do not return JSON response in healthz (#1350)

healthz should only return 200 or 500 response. returning error messages in the HTTP response can leak sensitive connection information The exact error is logged by the server instead.
2024-11-06 17:05:18 +00:00 · 2017-03-03 19:49:42 -05:00 · 2017-03-03 19:49:42 -05:00 · d65bf6ae61
commit d65bf6ae61
parent 4fb0b3c659
2 changed files with 10 additions and 13 deletions
--- a/cli/healthz_test.go
+++ b/cli/healthz_test.go
@ -6,15 +6,17 @@ import (
 	"net/http/httptest"
 	"testing"

+	"github.com/go-kit/kit/log"
 	"github.com/stretchr/testify/assert"
 )

 func TestHealthz(t *testing.T) {
-	failing := healthz(map[string]interface{}{
+	logger := log.NewNopLogger()
+	failing := healthz(logger, map[string]interface{}{
 		"mock": healthcheckFunc(func() error {
 			return errors.New("health check failed")
 		})})
-	ok := healthz(map[string]interface{}{
+	ok := healthz(logger, map[string]interface{}{
 		"mock": healthcheckFunc(func() error {
 			return nil
 		})})
--- a/cli/serve.go
+++ b/cli/serve.go
@ -1,7 +1,6 @@
 package cli

 import (
-	"encoding/json"
 	"net/http"
 	"os"
 	"os/signal"
@ -149,7 +148,7 @@ the way that the kolide server works.
 			}

 			r := http.NewServeMux()
-			r.Handle("/healthz", prometheus.InstrumentHandler("healthz", healthz(healthCheckers)))
+			r.Handle("/healthz", prometheus.InstrumentHandler("healthz", healthz(httpLogger, healthCheckers)))
 			r.Handle("/version", prometheus.InstrumentHandler("version", version.Handler()))
 			r.Handle("/assets/", prometheus.InstrumentHandler("static_assets", service.ServeStaticAssets("/assets/")))
 			r.Handle("/metrics", prometheus.InstrumentHandler("metrics", promhttp.Handler()))
@ -192,29 +191,25 @@ the way that the kolide server works.
 // healthz is an http handler which responds with either
 // 200 OK if the server can successfuly communicate with it's backends or
 // 500 if any of the backends are reporting an issue.
-func healthz(deps map[string]interface{}) http.HandlerFunc {
+func healthz(logger kitlog.Logger, deps map[string]interface{}) http.HandlerFunc {
 	type healthChecker interface {
 		HealthCheck() error
 	}

+	healthy := true
 	return func(w http.ResponseWriter, r *http.Request) {
-		errs := make(map[string]string)
 		for name, dep := range deps {
 			if hc, ok := dep.(healthChecker); ok {
 				err := hc.HealthCheck()
 				if err != nil {
-					errs[name] = err.Error()
+					logger.Log("err", err, "health-checker", name)
+					healthy = false
 				}
 			}
 		}

-		if len(errs) > 0 {
+		if !healthy {
 			w.WriteHeader(http.StatusInternalServerError)
-			enc := json.NewEncoder(w)
-			enc.SetIndent("", "  ")
-			enc.Encode(map[string]interface{}{
-				"errors": errs,
-			})
 		}
 	}
 }