Hide extended health check information behind superuser permission or a session property

Also adds an endpoint that (when specified with the proper secret), sets the session property

config.py

@@ -471,3 +471,6 @@ class DefaultConfig(ImmutableConfig):
 
   # Feature Flag: Whether users can view and change their tag expiration.
   FEATURE_CHANGE_TAG_EXPIRATION = True
+
+  # Defines a secret for enabling the health-check endpoint's debug information.
+  ENABLE_HEALTH_DEBUG_SECRET = None

endpoints/web.py

@@ -6,7 +6,7 @@ from datetime import timedelta, datetime
 
 from cachetools import lru_cache
 from flask import (abort, redirect, request, url_for, make_response, Response, render_template,
-                   Blueprint, jsonify, send_file)
+                   Blueprint, jsonify, send_file, session)
 from flask_login import current_user
 
 import features
@@ -260,6 +260,7 @@ def privacy():
 # TODO(jschorr): Remove this mirrored endpoint once we migrate ELB.
 @web.route('/health', methods=['GET'])
 @web.route('/health/instance', methods=['GET'])
+@process_auth_or_cookie
 @no_cache
 def instance_health():
   checker = get_healthchecker(app, config_provider, instance_keys)
@@ -272,6 +273,7 @@ def instance_health():
 # TODO(jschorr): Remove this mirrored endpoint once we migrate pingdom.
 @web.route('/status', methods=['GET'])
 @web.route('/health/endtoend', methods=['GET'])
+@process_auth_or_cookie
 @no_cache
 def endtoend_health():
   checker = get_healthchecker(app, config_provider, instance_keys)
@@ -283,6 +285,7 @@ def endtoend_health():
 
 @web.route('/health/dbrevision', methods=['GET'])
 @route_show_if(features.BILLING) # Since this is only used in production.
+@process_auth_or_cookie
 @no_cache
 def dbrevision_health():
   # Find the revision from the database.
@@ -305,6 +308,23 @@ def dbrevision_health():
   return response
 
 
+@web.route('/health/enabledebug/<secret>', methods=['GET'])
+@no_cache
+def enable_health_debug(secret):
+  if not secret:
+    abort(404)
+
+  if not app.config.get('ENABLE_HEALTH_DEBUG_SECRET'):
+    abort(404)
+
+  if app.config.get('ENABLE_HEALTH_DEBUG_SECRET') != secret:
+    abort(404)
+
+  session['health_debug'] = True
+  return make_response('Health check debug information enabled')
+
+
+
 @web.route('/robots.txt', methods=['GET'])
 def robots():
   robots_txt = make_response(render_template('robots.txt', baseurl=get_app_url()))

health/healthcheck.py

@@ -1,5 +1,8 @@
 import boto.rds2
 import logging
+
+from auth.permissions import SuperUserPermission
+from flask import session
 from health.services import check_all_services
 
 logger = logging.getLogger(__name__)
@@ -68,13 +71,18 @@ class HealthCheck(object):
 
     data = {
       'services': service_statuses_bools,
-      'services_expanded': service_status_expanded,
-      'notes': notes,
-      'is_testing': self.app.config['TESTING'],
-      'config_provider': self.config_provider.provider_id,
-      'local_service_key_id': self.instance_keys.local_key_id,
     }
 
+    add_debug_information = SuperUserPermission().can() or session.get('health_debug', False)
+    if add_debug_information:
+      data.update({
+        'services_expanded': service_status_expanded,
+        'notes': notes,
+        'is_testing': self.app.config['TESTING'],
+        'config_provider': self.config_provider.provider_id,
+        'local_service_key_id': self.instance_keys.local_key_id,
+      })
+
     return (data, 200 if is_healthy else 503)
 
   @classmethod