Skip to content
This repository has been archived by the owner on Mar 27, 2024. It is now read-only.

feat: add HealthCheck for remote kms #3232

Merged
merged 1 commit into from
Apr 27, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions pkg/kms/webkms/remotekms.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import (
"io"
"io/ioutil"
"net/http"
"net/url"
"strings"
"time"

Expand Down Expand Up @@ -305,6 +306,28 @@ func (r *RemoteKMS) createKey(kt kms.KeyType) (string, []byte, error) {
return httpResp.KeyURL, httpResp.PublicKey, nil
}

// HealthCheck check kms.
func (r *RemoteKMS) HealthCheck() error {
parseURL, err := url.Parse(r.keystoreURL)
if err != nil {
return err
}

resp, err := r.getHTTPRequest(parseURL.Scheme + "://" + parseURL.Host + "/healthcheck")
if err != nil {
return err
}

// handle response
defer closeResponseBody(resp.Body, logger, "HealthCheck")

if resp.StatusCode != http.StatusOK {
return fmt.Errorf("kms health check return %d status code", resp.StatusCode)
}

return nil
}

// Get key handle for the given KeyID remotely
// Returns:
// - handle instance representing a remote keystore URL including KeyID
Expand Down
21 changes: 21 additions & 0 deletions pkg/kms/webkms/remotekms_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -272,6 +272,27 @@ func TestCreateKeyWithLocationInResponseBody(t *testing.T) {
require.Contains(t, err.Error(), "failingUnmarshal always fails")
}

func TestHealthCheck(t *testing.T) {
hf := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusServiceUnavailable)
})

server, url, client := CreateMockHTTPServerAndClient(t, hf)
defaultKeystoreURL := fmt.Sprintf("%s/%s", strings.ReplaceAll(KeystoreEndpoint,
"{serverEndpoint}", url), defaultKeyStoreID)

defer func() {
e := server.Close()
require.NoError(t, e)
}()

remoteKMS := New(defaultKeystoreURL, client)

err := remoteKMS.HealthCheck()
require.Error(t, err)
require.Contains(t, err.Error(), "kms health check return 503 status code")
}

func TestRemoteKeyStoreWithHeadersFunc(t *testing.T) {
xRootCapabilityHeaderValue := []byte("DUMMY")

Expand Down