refactor code

internal/controller/cluster_monitoring_controller.go

@@ -120,16 +120,16 @@ func (r *ClusterMonitoringReconciler) reconcile(ctx context.Context, cluster *cl
 		}
 	}
 
-	// Create or update PrometheusAgent remote write configuration.
-	err := r.PrometheusAgentService.ReconcileRemoteWriteConfiguration(ctx, cluster)
+	err := r.MimirService.ConfigureMimir(ctx, r.ManagementCluster.Name)
 	if err != nil {
-		logger.Error(err, "failed to create or update prometheus agent remote write config")
+		logger.Error(err, "failed to configure mimir")
 		return ctrl.Result{RequeueAfter: 5 * time.Minute}, errors.WithStack(err)
 	}
 
-	err = r.MimirService.ConfigureMimir(ctx, r.ManagementCluster.Name)
+	// Create or update PrometheusAgent remote write configuration.
+	err = r.PrometheusAgentService.ReconcileRemoteWriteConfiguration(ctx, cluster)
 	if err != nil {
-		logger.Error(err, "failed to configure mimir")
+		logger.Error(err, "failed to create or update prometheus agent remote write config")
 		return ctrl.Result{RequeueAfter: 5 * time.Minute}, errors.WithStack(err)
 	}
 
@@ -148,15 +148,15 @@ func (r *ClusterMonitoringReconciler) reconcileDelete(ctx context.Context, clust
 			}
 		}
 
-		err := r.PrometheusAgentService.DeleteRemoteWriteConfiguration(ctx, cluster)
+		err := r.MimirService.DeleteIngressSecret(ctx)
 		if err != nil {
-			logger.Error(err, "failed to delete prometheus agent remote write config")
+			logger.Error(err, "failed to delete mimir ingress secret")
 			return ctrl.Result{RequeueAfter: 5 * time.Minute}, errors.WithStack(err)
 		}
 
-		err = r.MimirService.DeleteIngressSecret(ctx)
+		err = r.PrometheusAgentService.DeleteRemoteWriteConfiguration(ctx, cluster)
 		if err != nil {
-			logger.Error(err, "failed to delete mimir ingress secret")
+			logger.Error(err, "failed to delete prometheus agent remote write config")
 			return ctrl.Result{RequeueAfter: 5 * time.Minute}, errors.WithStack(err)
 		}
 

main.go

@@ -41,6 +41,7 @@ import (
 	"github.com/giantswarm/observability-operator/pkg/common"
 	"github.com/giantswarm/observability-operator/pkg/common/organization"
 	"github.com/giantswarm/observability-operator/pkg/common/password"
+	"github.com/giantswarm/observability-operator/pkg/common/secret"
 	"github.com/giantswarm/observability-operator/pkg/monitoring/heartbeat"
 	"github.com/giantswarm/observability-operator/pkg/monitoring/mimir"
 	"github.com/giantswarm/observability-operator/pkg/monitoring/prometheusagent"
@@ -197,7 +198,9 @@ func main() {
 	}
 
 	mimirService := mimir.MimirService{
-		Client: mgr.GetClient(),
+		Client:          mgr.GetClient(),
+		PasswordManager: password.SimpleManager{},
+		SecretManager:   secret.SimpleManager{},
 	}
 
 	if err = (&controller.ClusterMonitoringReconciler{

pkg/common/password/manager.go

@@ -3,10 +3,12 @@ package password
 import (
 	"crypto/rand"
 	"encoding/hex"
+	"os/exec"
 )
 
 type Manager interface {
 	GeneratePassword(length int) (string, error)
+	GenerateHtpasswd(username string, password string) (string, error)
 }
 
 type SimpleManager struct {
@@ -19,3 +21,11 @@ func (m SimpleManager) GeneratePassword(length int) (string, error) {
 	}
 	return hex.EncodeToString(bytes), nil
 }
+
+func (m SimpleManager) GenerateHtpasswd(username string, password string) (string, error) {
+	htpasswd, err := exec.Command("htpasswd", "-bn", username, password).Output()
+	if err != nil {
+		return "", err
+	}
+	return string(htpasswd), nil
+}

pkg/common/secret/manager.go

@@ -0,0 +1,34 @@
+package secret
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/giantswarm/observability-operator/pkg/monitoring"
+)
+
+type Manager interface {
+	GenerateGenericSecret(secretName string, secretNamespace string, key string, value string) (*corev1.Secret, error)
+}
+
+type SimpleManager struct {
+}
+
+func (m SimpleManager) GenerateGenericSecret(secretName string, secretNamespace string,
+	key string, value string) (*corev1.Secret, error) {
+	secret := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      secretName,
+			Namespace: secretNamespace,
+			Finalizers: []string{
+				monitoring.MonitoringFinalizer,
+			},
+		},
+		Data: map[string][]byte{
+			key: []byte(value),
+		},
+		Type: "Opaque",
+	}
+
+	return secret, nil
+}

