OTSSigns/OTSSignsOrchestrator
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c6d46098dd5caf610dc255f5a4ffd31b571583dc
OTSSignsOrchestrator/OTSSignsOrchestrator.Server/Health/Checks/OauthAppAgeHealthCheck.cs
Matt Batchelder c6d46098dd feat: Implement provisioning pipelines for subscription management 
- Add ReactivatePipeline to handle subscription reactivation, including scaling Docker services, health verification, status updates, audit logging, and broadcasting status changes.
- Introduce RotateCredentialsPipeline for OAuth2 credential rotation, managing the deletion of old apps, creation of new ones, credential storage, access verification, and audit logging.
- Create StepRunner to manage job step execution, including lifecycle management and progress broadcasting via SignalR.
- Implement SuspendPipeline for subscription suspension, scaling down services, updating statuses, logging audits, and broadcasting changes.
- Add UpdateScreenLimitPipeline to update Xibo CMS screen limits and record snapshots.
- Introduce XiboFeatureManifests for hardcoded feature ACLs per role.
- Add docker-compose.dev.yml for local development with PostgreSQL setup.
2026-03-18 10:27:26 -04:00

51 lines
2.0 KiB
C#
Raw Blame History

using OTSSignsOrchestrator.Server.Data.Entities;
namespace OTSSignsOrchestrator.Server.Health.Checks;
/// <summary>
/// Checks the age of the OAuth2 application credentials from <see cref="OauthAppRegistry.CreatedAt"/>.
/// Alerts Warning at 180 days, Critical at 365 days. AutoRemediate=false — suggests
/// a "rotate-oauth2" job instead.
/// </summary>
public sealed class OauthAppAgeHealthCheck : IHealthCheck
{
/// <summary>Days at which severity escalates to Warning.</summary>
internal const int WarningThresholdDays = 180;
/// <summary>Days at which severity escalates to Critical.</summary>
internal const int CriticalThresholdDays = 365;
public string CheckName => "OauthAppAge";
public bool AutoRemediate => false;
public Task<HealthCheckResult> RunAsync(Instance instance, CancellationToken ct)
{
var oauthApp = instance.OauthAppRegistries
.OrderByDescending(o => o.CreatedAt)
.FirstOrDefault();
if (oauthApp is null)
return Task.FromResult(new HealthCheckResult(HealthStatus.Degraded,
"No OAuth app registered"));
var ageDays = (DateTime.UtcNow - oauthApp.CreatedAt).TotalDays;
if (ageDays >= CriticalThresholdDays)
{
return Task.FromResult(new HealthCheckResult(HealthStatus.Critical,
$"OAuth2 credentials are {(int)ageDays} days old (critical threshold: {CriticalThresholdDays}d)",
"Create a 'rotate-credentials' job to rotate the OAuth2 application"));
}
if (ageDays >= WarningThresholdDays)
{
return Task.FromResult(new HealthCheckResult(HealthStatus.Degraded,
$"OAuth2 credentials are {(int)ageDays} days old (warning threshold: {WarningThresholdDays}d)",
"Schedule credential rotation before they reach 365 days"));
}
return Task.FromResult(new HealthCheckResult(HealthStatus.Healthy,
$"OAuth2 credentials are {(int)ageDays} days old"));
}
}
Reference in New Issue View Git Blame Copy Permalink