http: support ?standbyok for 200 status on standby. Fixes #389

2025-10-29 17:52:32 +00:00 · 2015-07-02 17:49:35 -07:00
parent c3a6d90385
commit d77efbd716
3 changed files with 13 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,6 +26,7 @@ IMPROVEMENTS:
 * credential/ldap: Allow TLS verification to be disabled [GH-372]
 * credential/ldap: More flexible names allowed [GH-245] [GH-379] [GH-367]
 * http: response codes improved to reflect error [GH-366]
+ * http: the `sys/health` endpoint supports `?standbyok` to return 200 on standby [GH-389]
 * secret/app-id: Support deleting AppID and UserIDs [GH-200]
 * secret/consul: Fine grained lease control [GH-261]
 * secret/transit: Decouple raw key from key management endpoint [GH-355]
--- a/http/sys_health.go
+++ b/http/sys_health.go
@@ -19,6 +19,9 @@ func handleSysHealth(core *vault.Core) http.Handler {
 }

 func handleSysHealthGet(core *vault.Core, w http.ResponseWriter, r *http.Request) {
+	// Check if being a standby is allowed for the purpose of a 200 OK
+	_, standbyOK := r.URL.Query()["standbyok"]
+
 	// Check system status
 	sealed, _ := core.Sealed()
 	standby, _ := core.Standby()
@@ -35,7 +38,7 @@ func handleSysHealthGet(core *vault.Core, w http.ResponseWriter, r *http.Request
 		code = http.StatusInternalServerError
 	case sealed:
 		code = http.StatusInternalServerError
-	case standby:
+	case !standbyOK && standby:
 		code = 429 // Consul warning code
 	}

--- a/website/source/docs/http/sys-health.html.md
+++ b/website/source/docs/http/sys-health.html.md
@@ -20,7 +20,14 @@ description: |-

 	<dt>Parameters</dt>
 	<dd>
-		None
+        <ul>
+          <li>
+            <span class="param">standbyok</span>
+            <span class="param-flags">optional</span>
+            A query parameter provided to indicate that being a standby should
+            still return a 200 status code instead of the standard 429 status code.
+          </li>
+        </ul>
 	</dd>

 	<dt>Returns</dt>