feat: introduce periodic logging healthcheck

This helps us to better understand the status of the snyk-monitor, for example, whether accessing the Sysdig integration is possible.

Author: ivanstanev

src/data-scraper/index.ts

@@ -7,23 +7,57 @@ import { IRuntimeImagesResponse } from '../transmitter/types';
 import { NeedleOptions } from 'needle';
 import { Agent as HttpsAgent } from 'https';
 
+const httpsAgent = new HttpsAgent({
+  keepAlive: true,
+  // We agreed with Sysdig to skip TLS certificates validation for HTTPS connection.
+  rejectUnauthorized: false,
+});
+
+function getSysdigUrl(): string {
+  return config.SYSDIG_ENDPOINT + '/v1/runtimeimages';
+}
+
+function getSysdigAuthHeader(): string {
+  return `Bearer ${config.SYSDIG_TOKEN}`;
+}
+
 function isSuccessStatusCode(statusCode: number | undefined): boolean {
   return statusCode !== undefined && statusCode >= 200 && statusCode < 300;
 }
 
+/** NOTE: This function can throw, so the caller should handle errors. */
+export async function validateConnectivity(): Promise<void> {
+  const url = getSysdigUrl();
+  const header = getSysdigAuthHeader();
+  const reqOptions: NeedleOptions = {
+    agent: httpsAgent,
+    headers: {
+      authorization: header,
+    },
+    timeout: 10_000,
+  };
+
+  const limit: number = 1;
+  const cursor: string = '';
+  const { response } = await retryRequest(
+    'get',
+    `${url}?limit=${limit}&cursor=${cursor}`,
+    {},
+    reqOptions,
+  );
+  if (!isSuccessStatusCode(response.statusCode)) {
+    throw new Error(`${response.statusCode} ${response.statusMessage}`);
+  }
+}
+
 export async function scrapeData(): Promise<void> {
-  const base: string = config.SYSDIG_ENDPOINT;
-  const header: string = `Bearer ${config.SYSDIG_TOKEN}`;
+  const url = getSysdigUrl();
+  const header = getSysdigAuthHeader();
 
-  const url: string = base + '/v1/runtimeimages';
   // limit: min 1, max 500, default 250
   const limit: number = 10;
   const reqOptions: NeedleOptions = {
-    agent: new HttpsAgent({
-      keepAlive: true,
-      // We agreed with Sysdig to skip TLS certificates validation for HTTPS connection.
-      rejectUnauthorized: false,
-    }),
+    agent: httpsAgent,
     headers: {
       authorization: header,
     },

src/healthcheck.ts

@@ -0,0 +1,33 @@
+import { config } from './common/config';
+import { logger } from './common/logger';
+import { state } from './state';
+
+import * as dataScraper from './data-scraper';
+
+export async function setupHealthCheck(): Promise<void> {
+  const interval = 1 * 60 * 1000; // 1 minute in milliseconds
+  setInterval(healthCheck, interval).unref();
+}
+
+async function healthCheck(): Promise<void> {
+  const imagesAlreadyScanned = state.imagesAlreadyScanned.values().length;
+  const workloadsAlreadyScanned = state.workloadsAlreadyScanned.values().length;
+  logger.debug(
+    { imagesAlreadyScanned, workloadsAlreadyScanned },
+    'cache size report',
+  );
+
+  await sysdigHealthCheck();
+}
+
+async function sysdigHealthCheck(): Promise<void> {
+  if (!config.SYSDIG_ENDPOINT || !config.SYSDIG_TOKEN) {
+    return;
+  }
+
+  try {
+    await dataScraper.validateConnectivity();
+  } catch (error) {
+    logger.error({ error }, 'could not connect to the Sysdig integration');
+  }
+}

src/index.ts

@@ -11,6 +11,7 @@ import { loadAndSendWorkloadEventsPolicy } from './common/policy';
 import { sendClusterMetadata } from './transmitter';
 import { setSnykMonitorAgentId } from './supervisor/agent';
 import { scrapeData } from './data-scraper';
+import { setupHealthCheck } from './healthcheck';
 
 process.on('uncaughtException', (err) => {
   if (state.shutdownInProgress) {
@@ -86,4 +87,5 @@ setImmediate(async function setUpAndMonitor(): Promise<void> {
   await loadAndSendWorkloadEventsPolicy();
   await monitor();
   await setupSysdigIntegration();
+  await setupHealthCheck();
 });