Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The health check endpoint configuration must be more explicit on regards of sensitive #10759

Merged
merged 2 commits into from
Apr 30, 2024
Merged

The health check endpoint configuration must be more explicit on regards of sensitive #10759

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d9abee6
Update healthEndpoint.adoc
shadai-rafael Apr 24, 2024
f605349
add test
sdelamo Apr 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions management/src/test/groovy/io/micronaut/management/endpoint/health/HealthEndpointSpec.groovy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,12 @@ import io.micronaut.context.ApplicationContext
import io.micronaut.context.annotation.Requires
import io.micronaut.core.convert.ArgumentConversionContext
import io.micronaut.core.type.Argument
import io.micronaut.core.util.StringUtils
import io.micronaut.health.HealthStatus
import io.micronaut.http.HttpRequest
import io.micronaut.http.HttpStatus
import io.micronaut.http.bind.binders.TypedRequestArgumentBinder
import io.micronaut.http.client.BlockingHttpClient
import io.micronaut.http.client.HttpClient
import io.micronaut.http.client.exceptions.HttpClientResponseException
import io.micronaut.management.health.aggregator.DefaultHealthAggregator
Expand Down Expand Up @@ -169,6 +171,27 @@ class HealthEndpointSpec extends Specification {
embeddedServer.close()
}

void "test health endpoint returns 401 for sensitive true and details-visible anonymous"() {
given:
EmbeddedServer embeddedServer = ApplicationContext.run(EmbeddedServer, [
'spec.name': getClass().simpleName,
'endpoints.health.sensitive': StringUtils.TRUE,
'endpoints.health.details-visible': DetailsVisibility.ANONYMOUS])
URL server = embeddedServer.getURL()
HttpClient httpClient = embeddedServer.applicationContext.createBean(HttpClient, server)
BlockingHttpClient client = httpClient.toBlocking()

when:
client.exchange("/health", HealthResult)

then:
HttpClientResponseException ex = thrown(HttpClientResponseException)
HttpStatus.UNAUTHORIZED == ex.status

cleanup:
embeddedServer.close()
}

void "test health endpoint with a high diskspace threshold"() {
given:
EmbeddedServer embeddedServer = ApplicationContext.run(EmbeddedServer, [
Expand Down
2 changes: 1 addition & 1 deletion src/main/docs/guide/management/providedEndpoints/healthEndpoint.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ endpoints:

- `details-visible` is one of api:management.endpoint.health.DetailsVisibility[]

The `details-visible` setting controls whether health detail will be exposed to users who are not authenticated.
The `details-visible` setting controls whether health detail will be exposed to users who are not authenticated. If the details-visible parameter is configured as ANONYMOUS, while the sensitive flag is set to true, the resulting outcome will be 401 Unauthorized.

For example, setting:

Expand Down
Loading