From 45f72a651e07636f89cb177f8536a78cf3fe67d3 Mon Sep 17 00:00:00 2001
From: Gabor Gyimesi <gamezbird@gmail.com>
Date: Fri, 14 Jul 2023 17:08:36 +0200
Subject: [PATCH] Review update

---
 METRICS.md                                    |  2 +-
 .../cluster/containers/PrometheusContainer.py | 24 +++++++------------
 .../prometheus/PrometheusExposerWrapper.cpp   |  2 +-
 3 files changed, 10 insertions(+), 18 deletions(-)

diff --git a/METRICS.md b/METRICS.md
index 9d0226a66e2..d6d63481af6 100644
--- a/METRICS.md
+++ b/METRICS.md
@@ -110,7 +110,7 @@ An agent identifier should also be defined to identify which agent the metric is
 
 ### Configure Prometheus metrics publisher with SSL
 
-The communication between MiNiFi and the Prometheus server can be encrypted using SSL. This can be achieved by adding the SSL certificate path (a single file containing both the certificate and the SSL key) and optionally adding the root CA path when using a self signed certificate to the minifi.properties file. Here is an example with the SSL properties:
+The communication between MiNiFi and Prometheus can be encrypted using SSL. This can be achieved by adding the SSL certificate path (a single file containing both the MiNiFi certificate and the MiNiFi SSL key) and optionally adding the root CA path if Prometheus uses a self-signed certificate, to the minifi.properties file. Here is an example with the SSL properties:
 
     # in minifi.properties
 
diff --git a/docker/test/integration/cluster/containers/PrometheusContainer.py b/docker/test/integration/cluster/containers/PrometheusContainer.py
index 37b8b36378e..bc1da33cb90 100644
--- a/docker/test/integration/cluster/containers/PrometheusContainer.py
+++ b/docker/test/integration/cluster/containers/PrometheusContainer.py
@@ -27,6 +27,7 @@ def __init__(self, feature_context, name, vols, network, image_store, command=No
         engine = "prometheus-ssl" if ssl else "prometheus"
         super().__init__(feature_context, name, engine, vols, network, image_store, command)
         self.ssl = ssl
+        extra_ssl_settings = ""
         if ssl:
             prometheus_cert, prometheus_key = make_cert_without_extended_usage(f"prometheus-{feature_context.id}", feature_context.root_ca_cert, feature_context.root_ca_key)
 
@@ -45,24 +46,13 @@ def __init__(self, feature_context, name, vols, network, image_store, command=No
             self.prometheus_key_file.close()
             os.chmod(self.prometheus_key_file.name, 0o644)
 
-            prometheus_yml_content = """
-global:
-  scrape_interval: 2s
-  evaluation_interval: 15s
-scrape_configs:
-  - job_name: "minifi"
-    static_configs:
-      - targets: ["minifi-cpp-flow-{feature_id}:9936"]
+            extra_ssl_settings = """
     scheme: https
     tls_config:
       ca_file: /etc/prometheus/certs/root-ca.pem
-""".format(feature_id=self.feature_context.id)
-            self.yaml_file = tempfile.NamedTemporaryFile(delete=False)
-            self.yaml_file.write(prometheus_yml_content.encode())
-            self.yaml_file.close()
-            os.chmod(self.yaml_file.name, 0o644)
-        else:
-            prometheus_yml_content = """
+"""
+
+        prometheus_yml_content = """
 global:
   scrape_interval: 2s
   evaluation_interval: 15s
@@ -70,7 +60,9 @@ def __init__(self, feature_context, name, vols, network, image_store, command=No
   - job_name: "minifi"
     static_configs:
       - targets: ["minifi-cpp-flow-{feature_id}:9936"]
-""".format(feature_id=self.feature_context.id)
+{extra_ssl_settings}
+""".format(feature_id=self.feature_context.id, extra_ssl_settings=extra_ssl_settings)
+
         self.yaml_file = tempfile.NamedTemporaryFile(delete=False)
         self.yaml_file.write(prometheus_yml_content.encode())
         self.yaml_file.close()
diff --git a/extensions/prometheus/PrometheusExposerWrapper.cpp b/extensions/prometheus/PrometheusExposerWrapper.cpp
index dab1f0bc80b..4d05e8eef05 100644
--- a/extensions/prometheus/PrometheusExposerWrapper.cpp
+++ b/extensions/prometheus/PrometheusExposerWrapper.cpp
@@ -22,7 +22,7 @@ namespace org::apache::nifi::minifi::extensions::prometheus {
 
 PrometheusExposerWrapper::PrometheusExposerWrapper(const PrometheusExposerConfig& config)
     : exposer_(parseExposerConfig(config)) {
-  logger_->log_info("Started Prometheus metrics publisher on port %" PRIu32, config.port);
+  logger_->log_info("Started Prometheus metrics publisher on port %" PRIu32 "%s", config.port, config.certificate ? " with TLS enabled" : "");
 }
 
 std::vector<std::string> PrometheusExposerWrapper::parseExposerConfig(const PrometheusExposerConfig& config) {