Add TLS support.
This adds a new config option: "prometheus_ca_cert". If this option is set, then it forces the client to use https to access prometheus and it uses the specified ca cert to verify the prometheus' certificate. Change-Id: Iccb911a590d5b3b9a4c6ac08c4d020641c8094a9
This commit is contained in:
Jaromir Wysoglad
parent
9607ee26ce
commit
6047081ec1
1
AUTHORS
1
AUTHORS
@ -1,5 +1,6 @@
|
|||||||
Chris Sibbitt <csibbitt@redhat.com>
|
Chris Sibbitt <csibbitt@redhat.com>
|
||||||
Erno Kuvaja <jokke@usr.fi>
|
Erno Kuvaja <jokke@usr.fi>
|
||||||
|
Ghanshyam Mann <gmann@ghanshyammann.com>
|
||||||
Jaromir Wysoglad <jwysogla@redhat.com>
|
Jaromir Wysoglad <jwysogla@redhat.com>
|
||||||
Jaromír Wysoglad <jwysogla@redhat.com>
|
Jaromír Wysoglad <jwysogla@redhat.com>
|
||||||
Leif Madsen <leif@leifmadsen.com>
|
Leif Madsen <leif@leifmadsen.com>
|
||||||
|
|||||||
@ -15,6 +15,7 @@
|
|||||||
import logging
|
import logging
|
||||||
|
|
||||||
import requests
|
import requests
|
||||||
|
import simplejson
|
||||||
|
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
@ -27,9 +28,15 @@ class PrometheusAPIClientError(Exception):
|
|||||||
def __str__(self) -> str:
|
def __str__(self) -> str:
|
||||||
if self.resp.status_code != requests.codes.ok:
|
if self.resp.status_code != requests.codes.ok:
|
||||||
if self.resp.status_code != 204:
|
if self.resp.status_code != 204:
|
||||||
decoded = self.resp.json()
|
try:
|
||||||
if 'error' in decoded:
|
decoded = self.resp.json()
|
||||||
return f'[{self.resp.status_code}] {decoded["error"]}'
|
if 'error' in decoded:
|
||||||
|
return f'[{self.resp.status_code}] {decoded["error"]}'
|
||||||
|
except simplejson.errors.JSONDecodeError:
|
||||||
|
# If an https endpoint is accessed as http,
|
||||||
|
# we get 400 status with plain text instead of
|
||||||
|
# json and decoding it raises exception.
|
||||||
|
return f'[{self.resp.status_code}] {self.resp.text}'
|
||||||
return f'[{self.resp.status_code}] {self.resp.reason}'
|
return f'[{self.resp.status_code}] {self.resp.reason}'
|
||||||
else:
|
else:
|
||||||
decoded = self.resp.json()
|
decoded = self.resp.json()
|
||||||
|
|||||||
@ -45,6 +45,7 @@ def get_config_file():
|
|||||||
def get_prometheus_client():
|
def get_prometheus_client():
|
||||||
host = None
|
host = None
|
||||||
port = None
|
port = None
|
||||||
|
ca_cert = None
|
||||||
conf_file = get_config_file()
|
conf_file = get_config_file()
|
||||||
if conf_file is not None:
|
if conf_file is not None:
|
||||||
conf = yaml.safe_load(conf_file)
|
conf = yaml.safe_load(conf_file)
|
||||||
@ -52,6 +53,8 @@ def get_prometheus_client():
|
|||||||
host = conf['host']
|
host = conf['host']
|
||||||
if 'port' in conf:
|
if 'port' in conf:
|
||||||
port = conf['port']
|
port = conf['port']
|
||||||
|
if 'ca_cert' in conf:
|
||||||
|
ca_cert = conf['ca_cert']
|
||||||
conf_file.close()
|
conf_file.close()
|
||||||
|
|
||||||
# NOTE(jwysogla): We allow to overide the prometheus.yaml by
|
# NOTE(jwysogla): We allow to overide the prometheus.yaml by
|
||||||
@ -60,10 +63,15 @@ def get_prometheus_client():
|
|||||||
host = os.environ['PROMETHEUS_HOST']
|
host = os.environ['PROMETHEUS_HOST']
|
||||||
if 'PROMETHEUS_PORT' in os.environ:
|
if 'PROMETHEUS_PORT' in os.environ:
|
||||||
port = os.environ['PROMETHEUS_PORT']
|
port = os.environ['PROMETHEUS_PORT']
|
||||||
|
if 'PROMETHEUS_CA_CERT' in os.environ:
|
||||||
|
ca_cert = os.environ['PROMETHEUS_CA_CERT']
|
||||||
if host is None or port is None:
|
if host is None or port is None:
|
||||||
raise ConfigurationError("Can't find prometheus host and "
|
raise ConfigurationError("Can't find prometheus host and "
|
||||||
"port configuration.")
|
"port configuration.")
|
||||||
return PrometheusAPIClient(f"{host}:{port}")
|
client = PrometheusAPIClient(f"{host}:{port}")
|
||||||
|
if ca_cert is not None:
|
||||||
|
client.set_ca_cert(ca_cert)
|
||||||
|
return client
|
||||||
|
|
||||||
|
|
||||||
def get_client(obj):
|
def get_client(obj):
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user