From 93dc6baab97b18cb45894093c8e2a16aae5c5875 Mon Sep 17 00:00:00 2001
From: Zbynek Roubalik <zroubalik@gmail.com>
Date: Fri, 4 Nov 2022 16:56:35 -0400
Subject: [PATCH 1/2] chore: use kedacore hosted images for prom e2e tests
 (#3824)

Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com>
---
 tests/scalers/prometheus/prometheus_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/scalers/prometheus/prometheus_test.go b/tests/scalers/prometheus/prometheus_test.go
index d5e9261b60c..53ee04fea03 100644
--- a/tests/scalers/prometheus/prometheus_test.go
+++ b/tests/scalers/prometheus/prometheus_test.go
@@ -65,7 +65,7 @@ spec:
     spec:
       containers:
       - name: prom-test-app
-        image: quay.io/zroubalik/prometheus-app:latest
+        image: ghcr.io/kedacore/tests-prometheus:latest
         imagePullPolicy: IfNotPresent
         securityContext:
           allowPrivilegeEscalation: false
@@ -98,7 +98,7 @@ spec:
     spec:
       containers:
       - name: prom-test-app
-        image: quay.io/zroubalik/prometheus-app:latest
+        image: ghcr.io/kedacore/tests-prometheus:latest
         imagePullPolicy: IfNotPresent
         securityContext:
           allowPrivilegeEscalation: false

From 4653241e8eb2d1d8ecfe76e2070ecaac9c346264 Mon Sep 17 00:00:00 2001
From: Garret Wyman <garret_wyman@hotmail.com>
Date: Fri, 4 Nov 2022 17:27:49 -0400
Subject: [PATCH 2/2] Metrics api unsafessl (#3823)

Signed-off-by: Garret Wyman <garret_wyman@hotmail.com>
Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es>
---
 CHANGELOG.md                           |  1 +
 pkg/scalers/metrics_api_scaler.go      | 13 +++++++++++--
 pkg/scalers/metrics_api_scaler_test.go |  6 ++++++
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 144e37954cd..8fdf78eff2d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -58,6 +58,7 @@ To learn more about active deprecations, we recommend checking [GitHub Discussio
 - **GCP Storage Scaler:** Add prefix and delimiter support ([#3756](https://github.com/kedacore/keda/issues/3756))
 - **Prometheus Scaler:** Introduce skipping of certificate check for unsigned certs ([#2310](https://github.com/kedacore/keda/issues/2310))
 - **Event Hubs Scaler:** Support Azure Active Direcotry Pod & Workload Identity for Storage Blobs ([#3569](https://github.com/kedacore/keda/issues/3569))
+- **Metrics API Scaler:** Add unsafeSsl paramater to skip certificate validation when connecting over HTTPS ([#3728](https://github.com/kedacore/keda/discussions/3728))
 
 ### Fixes
 
diff --git a/pkg/scalers/metrics_api_scaler.go b/pkg/scalers/metrics_api_scaler.go
index 0779cd39eac..f8e7fa33532 100644
--- a/pkg/scalers/metrics_api_scaler.go
+++ b/pkg/scalers/metrics_api_scaler.go
@@ -33,6 +33,7 @@ type metricsAPIScalerMetadata struct {
 	activationTargetValue float64
 	url                   string
 	valueLocation         string
+	unsafeSsl             bool
 
 	// apiKeyAuth
 	enableAPIKeyAuth bool
@@ -76,14 +77,13 @@ func NewMetricsAPIScaler(config *ScalerConfig) (Scaler, error) {
 		return nil, fmt.Errorf("error parsing metric API metadata: %s", err)
 	}
 
-	httpClient := kedautil.CreateHTTPClient(config.GlobalHTTPTimeout, false)
+	httpClient := kedautil.CreateHTTPClient(config.GlobalHTTPTimeout, meta.unsafeSsl)
 
 	if meta.enableTLS || len(meta.ca) > 0 {
 		config, err := kedautil.NewTLSConfig(meta.cert, meta.key, meta.ca)
 		if err != nil {
 			return nil, err
 		}
-
 		httpClient.Transport = &http.Transport{TLSClientConfig: config}
 	}
 
@@ -99,6 +99,15 @@ func parseMetricsAPIMetadata(config *ScalerConfig) (*metricsAPIScalerMetadata, e
 	meta := metricsAPIScalerMetadata{}
 	meta.scalerIndex = config.ScalerIndex
 
+	meta.unsafeSsl = false
+	if val, ok := config.TriggerMetadata["unsafeSsl"]; ok {
+		unsafeSsl, err := strconv.ParseBool(val)
+		if err != nil {
+			return nil, fmt.Errorf("error parsing unsafeSsl: %s", err)
+		}
+		meta.unsafeSsl = unsafeSsl
+	}
+
 	if val, ok := config.TriggerMetadata["targetValue"]; ok {
 		targetValue, err := strconv.ParseFloat(val, 64)
 		if err != nil {
diff --git a/pkg/scalers/metrics_api_scaler_test.go b/pkg/scalers/metrics_api_scaler_test.go
index 755550d29cd..badefdfe1c9 100644
--- a/pkg/scalers/metrics_api_scaler_test.go
+++ b/pkg/scalers/metrics_api_scaler_test.go
@@ -67,6 +67,12 @@ var testMetricsAPIAuthMetadata = []metricAPIAuthMetadataTestData{
 	{map[string]string{"url": "http://dummy:1230/api/v1/", "valueLocation": "metric", "targetValue": "42", "authMode": "bearer"}, map[string]string{"token": "bearerTokenValue"}, false},
 	// fail bearerAuth without token
 	{map[string]string{"url": "http://dummy:1230/api/v1/", "valueLocation": "metric", "targetValue": "42", "authMode": "bearer"}, map[string]string{}, true},
+	// success unsafeSsl true
+	{map[string]string{"url": "http://dummy:1230/api/v1/", "valueLocation": "metric", "targetValue": "42", "unsafeSsl": "true"}, map[string]string{}, false},
+	// success unsafeSsl false
+	{map[string]string{"url": "http://dummy:1230/api/v1/", "valueLocation": "metric", "targetValue": "42", "unsafeSsl": "false"}, map[string]string{}, false},
+	// failed unsafeSsl non bool
+	{map[string]string{"url": "http://dummy:1230/api/v1/", "valueLocation": "metric", "targetValue": "42", "unsafeSsl": "yes"}, map[string]string{}, true},
 }
 
 func TestParseMetricsAPIMetadata(t *testing.T) {