From d6018330274335016fd6e4ec4425b1d253f15610 Mon Sep 17 00:00:00 2001 From: Andreas Maier Date: Mon, 27 Nov 2023 09:24:31 +0100 Subject: [PATCH] Use prometheus-client 0.19.0 with HTTPS/mTLS support; Fixed pip versions Details: * Used the officially released version 0.19.0 of the prometheus-client package and enabled Python versions 3.6 and 3.7 again. * Fixed pylint issue on Python 3.6 and 3.7 where it complains about the new arguments of start_http_server(). The code checks that they are used only on Python 3.8 or higher, where we have the new version of the prometheus-client package. * Fixed a dependency issue with pip on Python 3.l6 and 3.7 that came in while these Python versions were disabled. * Added Python 3.7/3.8 to normal test envs since that is the boundary where HTTPS support got introduced. Signed-off-by: Andreas Maier --- .github/workflows/test.yml | 53 +++++++++++++++++-- .safety-policy.yml | 2 + Makefile | 5 +- docs/changes.rst | 3 +- minimum-constraints.txt | 9 ++-- requirements.txt | 9 ++-- setup.py | 6 +-- .../zhmc_prometheus_exporter.py | 3 +- 8 files changed, 68 insertions(+), 22 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5f5b4d0e..a9814b91 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -33,13 +33,36 @@ jobs: # This technique documented in: # https://stackoverflow.com/questions/65384420/how-to-make-a-github-action-matrix-element-conditional # TODO: Find a way to define this with less escapes. - # TODO-PYPI: Revert changes in this file once a new version of prometheus-client (after 2023-11-09) has been released on Pypi run: | if [[ "${{ github.event_name }}" == "schedule" || "${{ github.head_ref }}" =~ ^release_ ]]; then \ echo "matrix={ \ \"os\": [ \"ubuntu-latest\", \"macos-latest\", \"windows-latest\" ], \ - \"python-version\": [ \"3.8\", \"3.9\", \"3.10\", \"3.11\", \"3.12\" ], \ - \"package_level\": [ \"minimum\", \"latest\" ] \ + \"python-version\": [ \"3.6\", \"3.7\", \"3.8\", \"3.9\", \"3.10\", \"3.11\", \"3.12\" ], \ + \"package_level\": [ \"minimum\", \"latest\" ], \ + \"exclude\": [ \ + { \ + \"os\": \"ubuntu-latest\", \ + \"python-version\": \"3.6\", \ + \"package_level\": \"minimum\" \ + }, \ + { \ + \"os\": \"ubuntu-latest\", \ + \"python-version\": \"3.6\", \ + \"package_level\": \"latest\" \ + } \ + ], \ + \"include\": [ \ + { \ + \"os\": \"ubuntu-20.04\", \ + \"python-version\": \"3.6\", \ + \"package_level\": \"minimum\" \ + }, \ + { \ + \"os\": \"ubuntu-20.04\", \ + \"python-version\": \"3.6\", \ + \"package_level\": \"latest\" \ + } \ + ] \ }" >> $GITHUB_OUTPUT; \ else \ echo "matrix={ \ @@ -47,6 +70,26 @@ jobs: \"python-version\": [ \"3.12\" ], \ \"package_level\": [ \"minimum\", \"latest\" ], \ \"include\": [ \ + { \ + \"os\": \"ubuntu-20.04\", \ + \"python-version\": \"3.6\", \ + \"package_level\": \"minimum\" \ + }, \ + { \ + \"os\": \"ubuntu-20.04\", \ + \"python-version\": \"3.6\", \ + \"package_level\": \"latest\" \ + }, \ + { \ + \"os\": \"ubuntu-latest\", \ + \"python-version\": \"3.7\", \ + \"package_level\": \"minimum\" \ + }, \ + { \ + \"os\": \"ubuntu-latest\", \ + \"python-version\": \"3.7\", \ + \"package_level\": \"latest\" \ + }, \ { \ \"os\": \"ubuntu-latest\", \ \"python-version\": \"3.8\", \ @@ -59,7 +102,7 @@ jobs: }, \ { \ \"os\": \"macos-latest\", \ - \"python-version\": \"3.8\", \ + \"python-version\": \"3.6\", \ \"package_level\": \"latest\" \ }, \ { \ @@ -74,7 +117,7 @@ jobs: }, \ { \ \"os\": \"windows-latest\", \ - \"python-version\": \"3.8\", \ + \"python-version\": \"3.6\", \ \"package_level\": \"latest\" \ }, \ { \ diff --git a/.safety-policy.yml b/.safety-policy.yml index d038736c..f0145709 100644 --- a/.safety-policy.yml +++ b/.safety-policy.yml @@ -44,6 +44,8 @@ security: reason: Fixed GitPython version 3.1.33 requires Python>=3.7 and is used there 60841: reason: Fixed GitPython version 3.1.35 requires Python>=3.7 and is used there + 62044: + reason: Fixed pip version 23.3 requires Python>=3.7 and is used there # Continue with exit code 0 when vulnerabilities are found. continue-on-vulnerability-error: False diff --git a/Makefile b/Makefile index 9e8c949e..d2e17ae0 100644 --- a/Makefile +++ b/Makefile @@ -237,9 +237,8 @@ safety: $(done_dir)/safety_$(pymn)_$(PACKAGE_LEVEL).done .PHONY: check_reqs check_reqs: $(done_dir)/develop_$(pymn)_$(PACKAGE_LEVEL).done minimum-constraints.txt requirements.txt @echo "Makefile: Checking missing dependencies of this package" -# TODO-PYPI: Re-enable once a new version of prometheus-client (after 2023-11-09) has been released on Pypi -# pip-missing-reqs $(package_name) --requirements-file=requirements.txt -# pip-missing-reqs $(package_name) --requirements-file=minimum-constraints.txt + pip-missing-reqs $(package_name) --requirements-file=requirements.txt + pip-missing-reqs $(package_name) --requirements-file=minimum-constraints.txt @echo "Makefile: Done checking missing dependencies of this package" ifeq ($(PLATFORM),Windows_native) # Reason for skipping on Windows is https://github.com/r1chardj0n3s/pip-check-reqs/issues/67 diff --git a/docs/changes.rst b/docs/changes.rst index 519553c6..921f0aa0 100644 --- a/docs/changes.rst +++ b/docs/changes.rst @@ -97,7 +97,8 @@ Released: not yet attached to a partition. (issue #346) * Added support for HTTPS and mutual TLS (mTLS) by adding a new optional section - 'prometheus' to the HMC credentials file. (issue #347) + 'prometheus' to the HMC credentials file and using prometheus-client 0.19.0. + (issue #347) * Tolerated when unknown 'resource' types are specified in the metrics.yaml file, because one possible reason for that is that a newer metrics.yaml file diff --git a/minimum-constraints.txt b/minimum-constraints.txt index b6266dc7..b75c9c4a 100644 --- a/minimum-constraints.txt +++ b/minimum-constraints.txt @@ -25,7 +25,9 @@ # pip 18.1 supports PEP-508 URLs, so the deprecated dependency_links no longer needs to be used. # Pip 20.2 introduced a new resolver whose backtracking had issues that were resolved only in 21.2.2. # pip>=21.0 is needed for the cryptography package on Windows on GitHub Actions. -pip==23.3 +# pip 22.0 removed support for py36 +pip==21.3.1; python_version == '3.6' +pip==23.3; python_version >= '3.7' # setuptools 59.7.0 removed support for py36 setuptools==59.6.0; python_version == '3.6' @@ -39,9 +41,8 @@ wheel==0.38.1; python_version >= '3.7' zhmcclient==1.9.1 -prometheus-client>=0.17.0; python_version <= '3.7' -# TODO-PYPI: Re-enable once a new version of prometheus-client (after 2023-11-09) has been released on Pypi -# prometheus-client>=0.18.x; python_version >= '3.8' +prometheus-client==0.17.1; python_version <= '3.7' +prometheus-client==0.19.0; python_version >= '3.8' urllib3==1.26.18 jsonschema==3.2.0 diff --git a/requirements.txt b/requirements.txt index e32f1154..3ee91268 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9,11 +9,10 @@ # zhmcclient @ git+https://github.com/zhmcclient/python-zhmcclient.git@master zhmcclient>=1.9.1 -# prometheus-client 0.18 has removed support for py36,37 -# TODO-PYPI: Re-enable once a new version of prometheus-client (after 2023-11-09) has been released on Pypi -# prometheus-client>=0.17.0; python_version <= '3.7' -# prometheus-client>=0.18.x; python_version >= '3.8' -prometheus-client@git+https://github.com/prometheus/client_python.git@master +# prometheus-client 0.18.0 has removed support for py36,37 +# prometheus-client 0.19.0 added support for HTTPS/mTLS, but requires py38 +prometheus-client>=0.17.1; python_version <= '3.7' +prometheus-client>=0.19.0; python_version >= '3.8' urllib3>=1.25.18 jsonschema>=3.2.0 diff --git a/setup.py b/setup.py index b613342c..ef3e290c 100644 --- a/setup.py +++ b/setup.py @@ -122,9 +122,7 @@ def read_file(a_file): # Keep these Python versions in sync with: # - Section "Supported environments" in docs/intro.rst - # TODO-PYPI: Revert changes in this file once a new version of - # prometheus-client (after 2023-11-09) has been released on Pypi - python_requires='>=3.8', + python_requires='>=3.6', classifiers=[ 'Development Status :: 5 - Production/Stable', 'Environment :: Console', @@ -132,6 +130,8 @@ def read_file(a_file): 'License :: OSI Approved :: Apache Software License', 'Operating System :: OS Independent', 'Programming Language :: Python :: 3', + 'Programming Language :: Python :: 3.6', + 'Programming Language :: Python :: 3.7', 'Programming Language :: Python :: 3.8', 'Programming Language :: Python :: 3.9', 'Programming Language :: Python :: 3.10', diff --git a/zhmc_prometheus_exporter/zhmc_prometheus_exporter.py b/zhmc_prometheus_exporter/zhmc_prometheus_exporter.py index 1220ca45..a51fb6c2 100755 --- a/zhmc_prometheus_exporter/zhmc_prometheus_exporter.py +++ b/zhmc_prometheus_exporter/zhmc_prometheus_exporter.py @@ -1935,13 +1935,14 @@ def main(): if server_cert_file: try: + # pylint: disable=unexpected-keyword-arg start_http_server( port=port, certfile=server_cert_file, keyfile=server_key_file, client_cafile=ca_cert_file, client_auth_required=(ca_cert_file is not None)) - # pylint_ disable=broad-exception + # pylint: disable=broad-exception except Exception as exc: # We catch Exception for now in order to investigate the # issue that with ssl.SSLEOFError being raised occasionally.