feat(metrics-operator): introduce insecureSkipTlsVerify parameter for prometheus metrics fetch

[Bharadwajshivam28]

fixes #3712

Hey @odubajDT @mowies
I have implemented TLS round tripper to handle HTTP request.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 74.57%. Comparing base (8eb878f) to head (6d639d1).
Report is 30 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3742      +/-   ##
==========================================
- Coverage   74.72%   74.57%   -0.15%     
==========================================
  Files         225      225              
  Lines       10160    12205    +2045     
==========================================
+ Hits         7592     9102    +1510     
- Misses       2198     2732     +534     
- Partials      370      371       +1     

Files with missing lines	Coverage Δ
.../controllers/common/providers/prometheus/common.go	90.00% <100.00%> (-0.48%)	⬇️

... and 158 files with indirect coverage changes

Flag	Coverage Δ
certificate-operator	47.44% <ø> (+0.24%)	⬆️
component-tests	56.61% <ø> (-1.43%)	⬇️
lifecycle-operator	76.07% <ø> (-0.17%)	⬇️
metrics-operator	75.95% <100.00%> (-0.36%)	⬇️
scheduler	36.09% <ø> (+1.49%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

[Bharadwajshivam28]

Hey @odubajDT I have modified the GetRoundTripper function to use a custom http.Transport with TLSClientConfig.

[odubajDT]

what is the reasoning behind this change? the function returns a roundtripper, therefore I would expect that instead of user and password

[Bharadwajshivam28]

can you please elaborate on this? @odubajDT

[odubajDT]

my question is why you are expecting a user and password if the function you are testing is returning a roundtripper, it should in my opinion stay as it is, unless there is a reason for the change. This change seems to add significant complexity to the test, which is not needed

[Bharadwajshivam28]

The thing is for the unit test without user and password it was failing so when I used user and password also it passed so I thought this way works when using user and password

[odubajDT]

yes the test is passing because now you are not checking the roundTripper correctly, please revert this and try to stick the the concept that is present unless there is a technical reason why it should be done differently

[Bharadwajshivam28]

Hey @odubajDT
In this method Test_GetRoundtripper in common_test.go according to the current unit test it fails-
getRoundtripper() got = &{myuser mytoken 0x140005afb00}, want &{myuser mytoken 0x140001d7980} because the comparison of RoundTripper instances is not working with reflect.DeepEqual.

so instead of comparing entire RoundTripper structs I check specific properties like wantUser, wantPass, and wantTLS instead of a complete want RoundTripper.

[Bharadwajshivam28]

@odubajDT one way is that by creating mock HTTP server to capture and verify the actual request sent by the RoundTripper. Instead of checking the request directly. It covers the main scenarios of secret retrieval and the creation of an authenticated RoundTripper

I modified the test case and it passes

so can we move with this unit test approach?

[odubajDT]

I guess you need to adapt the expected outcome of the function, since you just added a parameter to the config, which has an impact on the resulting object

[Bharadwajshivam28]

can I create a new function in the common_test file?

Yes I understand that I need to adapt the changes in the test function but the thing without the mock method the test doesn't get adapted

[odubajDT]

what you should do is to set/unset the parameter in the metricProvider and expect it to be set/unset in the resulting roundtripper in the test. Not many changes are needed and I don't think another test function is needed here. You just need to duplicate and slightly adapt the test cases that are present

[odubajDT]

why are you expecting defaultRoundTripper if you have modified it in the code?

[odubajDT]

the insecureSkipVerify is not the only parameter that should be tested here, please test also the user and the password of the round tripper

[Bharadwajshivam28]

@odubajDT I have made the changes please verify it

[odubajDT]

still only a single parameter is verified here, what about user/password and other parameters set in the struct?

[odubajDT]

please remove this commented part if it's not needed

[odubajDT]

please remove

[odubajDT]

Please singoff your commits to pass the DCO check in the CI

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[odubajDT]

you are not asserting these parameters, can you explain why?

[odubajDT]

where is the roundtripper asserted?

[mowies]

@Bharadwajshivam28 any updates on this?