add auth logic for prometheus and predictkube scalers

.github/workflows/main-build.yml

@@ -83,6 +83,7 @@ jobs:
           OPENSTACK_PASSWORD: ${{ secrets.OPENSTACK_PASSWORD }}
           OPENSTACK_PROJECT_ID: ${{ secrets.OPENSTACK_PROJECT_ID }}
           OPENSTACK_USER_ID: ${{ secrets.OPENSTACK_USER_ID }}
+          PREDICTKUBE_API_KEY: ${{ secrets.PREDICTKUBE_API_KEY }}
           TEST_LOG_ANALYTICS_WORKSPACE_ID: ${{ secrets.TEST_LOG_ANALYTICS_WORKSPACE_ID }}
           TEST_STORAGE_CONNECTION_STRING: ${{ secrets.TEST_STORAGE_CONNECTION_STRING }}
         run: make e2e-test

.github/workflows/nightly-e2e.yml

@@ -37,6 +37,7 @@ jobs:
           OPENSTACK_PASSWORD: ${{ secrets.OPENSTACK_PASSWORD }}
           OPENSTACK_PROJECT_ID: ${{ secrets.OPENSTACK_PROJECT_ID }}
           OPENSTACK_USER_ID: ${{ secrets.OPENSTACK_USER_ID }}
+          PREDICTKUBE_API_KEY: ${{ secrets.PREDICTKUBE_API_KEY }}
           TEST_LOG_ANALYTICS_WORKSPACE_ID: ${{ secrets.TEST_LOG_ANALYTICS_WORKSPACE_ID }}
           TEST_STORAGE_CONNECTION_STRING: ${{ secrets.TEST_STORAGE_CONNECTION_STRING }}
         run: make e2e-test

.github/workflows/pr-e2e.yml

@@ -84,6 +84,7 @@ jobs:
           OPENSTACK_PASSWORD: ${{ secrets.OPENSTACK_PASSWORD }}
           OPENSTACK_PROJECT_ID: ${{ secrets.OPENSTACK_PROJECT_ID }}
           OPENSTACK_USER_ID: ${{ secrets.OPENSTACK_USER_ID }}
+          PREDICTKUBE_API_KEY: ${{ secrets.PREDICTKUBE_API_KEY }}
           TEST_CLUSTER_NAME: keda-pr-run
           TEST_LOG_ANALYTICS_WORKSPACE_ID: ${{ secrets.TEST_LOG_ANALYTICS_WORKSPACE_ID }}
           TEST_STORAGE_CONNECTION_STRING: ${{ secrets.TEST_STORAGE_CONNECTION_STRING }}

go.mod

@@ -17,7 +17,7 @@ require (
 	github.com/Shopify/sarama v1.30.0
 	github.com/aws/aws-sdk-go v1.42.16
 	github.com/denisenkom/go-mssqldb v0.11.0
-	github.com/dysnix/predictkube-libs v0.0.0-20211223143509-07a69ffd545e
+	github.com/dysnix/predictkube-libs v0.0.0-20220110175435-6a14c5918e22
 	github.com/dysnix/predictkube-proto v0.0.0-20211223141524-d309509b6b5f
 	github.com/elastic/go-elasticsearch/v7 v7.15.1
 	github.com/go-logr/logr v0.4.0
@@ -179,6 +179,7 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.1 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f // indirect
 	github.com/nxadm/tail v1.4.8 // indirect
 	github.com/oklog/run v1.0.0 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect

go.sum

@@ -256,6 +256,8 @@ github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/dysnix/predictkube-libs v0.0.0-20211223143509-07a69ffd545e h1:4IEmV5r8U2RcvYcxT9SLpEUEyzTAbPE6if3z9q7aWZo=
 github.com/dysnix/predictkube-libs v0.0.0-20211223143509-07a69ffd545e/go.mod h1:dGl9trkmU8Cvh2ClgG68P8hBZRDoHmEynXt745J/T4U=
+github.com/dysnix/predictkube-libs v0.0.0-20220110175435-6a14c5918e22 h1:NjwMoRvZMK2xf6Yh+sASF3oICkqSZh+bJf75DuBslZ4=
+github.com/dysnix/predictkube-libs v0.0.0-20220110175435-6a14c5918e22/go.mod h1:WrLfDUxV7bb1OiF6LFeXPO45FlPcHdG7LIQov/JPR2E=
 github.com/dysnix/predictkube-proto v0.0.0-20211223141524-d309509b6b5f h1:56GoyLUD9Z3+Ko0iC8hGPq2RPvjceQEdbio78i5mhvQ=
 github.com/dysnix/predictkube-proto v0.0.0-20211223141524-d309509b6b5f/go.mod h1:zTsQdEyzxs3OHHtrjf8WpmexujIMTYyCVz/38VCt0uo=
 github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=

