Skip to content

ROX-28151: Prometheus registry per user token#15809

Merged
parametalol merged 2 commits intomasterfrom
michael/ROX-28151-cached-user-registry
Sep 9, 2025
Merged

ROX-28151: Prometheus registry per user token#15809
parametalol merged 2 commits intomasterfrom
michael/ROX-28151-cached-user-registry

Conversation

@parametalol
Copy link
Copy Markdown
Contributor

@parametalol parametalol commented Jun 23, 2025
edited
Loading

Description

Instantiate a dedicated Prometheus registry for serving custom metrics per token identity.
This allows for application of SAC to the exposed data.

User-facing documentation

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • added unit tests
  • added e2e tests
  • added regression tests
  • added compatibility tests
  • modified existing tests

How I validated my change

Unit tests.

Current dependencies on/for this PR:

@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Jun 23, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

This was referenced Jun 23, 2025
Closed
Closed
Closed
Closed
Merged
Merged
Merged
@parametalol parametalol changed the title michael/ROX-28151-cached-user-registry ROX-28151: Prometheus registry per user token Jun 23, 2025
@rhacs-bot
Copy link
Copy Markdown
Contributor

rhacs-bot commented Jun 23, 2025
edited
Loading

Images are ready for the commit at 59ff74d.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.9.x-719-g59ff74da34.

@codecov
Copy link
Copy Markdown

codecov bot commented Jun 23, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 83.60656% with 10 lines in your changes missing coverage. Please review.
✅ Project coverage is 48.67%. Comparing base (a2e1094) to head (59ff74d).
⚠️ Report is 3 commits behind head on master.

Files with missing lines Patch % Lines
central/metrics/custom/tracker/tracker_base.go 76.92% 6 Missing and 3 partials ⚠️
central/metrics/custom/singleton.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #15809      +/-   ##
==========================================
+ Coverage   48.66%   48.67%   +0.01%     
==========================================
  Files        2676     2676              
  Lines      199776   199818      +42     
==========================================
+ Hits        97216    97261      +45     
+ Misses      94950    94946       -4     
- Partials     7610     7611       +1
Flag Coverage Δ
go-unit-tests 48.67% <83.60%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@parametalol parametalol force-pushed the michael/ROX-28151-cached-runner branch from 9430e5c to fe18a4b Compare July 2, 2025 07:42
@parametalol parametalol force-pushed the michael/ROX-28151-cached-user-registry branch 2 times, most recently from fdc542a to 5f63d54 Compare July 2, 2025 13:35
@parametalol parametalol mentioned this pull request Jul 16, 2025
Merged
9 tasks
@parametalol parametalol mentioned this pull request Jul 28, 2025
Merged
9 tasks
@parametalol parametalol force-pushed the michael/ROX-28151-cached-runner branch 3 times, most recently from 7dba6d0 to 4565760 Compare August 18, 2025 09:58
@parametalol parametalol mentioned this pull request Aug 18, 2025
Merged
9 tasks
@parametalol parametalol force-pushed the michael/ROX-28151-cached-user-registry branch from 5f63d54 to 8f83cd6 Compare August 18, 2025 16:10
@parametalol parametalol force-pushed the michael/ROX-28151-cached-runner branch 2 times, most recently from 5f58398 to 680ac3e Compare September 1, 2025 09:09
@parametalol parametalol force-pushed the michael/ROX-28151-cached-user-registry branch from 8f83cd6 to 15ab479 Compare September 1, 2025 09:43
@parametalol parametalol marked this pull request as ready for review September 1, 2025 09:51
stehessel
stehessel approved these changes Sep 3, 2025
View reviewed changes
@parametalol parametalol force-pushed the michael/ROX-28151-cached-user-registry branch 2 times, most recently from d1e3217 to 19b236f Compare September 5, 2025 12:27
@parametalol parametalol force-pushed the michael/ROX-28151-cached-runner branch from 7058c8a to 924e8b3 Compare September 8, 2025 14:22
@parametalol parametalol requested a review from a team as a code owner September 8, 2025 14:22
Base automatically changed from michael/ROX-28151-cached-runner to master September 8, 2025 16:38
@parametalol parametalol force-pushed the michael/ROX-28151-cached-user-registry branch from 19b236f to bd20b8f Compare September 8, 2025 19:20
@parametalol parametalol enabled auto-merge (squash) September 8, 2025 19:22
@parametalol
Copy link
Copy Markdown
Contributor Author

parametalol commented Sep 9, 2025

/retest

@red-hat-konflux
Copy link
Copy Markdown
Contributor

red-hat-konflux bot commented Sep 9, 2025

Caution

There are some errors in your PipelineRun template.

