debian-mirror-gitlab/app/models/integrations/prometheus.rb
2023-03-05 14:24:40 +05:30

192 lines
5.7 KiB
Ruby

# frozen_string_literal: true
module Integrations
class Prometheus < BaseMonitoring
include PrometheusAdapter
include Gitlab::Utils::StrongMemoize
field :manual_configuration,
type: 'checkbox',
title: -> { s_('PrometheusService|Active') },
help: -> { s_('PrometheusService|Select this checkbox to override the auto configuration settings with your own settings.') },
required: true
field :api_url,
title: 'API URL',
placeholder: -> { s_('PrometheusService|https://prometheus.example.com/') },
help: -> { s_('PrometheusService|The Prometheus API base URL.') },
required: true
field :google_iap_audience_client_id,
title: 'Google IAP Audience Client ID',
placeholder: -> { s_('PrometheusService|IAP_CLIENT_ID.apps.googleusercontent.com') },
help: -> { s_('PrometheusService|The ID of the IAP-secured resource.') },
required: false
field :google_iap_service_account_json,
type: 'textarea',
title: 'Google IAP Service Account JSON',
placeholder: -> { s_('PrometheusService|{ "type": "service_account", "project_id": ... }') },
help: -> { s_('PrometheusService|The contents of the credentials.json file of your service account.') },
required: false
# We need to allow the self-monitoring project to connect to the internal
# Prometheus instance.
# Since the internal Prometheus instance is usually a localhost URL, we need
# to allow localhost URLs when the following conditions are true:
# 1. project is the self-monitoring project.
# 2. api_url is the internal Prometheus URL.
with_options presence: true do
validates :api_url, public_url: true, if: ->(object) { object.manual_configuration? && !object.allow_local_api_url? }
validates :api_url, url: true, if: ->(object) { object.manual_configuration? && object.allow_local_api_url? }
end
before_save :synchronize_service_state
after_save :clear_reactive_cache!
after_commit :track_events
scope :preload_project, -> { preload(:project) }
def show_active_box?
false
end
def title
'Prometheus'
end
def description
s_('PrometheusService|Monitor application health with Prometheus metrics and dashboards')
end
def self.to_param
'prometheus'
end
# Check we can connect to the Prometheus API
def test(*args)
return { success: false, result: 'Prometheus configuration error' } unless prometheus_client
prometheus_client.ping
{ success: true, result: 'Checked API endpoint' }
rescue Gitlab::PrometheusClient::Error => e
{ success: false, result: e }
end
def prometheus_client
return unless should_return_client?
options = prometheus_client_default_options.merge(
allow_local_requests: allow_local_api_url?
)
if behind_iap? && iap_client
# Adds the Authorization header
options[:headers] = iap_client.apply({})
end
Gitlab::PrometheusClient.new(api_url, options)
end
def prometheus_available?
return false unless project
project.all_clusters.enabled.eager_load(:integration_prometheus).any? do |cluster|
cluster.integration_prometheus_available?
end
end
def allow_local_api_url?
allow_local_requests_from_web_hooks_and_services? ||
(self_monitoring_project? && internal_prometheus_url?)
end
def configured?
should_return_client?
end
alias_method :google_iap_service_account_json_raw, :google_iap_service_account_json
private :google_iap_service_account_json_raw
MASKED_VALUE = '*' * 8
def google_iap_service_account_json
json = google_iap_service_account_json_raw
return json unless json.present?
Gitlab::Json.parse(json)
.then { |hash| hash.transform_values { MASKED_VALUE } }
.then { |hash| Gitlab::Json.generate(hash) }
rescue Gitlab::Json.parser_error
json
end
private
delegate :allow_local_requests_from_web_hooks_and_services?, to: :current_settings, private: true
def self_monitoring_project?
project && project.id == current_settings.self_monitoring_project_id
end
def internal_prometheus_url?
api_url.present? && api_url == ::Gitlab::Prometheus::Internal.uri
end
def should_return_client?
api_url.present? && manual_configuration? && active? && valid?
end
def current_settings
Gitlab::CurrentSettings.current_application_settings
end
def synchronize_service_state
self.active = prometheus_available? || manual_configuration?
true
end
def track_events
if enabled_manual_prometheus?
Gitlab::Tracking.event('cluster:services:prometheus', 'enabled_manual_prometheus')
elsif disabled_manual_prometheus?
Gitlab::Tracking.event('cluster:services:prometheus', 'disabled_manual_prometheus')
end
true
end
def enabled_manual_prometheus?
manual_configuration_changed? && manual_configuration?
end
def disabled_manual_prometheus?
manual_configuration_changed? && !manual_configuration?
end
def behind_iap?
manual_configuration? && google_iap_audience_client_id.present? && google_iap_service_account_json.present?
end
def clean_google_iap_service_account
json = google_iap_service_account_json_raw
return unless json.present?
Gitlab::Json.parse(json).except('token_credential_uri')
rescue Gitlab::Json.parser_error
{}
end
def iap_client
@iap_client ||= Google::Auth::Credentials
.new(clean_google_iap_service_account, target_audience: google_iap_audience_client_id)
.client
rescue StandardError
nil
end
strong_memoize_attr :iap_client
end
end