pkg/scalers/authentication/authentication_helpers.go

@@ -0,0 +1,158 @@
+package authentication
+
+import (
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"net"
+	"net/http"
+	"strings"
+	"time"
+
+	pConfig "github.com/prometheus/common/config"
+
+	libs "github.com/dysnix/predictkube-libs/external/configs"
+	"github.com/dysnix/predictkube-libs/external/http_transport"
+
+	kedautil "github.com/kedacore/keda/v2/pkg/util"
+)
+
+const (
+	authModesKey = "authModes"
+)
+
+func GetAuthConfigs(triggerMetadata, authParams map[string]string) (out *AuthMeta, err error) {
+	out = &AuthMeta{}
+
+	authModes, ok := triggerMetadata[authModesKey]
+	// no authMode specified
+	if !ok {
+		return nil, nil
+	}
+
+	authTypes := strings.Split(authModes, ",")
+	for _, t := range authTypes {
+		authType := Type(strings.TrimSpace(t))
+
+		switch authType {
+		case BearerAuthType:
+			if len(authParams["bearerToken"]) == 0 {
+				return nil, errors.New("no bearer token provided")
+			}
+			if out.EnableBasicAuth {
+				return nil, errors.New("beare and basic authentication can not be set both")
+			}
+
+			out.BearerToken = authParams["bearerToken"]
+			out.EnableBearerAuth = true
+		case BasicAuthType:
+			if len(authParams["username"]) == 0 {
+				return nil, errors.New("no username given")
+			}
+			if out.EnableBearerAuth {
+				return nil, errors.New("beare and basic authentication can not be set both")
+			}
+
+			out.Username = authParams["username"]
+			// password is optional. For convenience, many application implement basic auth with
+			// username as apikey and password as empty
+			out.Password = authParams["password"]
+			out.EnableBasicAuth = true
+		case TLSAuthType:
+			if len(authParams["cert"]) == 0 {
+				return nil, errors.New("no cert given")
+			}
+			out.Cert = authParams["cert"]
+
+			if len(authParams["key"]) == 0 {
+				return nil, errors.New("no key given")
+			}
+
+			out.Key = authParams["key"]
+			out.EnableTLS = true
+		default:
+			return nil, fmt.Errorf("err incorrect value for authMode is given: %s", t)
+		}
+	}
+
+	if len(authParams["ca"]) > 0 {
+		out.CA = authParams["ca"]
+	}
+
+	return out, err
+}
+
+func CreateHTTPRoundTripper(roundTripperType TransportType, auth *AuthMeta, conf ...*HTTPTransport) (rt http.RoundTripper, err error) {
+	tlsConfig := &tls.Config{InsecureSkipVerify: false}
+	if auth != nil && (auth.CA != "" || auth.EnableTLS) {
+		tlsConfig, err = kedautil.NewTLSConfig(
+			auth.Cert,
+			auth.Key,
+			auth.CA,
+		)
+		if err != nil || tlsConfig == nil {
+			return nil, fmt.Errorf("error creating the TLS config: %s", err)
+		}
+	}
+
+	switch roundTripperType {
+	case NetHTTP:
+		// from official github.com/prometheus/client_golang/api package
+		return &http.Transport{
+			Proxy: http.ProxyFromEnvironment,
+			DialContext: (&net.Dialer{
+				Timeout:   30 * time.Second,
+				KeepAlive: 30 * time.Second,
+			}).DialContext,
+			TLSHandshakeTimeout: 10 * time.Second,
+			TLSClientConfig:     tlsConfig,
+		}, nil
+	case FastHTTP:
+		// default configs
+		httpConf := &libs.HTTPTransport{
+			MaxIdleConnDuration: 10,
+			ReadTimeout:         time.Second * 15,
+			WriteTimeout:        time.Second * 15,
+		}
+
+		if len(conf) > 0 {
+			httpConf = &libs.HTTPTransport{
+				MaxIdleConnDuration: conf[0].MaxIdleConnDuration,
+				ReadTimeout:         conf[0].ReadTimeout,
+				WriteTimeout:        conf[0].WriteTimeout,
+			}
+		}
+
+		var roundTripper http.RoundTripper
+		if roundTripper, err = http_transport.NewHttpTransport(
+			libs.SetTransportConfigs(httpConf),
+			libs.SetTLS(tlsConfig),
+		); err != nil {
+			return nil, fmt.Errorf("error creating fast http round tripper: %s", err)
+		}
+
+		if auth != nil {
+			if auth.EnableBasicAuth {
+				rt = pConfig.NewBasicAuthRoundTripper(
+					auth.Username,
+					pConfig.Secret(auth.Password),
+					"", roundTripper,
+				)
+			}
+
+			if auth.EnableBearerAuth {
+				rt = pConfig.NewAuthorizationCredentialsRoundTripper(
+					"Bearer",
+					pConfig.Secret(auth.BearerToken),
+					roundTripper,
+				)
+			}
+		} else {
+			rt = roundTripper
+		}
+
+		return rt, nil
+	}
+
+	return rt, nil
+}

pkg/scalers/authentication/authentication_types.go

@@ -1,5 +1,7 @@
 package authentication
 
+import "time"
+
 // Type describes the authentication type used in a scaler
 type Type string
 
@@ -13,3 +15,35 @@ const (
 	// BearerAuthType is a auth type using a bearer token
 	BearerAuthType Type = "bearer"
 )
+
+//go:generate go-enum -type=TransportType -transform=lower
+// TransportType is type of http transport
+type TransportType int
+
+const (
+	NetHTTP  TransportType = iota // NetHTTP standard Go net/http client.
+	FastHTTP                      // FastHTTP Fast http client.
+)
+
+type AuthMeta struct {
+	// bearer auth
+	EnableBearerAuth bool
+	BearerToken      string
+
+	// basic auth
+	EnableBasicAuth bool
+	Username        string
+	Password        string // +optional
+
+	// client certification
+	EnableTLS bool
+	Cert      string
+	Key       string
+	CA        string
+}
+
+type HTTPTransport struct {
+	MaxIdleConnDuration time.Duration
+	ReadTimeout         time.Duration
+	WriteTimeout        time.Duration
+}