feat(PVO11Y-4936): Add initial implementation of registry exporter

Author: TominoFTW

Dockerfile

@@ -28,12 +28,13 @@ RUN cd exporters && \
         fi \
     done
 
-
-FROM registry.access.redhat.com/ubi9-micro@sha256:f5c5213d2969b7b11a6666fc4b849d56b48d9d7979b60a37bb853dff0255c14b
+FROM registry.access.redhat.com/ubi9-minimal@sha256:7c5495d5fad59aaee12abc3cbbd2b283818ee1e814b00dbc7f25bf2d14fa4f0c
 
 # Copy all compiled binaries from the builder stage to the final image.
 COPY --from=builder /tmp/built_exporters/* /bin/
 
+RUN microdnf install -y podman && microdnf clean all
+
 # Copy the entrypoint script and ensure it's executable.
 COPY exporter-build-scripts/entrypoint.sh /usr/local/bin/entrypoint.sh
 RUN chmod +x /usr/local/bin/entrypoint.sh
@@ -51,4 +52,4 @@ ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
 
 # CMD is empty. The user must specify the exporter name as the first argument
 # to the entrypoint when running the container.
-CMD []
+CMD []

exporters/registryexporter/README.md

@@ -0,0 +1,3 @@
+This will be documentation for registry monitoring exporter (monitoring for quay, images.paas, etc.), explanations of the modules, background information, and implementation details.
+
+Still subject to name changes...

