expose golangAPIServer health server port via route registrar

jobs/golangapiserver/spec

@@ -77,7 +77,7 @@ properties:
   autoscaler.apiserver.public_api.server.server_key:
     description: "PEM-encoded server key"
   autoscaler.apiserver.health.port:
-    default: 1080
+    default: 6202
   autoscaler.apiserver.health.username:
     default: ""
     description: |
@@ -87,17 +87,16 @@ properties:
     default: ""
     description: |
       Hash-Value of the username used for basic access authentication to connect to the protected health-endpoints.
-      The hash-value MUST be computed via Bcrypt, with cost-parameter `4`.
       Alternative of setting the username.
   autoscaler.apiserver.health.password:
     default: ""
     description: |
       Password used for basic access authentication to connect to the protected health-endpoints.
       Prefer usage of password_hash instead.
   autoscaler.apiserver.health.password_hash:
+    default: ""
     description: |
       Hash-Value of the password used for basic access authentication to connect to the protected health-endpoints.
-      The hash-value MUST be computed via Bcrypt, with cost-parameter `4`.
       More secure alternative of setting the password. Set to `""` if you don't want to use it.
   autoscaler.apiserver.health.unprotected_endpoints:
     description: "List of all health-endpoints, that run _without_ basic access authentication."

src/acceptance/api/basic_auth_test.go

@@ -8,15 +8,32 @@ import (
 	. "github.com/onsi/gomega"
 )
 
-var _ = Describe("AutoScaler Basic Auth Tests", func() {
+var _ = Describe("AutoScaler Health Endpoints with Basic Auth", func() {
 
 	urlfor := func(name string) func() string {
-		return func() string { return strings.Replace(healthURL, cfg.ServiceName, cfg.ServiceName+"-"+name, 1) }
+		return func() string {
+			healthURL := strings.Replace(healthURL, cfg.ServiceName, cfg.ServiceName+"-"+name, 1)
+			return healthURL
+		}
 	}
-	DescribeTable("basic auth tests",
+	DescribeTable("Basic Auth Credentials not provided",
 		func(url func() string, statusCode func() int) {
 			Expect(Get(url())).To(Equal(statusCode()), "to get status code %d when getting %s", statusCode(), url())
 		},
+		Entry("API Server", func() string { return healthURL }, getStatus()),
+		Entry("Eventgenerator", urlfor("eventgenerator"), getStatus),
+		Entry("Scaling Engine", urlfor("scalingengine"), getStatus),
+		Entry("Operator", urlfor("operator"), getStatus),
+		Entry("Metrics Forwarder", urlfor("metricsforwarder"), getStatus),
+		Entry("Scheduler", urlfor("scheduler"), getStatus),
+	)
+
+	DescribeTable("Basic Auth Credentials Provided",
+
+		func(url func() string, statusCode func() int) {
+			cfg.HealthEndpointsBasicAuthEnabled = true
+			Expect(Get(url())).To(Equal(statusCode()), "to get status code %d when getting %s", statusCode(), url())
+		},
 		Entry("API Server", func() string { return healthURL }, getStatus),
 		Entry("Eventgenerator", urlfor("eventgenerator"), getStatus),
 		Entry("Scaling Engine", urlfor("scalingengine"), getStatus),

src/autoscaler/api/cmd/api/api_test.go

@@ -203,7 +203,7 @@ var _ = Describe("Api", func() {
 		})
 	})
 
-	Describe("when Health server is ready to serve RESTful API", func() {
+	Describe("when Health server is ready to serve RESTful API without basic Auth", func() {
 		BeforeEach(func() {
 			basicAuthConfig := cfg
 			basicAuthConfig.Health.HealthCheckUsername = ""
@@ -218,7 +218,7 @@ var _ = Describe("Api", func() {
 			runner.Interrupt()
 			Eventually(runner.Session, 5).Should(Exit(0))
 		})
-		Context("when a request to query health comes", func() {
+		Context("when a request to query health/prometheus comes without credentials", func() {
 			It("returns with a 200", func() {
 				url := fmt.Sprintf("http://127.0.0.1:%d%s", healthport, routes.PrometheusPath)
 				rsp, err := healthHttpClient.Get(url)
@@ -234,6 +234,19 @@ var _ = Describe("Api", func() {
 				rsp.Body.Close()
 			})
 		})
+		FContext("when a request to /health/liveness comes with empty credentials", func() {
+			It("should return 401", func() {
+				url := fmt.Sprintf("http://127.0.0.1:%d%s", healthport, routes.LivenessPath)
+				req, err := http.NewRequest(http.MethodGet, url, nil)
+				Expect(err).NotTo(HaveOccurred())
+
+				req.SetBasicAuth(cfg.Health.HealthCheckUsername, cfg.Health.HealthCheckPassword)
+
+				rsp, err := healthHttpClient.Do(req)
+				Expect(err).ToNot(HaveOccurred())
+				Expect(rsp.StatusCode).To(Equal(http.StatusNotFound))
+			})
+		})
 	})
 
 	Describe("when Health server is ready to serve RESTful API with basic Auth", func() {
@@ -283,6 +296,7 @@ var _ = Describe("Api", func() {
 				Expect(rsp.StatusCode).To(Equal(http.StatusOK))
 			})
 		})
+
 	})
 
 	Describe("can start with default plugin", func() {

src/autoscaler/healthendpoint/server.go

@@ -71,6 +71,7 @@ func NewHealthRouterWithBasicAuth(conf models.HealthConfig, healthCheckers []Che
 	authMiddleware, err := createBasicAuthMiddleware(logger, conf.HealthCheckUsernameHash,
 		conf.HealthCheckUsername, conf.HealthCheckPasswordHash, conf.HealthCheckPassword)
 	if err != nil {
+
 		return nil, err
 	}
 

templates/app-autoscaler.yml

@@ -247,8 +247,9 @@ instance_groups:
       autoscaler:
         apiserver:
           health:
-            username: "test_user"
-            password_hash: "$2y$04$MpZgNdLuGN.v7wvBsVPMKODvIhG885mp2.QZONkwMeR.PIO3AMJMC" # "test_password"
+            port: &apiServerHealthPort 6202
+            username: api_server
+            password: ((autoscaler_api_server_health_password))
           public_api:
             server:
               port: &publicApiServerPort 6101
@@ -323,6 +324,13 @@ instance_groups:
             component: autoscaler_service_broker
           uris:
             - *servicebroker_public_domain
+        - name: autoscaler_api_server_health
+          registration_interval: 20s
+          port: *apiServerHealthPort
+          tags:
+            component: api_server
+          uris:
+            - ((deployment_name)).((system_domain))
 
   # Scheduler Instance Group
 - name: scheduler
@@ -710,6 +718,8 @@ variables:
   type: password
   options:
     length: 128
+- name: autoscaler_api_server_health_password
+  type: password
 - name: autoscaler_metricsforwarder_health_password
   type: password
 - name: autoscaler_metricsgateway_health_password