Hub: implement hub instance registration on startup

Author: webprofusion-chrisc

src/Certify.Client/CertifyApiClient.cs

@@ -767,6 +767,12 @@ public async Task<List<SecurityPrinciple>> GetAccessSecurityPrinciples(AuthConte
             return JsonConvert.DeserializeObject<ActionResult>(await result.Content.ReadAsStringAsync());
         }
 
+        public async Task<HubInfo> GetHubInfo(AuthContext authContext = null)
+        {
+            var result = await FetchAsync("system/hub/info", authContext);
+            return JsonToObject<HubInfo>(result);
+        }
+
         #endregion
         private T JsonToObject<T>(string json)
         {

src/Certify.Client/ICertifyClient.cs

@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Threading.Tasks;
 using Certify.Models;
@@ -31,6 +31,7 @@ public partial interface ICertifyInternalApiClient
         Task<ActionResult> JoinManagementHub(HubJoiningClientSecret hubJoiningClientSecret, AuthContext authContext = null);
         Task<ActionResult> CheckManagementHubCredentials(HubJoiningClientSecret hubJoiningClientSecret, AuthContext authContext = null);
         Task<ActionResult> CheckManagementHubConnectionStatus(AuthContext authContext = null);
+        Task<HubInfo> GetHubInfo(AuthContext authContext = null);
         Task<Certify.Models.Config.ActionResult> CheckApiTokenHasAccess(AccessToken token, AccessCheck check, AuthContext authContext = null);
         #endregion System
 

src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs

@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.IO;
@@ -24,6 +24,16 @@ private async Task UpgradeSettings()
             var systemVersion = Util.GetAppVersion().ToString();
             var previousVersion = CoreAppSettings.Current.CurrentServiceVersion;
 
+            if (
+                Environment.GetEnvironmentVariable("CERTIFY_ENABLE_MANAGEMENT_HUB")?.Equals("true", StringComparison.InvariantCultureIgnoreCase) == true
+                || CoreAppSettings.Current.IsManagementHubService
+                || _isDirectMgmtHubBackend
+                )
+            {
+                // instance is running as a management hub backend (remote or direct)
+                _isMgtmHubBackend = true;
+            }
+
             if (CoreAppSettings.Current.CurrentServiceVersion != systemVersion || Environment.GetEnvironmentVariable("CERTIFY_UPGRADE_SETTINGS") == "true")
             {
                 _tc?.TrackEvent("ServiceUpgrade", new Dictionary<string, string> {
@@ -34,22 +44,55 @@ private async Task UpgradeSettings()
                 // service has been updated, run any required migrations
                 await PerformServiceUpgrades();
 
+                // update the system version
                 CoreAppSettings.Current.CurrentServiceVersion = systemVersion;
 
-                if (Environment.GetEnvironmentVariable("CERTIFY_ENABLE_MANAGEMENT_HUB")?.Equals("true", StringComparison.InvariantCultureIgnoreCase) == true)
+                if (_isMgtmHubBackend)
                 {
                     CoreAppSettings.Current.IsManagementHubService = true;
                 }
 
                 SettingsManager.SaveAppSettings();
 
