fix(insights): set User-Agent header for UHC Auth Proxy (#677)

* fix(insights): set User-Agent header for UHC Auth Proxy

* Separate operator version from image version

Makefile

@@ -8,7 +8,8 @@ OS = $(shell go env GOOS)
 ARCH = $(shell go env GOARCH)
 
 # Current Operator version
-IMAGE_VERSION ?= 2.5.0-dev
+export OPERATOR_VERSION ?= 2.5.0-dev
+IMAGE_VERSION ?= $(OPERATOR_VERSION)
 BUNDLE_VERSION ?= $(IMAGE_VERSION)
 DEFAULT_NAMESPACE ?= quay.io/cryostat
 IMAGE_NAMESPACE ?= $(DEFAULT_NAMESPACE)
@@ -128,7 +129,7 @@ INSIGHTS_PROXY_NAMESPACE ?= quay.io/3scale
 INSIGHTS_PROXY_NAME ?= apicast
 INSIGHTS_PROXY_VERSION ?= insights-01
 export INSIGHTS_PROXY_IMG ?= $(INSIGHTS_PROXY_NAMESPACE)/$(INSIGHTS_PROXY_NAME):$(INSIGHTS_PROXY_VERSION)
-export INSIGHTS_BACKEND ?= cert.console.redhat.com
+export INSIGHTS_BACKEND ?= console.redhat.com
 else
 KUSTOMIZE_DIR ?= config/default
 endif

bundle/manifests/cryostat-operator.clusterserviceversion.yaml

@@ -54,7 +54,7 @@ metadata:
     capabilities: Seamless Upgrades
     categories: Monitoring, Developer Tools
     containerImage: quay.io/cryostat/cryostat-operator:2.5.0-dev
-    createdAt: "2023-11-07T20:18:21Z"
+    createdAt: "2023-11-13T21:47:45Z"
     description: JVM monitoring and profiling tool
     operatorframework.io/initialization-resource: |-
       {
@@ -971,6 +971,14 @@ spec:
           - list
           - update
           - watch
+        - apiGroups:
+          - config.openshift.io
+          resources:
+          - clusterversions
+          verbs:
+          - get
+          - list
+          - watch
         - apiGroups:
           - console.openshift.io
           resources:

config/insights/insights_patch.yaml

@@ -14,4 +14,4 @@ spec:
         - name: INSIGHTS_ENABLED
           value: "true"
         - name: INSIGHTS_BACKEND_DOMAIN
-          value: "cert.console.redhat.com"
+          value: "console.redhat.com"

config/rbac/role.yaml

@@ -97,6 +97,14 @@ rules:
   - list
   - update
   - watch
+- apiGroups:
+  - config.openshift.io
+  resources:
+  - clusterversions
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - console.openshift.io
   resources:

internal/controllers/insights/apicast.go

@@ -23,6 +23,7 @@ type apiCastConfigParams struct {
 	FrontendDomains       string
 	BackendInsightsDomain string
 	HeaderValue           string
+	UserAgent             string
 	ProxyDomain           string
 }
 
@@ -63,6 +64,12 @@ var apiCastConfigTemplate = template.Must(template.New("").Parse(`{
                   "header": "Authorization",
                   "value_type": "plain",
                   "value": "Bearer {{ .HeaderValue }}"
+                },
+                {
+                  "op": "set",
+                  "header": "User-Agent",
+                  "value_type": "plain",
+                  "value": "{{ .UserAgent }}"
                 }
               ]
             }

internal/controllers/insights/insights.go

@@ -21,8 +21,10 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/cryostatio/cryostat-operator/internal/controllers"
 	"github.com/cryostatio/cryostat-operator/internal/controllers/common"
 	"github.com/cryostatio/cryostat-operator/internal/controllers/constants"
+	configv1 "github.com/openshift/api/config/v1"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
@@ -63,11 +65,17 @@ func (r *InsightsReconciler) reconcilePullSecret(ctx context.Context) error {
 		return err
 	}
 
+	userAgent, err := r.getUserAgentString(ctx)
+	if err != nil {
+		return err
+	}
+
 	params := &apiCastConfigParams{
 		FrontendDomains:       fmt.Sprintf("\"%s\",\"%s.%s.svc.cluster.local\"", ProxyServiceName, ProxyServiceName, r.Namespace),
 		BackendInsightsDomain: r.backendDomain,
 		ProxyDomain:           r.proxyDomain,
 		HeaderValue:           *token,
+		UserAgent:             *userAgent,
 	}
 	config, err := getAPICastConfig(params)
 	if err != nil {
@@ -149,6 +157,17 @@ func (r *InsightsReconciler) getTokenFromPullSecret(ctx context.Context) (*strin
 	return &token, nil
 }
 
+func (r *InsightsReconciler) getUserAgentString(ctx context.Context) (*string, error) {
+	cv := &configv1.ClusterVersion{}
+	err := r.Client.Get(ctx, types.NamespacedName{Name: "version"}, cv)
+	if err != nil {
+		return nil, err
+	}
+
+	userAgent := fmt.Sprintf("cryostat-operator/%s cluster/%s", controllers.OperatorVersion, cv.Spec.ClusterID)
+	return &userAgent, nil
+}
+
 func (r *InsightsReconciler) createOrUpdateProxySecret(ctx context.Context, secret *corev1.Secret, owner metav1.Object,
 	config string) error {
 	op, err := controllerutil.CreateOrUpdate(ctx, r.Client, secret, func() error {

internal/controllers/insights/insights_controller.go

@@ -85,6 +85,7 @@ func NewInsightsReconciler(config *InsightsReconcilerConfig) (*InsightsReconcile
 
