Add global namespace from namespaceset (#15)

* debug: added debug statement with lenght of response Signed-off-by: Bruno Bressi <bruno.bressi@telekom.de> * debug: added debug statement for whole response Signed-off-by: Bruno Bressi <bruno.bressi@telekom.de> * debug: changed formatting Signed-off-by: Bruno Bressi <bruno.bressi@telekom.de> * refactor: more robust global namespace addition & linting Signed-off-by: Bruno Bressi <bruno.bressi@telekom.de> * chore: log verbosity changed back to original --------- Signed-off-by: Bruno Bressi <bruno.bressi@telekom.de>
caas-team · Jan 3, 2024 · a0de49b · a0de49b
1 parent ba5e751
commit a0de49b
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 23 deletions.
diff --git a/pkg/agent/entry.go b/pkg/agent/entry.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"net"
 	"net/http"
-	_ "net/http/pprof"
+	_ "net/http/pprof" //nolint: gosec // enable profiler
 	"net/url"
 	"os"
 	"strings"
@@ -55,7 +55,7 @@ func Run(cliContext *cli.Context) {
 	}
 	cfg.proxyURL = proxyURL
 
-	accessTokenPath := "/var/run/secrets/kubernetes.io/serviceaccount/token"
+	accessTokenPath := "/var/run/secrets/kubernetes.io/serviceaccount/token" //nolint: gosec // read token from file
 	accessTokenBytes, err := os.ReadFile(accessTokenPath)
 	if err != nil {
 		log.WithError(err).Panicf("Failed to read token file %q", accessTokenPath)

diff --git a/pkg/agent/http_api_context.go b/pkg/agent/http_api_context.go
@@ -17,9 +17,9 @@ import (
 	"k8s.io/apimachinery/pkg/util/runtime"
 )
 
-const (
-	apiContextKey = "_apiContext_"
-)
+type apiContextKeyT string
+
+const apiContextKey apiContextKeyT = "_apiContextKey_"
 
 var (
 	badRequestErr     = errors.BadRequestf("bad_data")
@@ -115,14 +115,6 @@ func (c *apiContext) responseMetrics(data *promgo.MetricFamily) (err error) {
 	return
 }
 
-func (c *apiContext) proxy() error {
-	c.Do(func() {
-		c.proxyHandler.ServeHTTP(c.response, c.request)
-	})
-
-	return nil
-}
-
 func (c *apiContext) proxyWith(request *http.Request) error {
 	c.Do(func() {
 		c.proxyHandler.ServeHTTP(c.response, request)
@@ -171,8 +163,8 @@ func (f apiContextHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	contentTypeHeaderValue := w.Header().Get("Content-Type")
 	if !strings.Contains(acceptHeaderValue, "application/json") &&
 		!strings.EqualFold(contentTypeHeaderValue, "application/json") {
-
 		http.Error(w, causeErrMsg, responseCode)
+		log.WithError(err).Errorf("failed to write %q into http response", causeErrMsg)
 		return
 	}
 
@@ -186,7 +178,6 @@ func (f apiContextHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	if marshalErr != nil {
 		log.WithError(err).Errorf("unable to marshal responseData %#v", responseData)
 		http.Error(w, "internal error", http.StatusInternalServerError)
-
 		return
 	}
 

diff --git a/pkg/agent/http_hijack.go b/pkg/agent/http_hijack.go
@@ -6,7 +6,6 @@ import (
 	"net/http"
 	"net/url"
 	"strconv"
-	"strings"
 	"time"
 
 	"github.com/caas-team/prometheus-auth/pkg/data"
@@ -23,6 +22,10 @@ import (
 	log "github.com/sirupsen/logrus"
 )
 
+// the global namespace to add to all hijacked queries
+// to allow users to get some global metrics
+const globalNamespace = "caasglobal"
+
 func hijackFederate(apiCtx *apiContext) error {
 	// pre check
 	queries, err := url.ParseQuery(apiCtx.request.URL.RawQuery)
@@ -43,6 +46,9 @@ func hijackFederate(apiCtx *apiContext) error {
 		return apiCtx.responseMetrics(nil)
 	}
 
+	ns := append(apiCtx.namespaceSet.Values(), globalNamespace)
+	apiCtx.namespaceSet = data.NewSet(ns...)
+
 	// hijack
 	queries.Del("match[]")
 	for idx, rawValue := range matchFormValues {
@@ -53,12 +59,6 @@ func hijackFederate(apiCtx *apiContext) error {
 
 		log.Debugf("raw federate[%s - %d] => %s", apiCtx.tag, idx, rawValue)
 		hjkValue := modifyExpression(expr, apiCtx.namespaceSet)
-
-		// introduce a new label namespace="caasglobal",
-		// all metrics with this label will pass the auth gate
-		caasNs := "|caasglobal\"}"
-		hjkValue = strings.ReplaceAll(hjkValue, "\"}", caasNs)
-
 		log.Debugf("hjk federate[%s - %d] => %s", apiCtx.tag, idx, hjkValue)
 
 		queries.Add("match[]", hjkValue)
@@ -446,7 +446,7 @@ func parseDuration(s string) (time.Duration, error) {
 	return 0, errors.Errorf("cannot parse %q to a valid duration", s)
 }
 
-func modifyExpression(originalExpr parser.Expr, namespaceSet data.Set) (modifiedExpr string) {
+func modifyExpression(originalExpr parser.Expr, namespaceSet data.Set) string {
 	parser.Inspect(originalExpr, func(node parser.Node, _ []parser.Node) error {
 		switch n := node.(type) {
 		case *parser.VectorSelector: