CON-488 Expose CN config in route (excludes sensitive configs) (#4302)

AudiusProject · Nov 14, 2022 · 7853453 · 7853453
1 parent 182191b
commit 7853453
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 12 deletions.
diff --git a/creator-node/src/components/healthCheck/healthCheckComponentService.js b/creator-node/src/components/healthCheck/healthCheckComponentService.js
@@ -279,8 +279,15 @@ const healthCheckDuration = async () => {
   return { success: true }
 }
 
+const configCheck = async () => {
+  // https://github.com/mozilla/node-convict/tree/master/packages/convict#configtostring
+  const data = config.toString()
+  return data
+}
+
 module.exports = {
   healthCheck,
   healthCheckVerbose,
-  healthCheckDuration
+  healthCheckDuration,
+  configCheck
 }
diff --git a/creator-node/src/components/healthCheck/healthCheckComponentService.test.js b/creator-node/src/components/healthCheck/healthCheckComponentService.test.js
@@ -3,7 +3,8 @@ const { Keypair } = require('@solana/web3.js')
 
 const {
   healthCheck,
-  healthCheckVerbose
+  healthCheckVerbose,
+  configCheck
 } = require('./healthCheckComponentService')
 const version = require('../../../.version.json')
 const config = require('../../../src/config')
@@ -700,3 +701,8 @@ describe('Test Health Check Verbose', function () {
     assert.deepStrictEqual(defaultRes.healthy, false)
   })
 })
+
+it('Test config check route', async () => {
+  const resp = await configCheck()
+  assert.ok(resp.includes('"dbUrl": "[Sensitive]"'))
+})
diff --git a/creator-node/src/components/healthCheck/healthCheckController.js b/creator-node/src/components/healthCheck/healthCheckController.js
@@ -10,7 +10,8 @@ const {
 const {
   healthCheck,
   healthCheckVerbose,
-  healthCheckDuration
+  healthCheckDuration,
+  configCheck
 } = require('./healthCheckComponentService')
 const { syncHealthCheck } = require('./syncHealthCheckComponentService')
 const { serviceRegistry } = require('../../serviceRegistry')
@@ -216,6 +217,11 @@ const healthCheckNetworkController = async (req) => {
   })
 }
 
+const configCheckController = async (_req) => {
+  const response = await configCheck()
+  return successResponse(response)
+}
+
 // Routes
 
 router.get('/health_check', handleResponse(healthCheckController))
@@ -234,9 +240,10 @@ router.get(
   '/health_check/verbose',
   handleResponse(healthCheckVerboseController)
 )
-
 router.get(
   '/health_check/network',
   handleResponse(healthCheckNetworkController)
 )
+router.get('config_check', handleResponse(configCheckController))
+
 module.exports = router
diff --git a/creator-node/src/config.js b/creator-node/src/config.js
@@ -25,7 +25,8 @@ const config = convict({
     doc: 'Database URL connection string',
     format: String,
     env: 'dbUrl',
-    default: 'postgres://postgres:postgres@localhost:4432/audius_creator_node'
+    default: 'postgres://postgres:postgres@localhost:4432/audius_creator_node',
+    sensitive: true
   },
   dbConnectionPoolMax: {
     doc: 'Max connections in database pool',
@@ -43,7 +44,8 @@ const config = convict({
     doc: 'Redis host name',
     format: String,
     env: 'redisHost',
-    default: 'localhost'
+    default: 'localhost',
+    sensitive: true
   },
   allowedUploadFileExtensions: {
     doc: 'Override the default list of file extension allowed',
@@ -88,13 +90,15 @@ const config = convict({
     doc: 'Redis port',
     format: 'port',
     env: 'redisPort',
-    default: 4379
+    default: 4379,
+    sensitive: true
   },
   port: {
     doc: 'Port to run service on',
     format: 'port',
     env: 'port',
-    default: 4000
+    default: 4000,
+    sensitive: true
   },
   setTimeout: {
     doc: `
@@ -315,13 +319,15 @@ const config = convict({
     doc: 'private key string',
     format: String,
     env: 'delegatePrivateKey',
-    default: null
+    default: null,
+    sensitive: true
   },
   solDelegatePrivateKeyBase64: {
     doc: 'Base64-encoded Solana private key created using delegatePrivateKey as the seed (auto-generated -- any input here will be overwritten)',
     format: String,
     env: 'solDelegatePrivateKeyBase64',
-    default: ''
+    default: '',
+    sensitive: true
   },
   // `env` property is not defined as this should never be passed in as an envvar and should only be set programatically
   isRegisteredOnURSM: {
@@ -376,7 +382,8 @@ const config = convict({
     doc: 'all unlocked accounts from eth chain',
     format: Array,
     env: 'ethWallets',
-    default: []
+    default: [],
+    sensitive: true
   },
   spOwnerWalletIndex: {
     doc: 'Index in ethWallets array of service owner wallet',
@@ -824,7 +831,8 @@ const config = convict({
     doc: 'the url for the OpenTelemetry collector',
     format: String,
     env: 'otelCollectorUrl',
-    default: ''
+    default: '',
+    sensitive: true
   },
   reconfigSPIdBlacklistString: {
     doc: 'A comma separated list of sp ids of nodes to not reconfig onto. Used to create the `reconfigSPIdBlacklist` number[] config. Defaulted to prod foundation nodes and any node > 75% storage utilization.',