 // +kubebuilder:rbac:groups=apps,resources=deployments;deployments/finalizers,verbs=*
 // +kubebuilder:rbac:groups="",resources=services;secrets;configmaps;configmaps/finalizers,verbs=*
+// +kubebuilder:rbac:groups=config.openshift.io,resources=clusterversions,verbs=get;list;watch
 
 // Reconcile processes the Insights proxy deployment and configures it accordingly
 func (r *InsightsReconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.Result, error) {

internal/controllers/insights/insights_controller_test.go

@@ -63,6 +63,7 @@ var _ = Describe("InsightsController", func() {
 			t.objs = []ctrlclient.Object{
 				t.NewNamespace(),
 				t.NewGlobalPullSecret(),
+				t.NewClusterVersion(),
 				t.NewOperatorDeployment(),
 				t.NewProxyConfigMap(),
 			}

internal/controllers/insights/test/resources.go

@@ -18,6 +18,7 @@ import (
 	"fmt"
 
 	"github.com/cryostatio/cryostat-operator/internal/test"
+	configv1 "github.com/openshift/api/config/v1"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
@@ -30,6 +31,8 @@ type InsightsTestResources struct {
 	Resources *corev1.ResourceRequirements
 }
 
+const expectedOperatorVersion = "2.5.0-dev"
+
 func (r *InsightsTestResources) NewGlobalPullSecret() *corev1.Secret {
 	config := `{"auths":{"example.com":{"auth":"hello"},"cloud.openshift.com":{"auth":"world"}}}`
 	return &corev1.Secret{
@@ -118,6 +121,12 @@ func (r *InsightsTestResources) NewInsightsProxySecret() *corev1.Secret {
 								"header": "Authorization",
 								"value_type": "plain",
 								"value": "Bearer world"
+							  },
+							  {
+								"op": "set",
+								"header": "User-Agent",
+								"value_type": "plain",
+								"value": "cryostat-operator/%s cluster/abcde"
 							  }
 							]
 						  }
@@ -139,7 +148,7 @@ func (r *InsightsTestResources) NewInsightsProxySecret() *corev1.Secret {
 					}
 				  }
 				]
-			  }`, r.Namespace),
+			  }`, r.Namespace, expectedOperatorVersion),
 		},
 	}
 }
@@ -186,6 +195,12 @@ func (r *InsightsTestResources) NewInsightsProxySecretWithProxyDomain() *corev1.
 								"header": "Authorization",
 								"value_type": "plain",
 								"value": "Bearer world"
+							  },
+							  {
+								"op": "set",
+								"header": "User-Agent",
+								"value_type": "plain",
+								"value": "cryostat-operator/%s cluster/abcde"
 							  }
 							]
 						  }
@@ -207,7 +222,7 @@ func (r *InsightsTestResources) NewInsightsProxySecretWithProxyDomain() *corev1.
 					}
 				  }
 				]
-			  }`, r.Namespace),
+			  }`, r.Namespace, expectedOperatorVersion),
 		},
 	}
 }
@@ -365,3 +380,14 @@ func (r *InsightsTestResources) NewInsightsProxyService() *corev1.Service {
 		},
 	}
 }
+
+func (r *InsightsTestResources) NewClusterVersion() *configv1.ClusterVersion {
+	return &configv1.ClusterVersion{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "version",
+		},
+		Spec: configv1.ClusterVersionSpec{
+			ClusterID: "abcde",
+		},
+	}
+}

internal/main.go

@@ -147,9 +147,12 @@ func main() {
 	}
 
 	// Optionally enable Insights integration. Will only be enabled if INSIGHTS_ENABLED is true
-	insightsURL, err := insights.NewInsightsIntegration(mgr, &setupLog).Setup()
-	if err != nil {
-		setupLog.Error(err, "failed to set up Insights integration")
+	var insightsURL *url.URL
+	if openShift {
+		insightsURL, err = insights.NewInsightsIntegration(mgr, &setupLog).Setup()
+		if err != nil {
+			setupLog.Error(err, "failed to set up Insights integration")
+		}
 	}
 
 	config := newReconcilerConfig(mgr, "ClusterCryostat", "clustercryostat-controller", openShift,
@@ -185,7 +188,7 @@ func main() {
 		os.Exit(1)
 	}
 
-	setupLog.Info("starting manager")
+	setupLog.Info("starting manager", "version", controllers.OperatorVersion)
 	if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
 		setupLog.Error(err, "problem running manager")
 		os.Exit(1)

internal/tools/const_generator.go

@@ -23,6 +23,7 @@ import (
 )
 
 const appNameEnv = "APP_NAME"
+const operatorVersionEnv = "OPERATOR_VERSION"
 const coreImageEnv = "CORE_IMG"
 const datasourceImageEnv = "DATASOURCE_IMG"
 const grafanaImageEnv = "GRAFANA_IMG"
@@ -35,12 +36,14 @@ func main() {
 	// Fill in image tags struct from the environment variables
 	consts := struct {
 		AppName            string
+		OperatorVersion    string
 		CoreImageTag       string
 		DatasourceImageTag string
 		GrafanaImageTag    string
 		ReportsImageTag    string
 	}{
 		AppName:            getEnvVar(appNameEnv),
+		OperatorVersion:    getEnvVar(operatorVersionEnv),
 		CoreImageTag:       getEnvVar(coreImageEnv),
 		DatasourceImageTag: getEnvVar(datasourceImageEnv),
 		GrafanaImageTag:    getEnvVar(grafanaImageEnv),
@@ -74,6 +77,9 @@ package controllers
 // User facing name of the operand application
 const AppName = "{{ .AppName }}"
 
+// Version of the Cryostat Operator
+const OperatorVersion = "{{ .OperatorVersion }}"
+
 // Default image tag for the core application image
 const DefaultCoreImageTag = "{{ .CoreImageTag }}"