Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/splunk observability scaler #6192

Open
wants to merge 7 commits into
base: main
Choose a base branch
from

Conversation

sschimper-splunk
Copy link

@sschimper-splunk sschimper-splunk commented Sep 26, 2024

With this pull request, I would like to add a new custom KEDA scaler that interacts with the Splunk Observability Cloud Platform. It is able to query metrics from Splunk Observability Cloud and scale a deployment according to a predefined target value.

As for now, I do not have the created a pull request to update the Helm chart, becasue I did not think it necessary. However, my knowledge about Helm charts is admittedly limited, and I am happy to fix this in hindsight if that is necessary.
Thank you.

Checklist

Relates to:

  • Initial proposal, Fixes #6190
  • Pull request containing the documentation on this scaler: #1477

@sschimper-splunk sschimper-splunk requested a review from a team as a code owner September 26, 2024 08:20
@circa10a
Copy link
Contributor

The only files we should be changing under pkg/ in this PR is scalers/ and scaling/. We should remove the other changes introduced.

pkg/scalers/splunk_observability_scaler.go Show resolved Hide resolved
pkg/scalers/splunk_observability_scaler.go Outdated Show resolved Hide resolved
pkg/scalers/splunk_observability_scaler.go Outdated Show resolved Hide resolved
pkg/scalers/splunk_observability_scaler.go Outdated Show resolved Hide resolved
pkg/scalers/splunk_observability_scaler.go Outdated Show resolved Hide resolved
pkg/scalers/splunk_observability_scaler.go Outdated Show resolved Hide resolved
pkg/scalers/splunk_observability_scaler.go Outdated Show resolved Hide resolved
pkg/scalers/splunk_observability_scaler.go Outdated Show resolved Hide resolved
@circa10a
Copy link
Contributor

We should probably set this PR to WIP/Draft state

Copy link
Member

@zroubalik zroubalik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution! could of points

  • helm update is not needed
  • please fix DCO

go.mod Show resolved Hide resolved
pkg/metricsservice/api/metrics.pb.go Show resolved Hide resolved
pkg/scalers/splunk_observability_scaler.go Show resolved Hide resolved
pkg/scalers/splunk_observability_scaler.go Outdated Show resolved Hide resolved
pkg/scalers/splunk_observability_scaler.go Outdated Show resolved Hide resolved
@sschimper-splunk
Copy link
Author

Thank you for reviewing, @zroubalik. I will work during the next days on fixing the things pointed out.

Copy link
Member

@zroubalik zroubalik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for reviewing, @zroubalik. I will work during the next days on fixing the things pointed out.

@sschimper-splunk any updates here please? We will cut a new release Nov 7, so if you want this included in KEDA 2.16 we should resolve this asap. If you don't have we can release this in the following release, not a problem :)

@sschimper-splunk
Copy link
Author

Hi @zroubalik,
thanks for the heads-up. Unfortunately, I will not be ready for the new release on November 7th, and I ask you to go ahead without this Splunk Observability Scaler.
I work towards being ready for the next release after November 7th. Apologies if I slowed things down.

password = fmt.Sprintf("%s-password", testName)
vhost = "/"
NoAuthConnectionString = fmt.Sprintf("http://rabbitmq.%s.svc.cluster.local", rmqNamespace)
connectionString = fmt.Sprintf("amqp://%s:%s@rabbitmq.%s.svc.cluster.local", user, password, rmqNamespace)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Semgrep identified an issue in your code:

Semgrep found a possible database connection string built with string concatenation. Check for proper encoding/escaping of components to prevent parse errors and injection vulnerabilities.

To resolve this comment:

No guidance has been designated for this issue. Fix according to your organization's approved methods.

💬 Ignore this finding

Leave a nosemgrep comment directly above or at the end of line 38 like so // nosemgrep: kedacore.db-connection-string

Take care to validate that this is not a true positive finding before ignoring it.
Learn more about ignoring code, files and folders here.

You can view more details about this finding in the Semgrep AppSec Platform.

password = fmt.Sprintf("%s-password", testName)
vhost = "/"
NoAuthConnectionString = fmt.Sprintf("amqp://rabbitmq.%s.svc.cluster.local", rmqNamespace)
connectionString = fmt.Sprintf("amqp://%s:%s@rabbitmq.%s.svc.cluster.local", user, password, rmqNamespace)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Semgrep identified an issue in your code:

Semgrep found a possible database connection string built with string concatenation. Check for proper encoding/escaping of components to prevent parse errors and injection vulnerabilities.

To resolve this comment:

No guidance has been designated for this issue. Fix according to your organization's approved methods.

💬 Ignore this finding

Leave a nosemgrep comment directly above or at the end of line 38 like so // nosemgrep: kedacore.db-connection-string

Take care to validate that this is not a true positive finding before ignoring it.
Learn more about ignoring code, files and folders here.

You can view more details about this finding in the Semgrep AppSec Platform.

@@ -186,7 +195,7 @@ func apiStubHandler(hasRateLeft bool, exceeds30Repos bool) *httptest.Server {
w.WriteHeader(http.StatusForbidden)
}
if strings.HasSuffix(r.URL.String(), "jobs") {
_, _ = w.Write([]byte(testGhWFJobResponse))
_, _ = w.Write([]byte(jobResponse))
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Semgrep identified a blocking 🔴 issue in your code:

Detected directly writing or similar in 'http.ResponseWriter.write()'. This bypasses HTML escaping that prevents cross-site scripting vulnerabilities. Instead, use the 'html/template' package and render data using 'template.Execute()'.

To resolve this comment:

No guidance has been designated for this issue. Fix according to your organization's approved methods.

💬 Ignore this finding

Leave a nosemgrep comment directly above or at the end of line 198 like so // nosemgrep: go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter

Take care to validate that this is not a true positive finding before ignoring it.
Learn more about ignoring code, files and folders here.

You can view more details about this finding in the Semgrep AppSec Platform.

Copy link

semgrep-app bot commented Dec 17, 2024

Semgrep found 1 no-direct-write-to-responsewriter finding:

  • pkg/scalers/azure_pipelines_scaler_test.go

Detected directly writing or similar in 'http.ResponseWriter.write()'. This bypasses HTML escaping that prevents cross-site scripting vulnerabilities. Instead, use the 'html/template' package and render data using 'template.Execute()'.

Ignore this finding from no-direct-write-to-responsewriter

@circa10a
Copy link
Contributor

Somehow the diff now shows 4400+ files changed

@zroubalik
Copy link
Member

Somehow the diff now shows 4400+ files changed

maybe a wrong rebase?

@sschimper-splunk
Copy link
Author

Hi @zroubalik, the reason for this is the following: I wanted to push a "clean" code base with the only files being modified the scaler, scaler test, and e2e test files. I recloned the repo and edited just these files, and pushed all the files.

If this doesn't comply with git standards or caused confusion, I would like to apologise. I must admit that I have not used git and GitHub much collaboratively.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support Splunk Observability Cloud scaler
3 participants