feat(PVO11Y-4936): Add initial implementation of registry exporter

Author: TominoFTW

exporters/registryexporter/README.md

@@ -0,0 +1,3 @@
+This will be documentation for registry monitoring exporter (monitoring for quay, images.paas, etc.), explanations of the modules, background information, and implementation details.
+
+Still subject to name changes...

exporters/registryexporter/registryexporter.go

@@ -0,0 +1,331 @@
+// Package main implements a registry exporter for Prometheus metrics.
+package main
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"io"
+	"log"
+	"net/http"
+	"os"
+	"strings"
+
+	"gopkg.in/yaml.v3"
+
+	"github.com/docker/docker/api/types/build"
+	"github.com/docker/docker/api/types/image"
+	"github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/client"
+
+	"github.com/prometheus/client_golang/prometheus"
+	"github.com/prometheus/client_golang/prometheus/promhttp"
+
+	"github.com/docker/docker/pkg/archive"
+)
+
+type Metrics struct {
+	RegistryTestUp         *prometheus.GaugeVec
+	RegistryPullCount      *prometheus.CounterVec
+	RegistryTotalPullCount *prometheus.CounterVec
+	RegistryPushCount      *prometheus.CounterVec
+	RegistryTotalPushCount *prometheus.CounterVec
+}
+
+// InitMetrics initializes and registers Prometheus metrics.
+func InitMetrics(reg prometheus.Registerer) *Metrics {
+	m := &Metrics{
+		RegistryTestUp: prometheus.NewGaugeVec(
+			prometheus.GaugeOpts{
+				Name: "registry_test_up",
+				Help: "A simple gauge to indicate if the registryType is accessible (1 for up).",
+			},
+			[]string{"registryType"},
+		),
+		RegistryPullCount: prometheus.NewCounterVec(
+			prometheus.CounterOpts{
+				Name: "registry_successful_pull_count",
+				Help: "Total number of successful image pulls.",
+			},
+			[]string{"registryType"},
+		),
+		RegistryTotalPullCount: prometheus.NewCounterVec(
+			prometheus.CounterOpts{
+				Name: "registry_total_pull_count",
+				Help: "Total number of image pulls.",
+			},
+			[]string{"registryType"},
+		),
+		RegistryPushCount: prometheus.NewCounterVec(
+			prometheus.CounterOpts{
+				Name: "registry_successful_push_count",
+				Help: "Total number of successful image pushes.",
+			},
+			[]string{"registryType"},
+		),
+		RegistryTotalPushCount: prometheus.NewCounterVec(
+			prometheus.CounterOpts{
+				Name: "registry_total_push_count",
+				Help: "Total number of image pushes.",
+			},
+			[]string{"registryType"},
+		),
+	}
+	reg.MustRegister(m.RegistryTestUp)
+	reg.MustRegister(m.RegistryPullCount)
+	reg.MustRegister(m.RegistryTotalPullCount)
+	reg.MustRegister(m.RegistryPushCount)
+	reg.MustRegister(m.RegistryTotalPushCount)
+	return m
+}
+
+func DockerClient() (*client.Client, error) {
+	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+	if err != nil {
+		log.Printf("Docker client error: %v", err)
+		return nil, err
+	}
+	// Shouldn't client authenticate here?
+	return cli, nil
+}
+
+var registryTypes = map[string]string{
+	"quay.io":                "quay.io/redhat-user-workloads/rh-ee-tbehal-tenant/test-component",
+	"images.paas.redhat.com": "images.paas.redhat.com/o11y/todo",
+}
+
+func ImagePullTest(metrics *Metrics, registryType string) {
+	defer metrics.RegistryTotalPullCount.WithLabelValues(registryType).Inc()
+
+	imageName, ok := registryTypes[registryType]
+	if !ok {
+		log.Printf("Unknown registry type: %s", registryType)
+		return
+	}
+	imageName += ":pull" // TODO: Add tag management
+	log.Print("Starting Image Pull Test...")
+
+	cli, err := DockerClient()
+	if err != nil {
+		return
+	}
+	defer cli.Close()
+
+	out, err := cli.ImagePull(context.Background(), imageName, image.PullOptions{})
+	if err != nil {
+		log.Printf("Image pull failed: %v", err)
+		return
+	}
+	defer out.Close()
+
+	if _, err = io.Copy(io.Discard, out); err != nil {
+		log.Printf("Error reading image pull output: %v", err)
+		return
+	}
+
+	log.Print("Image pull successful.")
+	metrics.RegistryPullCount.WithLabelValues(registryType).Inc()
+}
+
+func CreateDockerfile() {
+	dockerfileContent := `FROM busybox:glibc
+
+# Add a build-time timestamp to force uniqueness and avoid layer caching
+ARG BUILD_TIMESTAMP
+ENV BUILD_TIMESTAMP=${BUILD_TIMESTAMP}
+
+LABEL quay.expires-after="1m"
+
+# Example: touch a file with the timestamp
+RUN echo "${BUILD_TIMESTAMP}" > /timestamp.txt
+`
+	if err := os.WriteFile("Dockerfile", []byte(dockerfileContent), 0644); err != nil {
+		log.Printf("Failed to create Dockerfile: %v", err)
+	}
+}
+
+// authBase64 is used to parse the "auth" field from docker config JSON.
+type authBase64 struct {
+	Auth string `json:"auth"`
+}
+
+// ConfigJSON represents the structure of docker config JSON.
+type ConfigJSON struct {
+	Auths map[string]authBase64 `json:"auths"`
+}
+