PipelineRun Error
central-db-on-push CEL expression evaluation error: expression "(\n event == \"push\" && target_branch.matches(\"^(master|release-.*|refs/tags/.*)$\")\n) || (\n event == \"pull_request\" && (\n target_branch.startsWith(\"release-\") ||\n source_branch.matches(\"(konflux|renovate|appstudio|rhtap)\") ||\n (has(body.pull_request.labels) && body.pull_request.labels.exists(l, l.name == \"konflux-build\"))\n ) && body.action != \"ready_for_review\"\n)\n" failed to evaluate: no such key: pull_request
main-on-push CEL expression evaluation error: expression "(\n event == \"push\" && target_branch.matches(\"^(master|release-.*|refs/tags/.*)$\")\n) || (\n event == \"pull_request\" && (\n target_branch.startsWith(\"release-\") ||\n source_branch.matches(\"(konflux|renovate|appstudio|rhtap)\") ||\n (has(body.pull_request.labels) && body.pull_request.labels.exists(l, l.name == \"konflux-build\"))\n ) && body.action != \"ready_for_review\"\n)\n" failed to evaluate: no such key: pull_request
operator-on-push CEL expression evaluation error: expression "(\n event == \"push\" && target_branch.matches(\"^(master|release-.*|refs/tags/.*)$\")\n) || (\n event == \"pull_request\" && (\n target_branch.startsWith(\"release-\") ||\n source_branch.matches(\"(konflux|renovate|appstudio|rhtap)\") ||\n (has(body.pull_request.labels) && body.pull_request.labels.exists(l, l.name == \"konflux-build\"))\n ) && body.action != \"ready_for_review\"\n)\n" failed to evaluate: no such key: pull_request
operator-bundle-on-push CEL expression evaluation error: expression "(\n event == \"push\" && target_branch.matches(\"^(master|release-.*|refs/tags/.*)$\")\n) || (\n event == \"pull_request\" && (\n target_branch.startsWith(\"release-\") ||\n source_branch.matches(\"(konflux|renovate|appstudio|rhtap)\") ||\n (has(body.pull_request.labels) && body.pull_request.labels.exists(l, l.name == \"konflux-build\"))\n ) && body.action != \"ready_for_review\"\n)\n" failed to evaluate: no such key: pull_request
retag-collector CEL expression evaluation error: expression "(\n event == \"push\" && target_branch.matches(\"^(master|release-.*|refs/tags/.*)$\")\n) || (\n event == \"pull_request\" && (\n target_branch.startsWith(\"release-\") ||\n source_branch.matches(\"(konflux|renovate|appstudio|rhtap)\") ||\n (has(body.pull_request.labels) && body.pull_request.labels.exists(l, l.name == \"konflux-build\"))\n ) && body.action != \"ready_for_review\"\n)\n" failed to evaluate: no such key: pull_request
retag-scanner-db-slim CEL expression evaluation error: expression "(\n event == \"push\" && target_branch.matches(\"^(master|release-.*|refs/tags/.*)$\")\n) || (\n event == \"pull_request\" && (\n target_branch.startsWith(\"release-\") ||\n source_branch.matches(\"(konflux|renovate|appstudio|rhtap)\") ||\n (has(body.pull_request.labels) && body.pull_request.labels.exists(l, l.name == \"konflux-build\"))\n ) && body.action != \"ready_for_review\"\n)\n" failed to evaluate: no such key: pull_request
retag-scanner-db CEL expression evaluation error: expression "(\n event == \"push\" && target_branch.matches(\"^(master|release-.*|refs/tags/.*)$\")\n) || (\n event == \"pull_request\" && (\n target_branch.startsWith(\"release-\") ||\n source_branch.matches(\"(konflux|renovate|appstudio|rhtap)\") ||\n (has(body.pull_request.labels) && body.pull_request.labels.exists(l, l.name == \"konflux-build\"))\n ) && body.action != \"ready_for_review\"\n)\n" failed to evaluate: no such key: pull_request
retag-scanner-slim CEL expression evaluation error: expression "(\n event == \"push\" && target_branch.matches(\"^(master|release-.*|refs/tags/.*)$\")\n) || (\n event == \"pull_request\" && (\n target_branch.startsWith(\"release-\") ||\n source_branch.matches(\"(konflux|renovate|appstudio|rhtap)\") ||\n (has(body.pull_request.labels) && body.pull_request.labels.exists(l, l.name == \"konflux-build\"))\n ) && body.action != \"ready_for_review\"\n)\n" failed to evaluate: no such key: pull_request
retag-scanner CEL expression evaluation error: expression "(\n event == \"push\" && target_branch.matches(\"^(master|release-.*|refs/tags/.*)$\")\n) || (\n event == \"pull_request\" && (\n target_branch.startsWith(\"release-\") ||\n source_branch.matches(\"(konflux|renovate|appstudio|rhtap)\") ||\n (has(body.pull_request.labels) && body.pull_request.labels.exists(l, l.name == \"konflux-build\"))\n ) && body.action != \"ready_for_review\"\n)\n" failed to evaluate: no such key: pull_request
roxctl-on-push CEL expression evaluation error: expression "(\n event == \"push\" && target_branch.matches(\"^(master|release-.*|refs/tags/.*)$\")\n) || (\n event == \"pull_request\" && (\n target_branch.startsWith(\"release-\") ||\n source_branch.matches(\"(konflux|renovate|appstudio|rhtap)\") ||\n (has(body.pull_request.labels) && body.pull_request.labels.exists(l, l.name == \"konflux-build\"))\n ) && body.action != \"ready_for_review\"\n)\n" failed to evaluate: no such key: pull_request
scanner-v4-on-push CEL expression evaluation error: expression "(\n event == \"push\" && target_branch.matches(\"^(master|release-.*|refs/tags/.*)$\")\n) || (\n event == \"pull_request\" && (\n target_branch.startsWith(\"release-\") ||\n source_branch.matches(\"(konflux|renovate|appstudio|rhtap)\") ||\n (has(body.pull_request.labels) && body.pull_request.labels.exists(l, l.name == \"konflux-build\"))\n ) && body.action != \"ready_for_review\"\n)\n" failed to evaluate: no such key: pull_request
scanner-v4-db-on-push CEL expression evaluation error: expression "(\n event == \"push\" && target_branch.matches(\"^(master|release-.*|refs/tags/.*)$\")\n) || (\n event == \"pull_request\" && (\n target_branch.startsWith(\"release-\") ||\n source_branch.matches(\"(konflux|renovate|appstudio|rhtap)\") ||\n (has(body.pull_request.labels) && body.pull_request.labels.exists(l, l.name == \"konflux-build\"))\n ) && body.action != \"ready_for_review\"\n)\n" failed to evaluate: no such key: pull_request

