Make health check path configurable and implement default health chec…

…k configs Signed-off-by: Keegan Witt <[email protected]>
spiffe · Dec 13, 2024 · b4b21f6 · b4b21f6
1 parent 6b32bae
commit b4b21f6
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 19 deletions.
diff --git a/README.md b/README.md
@@ -37,8 +37,9 @@ The configuration file is an [HCL](https://github.com/hashicorp/hcl) formatted f
  | `key_file_mode`                     | The octal file mode to use when saving the X.509 private key file.                                                                | `0600`                                                                                                                                                               |
  | `jwt_bundle_file_mode`              | The octal file mode to use when saving a JWT Bundle file.                                                                         | `0600`                                                                                                                                                               |
  | `jwt_svid_file_mode`                | The octal file mode to use when saving a JWT SVID file.                                                                           | `0600`                                                                                                                                                               |
- | `health_checks.enable_health_check` | Whether to start an HTTP server at `/healthz` with the daemon health. Doesn't apply for non-daemon mode.                          | `false`                                                                                                                                                              |
+ | `health_checks.enable_health_check` | Whether to start an HTTP server at the configured endpoint for the daemon health. Doesn't apply for non-daemon mode.              | `false`                                                                                                                                                              |
  | `health_checks.health_check_port`   | The port to run the HTTP health server.                                                                                           | `8081`                                                                                                                                                               |
+| `health_checks.health_check_path`   | The URL path for the health check                                                                                                 | `/healthz`                                                                                                                                                           |
 
 ### Configuration example
 ```

diff --git a/cmd/spiffe-helper/config/config.go b/cmd/spiffe-helper/config/config.go
@@ -25,23 +25,25 @@ const (
 	defaultKeyFileMode       = 0600
 	defaultJWTBundleFileMode = 0600
 	defaultJWTSVIDFileMode   = 0600
+	defaultHealthCheckPort   = 8081
+	defaultHealthCheckPath   = "/healthz"
 )
 
 type Config struct {
-	AddIntermediatesToBundle bool              `hcl:"add_intermediates_to_bundle"`
-	AgentAddress             string            `hcl:"agent_address"`
-	Cmd                      string            `hcl:"cmd"`
-	CmdArgs                  string            `hcl:"cmd_args"`
-	PIDFileName              string            `hcl:"pid_file_name"`
-	CertDir                  string            `hcl:"cert_dir"`
-	CertFileMode             int               `hcl:"cert_file_mode"`
-	KeyFileMode              int               `hcl:"key_file_mode"`
-	JWTBundleFileMode        int               `hcl:"jwt_bundle_file_mode"`
-	JWTSVIDFileMode          int               `hcl:"jwt_svid_file_mode"`
-	IncludeFederatedDomains  bool              `hcl:"include_federated_domains"`
-	RenewSignal              string            `hcl:"renew_signal"`
-	DaemonMode               *bool             `hcl:"daemon_mode"`
-	HealthCheck              HealthCheckConfig `hcl:"health_checks"`
+	AddIntermediatesToBundle bool               `hcl:"add_intermediates_to_bundle"`
+	AgentAddress             string             `hcl:"agent_address"`
+	Cmd                      string             `hcl:"cmd"`
+	CmdArgs                  string             `hcl:"cmd_args"`
+	PIDFileName              string             `hcl:"pid_file_name"`
+	CertDir                  string             `hcl:"cert_dir"`
+	CertFileMode             int                `hcl:"cert_file_mode"`
+	KeyFileMode              int                `hcl:"key_file_mode"`
+	JWTBundleFileMode        int                `hcl:"jwt_bundle_file_mode"`
+	JWTSVIDFileMode          int                `hcl:"jwt_svid_file_mode"`
+	IncludeFederatedDomains  bool               `hcl:"include_federated_domains"`
+	RenewSignal              string             `hcl:"renew_signal"`
+	DaemonMode               *bool              `hcl:"daemon_mode"`
+	HealthCheck              *HealthCheckConfig `hcl:"health_checks"`
 
 	// x509 configuration
 	SVIDFileName       string `hcl:"svid_file_name"`
@@ -56,8 +58,9 @@ type Config struct {
 }
 
 type HealthCheckConfig struct {
-	EnableHealthCheck *bool `hcl:"enable_health_check"`
-	HealthCheckPort   int   `hcl:"health_check_port"`
+	EnableHealthCheck *bool  `hcl:"enable_health_check"`
+	HealthCheckPort   int    `hcl:"health_check_port"`
+	HealthCheckPath   string `hcl:"health_check_path"`
 }
 
 type JWTConfig struct {
@@ -168,10 +171,18 @@ func (c *Config) ValidateConfig(log logrus.FieldLogger) error {
 		c.JWTSVIDFileMode = defaultJWTSVIDFileMode
 	}
 
-	if c.HealthCheck.EnableHealthCheck == nil {
+	if c.HealthCheck == nil || c.HealthCheck.EnableHealthCheck == nil {
 		defaultEnableHealthCheck := false
 		c.HealthCheck.EnableHealthCheck = &defaultEnableHealthCheck
 	}
+	if c.HealthCheck.HealthCheckPort < 0 {
+		return errors.New("health check port must be positive")
+	} else if c.HealthCheck.HealthCheckPort == 0 {
+		c.HealthCheck.HealthCheckPort = defaultHealthCheckPort
+	}
+	if c.HealthCheck.HealthCheckPath == "" {
+		c.HealthCheck.HealthCheckPath = defaultHealthCheckPath
+	}
 
 	return nil
 }

diff --git a/pkg/health/health.go b/pkg/health/health.go
@@ -23,7 +23,7 @@ func StartHealthServer(configFile string, daemonModeFlag bool, log logrus.FieldL
 	}
 
 	if *hclConfig.DaemonMode && *hclConfig.HealthCheck.EnableHealthCheck {
-		http.HandleFunc("/healthz", func(w http.ResponseWriter, _ *http.Request) {
+		http.HandleFunc(hclConfig.HealthCheck.HealthCheckPath, func(w http.ResponseWriter, _ *http.Request) {
 			healthy := sidecar.CheckHealth()
 			if healthy {
 				_, err := w.Write([]byte(http.StatusText(http.StatusOK)))