def test_credentials_token_noverify():
expected_headers = {'Authorization': 'Bearer mytoken'}
creds = KubeletCredentials({
"verify_tls": "false",
"ca_cert": "ca_cert",
"client_crt": "ignore_me",
"token": "mytoken"
})
assert creds.verify() is False
assert creds.cert_pair() is None
assert creds.headers("https://dummy") == expected_headers
# Make sure we don't leak the token over http
assert creds.headers("http://dummy") is None
scraper = PrometheusScraper(None)
creds.configure_scraper(scraper, "https://dummy")
assert scraper.ssl_ca_cert is False
assert scraper.ssl_cert is None
assert scraper.ssl_private_key is None
assert scraper.extra_headers == expected_headers
# Make sure we don't leak the token over http
creds.configure_scraper(scraper, "http://dummy")
assert scraper.ssl_ca_cert is False
assert scraper.ssl_cert is None
assert scraper.ssl_private_key is None
assert scraper.extra_headers == {}
def test_credentials_token_noverify():
expected_headers = {'Authorization': 'Bearer mytoken'}
creds = KubeletCredentials({
"verify_tls": "false",
"ca_cert": "ca_cert",
"client_crt": "ignore_me",
"token": "mytoken"
})
assert creds.verify() is False
assert creds.cert_pair() is None
assert creds.headers("https://dummy") == expected_headers
# Make sure we don't leak the token over http
assert creds.headers("http://dummy") is None
scraper = OpenMetricsBaseCheck('prometheus', {}, {})
scraper_config = scraper.create_scraper_configuration()
scraper_config['prometheus_url'] = 'https://dummy'
creds.configure_scraper(scraper_config)
assert scraper_config['ssl_ca_cert'] is False
assert scraper_config['ssl_cert'] is None
assert scraper_config['ssl_private_key'] is None
assert scraper_config['extra_headers'] == expected_headers
# Make sure we don't leak the token over http
scraper_config['prometheus_url'] = "http://dummy"
creds.configure_scraper(scraper_config)
assert scraper_config['ssl_ca_cert'] is False
assert scraper_config['ssl_cert'] is None
assert scraper_config['ssl_private_key'] is None
assert scraper_config['extra_headers'] == {}
def test_perform_kubelet_check(monkeypatch):
check = KubeletCheck('kubelet', {}, [{}])
check.kube_health_url = "http://127.0.0.1:10255/healthz"
check.kubelet_credentials = KubeletCredentials({})
monkeypatch.setattr(check, 'service_check', mock.Mock())
instance_tags = ["one:1"]
get = MockResponse()
with mock.patch("requests.get", side_effect=get):
check._perform_kubelet_check(instance_tags)
get.assert_has_calls(
[
mock.call(
'http://127.0.0.1:10255/healthz',
cert=None,
headers=None,
params={'verbose': True},
stream=False,
timeout=10,
verify=None,
)
]
)
calls = [mock.call('kubernetes.kubelet.check', 0, tags=instance_tags)]
check.service_check.assert_has_calls(calls)
def test_silent_tls_warning(monkeypatch, aggregator):
check = KubeletCheck('kubelet', {}, [{}])
check.kube_health_url = "https://example.com/"
check.kubelet_credentials = KubeletCredentials({'verify_tls': 'false'})
with pytest.warns(None) as record:
check._perform_kubelet_check([])
assert all(not issubclass(warning.category, InsecureRequestWarning) for warning in record)
def test_report_node_metrics_kubernetes1_18(monkeypatch, aggregator):
check = KubeletCheck('kubelet', {}, [{}])
check.kubelet_credentials = KubeletCredentials({'verify_tls': 'false'})
check.node_spec_url = "http://localhost:10255/spec"
get = mock.MagicMock(status_code=404, iter_lines=lambda **kwargs: "Error Code")
get.raise_for_status.side_effect = requests.HTTPError('error')
with mock.patch('requests.get', return_value=get):
check._report_node_metrics(['foo:bar'])
aggregator.assert_all_metrics_covered()
def test_silent_tls_warning(caplog, monkeypatch, aggregator):
check = KubeletCheck('kubelet', {}, [{}])
check.kube_health_url = "https://example.com/"
check.kubelet_credentials = KubeletCredentials({'verify_tls': 'false'})
with caplog.at_level(logging.DEBUG):
check._perform_kubelet_check([])
expected_message = 'An unverified HTTPS request is being made to https://example.com/'
for _, _, message in caplog.record_tuples:
assert message != expected_message
def test_credentials_empty():
creds = KubeletCredentials({})
assert creds.verify() is None
assert creds.cert_pair() is None
assert creds.headers("https://dummy") is None
scraper = PrometheusScraper(None)
creds.configure_scraper(scraper, "https://dummy")
assert scraper.ssl_ca_cert is None
assert scraper.ssl_cert is None
assert scraper.ssl_private_key is None
assert scraper.extra_headers == {}
def test_credentials_empty():
creds = KubeletCredentials({})
assert creds.verify() is None
assert creds.cert_pair() is None
assert creds.headers("https://dummy") is None
scraper = OpenMetricsBaseCheck('prometheus', {}, {})
scraper_config = scraper.create_scraper_configuration()
scraper_config['prometheus_url'] = "https://dummy"
creds.configure_scraper(scraper_config)
assert scraper_config['ssl_ca_cert'] is None
assert scraper_config['ssl_cert'] is None
assert scraper_config['ssl_private_key'] is None
assert scraper_config['extra_headers'] == {}
def test_credentials_empty():
creds = KubeletCredentials({})
assert creds.verify() is None
assert creds.cert_pair() is None
assert creds.headers("https://dummy") is None
instance = {'prometheus_url': 'https://dummy', 'namespace': 'foo'}
scraper = OpenMetricsBaseCheck('prometheus', {}, [instance])
scraper_config = scraper.create_scraper_configuration(instance)
creds.configure_scraper(scraper_config)
assert scraper_config['ssl_ca_cert'] is None
assert scraper_config['ssl_cert'] is None
assert scraper_config['ssl_private_key'] is None
assert scraper_config['extra_headers'] == {}
def test_credentials_certificates():
creds = KubeletCredentials(
{"verify_tls": "true", "ca_cert": "ca_cert", "client_crt": "crt", "client_key": "key", "token": "ignore_me"}
)
assert creds.verify() == "ca_cert"
assert creds.cert_pair() == ("crt", "key")
assert creds.headers("https://dummy") is None
instance = {'prometheus_url': 'https://dummy', 'namespace': 'foo'}
scraper = OpenMetricsBaseCheck('prometheus', {}, [instance])
scraper_config = scraper.create_scraper_configuration(instance)
creds.configure_scraper(scraper_config)
assert scraper_config['ssl_ca_cert'] == "ca_cert"
assert scraper_config['ssl_cert'] == "crt"
assert scraper_config['ssl_private_key'] == "key"
assert scraper_config['extra_headers'] == {}
def test_credentials_certificates():
creds = KubeletCredentials({
"verify_tls": "true",
"ca_cert": "ca_cert",
"client_crt": "crt",
"client_key": "key",
"token": "ignore_me"
})
assert creds.verify() == "ca_cert"
assert creds.cert_pair() == ("crt", "key")
assert creds.headers("https://dummy") is None
scraper = PrometheusScraper(None)
creds.configure_scraper(scraper, "https://dummy")
assert scraper.ssl_ca_cert == "ca_cert"
assert scraper.ssl_cert == "crt"
assert scraper.ssl_private_key == "key"
assert scraper.extra_headers == {}
