From b512241300c8bc533ed206e0a8aa1daac3b88abc Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Sun, 22 Sep 2019 23:30:38 -0700 Subject: [PATCH] Add metrics healthcheck test with JWT (#8287) --- mint/run/core/healthcheck/healthcheck.go | 59 ++++++++++++++++++++++-- 1 file changed, 56 insertions(+), 3 deletions(-) diff --git a/mint/run/core/healthcheck/healthcheck.go b/mint/run/core/healthcheck/healthcheck.go index c66977691..6daa3cd36 100644 --- a/mint/run/core/healthcheck/healthcheck.go +++ b/mint/run/core/healthcheck/healthcheck.go @@ -28,6 +28,7 @@ import ( "os" "time" + jwtgo "github.com/dgrijalva/jwt-go" log "github.com/sirupsen/logrus" ) @@ -99,7 +100,7 @@ func testLivenessEndpoint(endpoint string) { } tr := &http.Transport{ - TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + TLSClientConfig: &tls.Config{InsecureSkipVerify: u.Scheme == "https"}, } client := &http.Client{Transport: tr, Timeout: timeout} resp, err := client.Get(u.String()) @@ -109,7 +110,7 @@ func testLivenessEndpoint(endpoint string) { } if resp.StatusCode != http.StatusOK { // Status not 200 OK - failureLog(function, nil, startTime, "", "GET /minio/health/live returned non OK status", err).Fatal() + failureLog(function, nil, startTime, "", fmt.Sprintf("GET /minio/health/live returned %s", resp.Status), err).Fatal() } defer resp.Body.Close() @@ -127,7 +128,7 @@ func testReadinessEndpoint(endpoint string) { } tr := &http.Transport{ - TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + TLSClientConfig: &tls.Config{InsecureSkipVerify: u.Scheme == "https"}, } client := &http.Client{Transport: tr, Timeout: timeout} resp, err := client.Get(u.String()) @@ -144,6 +145,57 @@ func testReadinessEndpoint(endpoint string) { defer successLogger(function, nil, startTime).Info() } +const ( + defaultPrometheusJWTExpiry = 100 * 365 * 24 * time.Hour +) + +func testPrometheusEndpoint(endpoint string) { + startTime := time.Now() + function := "testPrometheusEndpoint" + + u, err := url.Parse(fmt.Sprintf("%s%s", endpoint, prometheusPath)) + if err != nil { + // Could not parse URL successfully + failureLog(function, nil, startTime, "", "URL Parsing for Healthcheck Prometheus handler failed", err).Fatal() + } + + jwt := jwtgo.NewWithClaims(jwtgo.SigningMethodHS512, jwtgo.StandardClaims{ + ExpiresAt: time.Now().UTC().Add(defaultPrometheusJWTExpiry).Unix(), + Subject: os.Getenv("ACCESS_KEY"), + Issuer: "prometheus", + }) + + token, err := jwt.SignedString([]byte(os.Getenv("SECRET_KEY"))) + if err != nil { + failureLog(function, nil, startTime, "", "jwt generation failed", err).Fatal() + } + + tr := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: u.Scheme == "https"}, + } + client := &http.Client{Transport: tr, Timeout: timeout} + + req, err := http.NewRequest(http.MethodGet, u.String(), nil) + if err != nil { + failureLog(function, nil, startTime, "", "Initializing GET request to Prometheus endpoint failed", err).Fatal() + } + req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) + + resp, err := client.Do(req) + if err != nil { + // GET request errored + failureLog(function, nil, startTime, "", "GET request to Prometheus endpoint failed", err).Fatal() + } + + if resp.StatusCode != http.StatusOK { + // Status not 200 OK + failureLog(function, nil, startTime, "", "GET /minio/prometheus/metrics returned non OK status", err).Fatal() + } + + defer resp.Body.Close() + defer successLogger(function, nil, startTime).Info() +} + func main() { endpoint := os.Getenv("SERVER_ENDPOINT") secure := os.Getenv("ENABLE_HTTPS") @@ -163,4 +215,5 @@ func main() { // execute tests testLivenessEndpoint(endpoint) testReadinessEndpoint(endpoint) + testPrometheusEndpoint(endpoint) }