Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(metrics-operator): introduce insecureSkipTlsVerify parameter for prometheus metrics fetch #3742

Open
wants to merge 23 commits into
base: main
Choose a base branch
from

Conversation

Bharadwajshivam28
Copy link
Contributor

@Bharadwajshivam28 Bharadwajshivam28 commented Oct 5, 2024

fixes #3712

Hey @odubajDT @mowies
I have implemented TLS round tripper to handle HTTP request.

@Bharadwajshivam28 Bharadwajshivam28 requested a review from a team as a code owner October 5, 2024 00:33
@mowies mowies changed the title TLS method to Handle HTTP request feat(metrics-operator): TLS method to Handle HTTP request Oct 7, 2024
Copy link

codecov bot commented Oct 7, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 77.73%. Comparing base (ffc01b6) to head (aa679a0).

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #3742      +/-   ##
==========================================
- Coverage   77.77%   77.73%   -0.04%     
==========================================
  Files         219      219              
  Lines       11575    11580       +5     
==========================================
  Hits         9002     9002              
- Misses       2210     2214       +4     
- Partials      363      364       +1     
Files with missing lines Coverage Δ
.../controllers/common/providers/prometheus/common.go 90.00% <100.00%> (+2.00%) ⬆️

... and 1 file with indirect coverage changes

Flag Coverage Δ
certificate-operator 47.44% <ø> (ø)
component-tests 79.40% <ø> (-0.32%) ⬇️
lifecycle-operator 79.68% <ø> (ø)
metrics-operator 75.95% <100.00%> (+0.03%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@mowies mowies changed the title feat(metrics-operator): TLS method to Handle HTTP request feat(metrics-operator): use TLS to fetch metrics from prometheus Oct 7, 2024
@Bharadwajshivam28
Copy link
Contributor Author

Hey @odubajDT I have modified the GetRoundTripper function to use a custom http.Transport with TLSClientConfig.

Signed-off-by: Bharadwajshivam28 <[email protected]>
@@ -119,7 +119,8 @@ func Test_GetRoundtripper(t *testing.T) {
name string
provider metricsapi.KeptnMetricsProvider
k8sClient client.Client
want http.RoundTripper
wantUser string
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is the reasoning behind this change? the function returns a roundtripper, therefore I would expect that instead of user and password

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you please elaborate on this? @odubajDT

Copy link
Contributor

@odubajDT odubajDT Oct 14, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

my question is why you are expecting a user and password if the function you are testing is returning a roundtripper, it should in my opinion stay as it is, unless there is a reason for the change. This change seems to add significant complexity to the test, which is not needed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The thing is for the unit test without user and password it was failing so when I used user and password also it passed so I thought this way works when using user and password

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes the test is passing because now you are not checking the roundTripper correctly, please revert this and try to stick the the concept that is present unless there is a technical reason why it should be done differently

Copy link
Contributor Author

@Bharadwajshivam28 Bharadwajshivam28 Oct 14, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @odubajDT
In this method Test_GetRoundtripper in common_test.go according to the current unit test it fails-
getRoundtripper() got = &{myuser mytoken 0x140005afb00}, want &{myuser mytoken 0x140001d7980} because the comparison of RoundTripper instances is not working with reflect.DeepEqual.

so instead of comparing entire RoundTripper structs I check specific properties like wantUser, wantPass, and wantTLS instead of a complete want RoundTripper.

Copy link
Contributor Author

@Bharadwajshivam28 Bharadwajshivam28 Oct 14, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@odubajDT one way is that by creating mock HTTP server to capture and verify the actual request sent by the RoundTripper. Instead of checking the request directly. It covers the main scenarios of secret retrieval and the creation of an authenticated RoundTripper

I modified the test case and it passes

so can we move with this unit test approach?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess you need to adapt the expected outcome of the function, since you just added a parameter to the config, which has an impact on the resulting object

Copy link
Contributor Author

@Bharadwajshivam28 Bharadwajshivam28 Oct 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can I create a new function in the common_test file?

Yes I understand that I need to adapt the changes in the test function but the thing without the mock method the test doesn't get adapted

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what you should do is to set/unset the parameter in the metricProvider and expect it to be set/unset in the resulting roundtripper in the test. Not many changes are needed and I don't think another test function is needed here. You just need to duplicate and slightly adapt the test cases that are present

},
},
k8sClient: fake.NewClient(goodsecret),
want: config.NewBasicAuthRoundTripper("myuser", "mytoken", "", "", promapi.DefaultRoundTripper),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why are you expecting defaultRoundTripper if you have modified it in the code?

@odubajDT odubajDT changed the title feat(metrics-operator): use TLS to fetch metrics from prometheus feat(metrics-operator): introduce insecureSkipTlsVerify parameters for prometheus metrics fetch Oct 22, 2024
@odubajDT odubajDT changed the title feat(metrics-operator): introduce insecureSkipTlsVerify parameters for prometheus metrics fetch feat(metrics-operator): introduce insecureSkipTlsVerify parameter for prometheus metrics fetch Oct 22, 2024
// if !reflect.DeepEqual(got, tt.want) {
// t.Errorf("getRoundtripper() got = %v, want %v", got, tt.want)
// }
if tr, ok := got.(*http.Transport); ok {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the insecureSkipVerify is not the only parameter that should be tested here, please test also the user and the password of the round tripper

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@odubajDT I have made the changes please verify it

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

still only a single parameter is verified here, what about user/password and other parameters set in the struct?

if !tt.wantErr && got == nil {
t.Errorf("getRoundtripper() returned nil, expected a RoundTripper")
}
// if !reflect.DeepEqual(got, tt.want) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please remove this commented part if it's not needed

@@ -4,7 +4,7 @@ import (
"context"
"net/http"
"net/http/httptest"
"reflect"
// "reflect"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please remove

Copy link
Contributor

@odubajDT odubajDT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please singoff your commits to pass the DCO check in the CI

Signed-off-by: Bharadwajshivam28 <[email protected]>
Signed-off-by: Bharadwajshivam28 <[email protected]>
Signed-off-by: Bharadwajshivam28 <[email protected]>
Signed-off-by: Bharadwajshivam28 <[email protected]>
Signed-off-by: Bharadwajshivam28 <[email protected]>
Signed-off-by: Bharadwajshivam28 <[email protected]>
Signed-off-by: Bharadwajshivam28 <[email protected]>
Signed-off-by: Bharadwajshivam28 <[email protected]>
Signed-off-by: Bharadwajshivam28 <[email protected]>
Signed-off-by: Bharadwajshivam28 <[email protected]>
Signed-off-by: Bharadwajshivam28 <[email protected]>
Signed-off-by: Bharadwajshivam28 <[email protected]>
Copy link

Comment on lines +121 to +122
wantUser string
wantPassword string
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you are not asserting these parameters, can you explain why?

k8sClient client.Client
wantUser string
wantPassword string
wantRoundTripper http.RoundTripper
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

where is the roundtripper asserted?

@mowies
Copy link
Member

mowies commented Nov 11, 2024

@Bharadwajshivam28 any updates on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Make use of the insecureSkipTlsVerify in the prometheus basicAuthRoundTripper
4 participants