feat: /mon/status returns details only for maintainer (#5795)

ovh · Apr 16, 2021 · a4e32e5 · a4e32e5
1 parent b7adeeb
commit a4e32e5
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/engine/api/api_routes.go b/engine/api/api_routes.go
@@ -129,7 +129,7 @@ func (api *API) InitRouter() {
 	r.Handle("/broadcast/{id}/mark", Scope(sdk.AuthConsumerScopeProject), r.POST(api.postMarkAsReadBroadcastHandler))
 
 	// Overall health
-	r.Handle("/mon/status", ScopeNone(), r.GET(api.statusHandler, service.OverrideAuth(service.NoAuthMiddleware)))
+	r.Handle("/mon/status", ScopeNone(), r.GET(api.statusHandler, service.OverrideAuth(api.authOptionalMiddleware)))
 	r.Handle("/mon/version", ScopeNone(), r.GET(service.VersionHandler, service.OverrideAuth(service.NoAuthMiddleware)))
 	r.Handle("/mon/db/migrate", ScopeNone(), r.GET(api.getMonDBStatusMigrateHandler, service.OverrideAuth(api.authAdminMiddleware)))
 	r.Handle("/mon/metrics", ScopeNone(), r.GET(service.GetPrometheustMetricsHandler(api), service.OverrideAuth(service.NoAuthMiddleware)))

diff --git a/engine/api/status.go b/engine/api/status.go
@@ -48,11 +48,18 @@ func (api *API) statusHandler() service.Handler {
 			status = http.StatusServiceUnavailable
 		}
 
+		// Always load services to ensure that database connection is ok.
 		srvs, err := services.LoadAll(ctx, api.mustDB(), services.LoadOptions.WithStatus)
 		if err != nil {
 			return err
 		}
 
+		// If there is a valid session and user is maintainer, allows to get status details.
+		currentConsumer := getAPIConsumer(ctx)
+		if currentConsumer == nil || !isMaintainer(ctx) {
+			return service.WriteJSON(w, nil, status)
+		}
+
 		mStatus := api.computeGlobalStatus(srvs)
 		return service.WriteJSON(w, mStatus, status)
 	}