Fixing cert metric emitting condition param (Azure#3284)

ventifus · Feb 7, 2024 · 7768311 · 7768311
1 parent 0801fd9
commit 7768311
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 16 deletions.
diff --git a/pkg/monitor/cluster/certificateexpirationstatuses.go b/pkg/monitor/cluster/certificateexpirationstatuses.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/x509"
 	"fmt"
+	"net/url"
 	"strings"
 	"time"
 
@@ -46,7 +47,12 @@ func (mon *Monitor) emitCertificateExpirationStatuses(ctx context.Context) error
 		})
 	}
 
-	if dns.IsManagedDomain(mon.oc.Properties.ClusterProfile.Domain) {
+	host, err := getHostFromAPIURL(mon.oc.Properties.APIServerProfile.URL)
+	if err != nil {
+		return err
+	}
+
+	if dns.IsManagedDomain(host) {
 		ic := &operatorv1.IngressController{}
 		err := mon.ocpclientset.Get(ctx, client.ObjectKey{
 			Namespace: ingressNamespace,
@@ -98,6 +104,14 @@ func secretMissingMetric(namespace, name string) map[string]string {
 	}
 }
 
+func getHostFromAPIURL(apiURL string) (string, error) {
+	domain, err := url.Parse(apiURL)
+	if err != nil {
+		return "", err
+	}
+	return domain.Hostname(), nil
+}
+
 func (mon *Monitor) emitEtcdCertificateExpiry(ctx context.Context) error {
 	cv, err := mon.getClusterVersion(ctx)
 	if err != nil {

diff --git a/pkg/monitor/cluster/certificateexpirationstatuses_test.go b/pkg/monitor/cluster/certificateexpirationstatuses_test.go
@@ -30,8 +30,10 @@ type certInfo struct {
 }
 
 const (
-	managedDomainName   = "contoso.aroapp.io"
-	unmanagedDomainName = "aro.contoso.com"
+	managedDomainName     = "contoso.aroapp.io"
+	unmanagedDomainName   = "aro.contoso.com"
+	managedDomainApiURL   = "https://api.contoso.aroapp.io:6443"
+	unmanagedDomainApiURL = "https://api.aro.contoso.com:6443"
 )
 
 func TestEmitCertificateExpirationStatuses(t *testing.T) {
@@ -42,15 +44,15 @@ func TestEmitCertificateExpirationStatuses(t *testing.T) {
 
 	for _, tt := range []struct {
 		name            string
-		domain          string
+		url             string
 		certsPresent    []certInfo
 		wantExpirations []map[string]string
 		wantWarning     []map[string]string
 		wantErr         string
 	}{
 		{
 			name:         "only emits MDSD status for unmanaged domain",
-			domain:       unmanagedDomainName,
+			url:          unmanagedDomainApiURL,
 			certsPresent: []certInfo{{"cluster", "geneva.certificate"}},
 			wantExpirations: []map[string]string{
 				{
@@ -61,8 +63,8 @@ func TestEmitCertificateExpirationStatuses(t *testing.T) {
 			},
 		},
 		{
-			name:   "includes ingress and API status for managed domain",
-			domain: managedDomainName,
+			name: "includes ingress and API status for managed domain",
+			url:  managedDomainApiURL,
 			certsPresent: []certInfo{
 				{"cluster", "geneva.certificate"},
 				{clusterID + "-ingress", managedDomainName},
@@ -87,8 +89,8 @@ func TestEmitCertificateExpirationStatuses(t *testing.T) {
 			},
 		},
 		{
-			name:   "emits warning metric when cluster secret has been deleted",
-			domain: unmanagedDomainName,
+			name: "emits warning metric when cluster secret has been deleted",
+			url:  unmanagedDomainApiURL,
 			wantWarning: []map[string]string{
 				{
 					"namespace": "openshift-azure-operator",
@@ -97,8 +99,8 @@ func TestEmitCertificateExpirationStatuses(t *testing.T) {
 			},
 		},
 		{
-			name:   "emits warning metric when managed domain secret has been deleted",
-			domain: managedDomainName,
+			name: "emits warning metric when managed domain secret has been deleted",
+			url:  managedDomainApiURL,
 			certsPresent: []certInfo{
 				{"cluster", "geneva.certificate"},
 				{clusterID + "-ingress", managedDomainName},
@@ -141,7 +143,7 @@ func TestEmitCertificateExpirationStatuses(t *testing.T) {
 				m.EXPECT().EmitGauge(certificateExpirationMetricName, int64(daysUntilExpiration), g)
 			}
 
-			mon := buildMonitor(m, tt.domain, clusterID, secrets...)
+			mon := buildMonitor(m, tt.url, clusterID, secrets...)
 
 			err = mon.emitCertificateExpirationStatuses(ctx)
 
@@ -157,7 +159,7 @@ func TestEmitCertificateExpirationStatuses(t *testing.T) {
 
 		ctx := context.Background()
 		m := mock_metrics.NewMockEmitter(gomock.NewController(t))
-		mon := buildMonitor(m, managedDomainName, clusterID, secrets...)
+		mon := buildMonitor(m, managedDomainApiURL, clusterID, secrets...)
 
 		wantErr := "unable to find certificate"
 		err := mon.emitCertificateExpirationStatuses(ctx)
@@ -204,7 +206,7 @@ func buildSecret(secretName string, data map[string][]byte) *corev1.Secret {
 	}
 }
 
-func buildMonitor(m *mock_metrics.MockEmitter, domain, id string, secrets ...client.Object) *Monitor {
+func buildMonitor(m *mock_metrics.MockEmitter, url, id string, secrets ...client.Object) *Monitor {
 	ingressController := &operatorv1.IngressController{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "default",
@@ -227,8 +229,8 @@ func buildMonitor(m *mock_metrics.MockEmitter, domain, id string, secrets ...cli
 		m:            m,
 		oc: &api.OpenShiftCluster{
 			Properties: api.OpenShiftClusterProperties{
-				ClusterProfile: api.ClusterProfile{
-					Domain: domain,
+				APIServerProfile: api.APIServerProfile{
+					URL: url,
 				},
 			},
 		},