From d92e5cb06f6d8b1ddd76b48287664a53c1d1a223 Mon Sep 17 00:00:00 2001
From: Bhaskarjyoti Bora <bhaskar.bora@cockroachlabs.com>
Date: Sun, 12 May 2024 23:46:45 +0530
Subject: [PATCH] roachprod: secure clusters in dynamic admin url port

A recent change to support dynamic cluster port was introduced.
But, that was not considering secured clusters
This change supports secure cluster

Fixes: #117125
Epic: none
---
 pkg/roachprod/promhelperclient/client.go           | 12 +++++++-----
 pkg/roachprod/promhelperclient/client_test.go      |  4 ++--
 pkg/roachprod/promhelperclient/promhelper_utils.go |  2 +-
 pkg/roachprod/roachprod.go                         |  2 +-
 4 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/pkg/roachprod/promhelperclient/client.go b/pkg/roachprod/promhelperclient/client.go
index 0adbf9505e9f..c578783fd5f3 100644
--- a/pkg/roachprod/promhelperclient/client.go
+++ b/pkg/roachprod/promhelperclient/client.go
@@ -67,7 +67,8 @@ func NewPromClient() *PromClient {
 // instanceConfigRequest is the HTTP request received for generating instance config
 type instanceConfigRequest struct {
 	//Config is the content of the yaml file
-	Config string `json:"config"`
+	Config   string `json:"config"`
+	Insecure bool   `json:"insecure"`
 }
 
 // UpdatePrometheusTargets updates the cluster config in the promUrl
@@ -76,9 +77,10 @@ func (c *PromClient) UpdatePrometheusTargets(
 	promUrl, clusterName string,
 	forceFetchCreds bool,
 	nodes []string,
+	insecure bool,
 	l *logger.Logger,
 ) error {
-	req, err := buildCreateRequest(nodes)
+	req, err := buildCreateRequest(nodes, insecure)
 	if err != nil {
 		return err
 	}
@@ -99,7 +101,7 @@ func (c *PromClient) UpdatePrometheusTargets(
 		defer func() { _ = response.Body.Close() }()
 		if response.StatusCode == http.StatusUnauthorized && !forceFetchCreds {
 			l.Printf("request failed - this may be due to a stale token. retrying with forceFetchCreds true ...")
-			return c.UpdatePrometheusTargets(ctx, promUrl, clusterName, true, nodes, l)
+			return c.UpdatePrometheusTargets(ctx, promUrl, clusterName, true, nodes, insecure, l)
 		}
 		body, err := io.ReadAll(response.Body)
 		if err != nil {
@@ -160,7 +162,7 @@ const clusterConfFileTemplate = `- targets:
 `
 
 // createClusterConfigFile creates the cluster config file per node
-func buildCreateRequest(nodes []string) (io.Reader, error) {
+func buildCreateRequest(nodes []string, insecure bool) (io.Reader, error) {
 	buffer := bytes.NewBufferString("---\n")
 	for i, n := range nodes {
 		if n == "" {
@@ -181,7 +183,7 @@ func buildCreateRequest(nodes []string) (io.Reader, error) {
 		}
 	}
 
-	b, err := json.Marshal(&instanceConfigRequest{Config: buffer.String()})
+	b, err := json.Marshal(&instanceConfigRequest{Config: buffer.String(), Insecure: insecure})
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/roachprod/promhelperclient/client_test.go b/pkg/roachprod/promhelperclient/client_test.go
index cc4fb6177471..6627172d927c 100644
--- a/pkg/roachprod/promhelperclient/client_test.go
+++ b/pkg/roachprod/promhelperclient/client_test.go
@@ -48,7 +48,7 @@ func TestUpdatePrometheusTargets(t *testing.T) {
 				Body:       io.NopCloser(strings.NewReader("failed")),
 			}, nil
 		}
-		err := c.UpdatePrometheusTargets(ctx, promUrl, "c1", false, []string{"n1"}, l)
+		err := c.UpdatePrometheusTargets(ctx, promUrl, "c1", false, []string{"n1"}, true, l)
 		require.NotNil(t, err)
 		require.Equal(t, "request failed with status 400 and error failed", err.Error())
 	})
@@ -76,7 +76,7 @@ func TestUpdatePrometheusTargets(t *testing.T) {
 				StatusCode: 200,
 			}, nil
 		}
-		err := c.UpdatePrometheusTargets(ctx, promUrl, "c1", false, []string{"n1", "", "n3"}, l)
+		err := c.UpdatePrometheusTargets(ctx, promUrl, "c1", false, []string{"n1", "", "n3"}, true, l)
 		require.Nil(t, err)
 	})
 }
diff --git a/pkg/roachprod/promhelperclient/promhelper_utils.go b/pkg/roachprod/promhelperclient/promhelper_utils.go
index a90283e17f50..130b49ca1236 100644
--- a/pkg/roachprod/promhelperclient/promhelper_utils.go
+++ b/pkg/roachprod/promhelperclient/promhelper_utils.go
@@ -23,7 +23,7 @@ import (
 
 var (
 	// promCredFile is where the prom helper credentials are stored
-	promCredFile = os.TempDir() + "promhelpers-secrets"
+	promCredFile = os.TempDir() + "/promhelpers-secrets"
 )
 
 // FetchedFrom indicates where the credentials have been fetched from.
diff --git a/pkg/roachprod/roachprod.go b/pkg/roachprod/roachprod.go
index 1493c63ba5ec..9c30aad65a5b 100644
--- a/pkg/roachprod/roachprod.go
+++ b/pkg/roachprod/roachprod.go
@@ -798,7 +798,7 @@ func updatePrometheusTargets(ctx context.Context, l *logger.Logger, c *install.S
 	if len(nodeIPPorts) > 0 {
 		if err := promhelperclient.NewPromClient().UpdatePrometheusTargets(ctx,
 			envutil.EnvOrDefaultString(prometheusHostUrlEnv, defaultPrometheusHostUrl),
-			c.Name, false, nodeIPPorts, l); err != nil {
+			c.Name, false, nodeIPPorts, !c.Secure, l); err != nil {
 			l.Errorf("creating cluster config failed for the ip:ports %v: %v", nodeIPPorts, err)
 		}
 	}