Refactor health endpoint configuration across multiple jobs

• Consolidate health endpoint configuration into server_config and basic_auth sections for eventgenerator, golangapiserver, metricsforwarder, operator, and scalingengine jobs. • Enable TLS configuration within the server_config section when certificates are provided. • Update corresponding specs to reflect the new configuration structure and verify TLS settings and basic auth credentials.
cloudfoundry · Oct 14, 2024 · 8034c1a · 8034c1a
1 parent 0c81532
commit 8034c1a
Show file tree

Hide file tree

Showing 12 changed files with 129 additions and 118 deletions.
diff --git a/jobs/eventgenerator/templates/eventgenerator.yml.erb b/jobs/eventgenerator/templates/eventgenerator.yml.erb
@@ -69,15 +69,17 @@ logging:
   level: <%= p("autoscaler.eventgenerator.logging.level") %>
 http_client_timeout: <%= p("autoscaler.eventgenerator.http_client_timeout") %>
 health:
-  port: <%= p("autoscaler.eventgenerator.health.port") %>
-  username: <%= p("autoscaler.eventgenerator.health.username") %>
-  password: <%= p("autoscaler.eventgenerator.health.password") %>
-  <% if_p("autoscaler.eventgenerator.health.ca_cert", "autoscaler.eventgenerator.health.server_cert", "autoscaler.eventgenerator.health.server_key") do %>
-  tls:
-    ca_file: /var/vcap/jobs/eventgenerator/config/certs/healthendpoint/ca.crt
-    cert_file: /var/vcap/jobs/eventgenerator/config/certs/healthendpoint/server.crt
-    key_file: /var/vcap/jobs/eventgenerator/config/certs/healthendpoint/server.key
-  <% end %>
+  server_config:
+    port: <%= p("autoscaler.eventgenerator.health.port") %>
+    <% if_p("autoscaler.eventgenerator.health.ca_cert", "autoscaler.eventgenerator.health.server_cert", "autoscaler.eventgenerator.health.server_key") do %>
+    tls:
+      ca_file: /var/vcap/jobs/eventgenerator/config/certs/healthendpoint/ca.crt
+      cert_file: /var/vcap/jobs/eventgenerator/config/certs/healthendpoint/server.crt
+      key_file: /var/vcap/jobs/eventgenerator/config/certs/healthendpoint/server.key
+    <% end %>
+  basic_auth:
+    username: <%= p("autoscaler.eventgenerator.health.username") %>
+    password: <%= p("autoscaler.eventgenerator.health.password") %>
 
 db:
   policy_db:

diff --git a/jobs/golangapiserver/templates/apiserver.yml.erb b/jobs/golangapiserver/templates/apiserver.yml.erb
@@ -91,13 +91,14 @@ dashboard_redirect_uri: <%= p("autoscaler.apiserver.broker.server.dashboard_redi
 default_credential_type: <%= p("autoscaler.apiserver.broker.default_credential_type") %>
 
 health:
-  port: <%= p("autoscaler.apiserver.health.port") %>
-  <% if_p("autoscaler.apiserver.health.ca_cert", "autoscaler.apiserver.health.server_cert", "autoscaler.apiserver.health.server_key") do %>
-  tls:
-    ca_file: /var/vcap/jobs/golangapiserver/config/certs/healthendpoint/ca.crt
-    cert_file: /var/vcap/jobs/golangapiserver/config/certs/healthendpoint/server.crt
-    key_file: /var/vcap/jobs/golangapiserver/config/certs/healthendpoint/server.key
-  <% end %>
+  server_config:
+    port: <%= p("autoscaler.apiserver.health.port") %>
+    <% if_p("autoscaler.apiserver.health.ca_cert", "autoscaler.apiserver.health.server_cert", "autoscaler.apiserver.health.server_key") do %>
+    tls:
+      ca_file: /var/vcap/jobs/golangapiserver/config/certs/healthendpoint/ca.crt
+      cert_file: /var/vcap/jobs/golangapiserver/config/certs/healthendpoint/server.crt
+      key_file: /var/vcap/jobs/golangapiserver/config/certs/healthendpoint/server.key
+    <% end %>
 