pkg/monitoring/mimir/service.go

@@ -12,21 +12,38 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
+	"github.com/giantswarm/observability-operator/pkg/common/password"
+	"github.com/giantswarm/observability-operator/pkg/common/secret"
 	"github.com/giantswarm/observability-operator/pkg/monitoring"
-	"github.com/giantswarm/observability-operator/pkg/monitoring/mimir/ingress"
+	"github.com/giantswarm/observability-operator/pkg/monitoring/prometheusagent"
+)
+
+const (
+	ingressSecretName      = "mimir-gateway-ingress"
+	ingressSecretNamespace = "mimir"
+	credsSecretName        = "mimir-basic-auth"
+	credsSecretNamespace   = "mimir"
 )
 
 type MimirService struct {
 	client.Client
+	PasswordManager password.Manager
+	SecretManager   secret.Manager
 }
 
 func (ms *MimirService) ConfigureMimir(ctx context.Context, mc string) error {
 	logger := log.FromContext(ctx).WithValues("cluster", mc)
 	logger.Info("ensuring mimir config")
 
-	err := ms.CreateIngressSecret(ctx, mc, logger)
+	err := ms.CreateAuthSecret(ctx, logger, mc)
+	if err != nil {
+		logger.Error(err, "failed to create mimit auth secret")
+		return errors.WithStack(err)
+	}
+
+	err = ms.CreateIngressSecret(ctx, mc, logger)
 	if err != nil {
-		logger.Error(err, "failed to create or update mimir config")
+		logger.Error(err, "failed to create mimir ingress secret")
 		return errors.WithStack(err)
 	}
 
@@ -35,6 +52,44 @@ func (ms *MimirService) ConfigureMimir(ctx context.Context, mc string) error {
 	return nil
 }
 
+func (ms *MimirService) CreateAuthSecret(ctx context.Context, logger logr.Logger, mc string) error {
+	objectKey := client.ObjectKey{
+		Name:      credsSecretName,
+		Namespace: credsSecretNamespace,
+	}
+
+	current := &corev1.Secret{}
+	err := ms.Client.Get(ctx, objectKey, current)
+	if apierrors.IsNotFound(err) {
+		logger.Info("Building auth secret")
+
+		password, err := ms.PasswordManager.GeneratePassword(32)
+		if err != nil {
+			return errors.WithStack(err)
+		}
+
+		secretdata := mc + ":" + password
+
+		secret, err := ms.SecretManager.GenerateGenericSecret(credsSecretName, credsSecretNamespace, "credentials", secretdata)
+		if err != nil {
+			return errors.WithStack(err)
+		}
+
+		err = ms.Client.Create(ctx, secret)
+		if err != nil {
+			return errors.WithStack(err)
+		}
+
+		logger.Info("Auth secret successfully created")
+
+		return nil
+	} else if err != nil {
+		return errors.WithStack(err)
+	}
+
+	return nil
+}
+
 func (ms *MimirService) CreateIngressSecret(ctx context.Context, mc string, logger logr.Logger) error {
 	objectKey := client.ObjectKey{
 		Name:      ingressSecretName,
@@ -47,15 +102,21 @@ func (ms *MimirService) CreateIngressSecret(ctx context.Context, mc string, logg
 		// CREATE SECRET
 		logger.Info("building ingress secret")
 
-		password, err := GetMimirIngressPassword(ctx, mc)
+		password, err := prometheusagent.GetMimirIngressPassword(ctx)
 		if err != nil {
 			return errors.WithStack(err)
 		}
 
-		secret, err := ingress.BuildIngressSecret(mc, password)
+		htpasswd, err := ms.PasswordManager.GenerateHtpasswd("whatever", password)
 		if err != nil {
 			return errors.WithStack(err)
 		}
+
+		secret, err := ms.SecretManager.GenerateGenericSecret(ingressSecretName, ingressSecretNamespace, "auth", htpasswd)
+		if err != nil {
+			return errors.WithStack(err)
+		}
+
 		err = ms.Client.Create(ctx, secret)
 		if err != nil {
 			return errors.WithStack(err)
@@ -93,7 +154,6 @@ func (ms *MimirService) DeleteIngressSecret(ctx context.Context) error {
 	controllerutil.RemoveFinalizer(desired, monitoring.MonitoringFinalizer)
 	err = ms.Client.Patch(ctx, current, client.MergeFrom(desired))
 	if err != nil {
-		fmt.Println("ERROR REMOVING FINALIZER")
 		return errors.WithStack(err)
 	}