From 2edc625f28f8dbaea4a3c16f4ec808569c159561 Mon Sep 17 00:00:00 2001
From: Adam Grare <agrare@redhat.com>
Date: Mon, 3 Aug 2020 10:43:31 -0400
Subject: [PATCH] Verify prometheus_alerts credentials

---
 .../kubernetes/container_manager_mixin.rb         | 15 +++++++++++++--
 .../kubernetes/monitoring_manager_mixin.rb        | 12 ++++++++++++
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/app/models/manageiq/providers/kubernetes/container_manager_mixin.rb b/app/models/manageiq/providers/kubernetes/container_manager_mixin.rb
index 6f53fdadf2..3b8b9a2076 100644
--- a/app/models/manageiq/providers/kubernetes/container_manager_mixin.rb
+++ b/app/models/manageiq/providers/kubernetes/container_manager_mixin.rb
@@ -658,8 +658,7 @@ def verify_credentials(args)
       when 'prometheus'
         verify_prometheus_credentials(hostname, port, options)
       when 'prometheus_alerts'
-        # TODO: implement validation calls for these endpoint types
-        return true
+        verify_prometheus_alerts_credentials(hostname, port, options)
       else
         # TODO: maybe we need an error message here
         return false
@@ -768,6 +767,18 @@ def prometheus_connect(hostname, port, options)
     def verify_prometheus_credentials(hostname, port, options)
       !!prometheus_connect(hostname, port, options)&.query(:query => "ALL")&.kind_of?(Hash)
     end
+
+    def verify_prometheus_alerts_credentials(hostname, port, options)
+      !!self.parent::MonitoringManager.verify_credentials(
+        :url         => raw_api_endpoint(hostname, port),
+        :path        => options[:path] || "/topics/alerts",
+        :credentials => {:token => options[:bearer]},
+        :ssl         => {
+          :verify     => options.dig(:ssl_options, :verify_ssl) != OpenSSL::SSL::VERIFY_NONE,
+          :cert_store => options.dig(:ssl_options, :ca_file)
+        }
+      )
+    end
   end
 
   PERF_ROLLUP_CHILDREN = [:container_nodes]
diff --git a/app/models/manageiq/providers/kubernetes/monitoring_manager_mixin.rb b/app/models/manageiq/providers/kubernetes/monitoring_manager_mixin.rb
index 3e6fea5eca..506696cf89 100644
--- a/app/models/manageiq/providers/kubernetes/monitoring_manager_mixin.rb
+++ b/app/models/manageiq/providers/kubernetes/monitoring_manager_mixin.rb
@@ -22,6 +22,18 @@ def self.hostname_required?
   end
 
   module ClassMethods
+    def verify_credentials(options)
+      raw_connect(options)&.get&.key?('generationID')
+    rescue OpenSSL::X509::CertificateError => err
+      raise MiqException::MiqInvalidCredentialsError, "SSL Error: #{err.message}"
+    rescue Faraday::ParsingError
+      raise MiqException::MiqUnreachableError, 'Unexpected Response'
+    rescue Faraday::ClientError => err
+      raise MiqException::MiqUnreachableError, err.message
+    rescue StandardError => err
+      raise MiqException::MiqUnreachableError, err.message, err.backtrace
+    end
+
     def raw_connect(options)
       Prometheus::AlertBufferClient::Client.new(options)
     end