 db:
   policy_db:

diff --git a/jobs/metricsforwarder/templates/metricsforwarder.yml.erb b/jobs/metricsforwarder/templates/metricsforwarder.yml.erb
@@ -91,15 +91,17 @@ cache_ttl: <%= p("autoscaler.metricsforwarder.cache_ttl") %>
 cache_cleanup_interval: <%= p("autoscaler.metricsforwarder.cache_cleanup_interval") %>
 policy_poller_interval: <%= p("autoscaler.metricsforwarder.policy_poller_interval") %>
 health:
-  port:  <%= p("autoscaler.metricsforwarder.health.port") %>
-  username: <%= p("autoscaler.metricsforwarder.health.username") %>
-  password: <%= p("autoscaler.metricsforwarder.health.password") %>
-  <% if_p("autoscaler.metricsforwarder.health.ca_cert", "autoscaler.metricsforwarder.health.server_cert", "autoscaler.metricsforwarder.health.server_key") do %>
-  tls:
-    ca_file: /var/vcap/jobs/metricsforwarder/config/certs/healthendpoint/ca.crt
-    cert_file: /var/vcap/jobs/metricsforwarder/config/certs/healthendpoint/server.crt
-    key_file: /var/vcap/jobs/metricsforwarder/config/certs/healthendpoint/server.key
-  <% end %>
+  server_config:
+    port:  <%= p("autoscaler.metricsforwarder.health.port") %>
+    <% if_p("autoscaler.metricsforwarder.health.ca_cert", "autoscaler.metricsforwarder.health.server_cert", "autoscaler.metricsforwarder.health.server_key") do %>
+    tls:
+      ca_file: /var/vcap/jobs/metricsforwarder/config/certs/healthendpoint/ca.crt
+      cert_file: /var/vcap/jobs/metricsforwarder/config/certs/healthendpoint/server.crt
+      key_file: /var/vcap/jobs/metricsforwarder/config/certs/healthendpoint/server.key
+    <% end %>
+  basic_auth:
+    username: <%= p("autoscaler.metricsforwarder.health.username") %>
+    password: <%= p("autoscaler.metricsforwarder.health.password") %>
 
 rate_limit:
   valid_duration: <%= p("autoscaler.metricsforwarder.rate_limit.valid_duration") %>

diff --git a/jobs/operator/templates/operator.yml.erb b/jobs/operator/templates/operator.yml.erb
@@ -58,15 +58,17 @@ cf:
 logging:
   level: <%= p("autoscaler.operator.logging.level") %>
 health:
-  port: <%= p("autoscaler.operator.health.port") %>
-  username: <%= p("autoscaler.operator.health.username") %>
-  password: <%= p("autoscaler.operator.health.password") %>
-  <% if_p("autoscaler.operator.health.ca_cert", "autoscaler.operator.health.server_cert", "autoscaler.operator.health.server_key") do %>
-  tls:
-    ca_file: /var/vcap/jobs/operator/config/certs/healthendpoint/ca.crt
-    cert_file: /var/vcap/jobs/operator/config/certs/healthendpoint/server.crt
-    key_file: /var/vcap/jobs/operator/config/certs/healthendpoint/server.key
-  <% end %>
+  server_config:
+    port: <%= p("autoscaler.operator.health.port") %>
+    <% if_p("autoscaler.operator.health.ca_cert", "autoscaler.operator.health.server_cert", "autoscaler.operator.health.server_key") do %>
+    tls:
+      ca_file: /var/vcap/jobs/operator/config/certs/healthendpoint/ca.crt
+      cert_file: /var/vcap/jobs/operator/config/certs/healthendpoint/server.crt
+      key_file: /var/vcap/jobs/operator/config/certs/healthendpoint/server.key
+    <% end %>
+  basic_auth:
+    username: <%= p("autoscaler.operator.health.username") %>
+    password: <%= p("autoscaler.operator.health.password") %>
 
