2021-09-30 23:02:18 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
|
|
module Integrations
|
|
|
|
|
class Prometheus < BaseMonitoring
|
|
|
|
|
include PrometheusAdapter
|
2023-03-04 22:38:38 +05:30
|
|
|
include Gitlab::Utils::StrongMemoize
|
2021-09-30 23:02:18 +05:30
|
|
|
|
2022-08-13 15:12:31 +05:30
|
|
|
field :manual_configuration,
|
|
|
|
|
type: 'checkbox',
|
|
|
|
|
title: -> { s_('PrometheusService|Active') },
|
|
|
|
|
help: -> { s_('PrometheusService|Select this checkbox to override the auto configuration settings with your own settings.') },
|
|
|
|
|
required: true
|
|
|
|
|
|
|
|
|
|
field :api_url,
|
|
|
|
|
title: 'API URL',
|
|
|
|
|
placeholder: -> { s_('PrometheusService|https://prometheus.example.com/') },
|
|
|
|
|
help: -> { s_('PrometheusService|The Prometheus API base URL.') },
|
|
|
|
|
required: true
|
|
|
|
|
|
|
|
|
|
field :google_iap_audience_client_id,
|
|
|
|
|
title: 'Google IAP Audience Client ID',
|
|
|
|
|
placeholder: -> { s_('PrometheusService|IAP_CLIENT_ID.apps.googleusercontent.com') },
|
|
|
|
|
help: -> { s_('PrometheusService|The ID of the IAP-secured resource.') },
|
|
|
|
|
required: false
|
|
|
|
|
|
|
|
|
|
field :google_iap_service_account_json,
|
|
|
|
|
type: 'textarea',
|
|
|
|
|
title: 'Google IAP Service Account JSON',
|
|
|
|
|
placeholder: -> { s_('PrometheusService|{ "type": "service_account", "project_id": ... }') },
|
|
|
|
|
help: -> { s_('PrometheusService|The contents of the credentials.json file of your service account.') },
|
|
|
|
|
required: false
|
2021-09-30 23:02:18 +05:30
|
|
|
|
|
|
|
|
# We need to allow the self-monitoring project to connect to the internal
|
|
|
|
|
# Prometheus instance.
|
|
|
|
|
# Since the internal Prometheus instance is usually a localhost URL, we need
|
|
|
|
|
# to allow localhost URLs when the following conditions are true:
|
|
|
|
|
# 1. project is the self-monitoring project.
|
|
|
|
|
# 2. api_url is the internal Prometheus URL.
|
|
|
|
|
with_options presence: true do
|
|
|
|
|
validates :api_url, public_url: true, if: ->(object) { object.manual_configuration? && !object.allow_local_api_url? }
|
|
|
|
|
validates :api_url, url: true, if: ->(object) { object.manual_configuration? && object.allow_local_api_url? }
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
before_save :synchronize_service_state
|
|
|
|
|
|
|
|
|
|
after_save :clear_reactive_cache!
|
|
|
|
|
|
|
|
|
|
after_commit :track_events
|
|
|
|
|
|
|
|
|
|
scope :preload_project, -> { preload(:project) }
|
|
|
|
|
|
|
|
|
|
def show_active_box?
|
|
|
|
|
false
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def title
|
|
|
|
|
'Prometheus'
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def description
|
|
|
|
|
s_('PrometheusService|Monitor application health with Prometheus metrics and dashboards')
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.to_param
|
|
|
|
|
'prometheus'
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Check we can connect to the Prometheus API
|
|
|
|
|
def test(*args)
|
2022-07-23 23:45:48 +05:30
|
|
|
return { success: false, result: 'Prometheus configuration error' } unless prometheus_client
|
|
|
|
|
|
2021-09-30 23:02:18 +05:30
|
|
|
prometheus_client.ping
|
|
|
|
|
{ success: true, result: 'Checked API endpoint' }
|
2022-08-27 11:52:29 +05:30
|
|
|
rescue Gitlab::PrometheusClient::Error => e
|
|
|
|
|
{ success: false, result: e }
|
2021-09-30 23:02:18 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def prometheus_client
|
|
|
|
|
return unless should_return_client?
|
|
|
|
|
|
|
|
|
|
options = prometheus_client_default_options.merge(
|
|
|
|
|
allow_local_requests: allow_local_api_url?
|
|
|
|
|
)
|
|
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
if behind_iap? && iap_client
|
2021-09-30 23:02:18 +05:30
|
|
|
# Adds the Authorization header
|
|
|
|
|
options[:headers] = iap_client.apply({})
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
Gitlab::PrometheusClient.new(api_url, options)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def prometheus_available?
|
|
|
|
|
return false unless project
|
|
|
|
|
|
|
|
|
|
project.all_clusters.enabled.eager_load(:integration_prometheus).any? do |cluster|
|
|
|
|
|
cluster.integration_prometheus_available?
