Skip to content
This repository has been archived by the owner on Oct 30, 2024. It is now read-only.

Add healthz endpoint that checks the vault token #63

Merged
merged 9 commits into from
Jul 12, 2017
Merged

Add healthz endpoint that checks the vault token #63

merged 9 commits into from
Jul 12, 2017

Conversation

rossf7
Copy link
Contributor

@rossf7 rossf7 commented Jul 12, 2017
edited
Loading

Fixes giantswarm/giantswarm#1558

Adds healthz endpoint that checks the Vault token and API connection are working. To do this it lists the sys mounts. A health endpoint has been added to the Vault API and will be in the next release. We should switch to that once we've upgraded to Vault 0.7.

https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#073-june-7th-2017

@rossf7 rossf7 self-assigned this Jul 12, 2017
@rossf7
Copy link
Contributor Author

rossf7 commented Jul 12, 2017

I had problems rebasing the old PR so I did a fresh one. I think this was due to the big vendor update.

@xh3b4sd @kopiczko your comments from #59 are addressed

@JosephSalisbury adding you for info as I added Prometheus support to the healthz endpoint

@rossf7 rossf7 mentioned this pull request Jul 12, 2017
Closed
xh3b4sd
xh3b4sd approved these changes Jul 12, 2017
View reviewed changes
Copy link
Contributor

@xh3b4sd xh3b4sd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Direction is good. Go ahead on your own behalf.

service/healthz/service.go Outdated
healthCheckRequests = prometheus.NewCounterVec(
prometheus.CounterOpts{
Name: "health_check_request_total",
Help: "Number of health check requests",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The help messages are usually sentences. Please add a full stop.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

service/healthz/service.go Outdated
func init() {
prometheus.MustRegister(healthCheckRequests)
prometheus.MustRegister(healthCheckRequestTime)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would like to put this into a separate file metrics.go.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

service/healthz/service.go
newService := &Service{
// Dependencies.
vaultClient: config.VaultClient,
logger: config.Logger,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor nitpick. Alphabetical order.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed, damnit missed that one ;)

service/healthz/service.go
start := time.Now()
defer func() {
healthCheckRequestTime.Set(float64(time.Since(start) / time.Millisecond))
}()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can do }(time.Now()).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left this as to me it's more readable.

service/healthz/service.go Outdated
return nil, microerror.MaskAny(err)
}

healthCheckRequests.WithLabelValues("successfull").Inc()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would like to have constants for this with some godoc describing what it is for. The label is also called success. When the actual value for success is failed it reads weirdly. Maybe the label should be result. Uncertain. /cc @JosephSalisbury

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I got rid of the magic strings and added godoc. But to me the label names make sense. As only one is applied and they can be used for filtering.

Although I managed to spell successful wrong. Fail! :D

@rossf7 rossf7 merged commit 10e9275 into master Jul 12, 2017
@rossf7 rossf7 deleted the vault-healthz branch July 12, 2017 15:40
@r7vme
Copy link
Contributor

r7vme commented Jul 13, 2017
edited
Loading

Did we check this?

Because with latest Vault bootstrap manifests i'm getting

curl -H "X-Vault-Token: G8S_VAULT_TOKEN" http://172.16.238.2:8200/v1/sys/mounts
{"errors":["permission denied"]}

Policies for token

107     -policy="pki-issue-policy-${CLUSTER_NAME}" \
108     -policy="secret-g8s-sa-sign-key" \
109     -policy="default" \

@xh3b4sd
Copy link
Contributor

xh3b4sd commented Jul 14, 2017

@r7vme permission denied errors in Vault usually mean the Vault token being used is not valid and probably expired.

@r7vme r7vme mentioned this pull request Jul 14, 2017
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@xh3b4sd xh3b4sd xh3b4sd approved these changes

@JosephSalisbury JosephSalisbury Awaiting requested review from JosephSalisbury

@kopiczko kopiczko Awaiting requested review from kopiczko

Assignees

@rossf7 rossf7

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rossf7 @r7vme @xh3b4sd