OCPBUGS-33896: status/inspect-alerts: handle non-200 by Thanos

[petr-muller]

We have seen instances where Thanos responses contained html, apparently by because it is briefly down. We can be slightly more robust to that by detecting non-OK status code right away, instead of passing content body out:

Ignoring alerts in 'Update Health'. Error unmarshaling alerts: %w invalid character '<' looking for beginning of value

Also improve debugging by allowing to emit http call details and response body on higher verbosity settings, consistent with client-go calls to apiserver.

Additionally, improve the error handling by refactoring the getWithBearer method, Previously, it iterated over URIs from a route but instead of searching for success it actually searched until first failure, which is against the point of iterating over possible URIs in the first place. Refactor the method so that it does not immediately return on error, and return on success instead. Only return with an error if all URIs failed to yield a workable result. Slightly optimize the error for the common case where there is only a single URI to try, and shorten the string by using a namespace/name notation.

[openshift-ci-robot]

@petr-muller: This pull request references Jira Issue OCPBUGS-33896, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.17.0) matches configured target version for branch (4.17.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @evakhoni

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

We have seen instances where Thanos responses contained html, apparently by because it is briefly down. We can be slightly more robust to that by detecting non-OK status code right away, instead of passing content body out.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@petr-muller: This pull request references Jira Issue OCPBUGS-33896, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.17.0) matches configured target version for branch (4.17.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @evakhoni

Details

In response to this:

We have seen instances where Thanos responses contained html, apparently by because it is briefly down. We can be slightly more robust to that by detecting non-OK status code right away, instead of passing content body out:

Ignoring alerts in 'Update Health'. Error unmarshaling alerts: %w invalid character '<' looking for beginning of value

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[wking]

Can we put the != http.StatusOK check here, and return an error in the case where we failed? Having some details on why would also be interesting, but dumping HTML to the terminal might be too chatty. I wonder if we could set Accept to say "we want JSON back, but if you can't do that, text/plain" to get something more terminal-compatible? Or maybe Thanos isn't that media-type aware? Or maybe it's the router that's giving us an error (like "none of the Pods backing this Service are Ready=True", and not Thanos?)?

[petr-muller]

I did it this way because getWithBearer sounded like a low-level HTTP method which I would not expect to have opinions on status codes (maybe something would want to call it and handle retries or something).

Router's "service is currently down" page is what I assume was happening.

[wking]

I'm not entirely convinced about high-level vs. low-level, but the 8fd03af logging gives folks calling with -v8 or higher access to the body, and that's the main think I was hoping for. And getWithBearer is internal, so we can shift things around later if we change our minds. Feel free to mark this thread resolved :)

[jan--f]

I would second putting the check here. No reason really to extend the interface, but its really a nit, feel free to ignore.

As for thanos responses, it implements the Prometheus query api. There it says The API response format is JSON

[petr-muller]

I have put the check to getWithBearer as you advise, but while I did it, I noticed that the iteration over ingress hosts from a route does not make much sense the way it was done - the iteration aborted on failure and continued on success, so it actually required all options to succeed and then returned the last one. I guess this would not be an issue normally because there would be just a single option, but still changed the method to search for a first success, and only return with an error if all options failed with an error.

[jan--f]

Yeah good catch 👍

[wking]

/lgtm

[jan--f]

Should this log the response even for a StatusOK code?

[petr-muller]

I think it is useful - it is logged only on high verbosity levels so it should not pollute any outputs unless you ask for a lot of detail.

[jan--f]

/lgtm
/hold
just adding a hold in case you want to address any nits. Feel free to unhold any time.

[jan--f]

/lgtm
/unhold

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jan--f, petr-muller, wking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• pkg/cli/admin/inspectalerts/OWNERS [jan--f]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@petr-muller: Jira Issue OCPBUGS-33896: Some pull requests linked via external trackers have merged:

• openshift/oc#1740
• openshift/oc#1782

The following pull requests linked via external trackers have not merged:

• openshift/oc#1787 is open

These pull request must merge or be unlinked from the Jira bug in order for it to move to the next state. Once unlinked, request a bug refresh with /jira refresh.

Jira Issue OCPBUGS-33896 has not been moved to the MODIFIED state.

Details

In response to this:

We have seen instances where Thanos responses contained html, apparently by because it is briefly down. We can be slightly more robust to that by detecting non-OK status code right away, instead of passing content body out:

Ignoring alerts in 'Update Health'. Error unmarshaling alerts: %w invalid character '<' looking for beginning of value

Also improve debugging by allowing to emit http call details and response body on higher verbosity settings, consistent with client-go calls to apiserver.

Additionally, improve the error handling by refactoring the getWithBearer method, Previously, it iterated over URIs from a route but instead of searching for success it actually searched until first failure, which is against the point of iterating over possible URIs in the first place. Refactor the method so that it does not immediately return on error, and return on success instead. Only return with an error if all URIs failed to yield a workable result. Slightly optimize the error for the common case where there is only a single URI to try, and shorten the string by using a namespace/name notation.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-bot]

[ART PR BUILD NOTIFIER]

This PR has been included in build openshift-enterprise-cli-container-v4.17.0-202405300213.p0.gd5b5b3a.assembly.stream.el9 for distgit openshift-enterprise-cli.
All builds following this will include this PR.