Prometheus2 charm

Merge ~johnsca/charm-prometheus2:johnsca/feature/manual-job-relation-2 into ~prometheus-charmers/charm-prometheus2:master

  1. Git
  2. lp:~johnsca/charm-prometheus2
  3. johnsca/feature/manual-job-relation-2
  4. Merge into master
Proposed by Cory Johns
Status: Merged
Approved by: Jeremy Lounder
Approved revision: a88141c243cc82545d3c0fda0d2e61f9fa39ec5b
Merged at revision: 24325849d1c27faa6ffcb4a37b85de1a6234ca96
Proposed branch: ~johnsca/charm-prometheus2:johnsca/feature/manual-job-relation-2
Merge into: ~prometheus-charmers/charm-prometheus2:master
Diff against target: 65 lines (+36/-2)
1 file modified
reactive/prometheus.py (+36/-2)
Reviewer Review Type Date Requested Status
Jeremy Lounder (community) Approve
Stuart Bishop (community) Approve
Review via email: mp+371206@code.launchpad.net

Commit message

Refactor ca_file writing logic out of interface layer into charm

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
Stuart Bishop (stub) wrote :

Looks good. Please add the glob.escape() bits per inline comment before landing; even if the job name and id are from trusted sources, its easy to escape so others don't need to worry about it.

Still needs a ~prometheus-charmers review.

review: Approve
Revision history for this message
Cory Johns (johnsca) wrote :

Good catch, thanks.

Revision history for this message
Cory Johns (johnsca) wrote :

1.3.0 of charms.reactive is released with the relevant change, as well as the interface layer PRs.

Revision history for this message
Jeremy Lounder (jldev) :
review: Approve
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision 24325849d1c27faa6ffcb4a37b85de1a6234ca96

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/reactive/prometheus.py b/reactive/prometheus.py
2index fbf1626..29de54a 100644
3--- a/reactive/prometheus.py
4+++ b/reactive/prometheus.py
5@@ -3,10 +3,13 @@ import pwd
6 import subprocess
7 import yaml
8 import re
9+import glob
10 from jinja2 import Template
11 import shutil
12 import time
13+from hashlib import sha1
14 from urllib.parse import urlparse
15+from pathlib import Path
16
17 from charmhelpers import fetch
18 from charmhelpers.core import host, hookenv, unitdata
19@@ -37,6 +40,7 @@ PATHS = {
20 'promreg_yml': '/var/snap/promreg/common/promreg.yaml',
21 'promreg_tgts_yml': '/var/snap/promreg/common/promreg/targets.yaml',
22 'promreg_service_name': 'snap.promreg.promreg',
23+ 'certs_dir': '/var/snap/prometheus/common/certs',
24 }
25
26
27@@ -572,8 +576,38 @@ def update_prometheus_scrape_targets(target):
28
29 @when('endpoint.manual-jobs.has_jobs')
30 def update_prometheus_manual_jobs(manual_jobs):
31- unitdata.kv().set('manual_jobs', [job.to_json()
32- for job in manual_jobs.jobs])
33+ job_jsons = []
34+ certs_dir = Path(PATHS['certs_dir'])
35+ certs_dir.mkdir(parents=True, exist_ok=True)
36+ for job in manual_jobs.jobs:
37+ if job.ca_cert:
38+ # escape path special chars to be safe when saving
39+ job_name = job.job_name.replace('/', '_')
40+ request_id = job.request_id.replace('/', '_')
41+ # escape glob special chars to be safe when cleaning up
42+ g_job_name = glob.escape(job_name)
43+ g_request_id = glob.escape(request_id)
44+ # include a hash of the cert data rather than just the request ID
45+ # so that check_reconfig_prometheus can detect changes to the data
46+ # via the filename
47+ cert_hash = sha1(job.ca_cert.encode('utf8')).hexdigest()
48+ cert_path = certs_dir / '{}-{}-{}.crt'.format(job_name,
49+ request_id,
50+ cert_hash)
51+ # avoid re-writing the file if contents haven't changed
52+ if not cert_path.exists():
53+ # clean up previous versions of the cert
54+ for old_cert in certs_dir.glob('{}-{}-*.crt'
55+ ''.format(g_job_name,
56+ g_request_id)):
57+ old_cert.unlink()
58+ # NB: ensure trailing newline because some programs fail
59+ # without it (haven't tested prometheus specifically)
60+ cert_path.write_text(job.ca_cert.rstrip() + '\n')
61+ job_jsons.append(job.to_json(cert_path))
62+ else:
63+ job_jsons.append(job.to_json())
64+ unitdata.kv().set('manual_jobs', job_jsons)
65 set_state('prometheus.do-check-reconfig')
66
67

Subscribers

People subscribed via source and target branches