[#175014199] Health checks

[balanza]

Introducing health checks for the application.

• a utils/healthcheck module
• check for wrong configuration and unreachable resources (cosmosdb, storage, urls)
• add healthcheck on /info endpoint
• add /info endpoint to openapi spec

[pagopa-github-bot]

Affected stories

• ⚙️ #175014199: Ideare un meccanismo di health check strutturato per le functions

Generated by 🚫 dangerJS

[codecov-commenter]

Codecov Report

Merging #90 into master will decrease coverage by 1.17%.
The diff coverage is 54.83%.

@@            Coverage Diff             @@
##           master      #90      +/-   ##
==========================================
- Coverage   83.94%   82.77%   -1.18%     
==========================================
  Files          44       47       +3     
  Lines        1489     1556      +67     
  Branches      124      127       +3     
==========================================
+ Hits         1250     1288      +38     
- Misses        234      263      +29     
  Partials        5        5              

Impacted Files	Coverage Δ
utils/healthcheck.ts	41.02% <41.02%> (ø)
utils/config.ts	75.00% <75.00%> (ø)
Info/handler.ts	83.33% <85.71%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3918cfd...ba5b0ed. Read the comment docs.

[gunzip]

that would be useful to return all the statuses even in case of success (to build a status dashboard of all services). we should think about some common vocabulary for status checks.

[gunzip]

something like this: https://tools.ietf.org/html/draft-inadarei-api-health-check-04
(but simpler)

[balanza]

return all the statuses even in case of success

What d'you mean? We are checking only the current application status - at most, if it can reach an external resources. So I think we just have a single pass/fail status

common vocabulary for status checks.

I agree indeed.

something like this: https://tools.ietf.org/html/draft-inadarei-api-health-check-04

I like this approach, but I notice that the above is a draft. Meanwhile, we are using a problem+json which is already a standard: https://tools.ietf.org/html/rfc7807.

As for now, we need:

• a machine-readable encoding of the service pass/fail status
  |> we use http status code for that
• a human-readable report of failures, for throubleshooting
  |> we user detail section of the ProblemJson schema for that

We can model further and define a proper encoding for failure reports, to make them machine-readable. However, I see no use for that so far.

[gunzip]

can you point this PR versus the other one?

[balanza]

Both this PR and #89 have just one file in common, but very different impact. I'd rather handle them separately and take myself the burden of keeping the lone file in sync.

[balanza]

These functions may be moved into io-functions-commons (or even io-ts-commons)

[gunzip]

functions-commons is ok (ts-commons is used by the app as well)

[AleDore]

lgtm, apart form minor discussion

[AleDore]

We have to remember that in case of a global env variable creation or deletion or renaming we have to update this

[balanza]

No problem in creation - you'll be forced to add it to the model. When deleting it is tricky, and we'd must rely on our discipline imho

[BurnedMarshal]

Can we rename this method checkAzureBlobStorageHealth? Because only Blob Storage connection check is executed.

[balanza]

Good point. This checks the storage resource itself and if the app can correctly connect with it. However I actually found no better solution than try to connect to a blob storage.

[balanza]

I'd leave the scope of the test to be "the whole storage resource" (thus, I'd leave the name) and I'd rather improve the implementation. Suggestions?

[BurnedMarshal]

We could extend the check on lower resources es. for Blob check that the containers exist (api), for table storage that all required tables exist and so on. checkAzureStorageHealth should regroup all these storage health checks. Attention on autogenerated resources.

[balanza]

check that the containers exist

That is a deeper level of check which will introduce additional considerations, for example many containers are lazily created.

Attention on autogenerated resources.

What do you mean?

[BurnedMarshal]

What do you mean?

The same as you for "lazily created containers". They don't need to be checked. Must be checked only required resource for application start and run. We can improve this logic later if hard to implements.

[BurnedMarshal]

This is a duplicate test

[balanza]

Do yo mean the whole case or just expect(typeof value.MAILUP_USERNAME).toBe("undefined");?

[BurnedMarshal]

The whole test is exactly the same as the previous one

[balanza]

oops, didn't notice that. Good catch!

[BurnedMarshal]

This can be removed

[balanza]

This is actually a canary to catch possible problems when/if we'll edit the config model. I found that several times the programmatic check doesn't ensure the correct type inference (hence, you have green tests but the project will fail to build). Not exhaustive, though.

[BurnedMarshal]

Sorry, I don't understand. At runtime we have IConfig.decode({ ...process.env, isProduction: process.env.NODE_ENV === "production" }); to check the correct type of required values.

[BurnedMarshal]

If you need a type check inside the tests is better to create an explicit type

const MailUpConfig = t.interface({
    MAILHOG_HOSTNAME: t.undefined,
    MAILUP_SECRET: NonEmptyString,
    MAILUP_USERNAME: NonEmptyString,
    MAIL_TRANSPORTS: t.undefined,
    NODE_ENV: t.literal("production"),
    SENDGRID_API_KEY: t.undefined
})

And check the response. We can use these types even inside the logic with MailUpConfig.is(config)

[balanza]

Well, the check is all about "let me se if the interface I designed actually results in the correct type once I exit the io-ts world".
In the case above, it happened that MAILUP_USERNAME could not be correctly narrowed to NonEmptyString but to string | NonEmptyString, although the interface was programmatically good.
Maybe I could do NonEmptyString.is(value.MAILUP_USERNAME)

[BurnedMarshal]

Are we sure than any critical information come from healthCheck is filtered before sending it through the public API Info?

[balanza]

Good point. For the case I tested I saw no problems (resource unavailable, wrong credentials). Still it's important to point out, thanks.

Do you see any case which can be problematic? Please also consider that, for what concerns to functions, the endpoint is unauthenticated but not public, it's reachable only from our private network.

[BurnedMarshal]

We could anyway return a generic Error message of what type of error occurs problems.map(_ => _.__source); and logs the complete error for detail. What do you think?

[balanza]

lgtm as soon as it'll be easy to troubleshoot. @gunzip thoughts?

[gunzip]

👍

[BurnedMarshal]

Nice approach. Can we move these methods to a test utility library to share this logic across all the projects?

[balanza]

I'd like to write a jest extension module with custom matchers for io-ts/fp-ts. Maybe one day ;)
There are still quirks with the above functions (failures aren't reported very well)

[BurnedMarshal]

There is a type error in here, the test fails.

[gunzip]

once rebased, is this ready to be merged?

[balanza]

once rebased, is this ready to be merged?

yes