apply review suggestions

Signed-off-by: Matthias Büchse <[email protected]>

Author: mbuechse

compliance-monitor/docker-compose.yml

@@ -28,8 +28,9 @@ services:
       - SCM_DB_HOST=postgres
       - SCM_DB_PORT=5432
       - SCM_DB_PASSWORD_FILE=/run/secrets/db_password
-      - SCM_HC_USER=healthz
-      - SCM_HC_PASSWORD=healthzpassword
+      # pass the following two from the shell
+      - SCM_HC_USER
+      - SCM_HC_PASSWORD
       - SCM_BASE_URL=https://compliance.sovereignit.cloud/
     volumes:
       - ../Tests:/Tests

compliance-monitor/monitor.py

@@ -64,8 +64,9 @@ def __init__(self):
         self.db_host = os.getenv("SCM_DB_HOST", "localhost")
         self.db_port = os.getenv("SCM_DB_PORT", 5432)
         self.db_user = os.getenv("SCM_DB_USER", "postgres")
-        self.hc_user = os.getenv("SCM_HC_USER", "healthz")
-        self.hc_password = os.getenv("SCM_HC_PASSWORD", "healthzpassword")
+        # use default value of None for security reasons (won't be matched)
+        self.hc_user = os.getenv("SCM_HC_USER", None)
+        self.hc_password = os.getenv("SCM_HC_PASSWORD", None)
         password_file_path = os.getenv("SCM_DB_PASSWORD_FILE", None)
         if password_file_path:
             with open(os.path.abspath(password_file_path), "r") as fileobj:
@@ -723,37 +724,19 @@ async def post_results(
 
 
 @app.get("/healthz")
-async def get_healthz(
-    request: Request,
-):
-    """return monitor's health status"""
+async def get_healthz(request: Request):
+    """return compliance monitor's health status"""
     credentials = await optional_security(request)
+    authorized = credentials and \
+        credentials.username == settings.hc_user and credentials.password == settings.hc_password
 
-    # check credentials
-    if credentials is None:
-        # no credentials were set
-        check_db_connection()
-    elif credentials.username == settings.hc_user and credentials.password == settings.hc_password:
-        # healthz user
-        check_db_connection(authorized=True)
-    else:
-        # unauthorized user
-        check_db_connection()
-
-    return {"message": "OK"}
-
-
-def check_db_connection(authorized: bool = False):
-    # check database connection
     try:
         mk_conn(settings=settings)
-    except psycopg2.OperationalError as e:
-        if authorized:
-            # authorized user
-            raise HTTPException(status_code=500,
-                                detail="Database Connection Error. " + e.args[0].capitalize())
-        else:
-            raise HTTPException(status_code=500, detail="Internal Server Error")
+    except Exception as e:
+        detail = str(e) if authorized else 'internal server error'
+        return Response(status_code=500, content=detail, media_type='text/plain')
+
+    return Response()  # empty response with status 200
 
 
 def pick_filter(results, subject, scope):