exporters/registryexporter/registryexporter.go

@@ -0,0 +1,279 @@
+// Package main implements a registry exporter for Prometheus metrics.
+package main
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"log"
+	"net/http"
+	"os"
+	"os/exec"
+	"strings"
+
+	"github.com/prometheus/client_golang/prometheus"
+	"github.com/prometheus/client_golang/prometheus/promhttp"
+	"github.com/stretchr/testify/assert/yaml"
+)
+
+type Metrics struct {
+	RegistryTestUp         *prometheus.GaugeVec
+	RegistryPullCount      *prometheus.CounterVec
+	RegistryTotalPullCount *prometheus.CounterVec
+	RegistryPushCount      *prometheus.CounterVec
+	RegistryTotalPushCount *prometheus.CounterVec
+}
+
+// authBase64 is used to parse the "auth" field from docker config JSON.
+type authBase64 struct {
+	Auth string `json:"auth"`
+}
+
+// ConfigJSON represents the structure of docker config JSON.
+type ConfigJSON struct {
+	Auths map[string]authBase64 `json:"auths"`
+}
+
+// Secret represents a Kubernetes secret containing docker config.
+type Secret struct {
+	Data map[string]string `yaml:"data"`
+}
+
+func InitPodmanLogin(registryType string) {
+	log.Print("Try logging into registry...")
+
+	filePath := os.Getenv("DOCKERCFG_PATH")
+	if filePath == "" {
+		log.Panicf("DOCKERCFG_PATH environment variable is not set")
+		return
+	}
+
+	var secret Secret
+	fileBytes, err := os.ReadFile(filePath)
+	if err != nil {
+		log.Printf("failed to read docker config file at %s: %v", filePath, err)
+		return
+	}
+
+	if err := yaml.Unmarshal(fileBytes, &secret); err != nil {
+		log.Printf("failed to unmarshal docker config yaml: %v", err)
+		return
+	}
+
+	dockerConfigB64, ok := secret.Data[".dockerconfigjson"]
+	if !ok {
+		log.Printf(".dockerconfigjson not found in secret data")
+		return
+	}
+
+	dockerConfigJSONBytes, err := base64.StdEncoding.DecodeString(dockerConfigB64)
+	if err != nil {
+		log.Printf("failed to decode .dockerconfigjson: %v", err)
+		return
+	}
+	// Note: At this point, this is how would the usual podman authfile look like, maybe it can be used directly?
+	// ...
+
+	var configJSON ConfigJSON
+	if err := json.Unmarshal(dockerConfigJSONBytes, &configJSON); err != nil {
+		log.Printf("failed to unmarshal docker config JSON: %v", err)
+		return
+	}
+
+	// Extract the first auth token found in the file
+	// Is there a better way for that? :thinking:
+	var registryAuthToken string
+	for _, auth := range configJSON.Auths {
+		registryAuthToken = auth.Auth
+		break
+	}
+	if registryAuthToken == "" {
+		log.Printf("auth token not found in the docker config file")
+		return
+	}
+
+	decodedAuth, err := base64.StdEncoding.DecodeString(registryAuthToken)
+	if err != nil {
+		log.Printf("failed to decode registry auth token: %v", err)
+		return
+	}
+
+	decodedAuthParts := strings.SplitN(string(decodedAuth), ":", 2)
+	if len(decodedAuthParts) != 2 {
+		log.Printf("invalid registry auth token format")
+		return
+	}
+
+	loginCmd := exec.Command("podman", "login", "--username", decodedAuthParts[0], "--password", decodedAuthParts[1], registryType)
+	loginOutput, loginErr := loginCmd.CombinedOutput()
+	if loginErr != nil {
+		log.Panicf("Registry login failed: %v, output: %s", loginErr, string(loginOutput))
+	}
+	log.Print("Registry login successful.")
+}
+
+// InitMetrics initializes and registers Prometheus metrics.
+func InitMetrics(reg prometheus.Registerer) *Metrics {
+	m := &Metrics{
+		RegistryTestUp: prometheus.NewGaugeVec(
+			prometheus.GaugeOpts{
+				Name: "registry_test_up",
+				Help: "A simple gauge to indicate if the registryType is accessible (1 for up).",
+			},
+			[]string{"registryType"},
+		),
+		RegistryPullCount: prometheus.NewCounterVec(
+			prometheus.CounterOpts{
+				Name: "registry_successful_pull_count",
+				Help: "Total number of successful image pulls.",
+			},
+			[]string{"registryType"},
+		),
+		RegistryTotalPullCount: prometheus.NewCounterVec(
+			prometheus.CounterOpts{
+				Name: "registry_total_pull_count",
+				Help: "Total number of image pulls.",
+			},
+			[]string{"registryType"},
+		),
+		RegistryPushCount: prometheus.NewCounterVec(
+			prometheus.CounterOpts{
+				Name: "registry_successful_push_count",
+				Help: "Total number of successful image pushes.",
+			},
+			[]string{"registryType"},
+		),
+		RegistryTotalPushCount: prometheus.NewCounterVec(
+			prometheus.CounterOpts{
+				Name: "registry_total_push_count",
+				Help: "Total number of image pushes.",
+			},
+			[]string{"registryType"},
+		),
+	}
+	reg.MustRegister(m.RegistryTestUp)
+	reg.MustRegister(m.RegistryPullCount)
+	reg.MustRegister(m.RegistryTotalPullCount)
+	reg.MustRegister(m.RegistryPushCount)
+	reg.MustRegister(m.RegistryTotalPushCount)
+	return m
+}
+
+var registryTypes = map[string]string{
+	"quay.io":                "quay.io/redhat-user-workloads/rh-ee-tbehal-tenant/test-component",
+	"images.paas.redhat.com": "images.paas.redhat.com/o11y/todo",
+}
+
+func ImagePullTest(metrics *Metrics, registryType string) {
+	defer metrics.RegistryTotalPullCount.WithLabelValues(registryType).Inc()
+
+	imageName, ok := registryTypes[registryType]
+	if !ok {
+		log.Printf("Unknown registry type: %s", registryType)
+		return
+	}
+	imageName += ":pull" // TODO: Add tag management
+	log.Print("Starting Image Pull Test...")
+	cmd := exec.Command("podman", "pull", imageName)
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		log.Printf("Image pull failed: %v, output: %s", err, string(output))
+		return
+	}
+	log.Print("Image pull successful.")
+	metrics.RegistryPullCount.WithLabelValues(registryType).Inc()
+}
+
+// TODO: This works only locally, probably needs to be adapted for cluster use
+func CreateDockerfile() {
+	dockerfileContent := `FROM busybox:glibc
+
+# Add a build-time timestamp to force uniqueness and avoid layer caching
+ARG BUILD_TIMESTAMP
+ENV BUILD_TIMESTAMP=${BUILD_TIMESTAMP}
+
+LABEL quay.expires-after="1m"
+
+# Example: touch a file with the timestamp
+RUN echo "${BUILD_TIMESTAMP}" > /timestamp.txt
+`
+
+	// PVC mountpoint expected e.g.: /mnt/data/
+	filePath := os.Getenv("DOCKERFILE_PATH")
+	if filePath == "" {
+		log.Panicf("DOCKERFILE_PATH environment variable is not set")
+		return
+	}
+
+	if err := os.WriteFile(filePath+"Dockerfile", []byte(dockerfileContent), 0644); err != nil {
+		log.Panicf("Failed to create Dockerfile: %v", err)
+	}
+}
+
+func ImagePushTest(metrics *Metrics, registryType string) {
+	defer metrics.RegistryTotalPushCount.WithLabelValues(registryType).Inc()
+
+	imageName, ok := registryTypes[registryType]
+	if !ok {
+		log.Printf("Unknown registry type: %s", registryType)
+		return
+	}
+	imageName += ":push" // TODO: Add tag management
+	log.Print("Starting Image Push Test...")
+
+	// Build image with podman
+	buildTimestamp := os.Getenv("BUILD_TIMESTAMP")
+	if buildTimestamp == "" {
+		buildTimestamp = "now"
+	}
+	buildCmd := exec.Command("podman", "build", "-t", imageName, "--build-arg", "BUILD_TIMESTAMP="+buildTimestamp, "-f", os.Getenv("DOCKERFILE_PATH")+"Dockerfile", ".")
+	buildOutput, buildErr := buildCmd.CombinedOutput()
+	if buildErr != nil {
+		log.Printf("Image build failed: %v, output: %s", buildErr, string(buildOutput))
+		return
+	}
+	log.Print("Image build successful.")
+
+	// For push, assume podman login is handled externally or via entrypoint script
+	pushCmd := exec.Command("podman", "push", imageName)
+	pushOutput, pushErr := pushCmd.CombinedOutput()
+	if pushErr != nil {
+		log.Printf("Image push failed: %v, output: %s", pushErr, string(pushOutput))
+		return
+	}
+	log.Print("Image push successful.")
+	metrics.RegistryPushCount.WithLabelValues(registryType).Inc()
+}
+
+func ImageManifestTest(metrics *Metrics) {
+	// TODO: Implement manifest test
+}
+
+func main() {
+	log.SetOutput(os.Stderr)
+
+	registryType := "quay.io"
+
+	reg := prometheus.NewRegistry()
+	metrics := InitMetrics(reg)
+
+	InitPodmanLogin(registryType)
+	CreateDockerfile()
+
+	metrics.RegistryTestUp.WithLabelValues(registryType).Set(1)
+
+	handler := promhttp.HandlerFor(reg, promhttp.HandlerOpts{})
+
+	http.HandleFunc("/metrics", func(w http.ResponseWriter, r *http.Request) {
+		log.Println("Metrics endpoint hit, running tests...")
+		go ImagePullTest(metrics, registryType)
+		go ImagePushTest(metrics, registryType)
+		handler.ServeHTTP(w, r)
+
+		// TODO: Figure out where to increment these
+		// metrics.RegistryTotalPullCount.WithLabelValues(registryType).Inc()
+		// metrics.RegistryTotalPushCount.WithLabelValues(registryType).Inc()
+	})
+
+	log.Println("http://localhost:9101/metrics")
+	log.Fatal(http.ListenAndServe(":9101", nil))
+}

