Merge pull request #1617 from raptorsun/feature/MON-2208

[MON-2208] Add Oauth2 settings to prometheusK8s.remoteWrite config

Author: openshift-merge-robot

Diff for: CHANGELOG.md

@@ -7,6 +7,7 @@
 - [1578](https://github.com/openshift/cluster-monitoring-operator/pull/1578) Add temporary cluster id label to remote write relabel configs.
 - [#1350](https://github.com/openshift/cluster-monitoring-operator/pull/1350) Support label scrape limits in user-workload monitoring
 - [#1601](https://github.com/openshift/cluster-monitoring-operator/pull/1601) Expose the /federate endpoint of UWM Prometheus as a service
+- [#1617](https://github.com/openshift/cluster-monitoring-operator/pull/1617) Add Oauth2 setting to PrometheusK8s remoteWrite config
 
 ## 4.10
 

Diff for: pkg/manifests/config.go

@@ -164,6 +164,8 @@ type RemoteWriteSpec struct {
 	QueueConfig *monv1.QueueConfig `json:"queueConfig,omitempty"`
 	// MetadataConfig configures the sending of series metadata to remote storage.
 	MetadataConfig *monv1.MetadataConfig `json:"metadataConfig,omitempty"`
+	// OAuth2 configures OAuth2 authentication for remote write.
+	OAuth2 *monv1.OAuth2 `json:"oauth2,omitempty"`
 }
 
 type PrometheusK8sConfig struct {

Diff for: pkg/manifests/manifests.go

@@ -4228,6 +4228,7 @@ func addRemoteWriteConfigs(clusterID string, rw []monv1.RemoteWriteSpec, rwTarge
 			BearerTokenFile:     target.BearerTokenFile,
 			ProxyURL:            target.ProxyURL,
 			MetadataConfig:      target.MetadataConfig,
+			OAuth2:              target.OAuth2,
 		}
 		if target.TLSConfig != nil {
 			rwConf.TLSConfig = &monv1.TLSConfig{

Diff for: pkg/manifests/manifests_test.go

@@ -1227,6 +1227,72 @@ func TestPrometheusK8sRemoteWriteURLs(t *testing.T) {
 	}
 }
 
+func TestPrometheusK8sRemoteWriteOauth2(t *testing.T) {
+	expectedOauth2Config := monv1.OAuth2{
+		ClientID: monv1.SecretOrConfigMap{
+			Secret: &v1.SecretKeySelector{
+				LocalObjectReference: v1.LocalObjectReference{
+					Name: "oauth2-credentials",
+				},
+				Key: "id",
+			},
+		},
+		ClientSecret: v1.SecretKeySelector{
+			LocalObjectReference: v1.LocalObjectReference{
+				Name: "oauth2-credentials",
+			},
+			Key: "secret",
+		},
+		TokenURL: "https://example.com/oauth2/token",
+		Scopes:   []string{"scope1", "scope2"},
+		EndpointParams: map[string]string{
+			"param1": "value1",
+			"param2": "value2",
+		},
+	}
+	c, err := NewConfigFromString(`prometheusK8s:
+  remoteWrite:
+    - url: https://test.remotewrite.com/api/write
+      remoteTimeout: 30s
+      oauth2:
+        clientId:
+          secret:
+            name: oauth2-credentials
+            key: id
+        clientSecret:
+          name: oauth2-credentials
+          key: secret
+        tokenUrl: https://example.com/oauth2/token
+        scopes:
+          - scope1
+          - scope2
+        endpointParams:
+          param1: value1
+          param2: value2
+`)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	f := NewFactory("openshift-monitoring", "openshift-user-workload-monitoring", c, defaultInfrastructureReader(), &fakeProxyReader{}, NewAssets(assetsPath), &APIServerConfig{}, &configv1.Console{})
+	p, err := f.PrometheusK8s(
+		&v1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "foo"}},
+		&v1.ConfigMap{ObjectMeta: metav1.ObjectMeta{Name: "foo"}},
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if p.Spec.RemoteWrite[0].URL != "https://test.remotewrite.com/api/write" {
+		t.Errorf("want remote write URL https://test.remotewrite.com/api/write, got %v", p.Spec.RemoteWrite[0].URL)
+	}
+
+	if !reflect.DeepEqual(p.Spec.RemoteWrite[0].OAuth2, &expectedOauth2Config) {
+		t.Errorf("want OAuth2 config %v, got %v", expectedOauth2Config, p.Spec.RemoteWrite[0].OAuth2)
+	}
+
+}
+
 func TestPrometheusK8sConfiguration(t *testing.T) {
 	c, err := NewConfigFromString(`prometheusK8s:
   retention: 25h