Hide extended health check information behind superuser permission or a session property
Also adds an endpoint that (when specified with the proper secret), sets the session property
This commit is contained in:
parent
4ad3682b9c
commit
b7d6bb12fa
3 changed files with 37 additions and 6 deletions
|
@ -471,3 +471,6 @@ class DefaultConfig(ImmutableConfig):
|
||||||
|
|
||||||
# Feature Flag: Whether users can view and change their tag expiration.
|
# Feature Flag: Whether users can view and change their tag expiration.
|
||||||
FEATURE_CHANGE_TAG_EXPIRATION = True
|
FEATURE_CHANGE_TAG_EXPIRATION = True
|
||||||
|
|
||||||
|
# Defines a secret for enabling the health-check endpoint's debug information.
|
||||||
|
ENABLE_HEALTH_DEBUG_SECRET = None
|
||||||
|
|
|
@ -6,7 +6,7 @@ from datetime import timedelta, datetime
|
||||||
|
|
||||||
from cachetools import lru_cache
|
from cachetools import lru_cache
|
||||||
from flask import (abort, redirect, request, url_for, make_response, Response, render_template,
|
from flask import (abort, redirect, request, url_for, make_response, Response, render_template,
|
||||||
Blueprint, jsonify, send_file)
|
Blueprint, jsonify, send_file, session)
|
||||||
from flask_login import current_user
|
from flask_login import current_user
|
||||||
|
|
||||||
import features
|
import features
|
||||||
|
@ -260,6 +260,7 @@ def privacy():
|
||||||
# TODO(jschorr): Remove this mirrored endpoint once we migrate ELB.
|
# TODO(jschorr): Remove this mirrored endpoint once we migrate ELB.
|
||||||
@web.route('/health', methods=['GET'])
|
@web.route('/health', methods=['GET'])
|
||||||
@web.route('/health/instance', methods=['GET'])
|
@web.route('/health/instance', methods=['GET'])
|
||||||
|
@process_auth_or_cookie
|
||||||
@no_cache
|
@no_cache
|
||||||
def instance_health():
|
def instance_health():
|
||||||
checker = get_healthchecker(app, config_provider, instance_keys)
|
checker = get_healthchecker(app, config_provider, instance_keys)
|
||||||
|
@ -272,6 +273,7 @@ def instance_health():
|
||||||
# TODO(jschorr): Remove this mirrored endpoint once we migrate pingdom.
|
# TODO(jschorr): Remove this mirrored endpoint once we migrate pingdom.
|
||||||
@web.route('/status', methods=['GET'])
|
@web.route('/status', methods=['GET'])
|
||||||
@web.route('/health/endtoend', methods=['GET'])
|
@web.route('/health/endtoend', methods=['GET'])
|
||||||
|
@process_auth_or_cookie
|
||||||
@no_cache
|
@no_cache
|
||||||
def endtoend_health():
|
def endtoend_health():
|
||||||
checker = get_healthchecker(app, config_provider, instance_keys)
|
checker = get_healthchecker(app, config_provider, instance_keys)
|
||||||
|
@ -283,6 +285,7 @@ def endtoend_health():
|
||||||
|
|
||||||
@web.route('/health/dbrevision', methods=['GET'])
|
@web.route('/health/dbrevision', methods=['GET'])
|
||||||
@route_show_if(features.BILLING) # Since this is only used in production.
|
@route_show_if(features.BILLING) # Since this is only used in production.
|
||||||
|
@process_auth_or_cookie
|
||||||
@no_cache
|
@no_cache
|
||||||
def dbrevision_health():
|
def dbrevision_health():
|
||||||
# Find the revision from the database.
|
# Find the revision from the database.
|
||||||
|
@ -305,6 +308,23 @@ def dbrevision_health():
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
|
||||||
|
@web.route('/health/enabledebug/<secret>', methods=['GET'])
|
||||||
|
@no_cache
|
||||||
|
def enable_health_debug(secret):
|
||||||
|
if not secret:
|
||||||
|
abort(404)
|
||||||
|
|
||||||
|
if not app.config.get('ENABLE_HEALTH_DEBUG_SECRET'):
|
||||||
|
abort(404)
|
||||||
|
|
||||||
|
if app.config.get('ENABLE_HEALTH_DEBUG_SECRET') != secret:
|
||||||
|
abort(404)
|
||||||
|
|
||||||
|
session['health_debug'] = True
|
||||||
|
return make_response('Health check debug information enabled')
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@web.route('/robots.txt', methods=['GET'])
|
@web.route('/robots.txt', methods=['GET'])
|
||||||
def robots():
|
def robots():
|
||||||
robots_txt = make_response(render_template('robots.txt', baseurl=get_app_url()))
|
robots_txt = make_response(render_template('robots.txt', baseurl=get_app_url()))
|
||||||
|
|
|
@ -1,5 +1,8 @@
|
||||||
import boto.rds2
|
import boto.rds2
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
|
from auth.permissions import SuperUserPermission
|
||||||
|
from flask import session
|
||||||
from health.services import check_all_services
|
from health.services import check_all_services
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
@ -68,12 +71,17 @@ class HealthCheck(object):
|
||||||
|
|
||||||
data = {
|
data = {
|
||||||
'services': service_statuses_bools,
|
'services': service_statuses_bools,
|
||||||
|
}
|
||||||
|
|
||||||
|
add_debug_information = SuperUserPermission().can() or session.get('health_debug', False)
|
||||||
|
if add_debug_information:
|
||||||
|
data.update({
|
||||||
'services_expanded': service_status_expanded,
|
'services_expanded': service_status_expanded,
|
||||||
'notes': notes,
|
'notes': notes,
|
||||||
'is_testing': self.app.config['TESTING'],
|
'is_testing': self.app.config['TESTING'],
|
||||||
'config_provider': self.config_provider.provider_id,
|
'config_provider': self.config_provider.provider_id,
|
||||||
'local_service_key_id': self.instance_keys.local_key_id,
|
'local_service_key_id': self.instance_keys.local_key_id,
|
||||||
}
|
})
|
||||||
|
|
||||||
return (data, 200 if is_healthy else 503)
|
return (data, 200 if is_healthy else 503)
|
||||||
|
|
||||||
|
|
Reference in a new issue