prometheus calls should be made with explicitly generated token (#353)

dbasunag · web-flow · commit ac3f8ebec2a0 · 2024-08-06T08:31:04.000Z
* prometheus calls should be made with explicitly generated token

* address review comments

* addressed review comments

* updates
diff --git a/ocp_utilities/monitoring.py b/ocp_utilities/monitoring.py
@@ -7,8 +7,6 @@
 import requests
 from kubernetes.dynamic import DynamicClient
 from ocp_resources.route import Route
-from ocp_resources.secret import Secret
-from ocp_resources.service_account import ServiceAccount
 from timeout_sampler import TimeoutExpiredError, TimeoutSampler
 from simple_logger.logger import get_logger
 
@@ -36,61 +34,40 @@ class Prometheus(object):
 
     def __init__(
         self,
+        bearer_token: str,
         namespace: str = "openshift-monitoring",
         resource_name: str = "prometheus-k8s",
         client: DynamicClient = None,
         verify_ssl: bool = True,
-        bearer_token: str = "",
     ) -> None:
         """
         Args:
+            bearer_token (str, Required): Used for query OAuth with API endpoint, this needs to be created via oc
+            create token command
+             Example to create prometheus token: oc create token prometheus-k8s -n openshift-monitoring --duration=600s
+                This would create a token for prometheus calls, that would expire in 600 seconds
             namespace (str): Prometheus API resource namespace
             resource_name (str): Prometheus API resource name
             client (DynamicClient): Admin client resource
             verify_ssl (bool): Perform SSL verification on query
-            bearer_token (str): Used for query OAuth with API endpoint
         """
         self.namespace = namespace
         self.resource_name = resource_name
         self.client = client or get_client()
         self.api_v1 = "/api/v1"
         self.verify_ssl = verify_ssl
         self.bearer_token = bearer_token
+
         self.api_url = self._get_route()
-        self.headers = self._get_headers()
+        self.headers = {"Authorization": f"Bearer {self.bearer_token}"}
         self.scrape_interval = self.get_scrape_interval()
 
     def _get_route(self) -> str:
         # get route to prometheus HTTP api
         LOGGER.info("Prometheus: Obtaining route")
         route = Route(namespace=self.namespace, name=self.resource_name, client=self.client).instance.spec.host
-
         return f"https://{route}"
 
-    def _get_headers(self) -> Dict[str, str]:
-        """Uses the Prometheus serviceaccount to get an access token for OAuth if not given"""
-        LOGGER.info("Setting Prometheus headers and Obtaining OAuth token")
-
-        if not self.bearer_token:
-            secret = self._get_resource_secret()
-            self.bearer_token = secret.instance.metadata.annotations["openshift.io/token-secret.value"]
-
-        return {"Authorization": f"Bearer {self.bearer_token}"}
-
-    def _get_service_account(self) -> ServiceAccount:
-        """get service account  for the given namespace and resource"""
-
-        return ServiceAccount(namespace=self.namespace, name=self.resource_name, client=self.client)
-
-    def _get_resource_secret(self) -> Secret:
-        """secret for the service account extracted"""
-        resource_sa = self._get_service_account()
-        return Secret(
-            namespace=self.namespace,
-            name=resource_sa.instance.imagePullSecrets[0].name,
-            client=self.client,
-        )
-
     def _get_response(self, query: str) -> Dict[str, Any]:
         response = requests.get(f"{self.api_url}{query}", headers=self.headers, verify=self.verify_ssl)
 
