diff --git a/agent/agent.go b/agent/agent.go index 54a266a95856..fa75a1cd1cf4 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -600,7 +600,6 @@ func (a *Agent) Start(ctx context.Context) error { // Overwrite the configuration. a.config = c - a.enableDebug = atomic.Bool{} a.enableDebug.Store(c.EnableDebug) if err := a.tlsConfigurator.Update(a.config.TLS); err != nil { diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go index 4e11ac824464..c465b687a880 100644 --- a/agent/agent_endpoint_test.go +++ b/agent/agent_endpoint_test.go @@ -17,7 +17,6 @@ import ( "os" "strconv" "strings" - "sync/atomic" "testing" "time" @@ -6009,7 +6008,6 @@ func TestAgent_Monitor(t *testing.T) { cancelCtx, cancelFunc := context.WithCancel(context.Background()) req = req.WithContext(cancelCtx) - a.enableDebug = atomic.Bool{} a.enableDebug.Store(true) resp := httptest.NewRecorder() diff --git a/agent/http.go b/agent/http.go index 9363d3fcc6d9..1d1ca8e48d58 100644 --- a/agent/http.go +++ b/agent/http.go @@ -213,8 +213,13 @@ func (s *HTTPHandlers) handler() http.Handler { wrapper := func(resp http.ResponseWriter, req *http.Request) { - // If enableDebug or ACL enabled, register wrapped pprof handlers - if !s.agent.enableDebug.Load() && s.checkACLDisabled() { + if s.checkACLDisabled() { + resp.WriteHeader(http.StatusForbidden) + return + } + + // If enableDebug register wrapped pprof handlers + if !s.agent.enableDebug.Load() { resp.WriteHeader(http.StatusNotFound) return } diff --git a/agent/http_oss_test.go b/agent/http_oss_test.go index 1057b32f61a6..5ba36320f628 100644 --- a/agent/http_oss_test.go +++ b/agent/http_oss_test.go @@ -9,7 +9,6 @@ import ( "net/http" "net/http/httptest" "strings" - "sync/atomic" "testing" "time" @@ -145,7 +144,6 @@ func TestHTTPAPI_OptionMethod_OSS(t *testing.T) { uri := fmt.Sprintf("http://%s%s", a.HTTPAddr(), path) req, _ := http.NewRequest("OPTIONS", uri, nil) resp := httptest.NewRecorder() - a.enableDebug = atomic.Bool{} a.enableDebug.Store(true) a.srv.handler().ServeHTTP(resp, req) allMethods := append([]string{"OPTIONS"}, methods...) @@ -193,7 +191,6 @@ func TestHTTPAPI_AllowedNets_OSS(t *testing.T) { req, _ := http.NewRequest(method, uri, nil) req.RemoteAddr = "192.168.1.2:5555" resp := httptest.NewRecorder() - a.enableDebug = atomic.Bool{} a.enableDebug.Store(true) a.srv.handler().ServeHTTP(resp, req) diff --git a/agent/http_test.go b/agent/http_test.go index 13baeb02865c..99100c5fbc8e 100644 --- a/agent/http_test.go +++ b/agent/http_test.go @@ -20,7 +20,6 @@ import ( "runtime" "strconv" "strings" - "sync/atomic" "testing" "time" @@ -289,7 +288,6 @@ func TestSetupHTTPServer_HTTP2(t *testing.T) { err = setupHTTPS(httpServer, noopConnState, time.Second) require.NoError(t, err) - a.enableDebug = atomic.Bool{} a.enableDebug.Store(true) srvHandler := a.srv.handler() @@ -487,7 +485,6 @@ func TestHTTPAPI_Ban_Nonprintable_Characters(t *testing.T) { t.Fatal(err) } resp := httptest.NewRecorder() - a.enableDebug = atomic.Bool{} a.enableDebug.Store(true) a.srv.handler().ServeHTTP(resp, req) @@ -513,7 +510,6 @@ func TestHTTPAPI_Allow_Nonprintable_Characters_With_Flag(t *testing.T) { t.Fatal(err) } resp := httptest.NewRecorder() - a.enableDebug = atomic.Bool{} a.enableDebug.Store(true) a.srv.handler().ServeHTTP(resp, req) @@ -655,7 +651,6 @@ func requireHasHeadersSet(t *testing.T, a *TestAgent, path string) { resp := httptest.NewRecorder() req, _ := http.NewRequest("GET", path, nil) - a.enableDebug = atomic.Bool{} a.enableDebug.Store(true) a.srv.handler().ServeHTTP(resp, req) @@ -719,7 +714,6 @@ func TestAcceptEncodingGzip(t *testing.T) { // negotiation, but since this call doesn't go through a real // transport, the header has to be set manually req.Header["Accept-Encoding"] = []string{"gzip"} - a.enableDebug = atomic.Bool{} a.enableDebug.Store(true) a.srv.handler().ServeHTTP(resp, req) @@ -729,7 +723,6 @@ func TestAcceptEncodingGzip(t *testing.T) { resp = httptest.NewRecorder() req, _ = http.NewRequest("GET", "/v1/kv/long", nil) req.Header["Accept-Encoding"] = []string{"gzip"} - a.enableDebug = atomic.Bool{} a.enableDebug.Store(true) a.srv.handler().ServeHTTP(resp, req) @@ -1087,7 +1080,6 @@ func TestHTTPServer_PProfHandlers_EnableDebug(t *testing.T) { resp := httptest.NewRecorder() req, _ := http.NewRequest("GET", "/debug/pprof/profile?seconds=1", nil) - a.enableDebug = atomic.Bool{} a.enableDebug.Store(true) httpServer := &HTTPHandlers{agent: a.Agent} httpServer.handler().ServeHTTP(resp, req) @@ -1189,7 +1181,6 @@ func TestHTTPServer_PProfHandlers_ACLs(t *testing.T) { t.Run(fmt.Sprintf("case %d (%#v)", i, c), func(t *testing.T) { req, _ := http.NewRequest("GET", fmt.Sprintf("%s?token=%s", c.endpoint, c.token), nil) resp := httptest.NewRecorder() - a.enableDebug = atomic.Bool{} a.enableDebug.Store(true) a.srv.handler().ServeHTTP(resp, req) @@ -1502,7 +1493,6 @@ func TestEnableWebUI(t *testing.T) { req, _ := http.NewRequest("GET", "/ui/", nil) resp := httptest.NewRecorder() - a.enableDebug = atomic.Bool{} a.enableDebug.Store(true) a.srv.handler().ServeHTTP(resp, req) @@ -1534,7 +1524,6 @@ func TestEnableWebUI(t *testing.T) { { req, _ := http.NewRequest("GET", "/ui/", nil) resp := httptest.NewRecorder() - a.enableDebug = atomic.Bool{} a.enableDebug.Store(true) a.srv.handler().ServeHTTP(resp, req) diff --git a/agent/ui_endpoint_oss_test.go b/agent/ui_endpoint_oss_test.go index 057e0a437e9c..3e57fca667e8 100644 --- a/agent/ui_endpoint_oss_test.go +++ b/agent/ui_endpoint_oss_test.go @@ -58,7 +58,6 @@ func TestUIEndpoint_MetricsProxy_ACLDeny(t *testing.T) { `, backendURL)) defer a.Shutdown() - a.enableDebug = atomic.Bool{} a.enableDebug.Store(true) h := a.srv.handler() diff --git a/agent/ui_endpoint_test.go b/agent/ui_endpoint_test.go index d5f340c1c2b9..5fc2e06d3485 100644 --- a/agent/ui_endpoint_test.go +++ b/agent/ui_endpoint_test.go @@ -2620,7 +2620,6 @@ func TestUIEndpoint_MetricsProxy(t *testing.T) { require.NoError(t, a.Agent.reloadConfigInternal(&cfg)) // Now fetch the API handler to run requests against - a.enableDebug = atomic.Bool{} a.enableDebug.Store(true) h := a.srv.handler()