diff --git a/metrics-operator/controllers/common/providers/prometheus/common.go b/metrics-operator/controllers/common/providers/prometheus/common.go index a2330f9ac9..ce7bd1e28c 100644 --- a/metrics-operator/controllers/common/providers/prometheus/common.go +++ b/metrics-operator/controllers/common/providers/prometheus/common.go @@ -2,6 +2,7 @@ package prometheus import ( "context" + "crypto/tls" "errors" "net/http" @@ -40,7 +41,13 @@ func (r RoundTripperRetriever) GetRoundTripper(ctx context.Context, provider met } return nil, err } - return config.NewBasicAuthRoundTripper(secret.User, secret.Password, "", "", promapi.DefaultRoundTripper), nil + + transport := promapi.DefaultRoundTripper.(*http.Transport) + transport.TLSClientConfig = &tls.Config{ + InsecureSkipVerify: provider.Spec.InsecureSkipTlsVerify, + } + + return config.NewBasicAuthRoundTripper(secret.User, secret.Password, "", "", transport), nil } func getPrometheusSecret(ctx context.Context, provider metricsapi.KeptnMetricsProvider, k8sClient client.Client) (*SecretData, error) { @@ -51,7 +58,6 @@ func getPrometheusSecret(ctx context.Context, provider metricsapi.KeptnMetricsPr if err := k8sClient.Get(ctx, types.NamespacedName{Name: provider.Spec.SecretKeyRef.Name, Namespace: provider.Namespace}, secret); err != nil { return nil, err } - var secretData SecretData user, ok := secret.Data[secretKeyUserName] pw, yes := secret.Data[secretKeyPassword] diff --git a/metrics-operator/controllers/common/providers/prometheus/common_test.go b/metrics-operator/controllers/common/providers/prometheus/common_test.go index 046a99fc05..9b08acd41a 100644 --- a/metrics-operator/controllers/common/providers/prometheus/common_test.go +++ b/metrics-operator/controllers/common/providers/prometheus/common_test.go @@ -4,7 +4,6 @@ import ( "context" "net/http" "net/http/httptest" - "reflect" "strings" "testing" @@ -116,12 +115,14 @@ func Test_GetRoundtripper(t *testing.T) { }, } tests := []struct { - name string - provider metricsapi.KeptnMetricsProvider - k8sClient client.Client - want http.RoundTripper - wantErr bool - errorStr string + name string + provider metricsapi.KeptnMetricsProvider + k8sClient client.Client + wantUser string + wantPassword string + wantRoundTripper http.RoundTripper + wantErr bool + errorStr string }{ { name: "TestSuccess", @@ -139,16 +140,20 @@ func Test_GetRoundtripper(t *testing.T) { }, }, }, - k8sClient: fake.NewClient(goodsecret), - want: config.NewBasicAuthRoundTripper("myuser", "mytoken", "", "", promapi.DefaultRoundTripper), - wantErr: false, + k8sClient: fake.NewClient(goodsecret), + wantUser: "myuser", + wantPassword: "mytoken", + wantRoundTripper: config.NewBasicAuthRoundTripper("myuser", "mytoken", "", "", promapi.DefaultRoundTripper), + wantErr: false, }, { - name: "TestSecretNotDefined", - provider: metricsapi.KeptnMetricsProvider{}, - k8sClient: fake.NewClient(), - want: promapi.DefaultRoundTripper, - wantErr: false, + name: "TestSecretNotDefined", + provider: metricsapi.KeptnMetricsProvider{}, + k8sClient: fake.NewClient(), + wantUser: "myuser", + wantPassword: "mytoken", + wantRoundTripper: config.NewBasicAuthRoundTripper("myuser", "mytoken", "", "", promapi.DefaultRoundTripper), + wantErr: false, }, { name: "TestErrorFromGetPrometheusSecretNotExists", @@ -166,10 +171,30 @@ func Test_GetRoundtripper(t *testing.T) { }, }, }, - k8sClient: fake.NewClient(), - want: nil, - wantErr: true, - errorStr: "not found", + k8sClient: fake.NewClient(), + wantUser: "myuser", + wantPassword: "mytoken", + wantRoundTripper: config.NewBasicAuthRoundTripper("myuser", "mytoken", "", "", promapi.DefaultRoundTripper), + wantErr: true, + errorStr: "not found", + }, + { + name: "TestInsecureSkipTlsVerifyEnabled", + provider: metricsapi.KeptnMetricsProvider{ + ObjectMeta: metav1.ObjectMeta{Namespace: "default"}, + Spec: metricsapi.KeptnMetricsProviderSpec{ + SecretKeyRef: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "test", + }, + Key: "", + Optional: nil, + }, + InsecureSkipTlsVerify: true, + }, + }, + k8sClient: fake.NewClient(goodsecret), + wantErr: false, }, } @@ -185,8 +210,14 @@ func Test_GetRoundtripper(t *testing.T) { t.Errorf("getRoundtripper() error = %s, wantErr %s", err.Error(), tt.errorStr) return } - if !reflect.DeepEqual(got, tt.want) { - t.Errorf("getRoundtripper() got = %v, want %v", got, tt.want) + if !tt.wantErr && got == nil { + t.Errorf("getRoundtripper() returned nil, expected a RoundTripper") + } + if tr, ok := got.(*http.Transport); ok { + if tr.TLSClientConfig.InsecureSkipVerify != tt.provider.Spec.InsecureSkipTlsVerify { + t.Errorf("RoundTripper TLSClientConfig.InsecureSkipVerify = %v, expected %v", + tr.TLSClientConfig.InsecureSkipVerify, tt.provider.Spec.InsecureSkipTlsVerify) + } } }) }