Skip to content

GitLab

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

Connect self-monitoring project to internal Prometheus

Review changes
Download
Patches
Plain diff

Reuben Pereira requested to merge 32353-project-connect-prometheus into master Oct 30, 2019

Overview 5
Commits 1
Pipelines 12
Changes 5

What does this MR do?

Why do we need this change?

The self-monitoring project (#26370 (closed)) needs to be able to connect to the internal Prometheus instance in order to be able to display charts and metrics about the performance of the GitLab instance.

The internal Prometheus instance URL is a localhost URL usually. However, by default GitLab does not allow localhost URLs to be used in webhooks.

Possible solutions

There is a whitelist which allows specific localhost URLs to be whitelisted, but that allows any project/webhook in the entire GitLab instance to connect to the whitelisted URL.
An ideal solution would be to have a project specific whitelist which will only whitelist a localhost URL for a specific project. However, this feature does not exist as yet.
Another option (the one we've chosen) is to allow the PrometheusService to use a localhost URL in its api_url attribute when the following conditions are met:
- The project that the PrometheusService belongs to is the self-monitoring project.
- The api_url is the address of the internal Prometheus instance.

Summary of changes

In summary, the changes that this MR contains are:

In PrometheusService model:
1. Use the AddressableUrlValidator to validate the api_url if the project it belongs to is the self-monitoring project and the api_url contains the Prometheus internal URL. This will allow the self-monitoring project to connect to the internal Prometheus URL.
2. Use the PublicUrlValidator in all other cases.

Issue: #32353 (closed)

Screenshots

Does this MR meet the acceptance criteria?

Conformity

~~Changelog entry~~
Documentation created/updated or follow-up review issue created
Code review guidelines
Merge request performance guidelines
Style guides
~~Database guides~~
~~Separation of EE specific content~~

Availability and Testing

Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
Tested in all supported browsers

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

Label as security and @ mention @gitlab-com/gl-security/appsec
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
Security reports checked/validated by a reviewer from the AppSec team

Edited Nov 16, 2020 by 🤖 GitLab Bot 🤖

Merge request reports

Assignee

Select assignees

Reviewers

Request review from

Time tracking