"time"
"git.curoverse.com/arvados.git/sdk/go/arvados"
+ "git.curoverse.com/arvados.git/sdk/go/arvadostest"
)
// A RequestTester represents the parameters for an HTTP request to
return response
}
+func IssueHealthCheckRequest(rt *RequestTester) *httptest.ResponseRecorder {
+ response := httptest.NewRecorder()
+ body := bytes.NewReader(rt.requestBody)
+ req, _ := http.NewRequest(rt.method, rt.uri, body)
+ if rt.apiToken != "" {
+ req.Header.Set("Authorization", "Bearer "+rt.apiToken)
+ }
+ loggingRouter := MakeRESTRouter()
+ loggingRouter.ServeHTTP(response, req)
+ return response
+}
+
// ExpectStatusCode checks whether a response has the specified status code,
// and reports a test failure if not.
func ExpectStatusCode(
http.StatusNotFound,
response)
}
+
+func TestHealthCheckPing(t *testing.T) {
+ defer teardown()
+
+ KeepVM = MakeTestVolumeManager(2)
+ defer KeepVM.Close()
+
+ // ping when disabled
+ theConfig.ManagementToken = ""
+ pingReq := &RequestTester{
+ method: "GET",
+ uri: "/_health/ping",
+ }
+ response := IssueHealthCheckRequest(pingReq)
+ ExpectStatusCode(t,
+ "disabled",
+ http.StatusNotFound,
+ response)
+
+ // ping with no token
+ theConfig.ManagementToken = arvadostest.ManagementToken
+ pingReq = &RequestTester{
+ method: "GET",
+ uri: "/_health/ping",
+ }
+ response = IssueHealthCheckRequest(pingReq)
+ ExpectStatusCode(t,
+ "authorization required",
+ http.StatusUnauthorized,
+ response)
+
+ // ping with wrong token
+ pingReq = &RequestTester{
+ method: "GET",
+ uri: "/_health/ping",
+ apiToken: "youarenotwelcomehere",
+ }
+ response = IssueHealthCheckRequest(pingReq)
+ ExpectStatusCode(t,
+ "authorization error",
+ http.StatusForbidden,
+ response)
+
+ // ping with management token
+ pingReq = &RequestTester{
+ method: "GET",
+ uri: "/_health/ping",
+ apiToken: arvadostest.ManagementToken,
+ }
+ response = IssueHealthCheckRequest(pingReq)
+ ExpectStatusCode(t,
+ "",
+ http.StatusOK,
+ response)
+ if !strings.Contains(response.Body.String(), `{"health":"OK"}`) {
+ t.Errorf("expected response to include %s: got %s", `{"health":"OK"}`, response.Body.String())
+ }
+}
// Untrash moves blocks from trash back into store
rest.HandleFunc(`/untrash/{hash:[0-9a-f]{32}}`, UntrashHandler).Methods("PUT")
+ // Health check ping
+ rest.HandleFunc(`/_health/ping`, HealthCheckPingHandler).Methods("GET")
+
// Any request which does not match any of these routes gets
// 400 Bad Request.
rest.NotFoundHandler = http.HandlerFunc(BadRequestHandler)
}
}
+var pingResponseOK = map[string]string{"health": "OK"}
+
+// HealthCheckPingHandler processes "GET /_health/ping" requests
+func HealthCheckPingHandler(resp http.ResponseWriter, req *http.Request) {
+ healthCheckDo(resp, req, pingResponseOK)
+}
+
+func healthCheckDo(resp http.ResponseWriter, req *http.Request, v interface{}) {
+ msg, code := healthCheckAuth(resp, req)
+ if msg != "" {
+ http.Error(resp, msg, code)
+ return
+ }
+
+ ok, err := json.Marshal(v)
+ if err != nil {
+ http.Error(resp, err.Error(), 500)
+ }
+
+ resp.Write(ok)
+}
+
+func healthCheckAuth(resp http.ResponseWriter, req *http.Request) (string, int) {
+ if theConfig.ManagementToken == "" {
+ return "disabled", http.StatusNotFound
+ } else if h := req.Header.Get("Authorization"); h == "" {
+ return "authorization required", http.StatusUnauthorized
+ } else if h != "Bearer "+theConfig.ManagementToken {
+ return "authorization error", http.StatusForbidden
+ }
+ return "", 0
+}
+
// GetBlock and PutBlock implement lower-level code for handling
// blocks by rooting through volumes connected to the local machine.
// Once the handler has determined that system policy permits the
projects / arvados.git / commitdiff