 http_client_timeout: <%= p("autoscaler.operator.http_client_timeout") %>
 

diff --git a/jobs/scalingengine/templates/scalingengine.yml.erb b/jobs/scalingengine/templates/scalingengine.yml.erb
@@ -63,15 +63,17 @@ logging:
   level: <%= p("autoscaler.scalingengine.logging.level") %>
 http_client_timeout: <%= p("autoscaler.scalingengine.http_client_timeout") %>
 health:
-  port: <%= p("autoscaler.scalingengine.health.port") %>
-  username: <%= p("autoscaler.scalingengine.health.username") %>
-  password: <%= p("autoscaler.scalingengine.health.password") %>
-  <% if_p("autoscaler.scalingengine.health.ca_cert", "autoscaler.scalingengine.health.server_cert", "autoscaler.scalingengine.health.server_key") do %>
-  tls:
-    ca_file: /var/vcap/jobs/scalingengine/config/certs/healthendpoint/ca.crt
-    cert_file: /var/vcap/jobs/scalingengine/config/certs/healthendpoint/server.crt
-    key_file: /var/vcap/jobs/scalingengine/config/certs/healthendpoint/server.key
-  <% end %>
+  basic_auth:
+    username: <%= p("autoscaler.scalingengine.health.username") %>
+    password: <%= p("autoscaler.scalingengine.health.password") %>
+  server_config:
+    port: <%= p("autoscaler.scalingengine.health.port") %>
+    <% if_p("autoscaler.scalingengine.health.ca_cert", "autoscaler.scalingengine.health.server_cert", "autoscaler.scalingengine.health.server_key") do %>
+    tls:
+      ca_file: /var/vcap/jobs/scalingengine/config/certs/healthendpoint/ca.crt
+      cert_file: /var/vcap/jobs/scalingengine/config/certs/healthendpoint/server.crt
+      key_file: /var/vcap/jobs/scalingengine/config/certs/healthendpoint/server.key
+    <% end %>
 
 
 db:

diff --git a/spec/jobs/common/health_endpoint_spec.rb b/spec/jobs/common/health_endpoint_spec.rb
@@ -13,40 +13,38 @@
     %w[operator operator config/operator.yml operator.yml],
     %w[scalingengine scalingengine config/scalingengine.yml scalingengine.yml]
   ].each do |service, release_job, config_file, properties_file|
-    context service do
-      context "health endpoint" do
-        before(:each) do
-          @properties = YAML.safe_load(fixture(properties_file).read)
-          @template = release.job(release_job).template(config_file)
-          @links = case service
-          when "eventgenerator"
-            [Bosh::Template::Test::Link.new(name: "eventgenerator")]
-          else
-            []
-          end
-          @rendered_template = YAML.safe_load(@template.render(@properties, consumes: @links))
-        end
-        it "by default TLS is not configured" do
-          expect(@rendered_template["health"]["tls"]).to be_nil
+    describe "service #{service} health endpoint" do
+      before(:each) do
+        @properties = YAML.safe_load(fixture(properties_file).read)
+        @template = release.job(release_job).template(config_file)
+        @links = case service
+        when "eventgenerator"
+          [Bosh::Template::Test::Link.new(name: "eventgenerator")]
+        else
+          []
         end
+        @rendered_template = YAML.safe_load(@template.render(@properties, consumes: @links))
+      end
+      it "by default TLS is not configured" do
+        expect(@rendered_template["health"]["server_config"]["tls"]).to be_nil
+      end
 
-        it "TLS can be enabled" do
-          service_config = (@properties["autoscaler"][service] ||= {})
-          service_config["health"] = {
-            "ca_cert" => "SOME_CA",
-            "server_cert" => "SOME_CERT",
-            "server_key" => "SOME_KEY"
-          }
+      it "TLS can be enabled" do
+        service_config = (@properties["autoscaler"][service] ||= {})
+        service_config["health"] = {
+          "ca_cert" => "SOME_CA",
+          "server_cert" => "SOME_CERT",
+          "server_key" => "SOME_KEY"
+        }
 
-          rendered_template = YAML.safe_load(@template.render(@properties, consumes: @links))
+        rendered_template = YAML.safe_load(@template.render(@properties, consumes: @links))
 
-          expect(rendered_template["health"]["tls"]).not_to be_nil
-          expect(rendered_template["health"]["tls"]).to include({
-            "key_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/server.key",
-            "ca_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/ca.crt",
-            "cert_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/server.crt"
-          })
-        end
+        expect(rendered_template["health"]["server_config"]["tls"]).not_to be_nil
+        expect(rendered_template["health"]["server_config"]["tls"]).to include({
+          "key_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/server.key",
+          "ca_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/ca.crt",
+          "cert_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/server.crt"
+        })
       end
     end
   end

diff --git a/spec/jobs/eventgenerator/eventgenerator_spec.rb b/spec/jobs/eventgenerator/eventgenerator_spec.rb
@@ -29,10 +29,7 @@
           "port" => 1234
         }
       }
-      expect(rendered_template["health"])
-        .to include(
-          {"port" => 1234}
-        )
+      expect(rendered_template["health"]["server_config"]["port"]).to eq(properties["autoscaler"]["eventgenerator"]["health"]["port"])
     end
 
     it "check eventgenerator username and password" do
@@ -44,12 +41,9 @@
         }
       }
 
-      expect(rendered_template["health"])
-        .to include(
-          {"port" => 1234,
-           "username" => "test-user",
-           "password" => "test-user-password"}
-        )
+      expect(rendered_template["health"]["server_config"]["port"]).to eq(properties["autoscaler"]["eventgenerator"]["health"]["port"])
+      expect(rendered_template["health"]["basic_auth"]["username"]).to eq(properties["autoscaler"]["eventgenerator"]["health"]["username"])
+      expect(rendered_template["health"]["basic_auth"]["password"]).to eq(properties["autoscaler"]["eventgenerator"]["health"]["password"])
     end
 
     describe "when using log-cache via https/uaa" do

diff --git a/spec/jobs/metricsforwarder/metricsforwarder_spec.rb b/spec/jobs/metricsforwarder/metricsforwarder_spec.rb
@@ -42,10 +42,7 @@
         }
       }
 
-      expect(rendered_template["health"])
-        .to include(
-          {"port" => 1234}
-        )
+      expect(rendered_template["health"]["server_config"]["port"]).to eq(properties["autoscaler"]["metricsforwarder"]["health"]["port"])
     end
 
     it "check metricsforwarder basic auth username and password" do
@@ -57,12 +54,9 @@
         }
       }
 
-      expect(rendered_template["health"])
-        .to include(
-          {"port" => 1234,
-           "username" => "test-user",
-           "password" => "test-user-password"}
-        )
+      expect(rendered_template["health"]["server_config"]["port"]).to eq(properties["autoscaler"]["metricsforwarder"]["health"]["port"])
+      expect(rendered_template["health"]["basic_auth"]["username"]).to eq(properties["autoscaler"]["metricsforwarder"]["health"]["username"])
+      expect(rendered_template["health"]["basic_auth"]["password"]).to eq(properties["autoscaler"]["metricsforwarder"]["health"]["password"])
     end
 
     it "has a cred helper impl by default" do

diff --git a/spec/jobs/operator/operator_spec.rb b/spec/jobs/operator/operator_spec.rb
@@ -20,10 +20,7 @@
         }
       }
 
-      expect(rendered_template["health"])
-        .to include(
-          {"port" => 1234}
-        )
+      expect(rendered_template["health"]["server_config"]["port"]).to eq(properties["autoscaler"]["operator"]["health"]["port"])
     end
 
     it "check operator basic auth username and password" do
@@ -35,12 +32,9 @@
         }
       }
 