@parametalol parametalol force-pushed the michael/ROX-28151-cached-user-registry branch from bd20b8f to f76345c Compare September 9, 2025 07:27
@parametalol
Copy link
Copy Markdown
Contributor Author

parametalol commented Sep 9, 2025

/retest

@parametalol parametalol disabled auto-merge September 9, 2025 12:59
@parametalol parametalol force-pushed the michael/ROX-28151-cached-user-registry branch from f76345c to 718e3ca Compare September 9, 2025 13:13
@parametalol parametalol enabled auto-merge (squash) September 9, 2025 13:13
@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Sep 9, 2025
edited
Loading

@parametalol: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/gke-scanner-v4-install-tests 19b236f link false /test gke-scanner-v4-install-tests
ci/prow/gke-operator-e2e-tests 19b236f link false /test gke-operator-e2e-tests
ci/prow/ocp-4-19-qa-e2e-tests 19b236f link false /test ocp-4-19-qa-e2e-tests
ci/prow/ocp-4-19-scanner-v4-install-tests 19b236f link false /test ocp-4-19-scanner-v4-install-tests
ci/prow/ocp-4-19-operator-e2e-tests 19b236f link false /test ocp-4-19-operator-e2e-tests
ci/prow/ocp-4-19-ui-e2e-tests 19b236f link false /test ocp-4-19-ui-e2e-tests
ci/prow/ocp-4-12-qa-e2e-tests 19b236f link false /test ocp-4-12-qa-e2e-tests
ci/prow/ocp-4-12-operator-e2e-tests 19b236f link false /test ocp-4-12-operator-e2e-tests
ci/prow/ocp-4-12-scanner-v4-install-tests 19b236f link false /test ocp-4-12-scanner-v4-install-tests

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@parametalol parametalol force-pushed the michael/ROX-28151-cached-user-registry branch from 718e3ca to 59ff74d Compare September 9, 2025 16:15
@parametalol parametalol merged commit 6cf33f1 into master Sep 9, 2025
86 of 89 checks passed
@parametalol parametalol deleted the michael/ROX-28151-cached-user-registry branch September 9, 2025 18:27
ksurabhi91 pushed a commit that referenced this pull request Sep 11, 2025
@parametalol @ksurabhi91
ROX-28151: Prometheus registry per user token (#15809)
25cd99b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stehessel stehessel stehessel approved these changes

Assignees

No one assigned

Labels

area/central

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@parametalol @rhacs-bot @stehessel @janisz