--- /dev/null
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+class HealthcheckController < ApplicationController
+ skip_around_filter :thread_clear
+ skip_around_filter :set_thread_api_token
+ skip_around_filter :require_thread_api_token
+ skip_before_filter :ensure_arvados_api_exists
+ skip_before_filter :accept_uuid_as_id_param
+ skip_before_filter :check_user_agreements
+ skip_before_filter :check_user_profile
+ skip_before_filter :load_filters_and_paging_params
+ skip_before_filter :find_object_by_uuid
+
+ before_filter :check_auth_header
+
+ def check_auth_header
+ mgmt_token = Rails.configuration.management_token
+ auth_header = request.headers['Authorization']
+
+ if !mgmt_token
+ render :json => {:errors => "disabled"}, :status => 404
+ elsif !auth_header
+ render :json => {:errors => "authorization required"}, :status => 401
+ elsif auth_header != 'Bearer '+mgmt_token
+ render :json => {:errors => "authorization error"}, :status => 403
+ end
+ end
+
+ def ping
+ resp = {"health" => "OK"}
+ render json: resp
+ end
+end
# to suppress these properties
show_recent_collections_on_dashboard: true
show_user_notifications: true
+
+ # Token to be included in all healthcheck requests. Disabled by default.
+ # Workbench expects request header of the format "Authorization: Bearer xxx"
+ management_token: false
root :to => 'projects#index'
+ match '/_health/ping', to: 'healthcheck#ping', via: [:get]
+
# Send unroutable requests to an arbitrary controller
# (ends up at ApplicationController#render_not_found)
match '*a', to: 'links#render_not_found', via: [:get, :post]
--- /dev/null
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+require 'test_helper'
+
+class HealthcheckControllerTest < ActionController::TestCase
+ [
+ [false, nil, 404, 'disabled'],
+ [true, nil, 401, 'authorization required'],
+ [true, 'badformatwithnoBearer', 403, 'authorization error'],
+ [true, 'Bearer wrongtoken', 403, 'authorization error'],
+ [true, 'Bearer configuredmanagementtoken', 200, '{"health":"OK"}'],
+ ].each do |enabled, header, error_code, error_msg|
+ test "ping when #{if enabled then 'enabled' else 'disabled' end} with header '#{header}'" do
+ Rails.configuration.management_token = 'configuredmanagementtoken' if enabled
+
+ @request.headers['Authorization'] = header
+ get :ping
+ assert_response error_code
+
+ resp = JSON.parse(@response.body)
+ if error_code == 200
+ assert_equal(JSON.load('{"health":"OK"}'), resp)
+ else
+ assert_equal(resp['errors'], error_msg)
+ end
+ end
+ end
+end
auth_header = request.headers['Authorization']
if !mgmt_token
- send_error("disabled", status: 404)
+ send_json ({"errors" => "disabled"}), status: 404
elsif !auth_header
- send_error("authorization required", status: 401)
+ send_json ({"errors" => "authorization required"}), status: 401
elsif auth_header != 'Bearer '+mgmt_token
- send_error("authorization error", status: 403)
+ send_json ({"errors" => "authorization error"}), status: 403
end
end
if error_code == 200
assert_equal(JSON.load('{"health":"OK"}'), resp)
else
- assert_includes(resp['errors'], error_msg)
+ assert_equal(error_msg, resp['errors'])
end
end
end