-      expect(rendered_template["health"])
-        .to include(
-          {"port" => 1234,
-           "username" => "test-user",
-           "password" => "test-user-password"}
-        )
+      expect(rendered_template["health"]["server_config"]["port"]).to eq(properties["autoscaler"]["operator"]["health"]["port"])
+      expect(rendered_template["health"]["basic_auth"]["username"]).to eq(properties["autoscaler"]["operator"]["health"]["username"])
+      expect(rendered_template["health"]["basic_auth"]["password"]).to eq(properties["autoscaler"]["operator"]["health"]["password"])
     end
 
     context "uses tls" do

diff --git a/spec/jobs/scalingengine/scalingengine_spec.rb b/spec/jobs/scalingengine/scalingengine_spec.rb
@@ -21,10 +21,7 @@
           }
         }
 
-        expect(rendered_template["health"])
-          .to include(
-            {"port" => 1234}
-          )
+        expect(rendered_template["health"]["server_config"]["port"]).to eq(properties["autoscaler"]["scalingengine"]["health"]["port"])
       end
 
       it "check scalingengine basic auth username and password" do
@@ -36,12 +33,9 @@
           }
         }
 
-        expect(rendered_template["health"])
-          .to include(
-            {"port" => 1234,
-             "username" => "test-user",
-             "password" => "test-user-password"}
-          )
+        expect(rendered_template["health"]["server_config"]["port"]).to eq(properties["autoscaler"]["scalingengine"]["health"]["port"])
+        expect(rendered_template["health"]["basic_auth"]["username"]).to eq(properties["autoscaler"]["scalingengine"]["health"]["username"])
+        expect(rendered_template["health"]["basic_auth"]["password"]).to eq(properties["autoscaler"]["scalingengine"]["health"]["password"])
       end
     end
 

diff --git a/src/autoscaler/build-extension-file.sh b/src/autoscaler/build-extension-file.sh
@@ -40,15 +40,18 @@ _schema-version: 3.3.0
 modules:
   - name: metricsforwarder
     requires:
-    - name: config
+    - name: metricsforwarder-config
     - name: policydb
     - name: syslog-client
     parameters:
       routes:
       - route: ${METRICSFORWARDER_APPNAME}.\${default-domain}
+  - name: publicapiserver
+    parameters:
+      instances: 0
 
 resources:
-- name: config
+- name: metricsforwarder-config
   parameters:
     config:
       metricsforwarder:

diff --git a/src/autoscaler/mta.tpl.yaml b/src/autoscaler/mta.tpl.yaml
@@ -12,7 +12,7 @@ modules:
     properties:
       GO_INSTALL_PACKAGE_SPEC: code.cloudfoundry.org/app-autoscaler/src/autoscaler/metricsforwarder/cmd/metricsforwarder
     requires:
-    - name: config
+    - name: metricsforwarder-config
     - name: policydb
     - name: syslog-client
     - name: app-autoscaler-application-logs
@@ -26,14 +26,39 @@ modules:
       builder: custom
       commands:
       - make vendor
+  - name: publicapiserver
+    type: go
+    path: .
+    properties:
+      GO_INSTALL_PACKAGE_SPEC: code.cloudfoundry.org/app-autoscaler/src/autoscaler/metricsforwarder/cmd/publicapiserver
+    requires:
+    - name: publicapiserver-config
+    - name: policydb
+    - name: app-autoscaler-application-logs
+    parameters:
+      memory: 1G
+      disk-quota: 1G
+      instances: 2
+      stack: cflinuxfs4
+      routes:
+    build-parameters:
+      builder: custom
+      commands:
+      - make vendor
 
 resources:
-- name: config
+- name: metricsforwarder-config
   type: org.cloudfoundry.user-provided-service
   parameters:
     service-tags:
-    - config
+    - metricsforwarder-config
     path: metricsforwarder/default_config.json
+- name: publicapiserver-config
+  type: org.cloudfoundry.user-provided-service
+  parameters:
+    service-tags:
+    - publicapiserver-config
+    path: api/default_config.json
 - name: policydb
   type: org.cloudfoundry.user-provided-service
   parameters: