From 6047081ec17314e17c5c60a0d01841ce026d1ab4 Mon Sep 17 00:00:00 2001
From: Jaromir Wysoglad <jwysogla@redhat.com>
Date: Mon, 26 Feb 2024 08:15:15 -0500
Subject: [PATCH] Add TLS support.

This adds a new config option: "prometheus_ca_cert". If this
option is set, then it forces the client to use https to access
prometheus and it uses the specified ca cert to verify the
prometheus' certificate.

Change-Id: Iccb911a590d5b3b9a4c6ac08c4d020641c8094a9
---
 AUTHORS                                   |  1 +
 observabilityclient/prometheus_client.py  | 13 ++++++++++---
 observabilityclient/utils/metric_utils.py | 10 +++++++++-
 3 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/AUTHORS b/AUTHORS
index f245455..08750d6 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -1,5 +1,6 @@
 Chris Sibbitt <csibbitt@redhat.com>
 Erno Kuvaja <jokke@usr.fi>
+Ghanshyam Mann <gmann@ghanshyammann.com>
 Jaromir Wysoglad <jwysogla@redhat.com>
 Jaromír Wysoglad <jwysogla@redhat.com>
 Leif Madsen <leif@leifmadsen.com>
diff --git a/observabilityclient/prometheus_client.py b/observabilityclient/prometheus_client.py
index 88a3b2b..0426c12 100644
--- a/observabilityclient/prometheus_client.py
+++ b/observabilityclient/prometheus_client.py
@@ -15,6 +15,7 @@
 import logging
 
 import requests
+import simplejson
 
 
 LOG = logging.getLogger(__name__)
@@ -27,9 +28,15 @@ class PrometheusAPIClientError(Exception):
     def __str__(self) -> str:
         if self.resp.status_code != requests.codes.ok:
             if self.resp.status_code != 204:
-                decoded = self.resp.json()
-                if 'error' in decoded:
-                    return f'[{self.resp.status_code}] {decoded["error"]}'
+                try:
+                    decoded = self.resp.json()
+                    if 'error' in decoded:
+                        return f'[{self.resp.status_code}] {decoded["error"]}'
+                except simplejson.errors.JSONDecodeError:
+                    # If an https endpoint is accessed as http,
+                    # we get 400 status with plain text instead of
+                    # json and decoding it raises exception.
+                    return f'[{self.resp.status_code}] {self.resp.text}'
             return f'[{self.resp.status_code}] {self.resp.reason}'
         else:
             decoded = self.resp.json()
diff --git a/observabilityclient/utils/metric_utils.py b/observabilityclient/utils/metric_utils.py
index 12cb4bf..674fba5 100644
--- a/observabilityclient/utils/metric_utils.py
+++ b/observabilityclient/utils/metric_utils.py
@@ -45,6 +45,7 @@ def get_config_file():
 def get_prometheus_client():
     host = None
     port = None
+    ca_cert = None
     conf_file = get_config_file()
     if conf_file is not None:
         conf = yaml.safe_load(conf_file)
@@ -52,6 +53,8 @@ def get_prometheus_client():
             host = conf['host']
         if 'port' in conf:
             port = conf['port']
+        if 'ca_cert' in conf:
+            ca_cert = conf['ca_cert']
         conf_file.close()
 
     # NOTE(jwysogla): We allow to overide the prometheus.yaml by
@@ -60,10 +63,15 @@ def get_prometheus_client():
         host = os.environ['PROMETHEUS_HOST']
     if 'PROMETHEUS_PORT' in os.environ:
         port = os.environ['PROMETHEUS_PORT']
+    if 'PROMETHEUS_CA_CERT' in os.environ:
+        ca_cert = os.environ['PROMETHEUS_CA_CERT']
     if host is None or port is None:
         raise ConfigurationError("Can't find prometheus host and "
                                  "port configuration.")
-    return PrometheusAPIClient(f"{host}:{port}")
+    client = PrometheusAPIClient(f"{host}:{port}")
+    if ca_cert is not None:
+        client.set_ca_cert(ca_cert)
+    return client
 
 
 def get_client(obj):