Documentation
¶
Overview ¶
Package client defines interfaces for external dependencies of the Effectiveness Monitor. These interfaces enable dependency injection and testability across all tiers.
Integration tests use httptest.NewServer mocks (per TESTING_GUIDELINES.md Section 4a). E2E tests use real Prometheus/AlertManager containers (per DD-TEST-001).
Business Requirements: - BR-EM-001: Health check via K8s readiness/liveness - BR-EM-002: Alert resolution check via AlertManager - BR-EM-003: Metric comparison via Prometheus - BR-EM-004: Spec hash comparison via K8s API
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BuildCertPool ¶ added in v1.2.0
BuildCertPool creates an x509.CertPool from PEM-encoded certificate data. The custom CA is appended to the system cert pool so that both system-trusted and custom CAs are honored. Returns an error if pemData contains no valid PEM certificates (no silent fallback).
func NewHTTPClientWithCA ¶ added in v1.1.0
NewHTTPClientWithCA creates an HTTP client configured with a custom CA certificate pool for TLS connections. The custom CA is appended to the system cert pool so that both system-trusted and custom CAs are honored.
Issue #452: Enables EM to connect to Prometheus/AlertManager over HTTPS when endpoints use certificates signed by a non-system CA (e.g., OCP service-serving signer).
The returned client has TLS configured but no bearer token injection. Callers can wrap client.Transport with auth.NewServiceAccountTransportWithBase to add SA token authentication.
Types ¶
type Alert ¶
type Alert struct {
// Labels are the alert labels.
Labels map[string]string
// State is the alert state (active, suppressed, unprocessed).
State string
// StartsAt is when the alert started firing.
StartsAt time.Time
// EndsAt is when the alert stopped firing (zero if still active).
EndsAt time.Time
}
Alert represents an alert from AlertManager.
type AlertFilters ¶
type AlertFilters struct {
// Matchers are label matchers to filter alerts (e.g., alertname=~"HighLatency").
Matchers []string
}
AlertFilters defines criteria for querying alerts from AlertManager.
type AlertManagerClient ¶
type AlertManagerClient interface {
// GetAlerts retrieves active alerts matching the given filters.
GetAlerts(ctx context.Context, filters AlertFilters) ([]Alert, error)
// Ready checks if AlertManager is ready to accept queries.
Ready(ctx context.Context) error
}
AlertManagerClient abstracts AlertManager API operations. Used for alert resolution scoring (BR-EM-002).
Integration tests: httptest.NewServer mock (test/infrastructure/alertmanager_mock.go) E2E tests: real AlertManager container (test/infrastructure/prometheus_alertmanager_e2e.go)
func NewAlertManagerHTTPClient ¶
func NewAlertManagerHTTPClient(baseURL string, httpClient *http.Client) AlertManagerClient
NewAlertManagerHTTPClient creates an AlertManagerClient that connects to an AlertManager HTTP API. The caller provides a pre-configured *http.Client, allowing TLS, bearer token, and timeout settings to be composed externally (Issue #452).
type CAReloader
deprecated
added in
v1.2.0
type CAReloader struct {
// contains filtered or unexported fields
}
Deprecated: Use github.com/jordigilh/kubernaut/pkg/shared/tls.CAReloader instead. This type is retained for backward compatibility with existing EM tests.
CAReloader is an http.RoundTripper that supports hot-reloading of the TLS CA certificate pool. When the OCP service-ca operator updates the mounted ConfigMap, the FileWatcher calls ReloadCallback which builds a new http.Transport with the fresh cert pool and swaps it atomically. Existing in-flight requests complete on the old transport; new requests use the new one.
Issue #484: Resolves the race where EM starts before the service-ca ConfigMap is populated by allowing the cert pool to be replaced at runtime without restarting the pod.
Issue #756: Superseded by pkg/shared/tls.CAReloader.
