Skip to content

Commit

Permalink
expose golangAPIServer health server port via route registrar
Browse files Browse the repository at this point in the history
  • Loading branch information
asalan316 committed Mar 28, 2023
1 parent 90ee1b8 commit 0270ec1
Show file tree
Hide file tree
Showing 4 changed files with 39 additions and 10 deletions.
5 changes: 2 additions & 3 deletions jobs/golangapiserver/spec
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ properties:
autoscaler.apiserver.public_api.server.server_key:
description: "PEM-encoded server key"
autoscaler.apiserver.health.port:
default: 1080
default: 6202
autoscaler.apiserver.health.username:
default: ""
description: |
Expand All @@ -87,17 +87,16 @@ properties:
default: ""
description: |
Hash-Value of the username used for basic access authentication to connect to the protected health-endpoints.
The hash-value MUST be computed via Bcrypt, with cost-parameter `4`.
Alternative of setting the username.
autoscaler.apiserver.health.password:
default: ""
description: |
Password used for basic access authentication to connect to the protected health-endpoints.
Prefer usage of password_hash instead.
autoscaler.apiserver.health.password_hash:
default: ""
description: |
Hash-Value of the password used for basic access authentication to connect to the protected health-endpoints.
The hash-value MUST be computed via Bcrypt, with cost-parameter `4`.
More secure alternative of setting the password. Set to `""` if you don't want to use it.
autoscaler.apiserver.health.unprotected_endpoints:
description: "List of all health-endpoints, that run _without_ basic access authentication."
Expand Down
25 changes: 22 additions & 3 deletions src/acceptance/api/basic_auth_test.go
Original file line number Diff line number Diff line change
@@ -1,22 +1,41 @@
package api_test

import (
"fmt"
"net/http"
"strings"

. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
)

var _ = Describe("AutoScaler Basic Auth Tests", func() {
var _ = Describe("AutoScaler Health Endpoints with Basic Auth", func() {

urlfor := func(name string) func() string {
return func() string { return strings.Replace(healthURL, cfg.ServiceName, cfg.ServiceName+"-"+name, 1) }
return func() string {
healthURL := strings.Replace(healthURL, cfg.ServiceName, cfg.ServiceName+"-"+name, 1)
fmt.Printf("\n%s : %s\n", name, healthURL)
return healthURL
}
}
DescribeTable("basic auth tests",
DescribeTable("Basic Auth Credentials not provided",
func(url func() string, statusCode func() int) {
Expect(Get(url())).To(Equal(statusCode()), "to get status code %d when getting %s", statusCode(), url())
},
//Entry("API Server", func() string { return healthURL }, getStatus),
Entry("Eventgenerator", urlfor("eventgenerator"), getStatus),
Entry("Scaling Engine", urlfor("scalingengine"), getStatus),
Entry("Operator", urlfor("operator"), getStatus),
Entry("Metrics Forwarder", urlfor("metricsforwarder"), getStatus),
Entry("Scheduler", urlfor("scheduler"), getStatus),
)

FDescribeTable("Basic Auth Credentials Provided",

func(url func() string, statusCode func() int) {
cfg.HealthEndpointsBasicAuthEnabled = true
Expect(Get(url())).To(Equal(statusCode()), "to get status code %d when getting %s", statusCode(), url())
},
Entry("API Server", func() string { return healthURL }, getStatus),
Entry("Eventgenerator", urlfor("eventgenerator"), getStatus),
Entry("Scaling Engine", urlfor("scalingengine"), getStatus),
Expand Down
5 changes: 3 additions & 2 deletions src/autoscaler/api/cmd/api/api_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,7 @@ var _ = Describe("Api", func() {
})
})

Describe("when Health server is ready to serve RESTful API", func() {
Describe("when Health server is ready to serve RESTful API without basic Auth", func() {
BeforeEach(func() {
basicAuthConfig := cfg
basicAuthConfig.Health.HealthCheckUsername = ""
Expand All @@ -218,7 +218,7 @@ var _ = Describe("Api", func() {
runner.Interrupt()
Eventually(runner.Session, 5).Should(Exit(0))
})
Context("when a request to query health comes", func() {
Context("when a request to query health/prometheus comes without credentials", func() {
It("returns with a 200", func() {
url := fmt.Sprintf("http://127.0.0.1:%d%s", healthport, routes.PrometheusPath)
rsp, err := healthHttpClient.Get(url)
Expand Down Expand Up @@ -283,6 +283,7 @@ var _ = Describe("Api", func() {
Expect(rsp.StatusCode).To(Equal(http.StatusOK))
})
})

})

Describe("can start with default plugin", func() {
Expand Down
14 changes: 12 additions & 2 deletions templates/app-autoscaler.yml
Original file line number Diff line number Diff line change
Expand Up @@ -247,8 +247,9 @@ instance_groups:
autoscaler:
apiserver:
health:
username: "test_user"
password_hash: "$2y$04$MpZgNdLuGN.v7wvBsVPMKODvIhG885mp2.QZONkwMeR.PIO3AMJMC" # "test_password"
port: &apiServerHealthPort 6202
username: api_server
password: ((autoscaler_api_server_health_password))
public_api:
server:
port: &publicApiServerPort 6101
Expand Down Expand Up @@ -323,6 +324,13 @@ instance_groups:
component: autoscaler_service_broker
uris:
- *servicebroker_public_domain
- name: autoscaler_api_server_health
registration_interval: 20s
port: *apiServerHealthPort
tags:
component: api_server
uris:
- ((deployment_name)).((system_domain))

# Scheduler Instance Group
- name: scheduler
Expand Down Expand Up @@ -710,6 +718,8 @@ variables:
type: password
options:
length: 128
- name: autoscaler_api_server_health_password
type: password
- name: autoscaler_metricsforwarder_health_password
type: password
- name: autoscaler_metricsgateway_health_password
Expand Down

0 comments on commit 0270ec1

Please sign in to comment.