feat: Support OAuth2 for prometheus and web providers

[OpenGuidou]

Solves #3037

Checklist:

• Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this is a chore.
• The title of the PR is (a) conventional with a list of types and scopes found here, (b) states what changed, and (c) suffixes the related issues number. E.g. "fix(controller): Updates such and such. Fixes #1234".
• I've signed my commits with DCO
• I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
• My builds are green. Try syncing with master if they are not.
• My organization is added to USERS.md.

[codecov]

Codecov Report

Attention: 3 lines in your changes are missing coverage. Please review.

Comparison is base (e788a01) 81.71% compared to head (aafd4ea) 81.79%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3038      +/-   ##
==========================================
+ Coverage   81.71%   81.79%   +0.07%     
==========================================
  Files         134      134              
  Lines       20416    20443      +27     
==========================================
+ Hits        16683    16721      +38     
+ Misses       2873     2860      -13     
- Partials      860      862       +2     

Files	Coverage Δ
metricproviders/webmetric/webmetric.go	78.23% <100.00%> (+9.34%)	⬆️
metricproviders/prometheus/prometheus.go	87.42% <86.95%> (+1.80%)	⬆️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

Go Published Test Results

2 049 tests   2 049 ✔️  2m 40s ⏱️
   118 suites         0 💤
       1 files           0 ❌

Results for commit aafd4ea.

♻️ This comment has been updated with latest results.

[github-actions]

E2E Tests Published Test Results

    4 files      4 suites   3h 38m 52s ⏱️
102 tests   91 ✔️   6 💤 5 ❌
416 runs  385 ✔️ 24 💤 7 ❌

For more details on these failures, see this check.

Results for commit aafd4ea.

♻️ This comment has been updated with latest results.

[OpenGuidou]

Hi @zachaller , can I get a review for this one ?

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
24 Code Smells

No Coverage information
18.3% Duplication

[zachaller]

I have one concern about this, I have not tested it but I think the secret could get displayed and stored in the analysis run object which then will also go down to the web ui especially with a change coming up. If that is the case I am wondering if we don't pull from the secret directly vs using args. Would you mind confirming if the oauth secret shows up in the AnalysisRun?

[zachaller]

I did find this though, actually so I have more hope that it would not show up:

argo-rollouts/analysis/analysis.go

Line 132 in 017d362

func getResolvedMetricsWithoutSecrets(metrics []v1alpha1.Metric, args []v1alpha1.Argument) ([]v1alpha1.Metric, error) {

[OpenGuidou]

Hi,
I confirm it's not showing up.
Here is a real-life example with both providers:

