feat(metrics-operator): introduce insecureSkipTlsVerify parameter (#3711

) Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
keptn · Aug 27, 2024 · c51c5e4 · c51c5e4
1 parent df11440
commit c51c5e4
Show file tree

Hide file tree

Showing 20 changed files with 185 additions and 78 deletions.
diff --git a/.github/scripts/.helm-tests/Openshift/result.yaml b/.github/scripts/.helm-tests/Openshift/result.yaml
@@ -13587,6 +13587,11 @@ spec:
           spec:
             description: KeptnMetricsProviderSpec defines the desired state of KeptnMetricsProvider
             properties:
+              insecureSkipTlsVerify:
+                default: false
+                description: InsecureSkipTlsVerify skips verification of the tls certificate
+                  when fetching metrics
+                type: boolean
               secretKeyRef:
                 description: SecretKeyRef defines an optional secret for access credentials
                   to the metrics provider.

diff --git a/.github/scripts/.helm-tests/default/result.yaml b/.github/scripts/.helm-tests/default/result.yaml
@@ -13587,6 +13587,11 @@ spec:
           spec:
             description: KeptnMetricsProviderSpec defines the desired state of KeptnMetricsProvider
             properties:
+              insecureSkipTlsVerify:
+                default: false
+                description: InsecureSkipTlsVerify skips verification of the tls certificate
+                  when fetching metrics
+                type: boolean
               secretKeyRef:
                 description: SecretKeyRef defines an optional secret for access credentials
                   to the metrics provider.

diff --git a/.github/scripts/.helm-tests/local-global-precedence/result.yaml b/.github/scripts/.helm-tests/local-global-precedence/result.yaml
@@ -13723,6 +13723,11 @@ spec:
           spec:
             description: KeptnMetricsProviderSpec defines the desired state of KeptnMetricsProvider
             properties:
+              insecureSkipTlsVerify:
+                default: false
+                description: InsecureSkipTlsVerify skips verification of the tls certificate
+                  when fetching metrics
+                type: boolean
               secretKeyRef:
                 description: SecretKeyRef defines an optional secret for access credentials
                   to the metrics provider.

diff --git a/.github/scripts/.helm-tests/metrics-only-with-apiservice-disabled/result.yaml b/.github/scripts/.helm-tests/metrics-only-with-apiservice-disabled/result.yaml
@@ -2562,6 +2562,11 @@ spec:
           spec:
             description: KeptnMetricsProviderSpec defines the desired state of KeptnMetricsProvider
             properties:
+              insecureSkipTlsVerify:
+                default: false
+                description: InsecureSkipTlsVerify skips verification of the tls certificate
+                  when fetching metrics
+                type: boolean
               secretKeyRef:
                 description: SecretKeyRef defines an optional secret for access credentials
                   to the metrics provider.

diff --git a/.github/scripts/.helm-tests/metrics-only/result.yaml b/.github/scripts/.helm-tests/metrics-only/result.yaml
@@ -2562,6 +2562,11 @@ spec:
           spec:
             description: KeptnMetricsProviderSpec defines the desired state of KeptnMetricsProvider
             properties:
+              insecureSkipTlsVerify:
+                default: false
+                description: InsecureSkipTlsVerify skips verification of the tls certificate
+                  when fetching metrics
+                type: boolean
               secretKeyRef:
                 description: SecretKeyRef defines an optional secret for access credentials
                   to the metrics provider.

diff --git a/.github/scripts/.helm-tests/metrics-with-certs/result.yaml b/.github/scripts/.helm-tests/metrics-with-certs/result.yaml
@@ -2577,6 +2577,11 @@ spec:
           spec:
             description: KeptnMetricsProviderSpec defines the desired state of KeptnMetricsProvider
             properties:
+              insecureSkipTlsVerify:
+                default: false
+                description: InsecureSkipTlsVerify skips verification of the tls certificate
+                  when fetching metrics
+                type: boolean
               secretKeyRef:
                 description: SecretKeyRef defines an optional secret for access credentials
                   to the metrics provider.

diff --git a/docs/docs/reference/api-reference/metrics/v1/index.md b/docs/docs/reference/api-reference/metrics/v1/index.md
@@ -376,6 +376,7 @@ _Appears in:_
 | `type` _string_ | Type represents the provider type. This can be one of cortex, datadog, dql, dynatrace, prometheus or thanos. || x | Optional: {} <br />Pattern: `cortex|datadog|dql|dynatrace|prometheus|thanos` <br /> |
 | `targetServer` _string_ | TargetServer defines URL (including port and protocol) at which the metrics provider is reachable. || x |  |
 | `secretKeyRef` _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#secretkeyselector-v1-core)_ | SecretKeyRef defines an optional secret for access credentials to the metrics provider. || ✓ | Optional: {} <br /> |
+| `insecureSkipTlsVerify` _boolean_ | InsecureSkipTlsVerify skips verification of the tls certificate when fetching metrics |false| ✓ |  |
 