Thread safety: all public methods are safe for concurrent use.
func NewCAReloader ¶ added in v1.2.0
func NewCAReloader(pemData []byte) (*CAReloader, error)
NewCAReloader creates a CAReloader initialized with the given PEM certificate data. Returns an error if pemData contains no valid PEM certificates.
func (*CAReloader) CurrentTransport ¶ added in v1.2.0
func (r *CAReloader) CurrentTransport() *http.Transport
CurrentTransport returns the currently active http.Transport (snapshot).
func (*CAReloader) GetCertPool ¶ added in v1.2.0
func (r *CAReloader) GetCertPool() *x509.CertPool
GetCertPool returns the currently active certificate pool (snapshot).
func (*CAReloader) ReloadCallback ¶ added in v1.2.0
func (r *CAReloader) ReloadCallback(newContent string) error
ReloadCallback is compatible with hotreload.ReloadCallback. It parses newContent as PEM, builds a fresh cert pool, and atomically replaces the underlying http.Transport. If the PEM is invalid the previous transport is preserved and an error is returned.
type DataStorageQuerier ¶
type DataStorageQuerier interface {
// QueryPreRemediationHash queries DS for the pre-remediation spec hash
// associated with a given correlation ID. Returns empty string if not found.
QueryPreRemediationHash(ctx context.Context, correlationID string) (string, error)
// HasWorkflowStarted checks if a workflowexecution.execution.started event
// exists for the given correlation ID. Returns false if not found.
// ADR-EM-001 Section 5: Used to detect the no_execution path.
HasWorkflowStarted(ctx context.Context, correlationID string) (bool, error)
// HasWorkflowCompleted checks if a workflowexecution.workflow.completed event
// exists for the given correlation ID. Returns false if not found.
// ADR-EM-001 Section 5: Used to differentiate partial vs full assessment paths (#573 G4).
HasWorkflowCompleted(ctx context.Context, correlationID string) (bool, error)
}
DataStorageQuerier abstracts queries to the DataStorage audit trail. Used by the EM to retrieve the pre-remediation spec hash from the remediation.workflow_created audit event (DD-EM-002) and to detect whether a workflow was ever started (ADR-EM-001 Section 5).
func NewOgenDataStorageQuerier ¶ added in v1.3.0
func NewOgenDataStorageQuerier(baseURL string, timeout time.Duration) (DataStorageQuerier, error)
NewOgenDataStorageQuerier creates a DD-API-001 compliant DataStorageQuerier. Production transport uses ServiceAccount token authentication (DD-AUTH-005).
func NewOgenDataStorageQuerierWithTransport ¶ added in v1.3.0
func NewOgenDataStorageQuerierWithTransport(baseURL string, timeout time.Duration, transport http.RoundTripper) (DataStorageQuerier, error)
NewOgenDataStorageQuerierWithTransport creates a DataStorageQuerier with custom transport. When transport is nil, ServiceAccount token auth is used (DD-AUTH-005). Integration tests use this to inject mock transports.
type PrometheusQuerier ¶
type PrometheusQuerier interface {
// Query executes an instant PromQL query and returns the result.
Query(ctx context.Context, query string, ts time.Time) (*QueryResult, error)
// QueryRange executes a range PromQL query and returns the result.
QueryRange(ctx context.Context, query string, start, end time.Time, step time.Duration) (*QueryResult, error)
// Ready checks if Prometheus is ready to accept queries.
Ready(ctx context.Context) error
}
PrometheusQuerier abstracts Prometheus query operations. Used for metric comparison scoring (BR-EM-003).
Integration tests: httptest.NewServer mock (test/infrastructure/prometheus_mock.go) E2E tests: real Prometheus container (test/infrastructure/prometheus_alertmanager_e2e.go)
func NewPrometheusHTTPClient ¶
func NewPrometheusHTTPClient(baseURL string, httpClient *http.Client) PrometheusQuerier
NewPrometheusHTTPClient creates a PrometheusQuerier that connects to a Prometheus HTTP API. The caller provides a pre-configured *http.Client, allowing TLS, bearer token, and timeout settings to be composed externally (Issue #452).
type QueryResult ¶
type QueryResult struct {
// Samples contains the data points returned by the query.
Samples []Sample
}
QueryResult represents the result of a Prometheus query.
Source Files