proxy/controlplane: make health checks debug level (#1368)

- proxy: remove version from ping handler

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

.github/ISSUE_TEMPLATE/bug_report.md

@@ -15,7 +15,7 @@ about: Let us know about a bug!
 
 ## What's your environment like?
 
-- Pomerium version (retrieve with `pomerium --version` or `/ping` endpoint):
+- Pomerium version (retrieve with `pomerium --version`):
 - Server Operating System/Architecture/Cloud:
 
 ## What's your config.yaml?

internal/controlplane/grpc_accesslog.go

@@ -3,6 +3,7 @@ package controlplane
 import (
 	envoy_service_accesslog_v2 "github.com/envoyproxy/go-control-plane/envoy/service/accesslog/v2"
 	"github.com/golang/protobuf/ptypes"
+	"github.com/rs/zerolog"
 
 	"github.com/pomerium/pomerium/internal/log"
 )
@@ -21,13 +22,20 @@ func (srv *Server) StreamAccessLogs(stream envoy_service_accesslog_v2.AccessLogS
 		}
 
 		for _, entry := range msg.GetHttpLogs().LogEntry {
-			evt := log.Info().Str("service", "envoy")
+			reqPath := entry.GetRequest().GetPath()
+			var evt *zerolog.Event
+			if reqPath == "/ping" || reqPath == "/healthz" {
+				evt = log.Debug()
+			} else {
+				evt = log.Info()
+			}
 			// common properties
+			evt = evt.Str("service", "envoy")
 			evt = evt.Str("upstream-cluster", entry.GetCommonProperties().GetUpstreamCluster())
 			// request properties
 			evt = evt.Str("method", entry.GetRequest().GetRequestMethod().String())
 			evt = evt.Str("authority", entry.GetRequest().GetAuthority())
-			evt = evt.Str("path", entry.GetRequest().GetPath())
+			evt = evt.Str("path", reqPath)
 			evt = evt.Str("user-agent", entry.GetRequest().GetUserAgent())
 			evt = evt.Str("referer", entry.GetRequest().GetReferer())
 			evt = evt.Str("forwarded-for", entry.GetRequest().GetForwardedFor())

internal/controlplane/http.go

@@ -10,10 +10,8 @@ import (
 	"github.com/pomerium/pomerium/internal/frontend"
 	"github.com/pomerium/pomerium/internal/httputil"
 	"github.com/pomerium/pomerium/internal/log"
-	"github.com/pomerium/pomerium/internal/middleware"
 	"github.com/pomerium/pomerium/internal/telemetry"
 	"github.com/pomerium/pomerium/internal/telemetry/requestid"
-	"github.com/pomerium/pomerium/internal/version"
 )
 
 func (srv *Server) addHTTPMiddleware() {
@@ -37,7 +35,6 @@ func (srv *Server) addHTTPMiddleware() {
 	root.Use(log.RefererHandler("referer"))
 	root.Use(log.RequestIDHandler("request-id"))
 	root.Use(telemetry.HTTPStatsHandler(srv.name))
-	root.Use(middleware.Healthcheck("/ping", version.UserAgent()))
 	root.HandleFunc("/healthz", httputil.HealthCheck)
 	root.HandleFunc("/ping", httputil.HealthCheck)
 	root.PathPrefix("/.pomerium/assets/").Handler(http.StripPrefix("/.pomerium/assets/", frontend.MustAssetHandler()))

internal/middleware/middleware.go

@@ -46,36 +46,6 @@ func ValidateRequestURL(r *http.Request, key string) error {
 	return urlutil.NewSignedURL(key, urlutil.GetAbsoluteURL(r)).Validate()
 }
 
-// Healthcheck endpoint middleware useful to setting up a path like
-// `/ping` that load balancers or uptime testing external services
-// can make a request before hitting any routes. It's also convenient
-// to place this above ACL middlewares as well.
-//
-// https://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
-func Healthcheck(endpoint, msg string) func(http.Handler) http.Handler {
-	f := func(next http.Handler) http.Handler {
-		fn := func(w http.ResponseWriter, r *http.Request) {
-			ctx, span := trace.StartSpan(r.Context(), "middleware.Healthcheck")
-			defer span.End()
-			if strings.EqualFold(r.URL.Path, endpoint) {
-				if r.Method != http.MethodGet && r.Method != http.MethodHead {
-					http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
-					return
-				}
-				w.Header().Set("Content-Type", "text/plain")
-				w.WriteHeader(http.StatusOK)
-				if r.Method == http.MethodGet {
-					w.Write([]byte(msg))
-				}
-				return
-			}
-			next.ServeHTTP(w, r.WithContext(ctx))
-		}
-		return http.HandlerFunc(fn)
-	}
-	return f
-}
-
 // StripCookie strips the cookie from the downstram request.
 func StripCookie(cookieName string) func(next http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {

internal/middleware/middleware_test.go

@@ -42,42 +42,6 @@ func TestSetHeaders(t *testing.T) {
 	}
 }
 
-func TestHealthCheck(t *testing.T) {
-	t.Parallel()
-	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Write([]byte("Hi"))
-	})
-	tests := []struct {
-		name       string
-		method     string
-		clientPath string
-		serverPath string
-
-		wantStatus int
-	}{
-		{"good - Get", http.MethodGet, "/ping", "/ping", http.StatusOK},
-		{"good - Head", http.MethodHead, "/ping", "/ping", http.StatusOK},
-		{"bad - Options", http.MethodOptions, "/ping", "/ping", http.StatusMethodNotAllowed},
-		{"bad - Put", http.MethodPut, "/ping", "/ping", http.StatusMethodNotAllowed},
-		{"bad - Post", http.MethodPost, "/ping", "/ping", http.StatusMethodNotAllowed},
-		{"bad - route miss", http.MethodGet, "/not-ping", "/ping", http.StatusOK},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-
-			r := httptest.NewRequest(tt.method, tt.clientPath, nil)
-			w := httptest.NewRecorder()
-
-			handler := Healthcheck(tt.serverPath, string("OK"))(testHandler)
-			handler.ServeHTTP(w, r)
-			if w.Code != tt.wantStatus {
-				t.Errorf("code differs. got %d want %d body: %s", w.Code, tt.wantStatus, w.Body.String())
-			}
-		})
-	}
-}
-
 func TestStripCookie(t *testing.T) {
 	tests := []struct {
 		name           string