 
 #### ObjectReference

diff --git a/metrics-operator/api/v1/keptnmetricsprovider_types.go b/metrics-operator/api/v1/keptnmetricsprovider_types.go
@@ -35,6 +35,10 @@ type KeptnMetricsProviderSpec struct {
 	// SecretKeyRef defines an optional secret for access credentials to the metrics provider.
 	// +optional
 	SecretKeyRef corev1.SecretKeySelector `json:"secretKeyRef,omitempty"`
+	// InsecureSkipTlsVerify skips verification of the tls certificate when fetching metrics
+	// +kubebuilder:default:=false
+	// +optional
+	InsecureSkipTlsVerify bool `json:"insecureSkipTlsVerify,omitempty"`
 }
 
 // +kubebuilder:object:root=true

diff --git a/metrics-operator/chart/templates/keptnmetricsprovider-crd.yaml b/metrics-operator/chart/templates/keptnmetricsprovider-crd.yaml
@@ -50,6 +50,11 @@ spec:
           spec:
             description: KeptnMetricsProviderSpec defines the desired state of KeptnMetricsProvider
             properties:
+              insecureSkipTlsVerify:
+                default: false
+                description: InsecureSkipTlsVerify skips verification of the tls certificate
+                  when fetching metrics
+                type: boolean
               secretKeyRef:
                 description: SecretKeyRef defines an optional secret for access credentials
                   to the metrics provider.

diff --git a/metrics-operator/config/crd/bases/metrics.keptn.sh_keptnmetricsproviders.yaml b/metrics-operator/config/crd/bases/metrics.keptn.sh_keptnmetricsproviders.yaml
@@ -42,6 +42,11 @@ spec:
           spec:
             description: KeptnMetricsProviderSpec defines the desired state of KeptnMetricsProvider
             properties:
+              insecureSkipTlsVerify:
+                default: false
+                description: InsecureSkipTlsVerify skips verification of the tls certificate
+                  when fetching metrics
+                type: boolean
               secretKeyRef:
                 description: SecretKeyRef defines an optional secret for access credentials
                   to the metrics provider.

diff --git a/metrics-operator/controllers/analysis/fake/evaluator_mock.go b/metrics-operator/controllers/analysis/fake/evaluator_mock.go
diff --git a/metrics-operator/controllers/analysis/objectives_evaluator.go b/metrics-operator/controllers/analysis/objectives_evaluator.go
@@ -11,7 +11,7 @@ import (
 
 //go:generate moq -pkg fake -skip-ensure -out ./fake/evaluator_mock.go . IObjectivesEvaluator
 type IObjectivesEvaluator interface {
-	Evaluate(ctx context.Context, providerType string, obj chan metricstypes.ProviderRequest)
+	Evaluate(ctx context.Context, metricsProvider *metricsapi.KeptnMetricsProvider, obj chan metricstypes.ProviderRequest)
 }
 
 type ObjectivesEvaluator struct {
@@ -23,8 +23,8 @@ type ObjectivesEvaluator struct {
 	cancel  context.CancelFunc
 }
 
-func (oe ObjectivesEvaluator) Evaluate(ctx context.Context, providerType string, obj chan metricstypes.ProviderRequest) {
-	provider, err := oe.ProviderFactory(providerType, oe.log, oe.Client)
+func (oe ObjectivesEvaluator) Evaluate(ctx context.Context, metricsProvider *metricsapi.KeptnMetricsProvider, obj chan metricstypes.ProviderRequest) {
+	provider, err := oe.ProviderFactory(metricsProvider, oe.log, oe.Client)
 	if err != nil {
 		oe.log.Error(err, "Failed to get the correct Provider")
 		oe.cancel()
@@ -44,7 +44,7 @@ func (oe ObjectivesEvaluator) Evaluate(ctx context.Context, providerType string,
 			Value:     value,
 			ErrMsg:    strErr,
 		}
-		oe.log.Info("provider", "id:", providerType, "finished job:", o.Objective.AnalysisValueTemplateRef.Name, "result:", result)
+		oe.log.Info("provider", "id:", metricsProvider.Spec.Type, "finished job:", o.Objective.AnalysisValueTemplateRef.Name, "result:", result)
 		oe.results <- result
 	}
 }
diff --git a/metrics-operator/controllers/analysis/objectives_evaluator_test.go b/metrics-operator/controllers/analysis/objectives_evaluator_test.go
@@ -20,15 +20,13 @@ func TestEvaluate(t *testing.T) {
 	// Define test cases
 	testCases := []struct {
 		name            string
-		providerType    string
 		mockProvider    providers.KeptnSLIProvider
 		providerRequest metricstypes.ProviderRequest
 		expectedResult  metricsapi.ProviderResult
 		expectedError   string
 	}{
 		{
-			name:         "SuccessfulEvaluation",
-			providerType: "mockProvider",
+			name: "SuccessfulEvaluation",
 			mockProvider: &fake2.KeptnSLIProviderMock{
 				FetchAnalysisValueFunc: func(ctx context.Context, query string, spec metricsapi.Analysis, provider *metricsapi.KeptnMetricsProvider) (string, error) {
 					return "10", nil
@@ -56,8 +54,7 @@ func TestEvaluate(t *testing.T) {
 			expectedError: "",
 		},
 		{
-			name:         "FailedEvaluation",
-			providerType: "mockProvider",
+			name: "FailedEvaluation",
 			mockProvider: &fake2.KeptnSLIProviderMock{
 				FetchAnalysisValueFunc: func(ctx context.Context, query string, spec metricsapi.Analysis, provider *metricsapi.KeptnMetricsProvider) (string, error) {
 					return "", fmt.Errorf("something bad")
@@ -88,7 +85,7 @@ func TestEvaluate(t *testing.T) {
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			mockProviderFactory := func(providerType string, log logr.Logger, client client.Client) (providers.KeptnSLIProvider, error) {
+			mockProviderFactory := func(metricsProvider *metricsapi.KeptnMetricsProvider, log logr.Logger, client client.Client) (providers.KeptnSLIProvider, error) {
 				// Define your mock provider implementation
 				return tc.mockProvider, nil
 			}
@@ -115,7 +112,7 @@ func TestEvaluate(t *testing.T) {
 				objChan <- tc.providerRequest
 				close(objChan)
 			}()
-			objectivesEvaluator.Evaluate(ctx, tc.providerType, objChan)
+			objectivesEvaluator.Evaluate(ctx, tc.providerRequest.Provider, objChan)
 			close(objectivesEvaluator.results)
 			result := <-objectivesEvaluator.results
 

diff --git a/metrics-operator/controllers/analysis/provider_selector.go b/metrics-operator/controllers/analysis/provider_selector.go
@@ -39,7 +39,12 @@ func (ps ProvidersPool) StartProviders(ctx context.Context, numJobs int) {
 	for _, provider := range providers.SupportedProviders {
 		channel := make(chan metricstypes.ProviderRequest, numJobs)
 		ps.providers[provider] = channel
-		go ps.Evaluate(ctx, provider, channel)
+		metricsProvider := &metricsapi.KeptnMetricsProvider{
+			Spec: metricsapi.KeptnMetricsProviderSpec{
+				Type: provider,
+			},
+		}
+		go ps.Evaluate(ctx, metricsProvider, channel)
 	}
 }
 

diff --git a/metrics-operator/controllers/analysis/provider_selector_test.go b/metrics-operator/controllers/analysis/provider_selector_test.go
@@ -251,7 +251,7 @@ func TestProvidersPool_StartProviders(t *testing.T) {
 	resChan := make(chan metricsapi.ProviderResult)
 	// Create a mock IObjectivesEvaluator, Client, and Logger for testing
 	mockEvaluator := &fake.IObjectivesEvaluatorMock{
-		EvaluateFunc: func(ctx context.Context, providerType string, obj chan metricstypes.ProviderRequest) {
+		EvaluateFunc: func(ctx context.Context, metricsProvider *metricsapi.KeptnMetricsProvider, obj chan metricstypes.ProviderRequest) {
 		},
 	}
 

diff --git a/metrics-operator/controllers/common/providers/dynatrace/dynatrace_dql.go b/metrics-operator/controllers/common/providers/dynatrace/dynatrace_dql.go
@@ -2,6 +2,7 @@ package dynatrace
 
 import (
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -27,8 +28,9 @@ type keptnDynatraceDQLProvider struct {
 	log       logr.Logger
 	k8sClient client.Client
 
-	dtClient dtclient.DTAPIClient
-	clock    clock.Clock
+	dtClient              dtclient.DTAPIClient
+	clock                 clock.Clock
+	insecureSkipTlsVerify bool
 }
 
 type DynatraceDQLHandler struct {
@@ -118,6 +120,12 @@ func WithLogger(logger logr.Logger) KeptnDynatraceDQLProviderOption {
 	}
 }
 
+func WithInsecureSkipTlsVerify(skipCert bool) KeptnDynatraceDQLProviderOption {
+	return func(provider *keptnDynatraceDQLProvider) {
+		provider.insecureSkipTlsVerify = skipCert
+	}
+}
+
 // NewKeptnDynatraceDQLProvider creates and returns a new KeptnDynatraceDQLProvider
 func NewKeptnDynatraceDQLProvider(k8sClient client.Client, opts ...KeptnDynatraceDQLProviderOption) *keptnDynatraceDQLProvider {
 	provider := &keptnDynatraceDQLProvider{
@@ -265,7 +273,15 @@ func (d *keptnDynatraceDQLProvider) ensureDTClientIsSetUp(ctx context.Context, p
 		if err != nil {
 			return err
 		}
-		d.dtClient = dtclient.NewAPIClient(*config, dtclient.WithLogger(d.log))
+		d.dtClient = dtclient.NewAPIClient(*config, dtclient.WithLogger(d.log), dtclient.WithHTTPClient(
+			http.Client{
+				Transport: &http.Transport{
+					TLSClientConfig: &tls.Config{
+						InsecureSkipVerify: d.insecureSkipTlsVerify,
+					},
+				},
+			},
+		))
 	}
 	return nil
 }