Add health_check access token, and enforce on the health_check endpoint

Also added a health check page to the admin section for resetting the token.

9 files changed, 89 insertions, 2 deletions

diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb
index ec22548ddeb..7b9a88cd319 100644
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -19,6 +19,12 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
     redirect_to admin_runners_path
   end
 
+  def reset_health_check_token
+    @application_setting.reset_health_check_access_token!
+    flash[:notice] = 'New health check access token has been generated!'
+    redirect_to :back
+  end
+
   def clear_repository_check_states
     RepositoryCheck::ClearWorker.perform_async
 
diff --git a/app/controllers/admin/health_check_controller.rb b/app/controllers/admin/health_check_controller.rb
new file mode 100644
index 00000000000..3153a765e35
--- /dev/null
+++ b/app/controllers/admin/health_check_controller.rb
@@ -0,0 +1,9 @@
+class Admin::HealthCheckController < Admin::ApplicationController
+  def show
+    begin
+      @errors = HealthCheck::Utils.process_checks('standard')
+    rescue => e
+      @errors = e.message.blank? ? e.class.to_s : e.message.to_s
+    end
+  end
+end
diff --git a/app/controllers/health_check_controller.rb b/app/controllers/health_check_controller.rb
new file mode 100644
index 00000000000..b974489836f
--- /dev/null
+++ b/app/controllers/health_check_controller.rb
@@ -0,0 +1,13 @@
+class HealthCheckController < HealthCheck::HealthCheckController
+  before_action :validate_health_check_access!
+
+  protected
+
+  def validate_health_check_access!
+    return render_404 unless params[:token].presence && params[:token] == current_application_settings.health_check_access_token
+  end
+
+  def render_404
+    render file: Rails.root.join("public", "404"), layout: false, status: "404"
+  end
+end
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index 7039db2d41e..bf88326c116 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -1,6 +1,7 @@
 class ApplicationSetting < ActiveRecord::Base
   include TokenAuthenticatable
   add_authentication_token_field :runners_registration_token
+  add_authentication_token_field :health_check_access_token
 
   CACHE_KEY = 'application_setting.last'
 
@@ -70,6 +71,7 @@ class ApplicationSetting < ActiveRecord::Base
   end
 
   before_save :ensure_runners_registration_token
+  before_save :ensure_health_check_access_token
 
   after_commit do
     Rails.cache.write(CACHE_KEY, self)
@@ -133,4 +135,8 @@ class ApplicationSetting < ActiveRecord::Base
   def runners_registration_token
     ensure_runners_registration_token!
   end
+
+  def health_check_access_token
+    ensure_health_check_access_token!
+  end
 end
diff --git a/app/views/admin/health_check/show.html.haml b/app/views/admin/health_check/show.html.haml
new file mode 100644
index 00000000000..70e5d04e356
--- /dev/null
+++ b/app/views/admin/health_check/show.html.haml
@@ -0,0 +1,40 @@
+- page_title "Health Check"
+
+%h3.page-title
+  Health Check
+%p.light
+  Health information can be reteived as plain text, json, or xml using:
+  %ul
+    %li
+      %code= "/health_check?token=#{current_application_settings.health_check_access_token}"
+    %li
+      %code= "/health_check.json?token=#{current_application_settings.health_check_access_token}"
+    %li
+      %code= "/health_check.xml?token=#{current_application_settings.health_check_access_token}"
+
+.bs-callout.clearfix
+  .pull-left
+    %p
+      You can reset the health check access token by pressing the button below.
+    %p
+      = button_to reset_health_check_token_admin_application_settings_path,
+        method: :put, class: 'btn btn-default',
+        data: { confirm: 'Are you sure you want to reset the health check token?' } do
+        = icon('refresh')
+        Reset health check access token
+
+%hr
+.panel.panel-default
+  .panel-heading
+    Current Status:
+    - if @errors.blank?
+      = icon('circle', class: 'cgreen')
+      Healthy
+    - else
+      = icon('warning', class: 'cred')
+      Unhealthy
+  .panel-body
+    - if @errors.blank?
+      No Health Problems Detected
+    - else
+      = @errors
diff --git a/app/views/layouts/nav/_admin.html.haml b/app/views/layouts/nav/_admin.html.haml
index 280a1b93729..f292730fe45 100644
--- a/app/views/layouts/nav/_admin.html.haml
+++ b/app/views/layouts/nav/_admin.html.haml
@@ -41,6 +41,11 @@
       = icon('file-text fw')
       %span
         Logs
+  = nav_link(controller: :health_check) do
+    = link_to admin_health_check_path, title: 'Health Check' do
+      = icon('medkit fw')
+      %span
+        Health Check
   = nav_link(controller: :broadcast_messages) do
     = link_to admin_broadcast_messages_path, title: 'Messages' do
       = icon('bullhorn fw')
diff --git a/config/routes.rb b/config/routes.rb
index cac800b9a9c..c81bf294a53 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -74,7 +74,7 @@ Rails.application.routes.draw do
   end
 
   # Health check
-  health_check_routes
+  get 'health_check(/:checks)(.:format)'  => 'health_check#index'
 
   # Enable Grack support
   mount Grack::AuthSpawner, at: '/', constraints: lambda { |request| /[-\/\w\.]+\.git\//.match(request.path_info) }, via: [:get, :post, :put]
@@ -256,6 +256,7 @@ Rails.application.routes.draw do
     end
 
     resource :logs, only: [:show]
+    resource :health_check, controller: 'health_check', only: [:show]
     resource :background_jobs, controller: 'background_jobs', only: [:show]
 
     resources :namespaces, path: '/projects', constraints: { id: /[a-zA-Z.0-9_\-]+/ }, only: [] do
@@ -287,6 +288,7 @@ Rails.application.routes.draw do
     resource :application_settings, only: [:show, :update] do
       resources :services
       put :reset_runners_token
+      put :reset_health_check_token
       put :clear_repository_check_states
     end
 
diff --git a/db/migrate/20160509201028_add_health_check_access_token_to_application_settings.rb b/db/migrate/20160509201028_add_health_check_access_token_to_application_settings.rb
new file mode 100644
index 00000000000..9d729fec189
--- /dev/null
+++ b/db/migrate/20160509201028_add_health_check_access_token_to_application_settings.rb
@@ -0,0 +1,5 @@
+class AddHealthCheckAccessTokenToApplicationSettings < ActiveRecord::Migration
+  def change
+    add_column :application_settings, :health_check_access_token, :string
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 71d953afe30..8ac3eeae62d 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20160508194200) do
+ActiveRecord::Schema.define(version: 20160509201028) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -80,6 +80,7 @@ ActiveRecord::Schema.define(version: 20160508194200) do
     t.boolean  "repository_checks_enabled",         default: false
     t.text     "shared_runners_text"
     t.integer  "metrics_packet_size",               default: 1
+    t.string   "health_check_access_token"
   end
 
   create_table "audit_events", force: :cascade do |t|