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def allow_local_api_url?
|
|
|
|
|
allow_local_requests_from_web_hooks_and_services? ||
|
|
|
|
|
(self_monitoring_project? && internal_prometheus_url?)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def configured?
|
|
|
|
|
should_return_client?
|
|
|
|
|
end
|
|
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
alias_method :google_iap_service_account_json_raw, :google_iap_service_account_json
|
|
|
|
|
private :google_iap_service_account_json_raw
|
|
|
|
|
|
|
|
|
|
MASKED_VALUE = '*' * 8
|
|
|
|
|
|
|
|
|
|
def google_iap_service_account_json
|
|
|
|
|
json = google_iap_service_account_json_raw
|
|
|
|
|
return json unless json.present?
|
|
|
|
|
|
|
|
|
|
Gitlab::Json.parse(json)
|
|
|
|
|
.then { |hash| hash.transform_values { MASKED_VALUE } }
|
|
|
|
|
.then { |hash| Gitlab::Json.generate(hash) }
|
|
|
|
|
rescue Gitlab::Json.parser_error
|
|
|
|
|
json
|
|
|
|
|
end
|
|
|
|
|
|
2021-09-30 23:02:18 +05:30
|
|
|
private
|
|
|
|
|
|
|
|
|
|
delegate :allow_local_requests_from_web_hooks_and_services?, to: :current_settings, private: true
|
|
|
|
|
|
|
|
|
|
def self_monitoring_project?
|
|
|
|
|
project && project.id == current_settings.self_monitoring_project_id
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def internal_prometheus_url?
|
|
|
|
|
api_url.present? && api_url == ::Gitlab::Prometheus::Internal.uri
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def should_return_client?
|
|
|
|
|
api_url.present? && manual_configuration? && active? && valid?
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def current_settings
|
|
|
|
|
Gitlab::CurrentSettings.current_application_settings
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def synchronize_service_state
|
|
|
|
|
self.active = prometheus_available? || manual_configuration?
|
|
|
|
|
|
|
|
|
|
true
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def track_events
|
|
|
|
|
if enabled_manual_prometheus?
|
|
|
|
|
Gitlab::Tracking.event('cluster:services:prometheus', 'enabled_manual_prometheus')
|
|
|
|
|
elsif disabled_manual_prometheus?
|
|
|
|
|
Gitlab::Tracking.event('cluster:services:prometheus', 'disabled_manual_prometheus')
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
true
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def enabled_manual_prometheus?
|
|
|
|
|
manual_configuration_changed? && manual_configuration?
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def disabled_manual_prometheus?
|
|
|
|
|
manual_configuration_changed? && !manual_configuration?
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def behind_iap?
|
|
|
|
|
manual_configuration? && google_iap_audience_client_id.present? && google_iap_service_account_json.present?
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def clean_google_iap_service_account
|
2023-03-04 22:38:38 +05:30
|
|
|
json = google_iap_service_account_json_raw
|
|
|
|
|
return unless json.present?
|
2021-09-30 23:02:18 +05:30
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
Gitlab::Json.parse(json).except('token_credential_uri')
|
|
|
|
|
rescue Gitlab::Json.parser_error
|
|
|
|
|
{}
|
2021-09-30 23:02:18 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def iap_client
|
|
|
|
|
@iap_client ||= Google::Auth::Credentials
|
|
|
|
|
.new(clean_google_iap_service_account, target_audience: google_iap_audience_client_id)
|
|
|
|
|
.client
|
2023-03-04 22:38:38 +05:30
|
|
|
rescue StandardError
|
|
|
|
|
nil
|
2021-09-30 23:02:18 +05:30
|
|
|
end
|
2023-03-04 22:38:38 +05:30
|
|
|
strong_memoize_attr :iap_client
|
2021-09-30 23:02:18 +05:30
|
|
|
end
|
|
|
|
|
end
|