-                var accessControl = await GetCurrentAccessControl();
-
+                // if we are a management hub backend, register with the hub if not already registered
                 if (CoreAppSettings.Current.IsManagementHubService)
                 {
+                    var accessControl = await GetCurrentAccessControl();
                     await AccessControlConfig.ConfigureStandardUsersAndRoles(accessControl);
                 }
             }
+
+            if (_isMgtmHubBackend)
+            {
+                // we are the hub backend instance directly connected, if we are not already registered, register now
+
+                var hubInstance = string.IsNullOrEmpty(_serverConfig.HubAssignedInstanceId) ? null : await GetHubManagedInstance(_serverConfig.HubAssignedInstanceId);
+
+                if (hubInstance == null)
+                {
+                    var newInstance = GetManagedInstanceInfo();
+
+                    newInstance.Description = "Primary Certify Manager Instance (Hub)";
+
+                    var newHubInstanceResult = await AddHubManagedInstance(newInstance);
+
+                    _serverConfig.HubAssignedInstanceId = newHubInstanceResult.Result.InstanceId;
+                    SharedUtils.ServiceConfigManager.StoreUpdatedAppServiceConfig(_serverConfig);
+                }
+                else
+                {
+                    // update instance details
+                    var updatedInstance = GetManagedInstanceInfo();
+
+                    hubInstance.OS = updatedInstance.OS;
+                    hubInstance.OSVersion = updatedInstance.OSVersion;
+                    hubInstance.Title = updatedInstance.Title;
+                    hubInstance.ClientName = updatedInstance.ClientName;
+                    hubInstance.ClientVersion = updatedInstance.ClientVersion;
+
+                    await UpdateHubManagedInstance(hubInstance);
+                }
+            }
         }
 
         /// <summary>
@@ -264,7 +307,7 @@ private async Task PerformCertificateStatusChecks(CancellationToken cancelToken,
 #if NET9_0_OR_GREATER
                                         var x509Cert2 = System.Security.Cryptography.X509Certificates.X509CertificateLoader.LoadPkcs12FromFile(item.CertificatePath, await GetPfxPassword(item));
 #else
-                                        var x509Cert2 = new System.Security.Cryptography.X509Certificates.X509Certificate2(File.ReadAllBytes(item.CertificatePath), await GetPfxPassword(item));                            
+                                        var x509Cert2 = new System.Security.Cryptography.X509Certificates.X509Certificate2(File.ReadAllBytes(item.CertificatePath), await GetPfxPassword(item));
 #endif
                                         var ariCertId = item.ARICertificateId ?? Certify.Shared.Core.Utils.PKI.CertUtils.GetARICertIdBase64(x509Cert2);
                                         var info = await provider.GetRenewalInfo(ariCertId);

src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedInstances.cs

@@ -18,7 +18,23 @@ public async Task<ActionResult<ManagedInstanceInfo>> AddHubManagedInstance(Manag
 
         public async Task<ActionResult> UpdateHubManagedInstance(ManagedInstanceInfo item)
         {
-            await _configStore.Update(nameof(ManagedInstanceInfo), item);
+            var existing = await _configStore.Get<ManagedInstanceInfo>(nameof(ManagedInstanceInfo), item.Id);
+
+            existing.OS = item.OS;
+            existing.OSVersion = item.OSVersion;
+
+            existing.ClientName = item.ClientName;
+            existing.ClientVersion = item.ClientVersion;
+
+            existing.Title = item.Title;
+            existing.Description = item.Description;
+
+            existing.DateLastReported = item.DateLastReported;
+
+            existing.Tags = item.Tags;
+
+            await _configStore.Update(nameof(ManagedInstanceInfo), existing);
+
             return new ActionResult("Updated", true);
         }
 

src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs

@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text.Json;
@@ -18,7 +18,8 @@ namespace Certify.Management
     public partial class CertifyManager
     {
         private IManagementServerClient _managementServerClient;
-        private bool _isDirectMgmtHubClient = false;
+        private bool _isDirectMgmtHubBackend = false;
+        private bool _isMgtmHubBackend = false;
         private bool _isHubConnectionErrorLogged = false;
         private ClientSecret _mgmtHubJoiningSecret;
         private const string _mgmtHubJoiningCredId = "_ManagementHubJoiningKey";
@@ -141,16 +142,45 @@ public async Task<ActionResult<HubJoiningInfo>> CheckManagementHubCredentials(st
             }
         }
 
