Hide extended health check information behind superuser permission or a session property
Also adds an endpoint that (when specified with the proper secret), sets the session property
This commit is contained in:
parent
4ad3682b9c
commit
b7d6bb12fa
3 changed files with 37 additions and 6 deletions
|
@ -471,3 +471,6 @@ class DefaultConfig(ImmutableConfig):
|
|||
|
||||
# Feature Flag: Whether users can view and change their tag expiration.
|
||||
FEATURE_CHANGE_TAG_EXPIRATION = True
|
||||
|
||||
# Defines a secret for enabling the health-check endpoint's debug information.
|
||||
ENABLE_HEALTH_DEBUG_SECRET = None
|
||||
|
|
|
@ -6,7 +6,7 @@ from datetime import timedelta, datetime
|
|||
|
||||
from cachetools import lru_cache
|
||||
from flask import (abort, redirect, request, url_for, make_response, Response, render_template,
|
||||
Blueprint, jsonify, send_file)
|
||||
Blueprint, jsonify, send_file, session)
|
||||
from flask_login import current_user
|
||||
|
||||
import features
|
||||
|
@ -260,6 +260,7 @@ def privacy():
|
|||
# TODO(jschorr): Remove this mirrored endpoint once we migrate ELB.
|
||||
@web.route('/health', methods=['GET'])
|
||||
@web.route('/health/instance', methods=['GET'])
|
||||
@process_auth_or_cookie
|
||||
@no_cache
|
||||
def instance_health():
|
||||
checker = get_healthchecker(app, config_provider, instance_keys)
|
||||
|
@ -272,6 +273,7 @@ def instance_health():
|
|||
# TODO(jschorr): Remove this mirrored endpoint once we migrate pingdom.
|
||||
@web.route('/status', methods=['GET'])
|
||||
@web.route('/health/endtoend', methods=['GET'])
|
||||
@process_auth_or_cookie
|
||||
@no_cache
|
||||
def endtoend_health():
|
||||
checker = get_healthchecker(app, config_provider, instance_keys)
|
||||
|
@ -283,6 +285,7 @@ def endtoend_health():
|
|||
|
||||
@web.route('/health/dbrevision', methods=['GET'])
|
||||
@route_show_if(features.BILLING) # Since this is only used in production.
|
||||
@process_auth_or_cookie
|
||||
@no_cache
|
||||
def dbrevision_health():
|
||||
# Find the revision from the database.
|
||||
|
@ -305,6 +308,23 @@ def dbrevision_health():
|
|||
return response
|
||||
|
||||
|
||||
@web.route('/health/enabledebug/<secret>', methods=['GET'])
|
||||
@no_cache
|
||||
def enable_health_debug(secret):
|
||||
if not secret:
|
||||
abort(404)
|
||||
|
||||
if not app.config.get('ENABLE_HEALTH_DEBUG_SECRET'):
|
||||
abort(404)
|
||||
|
||||
if app.config.get('ENABLE_HEALTH_DEBUG_SECRET') != secret:
|
||||
abort(404)
|
||||
|
||||
session['health_debug'] = True
|
||||
return make_response('Health check debug information enabled')
|
||||
|
||||
|
||||
|
||||
@web.route('/robots.txt', methods=['GET'])
|
||||
def robots():
|
||||
robots_txt = make_response(render_template('robots.txt', baseurl=get_app_url()))
|
||||
|
|
|
@ -1,5 +1,8 @@
|
|||
import boto.rds2
|
||||
import logging
|
||||
|
||||
from auth.permissions import SuperUserPermission
|
||||
from flask import session
|
||||
from health.services import check_all_services
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
@ -68,12 +71,17 @@ class HealthCheck(object):
|
|||
|
||||
data = {
|
||||
'services': service_statuses_bools,
|
||||
}
|
||||
|
||||
add_debug_information = SuperUserPermission().can() or session.get('health_debug', False)
|
||||
if add_debug_information:
|
||||
data.update({
|
||||
'services_expanded': service_status_expanded,
|
||||
'notes': notes,
|
||||
'is_testing': self.app.config['TESTING'],
|
||||
'config_provider': self.config_provider.provider_id,
|
||||
'local_service_key_id': self.instance_keys.local_key_id,
|
||||
}
|
||||
})
|
||||
|
||||
return (data, 200 if is_healthy else 503)
|
||||
|
||||
|
|
Reference in a new issue