apiVersion: argoproj.io/v1alpha1
kind: AnalysisRun
metadata:
  creationTimestamp: "2023-08-04T07:26:43Z"
  generation: 6
  name: myapp-85f7cc46fc-74-0-compare-metrics
  namespace: my-namespace
  ownerReferences:
  - apiVersion: argoproj.io/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: Experiment
    name: myapp-85f7cc46fc-74-0
    uid: 222d2397-086d-462b-9cbf-5743dba8e136
  resourceVersion: "356066"
  uid: 5bc05a36-b73f-4649-b2f8-a97446b6ec73
spec:
  args:
  - name: app-name
    value: myapp
  - name: canary
    value: 85f7cc46fc
  - name: oauthSecret
    valueFrom:
      secretKeyRef:
        key: secret
        name: oauth-secret
  metrics:
  - count: 4
    failureLimit: 0
    interval: 1m
    name: kstream-processor-errors
    provider:
      prometheus:
        address: https://prom.url
        authentication:
          oauth2:
            clientId: myClientId
            clientSecret: '{{ args.oauthSecret }}'
            scopes:
            - myScope/.default
            tokenUrl: https://oauth.com/tenant/oauth2/v2.0/token
          sigv4: {}
        query: |
          rate(
            kstream_processor_errors_total{app_name="{{args.app-name}}",pod_controller_name=~".*-{{args.canary}}[0-9-[]*-baseline"}[1m[]
          ) - on ()
          rate(
            kstream_processor_errors_total{app_name="{{args.app-name}}",pod_controller_name=~".*-{{args.canary}}[0-9-[]*-canary"}[1m[]
          )
    successCondition: len(result) == 0 || isNaN(result[0[]) || result[0[] <= 0
  - count: 4
    failureLimit: 0
    interval: 1m
    name: kstream-processor-dropped-records
    provider:
      web:
        authentication:
          oauth2:
            clientId: myClientId
            clientSecret: '{{ args.oauthSecret }}'
            scopes:
            - myScope/.default
            tokenUrl: https://oauth.com/tenant/oauth2/v2.0/token
          sigv4: {}
        body: query=%20%20%20%20%20%20%20%20%20%20sum%20by%20%28pod_name%29%20%28%0A%20%20%20%20%20%20%20%20%20%20%20%20kafka_stream_task_dropped_records_rate%7Bapp_name%3D%22%7B%7Bargs.app-name%7D%7D%22%2Cpod_controller_name%3D~%22.%2A-%7B%7Bargs.canary%7D%7D%5B0-9-%5D%2A-baseline%22%7D%0A%20%20%20%20%20%20%20%20%20%20%29%20-%20on%20%28%29%0A%20%20%20%20%20%20%20%20%20%20sum%20by%20%28pod_name%29%20%28%0A%20%20%20%20%20%20%20%20%20%20%20%20kafka_stream_task_dropped_records_rate%7Bapp_name%3D%22%7B%7Bargs.app-name%7D%7D%22%2Cpod_controller_name%3D~%22.%2A-%7B%7Bargs.canary%7D%7D%5B0-9-%5D%2A-canary%22%7D%0A%20%20%20%20%20%20%20%20%20%20%29
        headers:
        - key: Content-Type
          value: application/x-www-form-urlencoded
        jsonPath: '{$.data.result}'
        method: POST
        url: https://prom.url/api/v1/query
    successCondition: len(result) == 0 || isNaN(result[0[]) || result[0[] <= 0
status:
  dryRunSummary: {}
  metricResults:
  - count: 4
    measurements:
    - finishedAt: "2023-08-04T07:26:45Z"
      phase: Successful
      startedAt: "2023-08-04T07:26:43Z"
      value: '[]'
    - finishedAt: "2023-08-04T07:27:46Z"
      phase: Successful
      startedAt: "2023-08-04T07:27:45Z"
      value: '[]'
    - finishedAt: "2023-08-04T07:28:48Z"
      phase: Successful
      startedAt: "2023-08-04T07:28:46Z"
      value: '[]'
    - finishedAt: "2023-08-04T07:29:49Z"
      phase: Successful
      startedAt: "2023-08-04T07:29:48Z"
      value: '[]'
    name: kstream-processor-dropped-records
    phase: Successful
    successful: 4
  - count: 4
    measurements:
    - finishedAt: "2023-08-04T07:26:45Z"
      phase: Successful
      startedAt: "2023-08-04T07:26:43Z"
      value: '[]'
    - finishedAt: "2023-08-04T07:27:46Z"
      phase: Successful
      startedAt: "2023-08-04T07:27:45Z"
      value: '[]'
    - finishedAt: "2023-08-04T07:28:47Z"
      phase: Successful
      startedAt: "2023-08-04T07:28:46Z"
      value: '[]'
    - finishedAt: "2023-08-04T07:29:48Z"
      phase: Successful
      startedAt: "2023-08-04T07:29:47Z"
      value: '[]'
    metadata:
      ResolvedPrometheusQuery: |
        rate(
          kstream_processor_errors_total{app_name="myapp",pod_controller_name=~".*-85f7cc46fc[0-9-[]*-baseline"}[1m[]
        ) - on ()
        rate(
          kstream_processor_errors_total{app_name="myapp",pod_controller_name=~".*-85f7cc46fc[0-9-[]*-canary"}[1m[]
        )
    name: kstream-processor-errors
    phase: Successful
    successful: 4
  phase: Successful
  runSummary:
    count: 2
    successful: 2
  startedAt: "2023-08-04T07:26:45Z"

[zachaller]

Thanks for the contributions!