diff --git a/.bumpversion.cfg b/.bumpversion.cfg index ff00885..dcbe52c 100644 --- a/.bumpversion.cfg +++ b/.bumpversion.cfg @@ -1,5 +1,5 @@ [bumpversion] -current_version = 1.0.3 +current_version = 1.0.4 commit = False tag = False diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d0f2c60..20fdf40 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -50,8 +50,9 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - run: mkdir -p /tmp/ca_public && touch /tmp/ca_public/crl.der - run: docker build --target ocsprest -t rasenmaeher_ocsprest . - - run: docker run -d -p 8887:8887 --name rasenmaeher_ocsprest rasenmaeher_ocsprest + - run: docker run -d -p 8887:8887 -v /tmp/ca_public:/ca_public --name rasenmaeher_ocsprest rasenmaeher_ocsprest - run: sleep 3 && docker logs rasenmaeher_ocsprest - run: echo 'print whole trace' && curl http://localhost:8887/api/v1/healthcheck - run: echo 'verify success' && curl http://localhost:8887/api/v1/healthcheck | grep 'success' diff --git a/pyproject.toml b/pyproject.toml index 40086ab..aad9cf9 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "ocsprest" -version = "1.0.3" +version = "1.0.4" description = "" authors = ["Eero af Heurlin "] readme = "README.rst" diff --git a/src/ocsprest/__init__.py b/src/ocsprest/__init__.py index af81f34..f421252 100644 --- a/src/ocsprest/__init__.py +++ b/src/ocsprest/__init__.py @@ -1,2 +1,2 @@ """Quick and dirty rest API to call the ocsp signing methods for CFSSL CLI""" -__version__ = "1.0.3" +__version__ = "1.0.4" diff --git a/src/ocsprest/routes.py b/src/ocsprest/routes.py index bc82ef9..a752888 100644 --- a/src/ocsprest/routes.py +++ b/src/ocsprest/routes.py @@ -6,6 +6,7 @@ import uuid from pathlib import Path import json +import time from libadvian.tasks import TaskMaster from libadvian.logging import init_logging @@ -163,8 +164,15 @@ async def get_crl_der(request: Request) -> FileResponse: async def healthcheck(request: Request) -> Dict[str, Any]: """Health check""" _ = request - # TODO: should be actually test something ? - return {"healthcheck": "success"} + retval = "success" + grace = 15 + cnf = RESTConfig.singleton() + modtime = time.time() - cnf.crl.stat().st_mtime + LOGGER.debug("{} modified {} seconds ago".format(cnf.crl, modtime)) + if modtime > (cnf.crl_refresh + grace): + LOGGER.warning("{} modified too long ago ({}s)".format(cnf.crl, modtime)) + retval = "crlfail" + return {"healthcheck": retval} def get_app() -> FastAPI: @@ -186,7 +194,10 @@ async def refresher() -> None: """Dump the CRL and refresh OCSP periodically""" try: while True: - await asyncio.gather(dump_crl(), refresh_oscp()) + try: + await asyncio.gather(dump_crl(), refresh_oscp()) + except asyncio.TimeoutError as exc: + LOGGER.warning("Ignoring timeout: {}".format(exc)) await asyncio.sleep(RESTConfig.singleton().crl_refresh) except asyncio.CancelledError: LOGGER.debug("Cancelled") diff --git a/tests/conftest.py b/tests/conftest.py index 80561c1..598457d 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -19,10 +19,15 @@ def default_env(monkeysession: pytest.MonkeyPatch, nice_tmpdir_ses: str) -> Generator[None, None, None]: """Setup some default environment variables""" datadir = Path(nice_tmpdir_ses) / "data" + cadir = datadir / "ca_public" + cadir.mkdir(parents=True, exist_ok=True) + crlfile = cadir / "crl.der" with monkeysession.context() as mpatch: + crlfile.write_text("DUMMY") mpatch.setenv("CI", "true") mpatch.setenv("OR_DATA_PATH", str(datadir)) mpatch.setenv("OR_CFSSL", "fakessl") + mpatch.setenv("OR_CRL", str(crlfile)) yield None diff --git a/tests/test_ocsprest.py b/tests/test_ocsprest.py index 7c3dbdb..0d81862 100644 --- a/tests/test_ocsprest.py +++ b/tests/test_ocsprest.py @@ -10,7 +10,7 @@ def test_version() -> None: """Make sure version matches expected""" - assert __version__ == "1.0.3" + assert __version__ == "1.0.4" def test_healthcheck(client: TestClient) -> None: