Prometheus2 charm

Merge ~johnsca/charm-prometheus2:johnsca/feature/manual-job-relation-2 into ~prometheus-charmers/charm-prometheus2:master

  1. Git
  2. lp:~johnsca/charm-prometheus2
  3. johnsca/feature/manual-job-relation-2
  4. Merge into master
Proposed by Cory Johns
Status: Merged
Approved by: Jeremy Lounder
Approved revision: a88141c243cc82545d3c0fda0d2e61f9fa39ec5b
Merged at revision: 24325849d1c27faa6ffcb4a37b85de1a6234ca96
Proposed branch: ~johnsca/charm-prometheus2:johnsca/feature/manual-job-relation-2
Merge into: ~prometheus-charmers/charm-prometheus2:master
Diff against target: 65 lines (+36/-2)
1 file modified
reactive/prometheus.py (+36/-2)
Reviewer Review Type Date Requested Status
Jeremy Lounder (community) Approve
Stuart Bishop (community) Approve
Review via email: mp+371206@code.launchpad.net

Commit message

Refactor ca_file writing logic out of interface layer into charm

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
Stuart Bishop (stub) wrote :

Looks good. Please add the glob.escape() bits per inline comment before landing; even if the job name and id are from trusted sources, its easy to escape so others don't need to worry about it.

Still needs a ~prometheus-charmers review.

review: Approve
Revision history for this message
Cory Johns (johnsca) wrote :

Good catch, thanks.

Revision history for this message
Cory Johns (johnsca) wrote :

1.3.0 of charms.reactive is released with the relevant change, as well as the interface layer PRs.

Revision history for this message
Jeremy Lounder (jldev) :
review: Approve
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision 24325849d1c27faa6ffcb4a37b85de1a6234ca96

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/reactive/prometheus.py b/reactive/prometheus.py
index fbf1626..29de54a 100644
--- a/reactive/prometheus.py
+++ b/reactive/prometheus.py
@@ -3,10 +3,13 @@ import pwd
3import subprocess3import subprocess
4import yaml4import yaml
5import re5import re
6import glob
6from jinja2 import Template7from jinja2 import Template
7import shutil8import shutil
8import time9import time
10from hashlib import sha1
9from urllib.parse import urlparse11from urllib.parse import urlparse
12from pathlib import Path
1013
11from charmhelpers import fetch14from charmhelpers import fetch
12from charmhelpers.core import host, hookenv, unitdata15from charmhelpers.core import host, hookenv, unitdata
@@ -37,6 +40,7 @@ PATHS = {
37 'promreg_yml': '/var/snap/promreg/common/promreg.yaml',40 'promreg_yml': '/var/snap/promreg/common/promreg.yaml',
38 'promreg_tgts_yml': '/var/snap/promreg/common/promreg/targets.yaml',41 'promreg_tgts_yml': '/var/snap/promreg/common/promreg/targets.yaml',
39 'promreg_service_name': 'snap.promreg.promreg',42 'promreg_service_name': 'snap.promreg.promreg',
43 'certs_dir': '/var/snap/prometheus/common/certs',
40}44}
4145
4246
@@ -572,8 +576,38 @@ def update_prometheus_scrape_targets(target):
572576
573@when('endpoint.manual-jobs.has_jobs')577@when('endpoint.manual-jobs.has_jobs')
574def update_prometheus_manual_jobs(manual_jobs):578def update_prometheus_manual_jobs(manual_jobs):
575 unitdata.kv().set('manual_jobs', [job.to_json()579 job_jsons = []
576 for job in manual_jobs.jobs])580 certs_dir = Path(PATHS['certs_dir'])
581 certs_dir.mkdir(parents=True, exist_ok=True)
582 for job in manual_jobs.jobs:
583 if job.ca_cert:
584 # escape path special chars to be safe when saving
585 job_name = job.job_name.replace('/', '_')
586 request_id = job.request_id.replace('/', '_')
587 # escape glob special chars to be safe when cleaning up
588 g_job_name = glob.escape(job_name)
589 g_request_id = glob.escape(request_id)
590 # include a hash of the cert data rather than just the request ID
591 # so that check_reconfig_prometheus can detect changes to the data
592 # via the filename
593 cert_hash = sha1(job.ca_cert.encode('utf8')).hexdigest()
594 cert_path = certs_dir / '{}-{}-{}.crt'.format(job_name,
595 request_id,
596 cert_hash)
597 # avoid re-writing the file if contents haven't changed
598 if not cert_path.exists():
599 # clean up previous versions of the cert
600 for old_cert in certs_dir.glob('{}-{}-*.crt'
601 ''.format(g_job_name,
602 g_request_id)):
603 old_cert.unlink()
604 # NB: ensure trailing newline because some programs fail
605 # without it (haven't tested prometheus specifically)
606 cert_path.write_text(job.ca_cert.rstrip() + '\n')
607 job_jsons.append(job.to_json(cert_path))
608 else:
609 job_jsons.append(job.to_json())
610 unitdata.kv().set('manual_jobs', job_jsons)
577 set_state('prometheus.do-check-reconfig')611 set_state('prometheus.do-check-reconfig')
578612
579613

Subscribers

People subscribed via source and target branches