go.mod

@@ -34,19 +34,20 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
-	github.com/mailru/easyjson v0.9.0 // indirect
+	github.com/mailru/easyjson v0.9.1 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/rogpeppe/go-internal v1.14.1 // indirect
 	github.com/spf13/pflag v1.0.10 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	golang.org/x/net v0.44.0 // indirect
-	golang.org/x/oauth2 v0.30.0 // indirect
+	golang.org/x/oauth2 v0.31.0 // indirect
 	golang.org/x/term v0.35.0 // indirect
 	golang.org/x/text v0.29.0 // indirect
-	golang.org/x/time v0.12.0 // indirect
+	golang.org/x/time v0.13.0 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	k8s.io/api v0.34.1 // indirect

go.sum

@@ -74,8 +74,8 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
-github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
+github.com/mailru/easyjson v0.9.1 h1:LbtsOm5WAswyWbvTEOqhypdPeZzHavpZx96/n553mR8=
+github.com/mailru/easyjson v0.9.1/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -99,8 +99,8 @@ github.com/prometheus/common v0.66.1 h1:h5E0h5/Y8niHc5DlaLlWLArTQI7tMrsfQjHV+d9Z
 github.com/prometheus/common v0.66.1/go.mod h1:gcaUsgf3KfRSwHY4dIMXLPV0K/Wg1oZ8+SbZk/HH/dA=
 github.com/prometheus/procfs v0.17.0 h1:FuLQ+05u4ZI+SS/w9+BWEM2TXiHKsUQ9TADiRH7DuK0=
 github.com/prometheus/procfs v0.17.0/go.mod h1:oPQLaDAMRbA+u8H5Pbfq+dl3VDAvHxMUOVhe0wYB2zw=
-github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
-github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
+github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
+github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
 github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -134,8 +134,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
 golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
-golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
-golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
+golang.org/x/oauth2 v0.31.0 h1:8Fq0yVZLh4j4YA47vHKFTa9Ew5XIrCP8LC6UeNZnLxo=
+golang.org/x/oauth2 v0.31.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -150,8 +150,8 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
 golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
-golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
-golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
+golang.org/x/time v0.13.0 h1:eUlYslOIt32DgYD6utsuUeHs4d7AsEYLuIAdg7FlYgI=
+golang.org/x/time v0.13.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=