Add TLS support.

This adds a new config option: "prometheus_ca_cert". If this option is set, then it forces the client to use https to access prometheus and it uses the specified ca cert to verify the prometheus' certificate. Change-Id: Iccb911a590d5b3b9a4c6ac08c4d020641c8094a9
2024-02-26 08:15:15 -05:00 · 2024-02-26 08:15:15 -05:00 · 6047081ec1
commit 6047081ec1
parent 9607ee26ce
3 changed files with 20 additions and 4 deletions
--- a/1
+++ b/1
@ -1,5 +1,6 @@
 Chris Sibbitt <csibbitt@redhat.com>
 Erno Kuvaja <jokke@usr.fi>
+Ghanshyam Mann <gmann@ghanshyammann.com>
 Jaromir Wysoglad <jwysogla@redhat.com>
 Jaromír Wysoglad <jwysogla@redhat.com>
 Leif Madsen <leif@leifmadsen.com>
--- a/observabilityclient/prometheus_client.py
+++ b/observabilityclient/prometheus_client.py
@ -15,6 +15,7 @@
 import logging

 import requests
+import simplejson


 LOG = logging.getLogger(__name__)
@ -27,9 +28,15 @@ class PrometheusAPIClientError(Exception):
    def __str__(self) -> str:
        if self.resp.status_code != requests.codes.ok:
            if self.resp.status_code != 204:
-                decoded = self.resp.json()
-                if 'error' in decoded:
-                    return f'[{self.resp.status_code}] {decoded["error"]}'
+                try:
+                    decoded = self.resp.json()
+                    if 'error' in decoded:
+                        return f'[{self.resp.status_code}] {decoded["error"]}'
+                except simplejson.errors.JSONDecodeError:
+                    # If an https endpoint is accessed as http,
+                    # we get 400 status with plain text instead of
+                    # json and decoding it raises exception.
+                    return f'[{self.resp.status_code}] {self.resp.text}'
            return f'[{self.resp.status_code}] {self.resp.reason}'
        else:
            decoded = self.resp.json()
--- a/observabilityclient/utils/metric_utils.py
+++ b/observabilityclient/utils/metric_utils.py
@ -45,6 +45,7 @@ def get_config_file():
 def get_prometheus_client():
    host = None
    port = None
+    ca_cert = None
    conf_file = get_config_file()
    if conf_file is not None:
        conf = yaml.safe_load(conf_file)
@ -52,6 +53,8 @@ def get_prometheus_client():
            host = conf['host']
        if 'port' in conf:
            port = conf['port']
+        if 'ca_cert' in conf:
+            ca_cert = conf['ca_cert']
        conf_file.close()

    # NOTE(jwysogla): We allow to overide the prometheus.yaml by
@ -60,10 +63,15 @@ def get_prometheus_client():
        host = os.environ['PROMETHEUS_HOST']
    if 'PROMETHEUS_PORT' in os.environ:
        port = os.environ['PROMETHEUS_PORT']
+    if 'PROMETHEUS_CA_CERT' in os.environ:
+        ca_cert = os.environ['PROMETHEUS_CA_CERT']
    if host is None or port is None:
        raise ConfigurationError("Can't find prometheus host and "
                                 "port configuration.")
-    return PrometheusAPIClient(f"{host}:{port}")
+    client = PrometheusAPIClient(f"{host}:{port}")
+    if ca_cert is not None:
+        client.set_ca_cert(ca_cert)
+    return client


 def get_client(obj):