;
using OTSSignsOrchestrator.Server.Data.Entities;
namespace OTSSignsOrchestrator.Server.Health.Checks;
/// <summary>
/// Verifies the <c>invite-{abbrev}</c> flow exists in Authentik by searching for it
/// in the invitation stages list.
/// </summary>
public sealed class InvitationFlowHealthCheck : IHealthCheck
{
private readonly IAuthentikClient _authentikClient;
private readonly ILogger<InvitationFlowHealthCheck> _logger;
public string CheckName => "InvitationFlow";
public bool AutoRemediate => false;
public InvitationFlowHealthCheck(
IAuthentikClient authentikClient,
ILogger<InvitationFlowHealthCheck> logger)
{
_authentikClient = authentikClient;
_logger = logger;
}
public async Task<HealthCheckResult> RunAsync(Instance instance, CancellationToken ct)
{
var abbrev = instance.Customer.Abbreviation;
var expectedName = $"invite-{abbrev}";
try
{
// Search Authentik groups for evidence of the invitation flow
// The invitation is created as a stage invitation; we verify via the
// Authentik API by searching for it by name.
var groupResponse = await _authentikClient.ListGroupsAsync(expectedName);
if (groupResponse.IsSuccessStatusCode && groupResponse.Content?.Results is { Count: > 0 })
{
var found = groupResponse.Content.Results.Any(g =>
g.TryGetValue("name", out var n) &&
string.Equals(n?.ToString(), expectedName, StringComparison.OrdinalIgnoreCase));
if (found)
{
return new HealthCheckResult(HealthStatus.Healthy,
$"Invitation flow '{expectedName}' exists in Authentik");
}
}
// If groups don't show it, it's still possible the invitation was created
// as a separate stage object. Log as degraded since we can't fully confirm.
return new HealthCheckResult(HealthStatus.Degraded,
$"Invitation flow '{expectedName}' not found in Authentik",
"The invitation may exist but could not be verified via group search");
}
catch (Exception ex)
{
return new HealthCheckResult(HealthStatus.Critical,
$"Failed to check invitation flow: {ex.Message}");
}
}
}
Reference in New Issue View Git Blame Copy Permalink