add debug folder for maintainers

Supporting review comments in temporalio#149
which I'd like to see over the line.

Author: jacobstr

debug/README.md

@@ -0,0 +1,30 @@
+# Health Check Debug Tool
+
+This tool tests the gRPC health check endpoint manually to debug authentication issues.
+
+## Usage
+
+1. Get your API key from the secret:
+   ```bash
+   kubectl get secret hobbes-adminrole-temporal-eap -n temporal-demo-python-worker -o jsonpath='{.data.key}' | base64 -d
+   ```
+
+2. Update the `apiKey` variable in `health_check.go` with the actual key
+
+3. Run the tests:
+   ```bash
+   cd debug
+   go mod tidy
+   go run health_check.go
+   ```
+
+## What it tests
+
+- **Test 1**: Health check without authentication (should fail if auth required)
+- **Test 2**: Health check with API key authentication
+- **Test 3**: Health check with service name "temporal-frontend"
+
+This will help determine if the issue is:
+- Health check requires no auth (Test 1 succeeds)
+- Health check requires API key but our implementation is wrong (Test 2 fails)
+- Health check requires specific service name (Test 3 succeeds)

debug/go.mod

@@ -0,0 +1,7 @@
+module debug_health_check
+
+go 1.21
+
+require (
+	go.temporal.io/sdk v1.28.1
+)

debug/health_check.go

@@ -0,0 +1,105 @@
+package main
+
+import (
+	"context"
+	"crypto/tls"
+	"fmt"
+	"log"
+	"os"
+	"time"
+
+	sdkclient "go.temporal.io/sdk/client"
+)
+
+func main() {
+	// Get values from environment variables (fail if not set)
+	serverAddr := os.Getenv("TEMPORAL_HOST_PORT")
+	apiKey := os.Getenv("TEMPORAL_API_KEY")
+	temporalNamespace := os.Getenv("TEMPORAL_NAMESPACE")
+
+	if serverAddr == "" {
+		log.Fatal("TEMPORAL_HOST_PORT environment variable is required")
+	}
+	if apiKey == "" {
+		log.Fatal("TEMPORAL_API_KEY environment variable is required")
+	}
+	if temporalNamespace == "" {
+		log.Fatal("TEMPORAL_NAMESPACE environment variable is required")
+	}
+
+	fmt.Printf("Testing Temporal client health check against: %s\n", serverAddr)
+	fmt.Printf("Using temporal namespace: %s\n", temporalNamespace)
+	fmt.Printf("Using API key: %s...\n", apiKey[:min(10, len(apiKey))])
+
+	// Test 1: Client without authentication (like original mTLS-only setup)
+	fmt.Println("\n=== Test 1: Client without authentication ===")
+	clientOpts1 := sdkclient.Options{
+		HostPort:  serverAddr,
+		Namespace: temporalNamespace,
+		ConnectionOptions: sdkclient.ConnectionOptions{
+			TLS: &tls.Config{}, // Basic TLS, no auth
+		},
+	}
+
+	c1, err1 := sdkclient.Dial(clientOpts1)
+	if err1 != nil {
+		fmt.Printf("❌ Failed to create client: %v\n", err1)
+	} else {
+		defer c1.Close()
+		ctx1, cancel1 := context.WithTimeout(context.Background(), 10*time.Second)
+		defer cancel1()
+
+		_, err1 := c1.CheckHealth(ctx1, &sdkclient.CheckHealthRequest{})
+		if err1 != nil {
+			fmt.Printf("❌ Health check failed: %v\n", err1)
+		} else {
+			fmt.Printf("✅ Health check succeeded\n")
+		}
+	}
+
+	// Test 2: Client with API key authentication (matches our controller)
+	fmt.Println("\n=== Test 2: Client with API key authentication ===")
+	clientOpts2 := sdkclient.Options{
+		HostPort:    serverAddr,
+		Namespace:   temporalNamespace,
+		Credentials: sdkclient.NewAPIKeyStaticCredentials(apiKey),
+		ConnectionOptions: sdkclient.ConnectionOptions{
+			TLS: &tls.Config{}, // Basic TLS + API key
+		},
+	}
+
+	c2, err2 := sdkclient.Dial(clientOpts2)
+	if err2 != nil {
+		fmt.Printf("❌ Failed to create client: %v\n", err2)
+	} else {
+		defer c2.Close()
+		ctx2, cancel2 := context.WithTimeout(context.Background(), 10*time.Second)
+		defer cancel2()
+
+		_, err2 := c2.CheckHealth(ctx2, &sdkclient.CheckHealthRequest{})
+		if err2 != nil {
+			fmt.Printf("❌ Health check failed: %v\n", err2)
+		} else {
+			fmt.Printf("✅ Health check succeeded\n")
+		}
+	}
+
+	// Test 3: Different context for health check
+	fmt.Println("\n=== Test 3: API key with different context ===")
+	if c2 != nil {
+		ctx3 := context.Background()
+		_, err3 := c2.CheckHealth(ctx3, &sdkclient.CheckHealthRequest{})
+		if err3 != nil {
+			fmt.Printf("❌ Health check with background context failed: %v\n", err3)
+		} else {
+			fmt.Printf("✅ Health check with background context succeeded\n")
+		}
+	}
+}
+
+func min(a, b int) int {
+	if a < b {
+		return a
+	}
+	return b
+}