Commit 4c93d55b authored by rpereira2's avatar rpereira2

Allow local Prom queries in selfmonitoring project

If the Prometheus service API URL is the internal Prometheus URL, allow
the self monitoring project to send Prometheus queries to it even if it
is a local URL.
parent 244966bf
...@@ -81,7 +81,7 @@ class PrometheusService < MonitoringService ...@@ -81,7 +81,7 @@ class PrometheusService < MonitoringService
def prometheus_client def prometheus_client
return unless should_return_client? return unless should_return_client?
Gitlab::PrometheusClient.new(api_url) Gitlab::PrometheusClient.new(api_url, allow_local_requests: allow_local_api_url?)
end end
def prometheus_available? def prometheus_available?
...@@ -94,7 +94,8 @@ class PrometheusService < MonitoringService ...@@ -94,7 +94,8 @@ class PrometheusService < MonitoringService
end end
def allow_local_api_url? def allow_local_api_url?
self_monitoring_project? && internal_prometheus_url? allow_local_requests_from_web_hooks_and_services? ||
(self_monitoring_project? && internal_prometheus_url?)
end end
def configured? def configured?
...@@ -111,6 +112,10 @@ class PrometheusService < MonitoringService ...@@ -111,6 +112,10 @@ class PrometheusService < MonitoringService
api_url.present? && api_url == ::Gitlab::Prometheus::Internal.uri api_url.present? && api_url == ::Gitlab::Prometheus::Internal.uri
end end
def allow_local_requests_from_web_hooks_and_services?
current_settings.allow_local_requests_from_web_hooks_and_services?
end
def should_return_client? def should_return_client?
api_url.present? && manual_configuration? && active? && valid? api_url.present? && manual_configuration? && active? && valid?
end end
......
---
title: Allow self monitoring project to query internal Prometheus even when "Allow local requests in webhooks and services" setting is false
merge_request: 27865
author:
type: fixed
...@@ -66,6 +66,18 @@ describe PrometheusService, :use_clean_rails_memory_store_caching do ...@@ -66,6 +66,18 @@ describe PrometheusService, :use_clean_rails_memory_store_caching do
end end
end end
it 'can query when local requests are allowed' do
stub_application_setting(allow_local_requests_from_web_hooks_and_services: true)
aggregate_failures do
['127.0.0.1', '192.168.2.3'].each do |url|
allow(Addrinfo).to receive(:getaddrinfo).with(domain, any_args).and_return([Addrinfo.tcp(url, 80)])
expect(service.can_query?).to be true
end
end
end
context 'with self-monitoring project and internal Prometheus' do context 'with self-monitoring project and internal Prometheus' do
before do before do
service.api_url = 'http://localhost:9090' service.api_url = 'http://localhost:9090'
...@@ -152,6 +164,54 @@ describe PrometheusService, :use_clean_rails_memory_store_caching do ...@@ -152,6 +164,54 @@ describe PrometheusService, :use_clean_rails_memory_store_caching do
expect(service.prometheus_client).to be_nil expect(service.prometheus_client).to be_nil
end end
end end
context 'when local requests are allowed' do
let(:manual_configuration) { true }
let(:api_url) { 'http://192.168.1.1:9090' }
before do
stub_application_setting(allow_local_requests_from_web_hooks_and_services: true)
stub_prometheus_request("#{api_url}/api/v1/query?query=1")
end
it 'allows local requests' do
expect(service.prometheus_client).not_to be_nil
expect { service.prometheus_client.ping }.not_to raise_error
end
end
context 'when local requests are blocked' do
let(:manual_configuration) { true }
let(:api_url) { 'http://192.168.1.1:9090' }
before do
stub_application_setting(allow_local_requests_from_web_hooks_and_services: false)
stub_prometheus_request("#{api_url}/api/v1/query?query=1")
end
it 'blocks local requests' do
expect(service.prometheus_client).to be_nil
end
context 'with self monitoring project and internal Prometheus URL' do
before do
stub_application_setting(allow_local_requests_from_web_hooks_and_services: false)
stub_application_setting(self_monitoring_project_id: project.id)
stub_config(prometheus: {
enable: true,
listen_address: api_url
})
end
it 'allows local requests' do
expect(service.prometheus_client).not_to be_nil
expect { service.prometheus_client.ping }.not_to raise_error
end
end
end
end end
describe '#prometheus_available?' do describe '#prometheus_available?' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment