LoadBalancerResource.java

/*
 * Copyright 2016 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.keycloak.services.resources;

import io.smallrye.common.annotation.NonBlocking;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.ext.Provider;

import org.jboss.logging.Logger;
import org.keycloak.health.LoadBalancerCheckProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.utils.MediaType;

import java.util.Set;

/**
 * Prepare information for the load balancer (possibly in a multi-site setup) whether this Keycloak cluster should receive traffic.
 * <p>
 * This is non-blocking, so that the load balancer can still retrieve the status even if the Keycloak instance is
 * trying to withstand a high load. See {@link LoadBalancerCheckProvider#isDown()} for a longer explanation.
 *
 * @author <a href="mailto:aschwart@redhat.com">Alexander Schwartz</a>
 */
@Provider
@Path("/lb-check")
@NonBlocking
public class LoadBalancerResource {

    protected static final Logger logger = Logger.getLogger(LoadBalancerResource.class);

    @Context
    KeycloakSession session;

    /**
     * Return the status for a load balancer in a multi-site setup if this Keycloak site should receive traffic.
     * <p />
     * While a loadbalancer will usually check for the returned status code, the additional text <code>UP</code> or <code>DOWN</down>
     * is returned for humans to see the status in the browser.
     * <p />
     * In contrast to other management endpoints of Quarkus, no information is returned to the caller about the internal state of Keycloak
     * as this endpoint might be publicly available from the internet and should return as little information as possible.
     *
     * @return HTTP status 503 and DOWN when down, and HTTP status 200 and UP when up.
     */
    @GET
    @Produces(MediaType.TEXT_PLAIN_UTF_8)
    public Response getStatusForLoadBalancer() {
        Set<LoadBalancerCheckProvider> healthStatusProviders = session.getAllProviders(LoadBalancerCheckProvider.class);
        if (healthStatusProviders.stream().anyMatch(LoadBalancerCheckProvider::isDown)) {
            return Response.status(Response.Status.SERVICE_UNAVAILABLE).entity("DOWN").build();
        } else {
            return Response.ok().entity("UP").build();
        }
    }

}