Commit 160ef66d authored by DJ Mountney's avatar DJ Mountney
Browse files

Add health_check access token, and enforce on the health_check endpoint

Also added a health check page to the admin section for resetting the token.
parent 9898f9b4
...@@ -19,6 +19,12 @@ def reset_runners_token ...@@ -19,6 +19,12 @@ def reset_runners_token
redirect_to admin_runners_path redirect_to admin_runners_path
end end
def reset_health_check_token
@application_setting.reset_health_check_access_token!
flash[:notice] = 'New health check access token has been generated!'
redirect_to :back
end
def clear_repository_check_states def clear_repository_check_states
RepositoryCheck::ClearWorker.perform_async RepositoryCheck::ClearWorker.perform_async
......
class Admin::HealthCheckController < Admin::ApplicationController
def show
begin
@errors = HealthCheck::Utils.process_checks('standard')
rescue => e
@errors = e.message.blank? ? e.class.to_s : e.message.to_s
end
end
end
class HealthCheckController < HealthCheck::HealthCheckController
before_action :validate_health_check_access!
protected
def validate_health_check_access!
return render_404 unless params[:token].presence && params[:token] == current_application_settings.health_check_access_token
end
def render_404
render file: Rails.root.join("public", "404"), layout: false, status: "404"
end
end
class ApplicationSetting < ActiveRecord::Base class ApplicationSetting < ActiveRecord::Base
include TokenAuthenticatable include TokenAuthenticatable
add_authentication_token_field :runners_registration_token add_authentication_token_field :runners_registration_token
add_authentication_token_field :health_check_access_token
CACHE_KEY = 'application_setting.last' CACHE_KEY = 'application_setting.last'
...@@ -70,6 +71,7 @@ class ApplicationSetting < ActiveRecord::Base ...@@ -70,6 +71,7 @@ class ApplicationSetting < ActiveRecord::Base
end end
before_save :ensure_runners_registration_token before_save :ensure_runners_registration_token
before_save :ensure_health_check_access_token
after_commit do after_commit do
Rails.cache.write(CACHE_KEY, self) Rails.cache.write(CACHE_KEY, self)
...@@ -133,4 +135,8 @@ def restricted_signup_domains_raw=(values) ...@@ -133,4 +135,8 @@ def restricted_signup_domains_raw=(values)
def runners_registration_token def runners_registration_token
ensure_runners_registration_token! ensure_runners_registration_token!
end end
def health_check_access_token
ensure_health_check_access_token!
end
end end
- page_title "Health Check"
%h3.page-title
Health Check
%p.light
Health information can be reteived as plain text, json, or xml using:
%ul
%li
%code= "/health_check?token=#{current_application_settings.health_check_access_token}"
%li
%code= "/health_check.json?token=#{current_application_settings.health_check_access_token}"
%li
%code= "/health_check.xml?token=#{current_application_settings.health_check_access_token}"
.bs-callout.clearfix
.pull-left
%p
You can reset the health check access token by pressing the button below.
%p
= button_to reset_health_check_token_admin_application_settings_path,
method: :put, class: 'btn btn-default',
data: { confirm: 'Are you sure you want to reset the health check token?' } do
= icon('refresh')
Reset health check access token
%hr
.panel.panel-default
.panel-heading
Current Status:
- if @errors.blank?
= icon('circle', class: 'cgreen')
Healthy
- else
= icon('warning', class: 'cred')
Unhealthy
.panel-body
- if @errors.blank?
No Health Problems Detected
- else
= @errors
...@@ -41,6 +41,11 @@ ...@@ -41,6 +41,11 @@
= icon('file-text fw') = icon('file-text fw')
%span %span
Logs Logs
= nav_link(controller: :health_check) do
= link_to admin_health_check_path, title: 'Health Check' do
= icon('medkit fw')
%span
Health Check
= nav_link(controller: :broadcast_messages) do = nav_link(controller: :broadcast_messages) do
= link_to admin_broadcast_messages_path, title: 'Messages' do = link_to admin_broadcast_messages_path, title: 'Messages' do
= icon('bullhorn fw') = icon('bullhorn fw')
......
...@@ -74,7 +74,7 @@ ...@@ -74,7 +74,7 @@
end end
# Health check # Health check
health_check_routes get 'health_check(/:checks)(.:format)' => 'health_check#index'
# Enable Grack support # Enable Grack support
mount Grack::AuthSpawner, at: '/', constraints: lambda { |request| /[-\/\w\.]+\.git\//.match(request.path_info) }, via: [:get, :post, :put] mount Grack::AuthSpawner, at: '/', constraints: lambda { |request| /[-\/\w\.]+\.git\//.match(request.path_info) }, via: [:get, :post, :put]
...@@ -256,6 +256,7 @@ ...@@ -256,6 +256,7 @@
end end
resource :logs, only: [:show] resource :logs, only: [:show]
resource :health_check, controller: 'health_check', only: [:show]
resource :background_jobs, controller: 'background_jobs', only: [:show] resource :background_jobs, controller: 'background_jobs', only: [:show]
resources :namespaces, path: '/projects', constraints: { id: /[a-zA-Z.0-9_\-]+/ }, only: [] do resources :namespaces, path: '/projects', constraints: { id: /[a-zA-Z.0-9_\-]+/ }, only: [] do
...@@ -287,6 +288,7 @@ ...@@ -287,6 +288,7 @@
resource :application_settings, only: [:show, :update] do resource :application_settings, only: [:show, :update] do
resources :services resources :services
put :reset_runners_token put :reset_runners_token
put :reset_health_check_token
put :clear_repository_check_states put :clear_repository_check_states
end end
......
class AddHealthCheckAccessTokenToApplicationSettings < ActiveRecord::Migration
def change
add_column :application_settings, :health_check_access_token, :string
end
end
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20160508194200) do ActiveRecord::Schema.define(version: 20160509201028) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "plpgsql" enable_extension "plpgsql"
...@@ -80,6 +80,7 @@ ...@@ -80,6 +80,7 @@
t.boolean "repository_checks_enabled", default: false t.boolean "repository_checks_enabled", default: false
t.text "shared_runners_text" t.text "shared_runners_text"
t.integer "metrics_packet_size", default: 1 t.integer "metrics_packet_size", default: 1
t.string "health_check_access_token"
end end
create_table "audit_events", force: :cascade do |t| create_table "audit_events", force: :cascade do |t|
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment