From 0270ec1bbe3780a68f34f24f6f3418e3ce7634b3 Mon Sep 17 00:00:00 2001 From: Arsalan Khan Date: Tue, 28 Mar 2023 16:02:51 +0200 Subject: [PATCH] expose golangAPIServer health server port via route registrar --- jobs/golangapiserver/spec | 5 ++--- src/acceptance/api/basic_auth_test.go | 25 ++++++++++++++++++++++--- src/autoscaler/api/cmd/api/api_test.go | 5 +++-- templates/app-autoscaler.yml | 14 ++++++++++++-- 4 files changed, 39 insertions(+), 10 deletions(-) diff --git a/jobs/golangapiserver/spec b/jobs/golangapiserver/spec index f576523425..6324cecf23 100644 --- a/jobs/golangapiserver/spec +++ b/jobs/golangapiserver/spec @@ -77,7 +77,7 @@ properties: autoscaler.apiserver.public_api.server.server_key: description: "PEM-encoded server key" autoscaler.apiserver.health.port: - default: 1080 + default: 6202 autoscaler.apiserver.health.username: default: "" description: | @@ -87,7 +87,6 @@ properties: default: "" description: | Hash-Value of the username used for basic access authentication to connect to the protected health-endpoints. - The hash-value MUST be computed via Bcrypt, with cost-parameter `4`. Alternative of setting the username. autoscaler.apiserver.health.password: default: "" @@ -95,9 +94,9 @@ properties: Password used for basic access authentication to connect to the protected health-endpoints. Prefer usage of password_hash instead. autoscaler.apiserver.health.password_hash: + default: "" description: | Hash-Value of the password used for basic access authentication to connect to the protected health-endpoints. - The hash-value MUST be computed via Bcrypt, with cost-parameter `4`. More secure alternative of setting the password. Set to `""` if you don't want to use it. autoscaler.apiserver.health.unprotected_endpoints: description: "List of all health-endpoints, that run _without_ basic access authentication." diff --git a/src/acceptance/api/basic_auth_test.go b/src/acceptance/api/basic_auth_test.go index a560098099..d0b80b4538 100644 --- a/src/acceptance/api/basic_auth_test.go +++ b/src/acceptance/api/basic_auth_test.go @@ -1,6 +1,7 @@ package api_test import ( + "fmt" "net/http" "strings" @@ -8,15 +9,33 @@ import ( . "github.com/onsi/gomega" ) -var _ = Describe("AutoScaler Basic Auth Tests", func() { +var _ = Describe("AutoScaler Health Endpoints with Basic Auth", func() { urlfor := func(name string) func() string { - return func() string { return strings.Replace(healthURL, cfg.ServiceName, cfg.ServiceName+"-"+name, 1) } + return func() string { + healthURL := strings.Replace(healthURL, cfg.ServiceName, cfg.ServiceName+"-"+name, 1) + fmt.Printf("\n%s : %s\n", name, healthURL) + return healthURL + } } - DescribeTable("basic auth tests", + DescribeTable("Basic Auth Credentials not provided", func(url func() string, statusCode func() int) { Expect(Get(url())).To(Equal(statusCode()), "to get status code %d when getting %s", statusCode(), url()) }, + //Entry("API Server", func() string { return healthURL }, getStatus), + Entry("Eventgenerator", urlfor("eventgenerator"), getStatus), + Entry("Scaling Engine", urlfor("scalingengine"), getStatus), + Entry("Operator", urlfor("operator"), getStatus), + Entry("Metrics Forwarder", urlfor("metricsforwarder"), getStatus), + Entry("Scheduler", urlfor("scheduler"), getStatus), + ) + + FDescribeTable("Basic Auth Credentials Provided", + + func(url func() string, statusCode func() int) { + cfg.HealthEndpointsBasicAuthEnabled = true + Expect(Get(url())).To(Equal(statusCode()), "to get status code %d when getting %s", statusCode(), url()) + }, Entry("API Server", func() string { return healthURL }, getStatus), Entry("Eventgenerator", urlfor("eventgenerator"), getStatus), Entry("Scaling Engine", urlfor("scalingengine"), getStatus), diff --git a/src/autoscaler/api/cmd/api/api_test.go b/src/autoscaler/api/cmd/api/api_test.go index df398e612d..c4e5680c59 100644 --- a/src/autoscaler/api/cmd/api/api_test.go +++ b/src/autoscaler/api/cmd/api/api_test.go @@ -203,7 +203,7 @@ var _ = Describe("Api", func() { }) }) - Describe("when Health server is ready to serve RESTful API", func() { + Describe("when Health server is ready to serve RESTful API without basic Auth", func() { BeforeEach(func() { basicAuthConfig := cfg basicAuthConfig.Health.HealthCheckUsername = "" @@ -218,7 +218,7 @@ var _ = Describe("Api", func() { runner.Interrupt() Eventually(runner.Session, 5).Should(Exit(0)) }) - Context("when a request to query health comes", func() { + Context("when a request to query health/prometheus comes without credentials", func() { It("returns with a 200", func() { url := fmt.Sprintf("http://127.0.0.1:%d%s", healthport, routes.PrometheusPath) rsp, err := healthHttpClient.Get(url) @@ -283,6 +283,7 @@ var _ = Describe("Api", func() { Expect(rsp.StatusCode).To(Equal(http.StatusOK)) }) }) + }) Describe("can start with default plugin", func() { diff --git a/templates/app-autoscaler.yml b/templates/app-autoscaler.yml index f559844465..f656b2fc1a 100644 --- a/templates/app-autoscaler.yml +++ b/templates/app-autoscaler.yml @@ -247,8 +247,9 @@ instance_groups: autoscaler: apiserver: health: - username: "test_user" - password_hash: "$2y$04$MpZgNdLuGN.v7wvBsVPMKODvIhG885mp2.QZONkwMeR.PIO3AMJMC" # "test_password" + port: &apiServerHealthPort 6202 + username: api_server + password: ((autoscaler_api_server_health_password)) public_api: server: port: &publicApiServerPort 6101 @@ -323,6 +324,13 @@ instance_groups: component: autoscaler_service_broker uris: - *servicebroker_public_domain + - name: autoscaler_api_server_health + registration_interval: 20s + port: *apiServerHealthPort + tags: + component: api_server + uris: + - ((deployment_name)).((system_domain)) # Scheduler Instance Group - name: scheduler @@ -710,6 +718,8 @@ variables: type: password options: length: 128 +- name: autoscaler_api_server_health_password + type: password - name: autoscaler_metricsforwarder_health_password type: password - name: autoscaler_metricsgateway_health_password