diff --git a/config.py b/config.py index 671e174bd..795443317 100644 --- a/config.py +++ b/config.py @@ -471,3 +471,6 @@ class DefaultConfig(ImmutableConfig): # Feature Flag: Whether users can view and change their tag expiration. FEATURE_CHANGE_TAG_EXPIRATION = True + + # Defines a secret for enabling the health-check endpoint's debug information. + ENABLE_HEALTH_DEBUG_SECRET = None diff --git a/endpoints/web.py b/endpoints/web.py index 499cc181c..feefc8465 100644 --- a/endpoints/web.py +++ b/endpoints/web.py @@ -6,7 +6,7 @@ from datetime import timedelta, datetime from cachetools import lru_cache from flask import (abort, redirect, request, url_for, make_response, Response, render_template, - Blueprint, jsonify, send_file) + Blueprint, jsonify, send_file, session) from flask_login import current_user import features @@ -260,6 +260,7 @@ def privacy(): # TODO(jschorr): Remove this mirrored endpoint once we migrate ELB. @web.route('/health', methods=['GET']) @web.route('/health/instance', methods=['GET']) +@process_auth_or_cookie @no_cache def instance_health(): checker = get_healthchecker(app, config_provider, instance_keys) @@ -272,6 +273,7 @@ def instance_health(): # TODO(jschorr): Remove this mirrored endpoint once we migrate pingdom. @web.route('/status', methods=['GET']) @web.route('/health/endtoend', methods=['GET']) +@process_auth_or_cookie @no_cache def endtoend_health(): checker = get_healthchecker(app, config_provider, instance_keys) @@ -283,6 +285,7 @@ def endtoend_health(): @web.route('/health/dbrevision', methods=['GET']) @route_show_if(features.BILLING) # Since this is only used in production. +@process_auth_or_cookie @no_cache def dbrevision_health(): # Find the revision from the database. @@ -305,6 +308,23 @@ def dbrevision_health(): return response +@web.route('/health/enabledebug/', methods=['GET']) +@no_cache +def enable_health_debug(secret): + if not secret: + abort(404) + + if not app.config.get('ENABLE_HEALTH_DEBUG_SECRET'): + abort(404) + + if app.config.get('ENABLE_HEALTH_DEBUG_SECRET') != secret: + abort(404) + + session['health_debug'] = True + return make_response('Health check debug information enabled') + + + @web.route('/robots.txt', methods=['GET']) def robots(): robots_txt = make_response(render_template('robots.txt', baseurl=get_app_url())) diff --git a/health/healthcheck.py b/health/healthcheck.py index 632bb5920..f0e8a28b9 100644 --- a/health/healthcheck.py +++ b/health/healthcheck.py @@ -1,5 +1,8 @@ import boto.rds2 import logging + +from auth.permissions import SuperUserPermission +from flask import session from health.services import check_all_services logger = logging.getLogger(__name__) @@ -68,13 +71,18 @@ class HealthCheck(object): data = { 'services': service_statuses_bools, - 'services_expanded': service_status_expanded, - 'notes': notes, - 'is_testing': self.app.config['TESTING'], - 'config_provider': self.config_provider.provider_id, - 'local_service_key_id': self.instance_keys.local_key_id, } + add_debug_information = SuperUserPermission().can() or session.get('health_debug', False) + if add_debug_information: + data.update({ + 'services_expanded': service_status_expanded, + 'notes': notes, + 'is_testing': self.app.config['TESTING'], + 'config_provider': self.config_provider.provider_id, + 'local_service_key_id': self.instance_keys.local_key_id, + }) + return (data, 200 if is_healthy else 503) @classmethod