+        public void EnableManagementHubBackend(bool isDirectHubBackend)
+        {
+            _isDirectMgmtHubBackend = isDirectHubBackend;
+
+        }
+
         public void SetDirectManagementClient(IManagementServerClient client)
         {
             _managementServerClient = client;
-            _isDirectMgmtHubClient = true;
+        }
+
+        public async Task<HubInfo> GetHubInfo()
+        {
+            if (_isMgtmHubBackend)
+            {
+                var hubInfo = new HubInfo();
+
+                hubInfo.InstanceId = _serverConfig.HubAssignedInstanceId;
+
+                var versionInfo = Util.GetAppVersion().ToString();
+
+                hubInfo.Version = new Models.Hub.VersionInfo
+                {
+                    Version = versionInfo,
+                    Product = "Certify Management Hub"
+                };
+
+                return hubInfo;
+            }
+            else
+            {
+                return null;
+            }
         }
 
         private JsonWebTokenHandler _joiningTokenHandler = new JsonWebTokenHandler();
         private async Task EnsureMgmtHubConnection()
         {
-            if (!_isDirectMgmtHubClient)
+            if (!_isDirectMgmtHubBackend)
             {
                 // check we have a current non-expired joining token
                 if (!string.IsNullOrWhiteSpace(_mgmtHubJoiningToken))
@@ -181,7 +211,7 @@ private async Task EnsureMgmtHubConnection()
                 var endpoint = string.Empty;
                 var defaultEnpoint = "api/internal/managementhub";
 
-                if (!_isDirectMgmtHubClient)
+                if (!_isDirectMgmtHubBackend)
                 {
                     // construct hub api url and status hub api endpoint
                     if (Environment.GetEnvironmentVariable("CERTIFY_MANAGEMENT_HUB") != null)

src/Certify.Models/Providers/ICertifyManager.cs

@@ -92,6 +92,7 @@ public interface ICertifyManager
 
         Task<InstanceCommandResult> PerformHubCommandWithResult(InstanceCommandRequest arg);
         void SetDirectManagementClient(IManagementServerClient client);
+        void EnableManagementHubBackend(bool isDirectHubBackend);
         ManagedInstanceInfo GetManagedInstanceInfo();
         Task<ActionResult> CheckManagementHubConnectionStatus();
 
@@ -105,5 +106,7 @@ public interface ICertifyManager
         Task<Certify.Models.Config.ActionResult> RemoveHubItemTags(ICollection<string> tagsIds);
         Task<ICollection<ItemTag>> GetAllHubItemTags();
         Task<ICollection<ItemTag>> GetHubItemTags(string itemId, string itemTypeId);
+
+        Task<HubInfo> GetHubInfo();
     }
 }

src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedInstanceController.cs

@@ -1,6 +1,5 @@
 using Certify.Management;
 using Certify.Models.Hub;
-using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Certify.Service.Controllers
@@ -10,7 +9,6 @@ namespace Certify.Service.Controllers
     public class ManagedInstanceController : ControllerBase
     {
         private ICertifyManager _certifyManager;
-        private IDataProtectionProvider _dataProtectionProvider;
 
         public ManagedInstanceController(ICertifyManager certifyManager)
         {
@@ -24,10 +22,10 @@ public ManagedInstanceController(ICertifyManager certifyManager)
         /// <param name="id">Hub assigned instance id</param>
         /// <returns></returns>
         [HttpGet]
+        [Route("{id}")]
         public async Task<ManagedInstanceInfo> Get(string id)
         {
             return await _certifyManager.GetHubManagedInstance(id);
-
         }
 
         [HttpPost]
@@ -44,6 +42,7 @@ public async Task<ManagedInstanceInfo> Get(string id)
         }
 
         [HttpGet]
+        [Route("list")]
         public async Task<ICollection<ManagedInstanceInfo>> List()
         {
             return await _certifyManager.GetHubManagedInstances();

src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/SystemController.cs

@@ -106,5 +106,8 @@ public async Task<List<ActionStep>> TestDataStore(DataStoreConnection dataStore)
 
         [HttpGet, Route("hub/status")]
         public async Task<Models.Config.ActionResult> CheckManagementHubConnectionStatus() => await _certifyManager.CheckManagementHubConnectionStatus();
+
+        [HttpGet, Route("hub/info")]
+        public async Task<HubInfo> GetHubInfo() => await _certifyManager.GetHubInfo();
     }
 }