X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/f3e02106cfc33ffe333af9e303a9e68f3ecfb2e4..0eb72b526bf8bbb011551ecf019f604e17a534f1:/services/ws/router.go diff --git a/services/ws/router.go b/services/ws/router.go index 15b825f2ab..3f3a051d8e 100644 --- a/services/ws/router.go +++ b/services/ws/router.go @@ -1,3 +1,7 @@ +// Copyright (C) The Arvados Authors. All rights reserved. +// +// SPDX-License-Identifier: AGPL-3.0 + package main import ( @@ -53,8 +57,13 @@ func (rtr *router) setup() { rtr.mux = http.NewServeMux() rtr.mux.Handle("/websocket", rtr.makeServer(newSessionV0)) rtr.mux.Handle("/arvados/v1/events.ws", rtr.makeServer(newSessionV1)) - rtr.mux.HandleFunc("/debug.json", jsonHandler(rtr.DebugStatus)) - rtr.mux.HandleFunc("/status.json", jsonHandler(rtr.Status)) + rtr.mux.Handle("/debug.json", rtr.jsonHandler(rtr.DebugStatus)) + rtr.mux.Handle("/status.json", rtr.jsonHandler(rtr.Status)) + + health := http.NewServeMux() + rtr.mux.Handle("/_health/", rtr.mgmtAuth(health)) + health.Handle("/_health/ping", rtr.jsonHandler(rtr.HealthFunc(func() error { return nil }))) + health.Handle("/_health/db", rtr.jsonHandler(rtr.HealthFunc(rtr.eventSource.DBHealth))) } func (rtr *router) makeServer(newSession sessionFactory) *websocket.Server { @@ -102,6 +111,21 @@ func (rtr *router) DebugStatus() interface{} { return s } +var pingResponseOK = map[string]string{"health": "OK"} + +func (rtr *router) HealthFunc(f func() error) func() interface{} { + return func() interface{} { + err := f() + if err == nil { + return pingResponseOK + } + return map[string]string{ + "health": "ERROR", + "error": err.Error(), + } + } +} + func (rtr *router) Status() interface{} { return map[string]interface{}{ "Clients": atomic.LoadInt64(&rtr.status.ReqsActive), @@ -125,16 +149,30 @@ func (rtr *router) ServeHTTP(resp http.ResponseWriter, req *http.Request) { rtr.mux.ServeHTTP(resp, req) } -func jsonHandler(fn func() interface{}) http.HandlerFunc { - return func(resp http.ResponseWriter, req *http.Request) { - logger := logger(req.Context()) - resp.Header().Set("Content-Type", "application/json") - enc := json.NewEncoder(resp) +func (rtr *router) mgmtAuth(h http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if rtr.Config.ManagementToken == "" { + http.Error(w, "disabled", http.StatusNotFound) + } else if ah := r.Header.Get("Authorization"); ah == "" { + http.Error(w, "authorization required", http.StatusUnauthorized) + } else if ah != "Bearer "+rtr.Config.ManagementToken { + http.Error(w, "authorization error", http.StatusForbidden) + } else { + h.ServeHTTP(w, r) + } + }) +} + +func (rtr *router) jsonHandler(fn func() interface{}) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + logger := logger(r.Context()) + w.Header().Set("Content-Type", "application/json") + enc := json.NewEncoder(w) err := enc.Encode(fn()) if err != nil { msg := "encode failed" logger.WithError(err).Error(msg) - http.Error(resp, msg, http.StatusInternalServerError) + http.Error(w, msg, http.StatusInternalServerError) } - } + }) }