+// Secret represents a Kubernetes secret containing docker config.
+type Secret struct {
+	Data map[string]string `yaml:"data"`
+}
+
+func ImagePushTest(metrics *Metrics, registryType string) {
+	defer metrics.RegistryTotalPushCount.WithLabelValues(registryType).Inc()
+
+	imageName, ok := registryTypes[registryType]
+	if !ok {
+		log.Printf("Unknown registry type: %s", registryType)
+		return
+	}
+	imageName += ":push" // TODO: Add tag management
+	log.Print("Starting Image Push Test...")
+
+	cli, err := DockerClient()
+	if err != nil {
+		return
+	}
+	defer cli.Close()
+
+	buildCtx, err := archive.TarWithOptions(".", &archive.TarOptions{
+		IncludeFiles: []string{"Dockerfile"},
+	})
+	if err != nil {
+		log.Printf("Failed to create build context: %v", err)
+		return
+	}
+
+	buildOptions := build.ImageBuildOptions{
+		Tags:    []string{imageName},
+		NoCache: true,
+		Remove:  true,
+	}
+
+	log.Print("Building image...")
+
+	buildResp, err := cli.ImageBuild(context.Background(), buildCtx, buildOptions)
+	if err != nil {
+		log.Printf("Image build failed: %v", err)
+		return
+	}
+	defer buildResp.Body.Close()
+	if _, err = io.Copy(io.Discard, buildResp.Body); err != nil {
+		log.Printf("Error reading image build output: %v", err)
+		return
+	}
+
+	log.Print("Preparing to push image...")
+
+	// NOTE: Technically, we can use kubernetes client to get secret from cluster
+	filePath := os.Getenv("DOCKER_CONFIG_JSON_PATH")
+	if filePath == "" {
+		log.Printf("DOCKER_CONFIG_JSON_PATH environment variable not set")
+		return
+	}
+
+	var secret Secret
+	fileBytes, err := os.ReadFile(filePath)
+	if err != nil {
+		log.Printf("failed to read docker config file at %s: %v", filePath, err)
+		return
+	}
+
+	if err := yaml.Unmarshal(fileBytes, &secret); err != nil {
+		log.Printf("failed to unmarshal docker config yaml: %v", err)
+		return
+	}
+
+	dockerConfigB64, ok := secret.Data[".dockerconfigjson"]
+	if !ok {
+		log.Printf(".dockerconfigjson not found in secret data")
+		return
+	}
+
+	dockerConfigJSONBytes, err := base64.StdEncoding.DecodeString(dockerConfigB64)
+	if err != nil {
+		log.Printf("failed to decode .dockerconfigjson: %v", err)
+		return
+	}
+
+	var configJSON ConfigJSON
+	if err := json.Unmarshal(dockerConfigJSONBytes, &configJSON); err != nil {
+		log.Printf("failed to unmarshal docker config JSON: %v", err)
+		return
+	}
+
+	// Extract the first auth token found in the file
+	// Is there a better way for that? :thinking:
+	var registryAuthToken string
+	for _, auth := range configJSON.Auths {
+		registryAuthToken = auth.Auth
+		break
+	}
+	if registryAuthToken == "" {
+		log.Printf("auth token not found in the docker config file")
+		return
+	}
+
+	decodedAuth, err := base64.StdEncoding.DecodeString(registryAuthToken)
+	if err != nil {
+		log.Printf("failed to decode registry auth token: %v", err)
+		return
+	}
+
+	decodedAuthParts := strings.SplitN(string(decodedAuth), ":", 2)
+	if len(decodedAuthParts) != 2 {
+		log.Printf("invalid registry auth token format")
+		return
+	}
+
+	authConfig := registry.AuthConfig{
+		Username: decodedAuthParts[0],
+		Password: decodedAuthParts[1],
+	}
+
+	encodedJSON, err := json.Marshal(authConfig)
+	if err != nil {
+		log.Printf("failed to marshal authConfig: %v", err)
+		return
+	}
+	authStr := base64.URLEncoding.EncodeToString(encodedJSON)
+
+	out, err := cli.ImagePush(context.Background(), imageName, image.PushOptions{
+		RegistryAuth: authStr,
+	})
+	if err != nil {
+		log.Printf("Image push failed: %v", err)
+		return
+	}
+	defer out.Close()
+
+	if _, err = io.Copy(io.Discard, out); err != nil {
+		log.Printf("Error reading image push output: %v", err)
+		return
+	}
+
+	log.Print("Image push successful.")
+	metrics.RegistryPushCount.WithLabelValues(registryType).Inc()
+}
+
+func ImageManifestTest(metrics *Metrics) {
+	// TODO: Implement manifest test
+}
+
+func main() {
+	log.SetOutput(os.Stderr)
+
+	registryType := "quay.io"
+
+	reg := prometheus.NewRegistry()
+	metrics := InitMetrics(reg)
+
+	metrics.RegistryTestUp.WithLabelValues(registryType).Set(1)
+
+	handler := promhttp.HandlerFor(reg, promhttp.HandlerOpts{})
+
+	CreateDockerfile()
+	// Should the client init here, do we need to always refresh?
+
+	http.HandleFunc("/metrics", func(w http.ResponseWriter, r *http.Request) {
+		log.Println("Metrics endpoint hit, running tests...")
+		go ImagePullTest(metrics, registryType)
+		go ImagePushTest(metrics, registryType)
+		handler.ServeHTTP(w, r)
+
+		// TODO: Figure out where to increment these
+		// metrics.RegistryTotalPullCount.WithLabelValues(registryType).Inc()
+		// metrics.RegistryTotalPushCount.WithLabelValues(registryType).Inc()
+	})
+
+	log.Println("http://localhost:9101/metrics")
+	log.Fatal(http.ListenAndServe(":9101", nil))
+}