[ROB-1923] - amp irsa support

[Avi-Robusta]

No description provided.

[coderabbitai]

Walkthrough

Dependency versions were updated in pyproject.toml and requirements.txt. Prometheus AWS configuration gained optional AWS profile support and passes through session tokens. A Prometheus metrics service warning log now includes the result count and query string. No other control flow or packaging structure changes were made.

Changes

Cohort / File(s)	Summary
Dependencies and constraints pyproject.toml, requirements.txt	Bumped prometrix to 0.2.2. Updated prometrix, setuptools, urllib3, zipp. Adjusted markers for importlib-resources and zipp. Split typer[all] into typer and added tenacity explicitly with Python gates.
Prometheus AWS config/auth handling robusta_krr/core/integrations/prometheus/prometheus_utils.py	Added optional AWS profile to boto3 session creation. Collected and passed session credential token (may be None) into AWSPrometheusConfig. No changes to non-AWS paths.
Prometheus query logging robusta_krr/core/integrations/prometheus/metrics_service/prometheus_metrics_service.py	Expanded warning log when query result count != 1 to include actual count and query string; control flow unchanged.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User as Caller
  participant Settings as Settings
  participant Utils as PrometheusUtils
  participant B3 as boto3.Session
  participant APS as AWSPrometheusConfig
  participant PC as PrometheusClient

  User->>Utils: build_prometheus_config(Settings)
  alt AWS-managed Prometheus
    Utils->>B3: create Session(profile_name?) 
    Note right of B3: Uses default session if no profile provided
    B3-->>Utils: credentials (access_key, secret_key, token?)
    Utils->>APS: new AWSPrometheusConfig(region, service_name, access_key?, secret_key?, token)
    APS-->>Utils: config
  else Other backends (Coralogix/Victoria/Default)
    Utils-->>User: corresponding config
  end
  Utils->>PC: instantiate client with config
  PC-->>User: client ready
  note over APS,PC: Token is forwarded when present

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• ROB-1415 update prometrix #438 — Also bumps the prometrix dependency (0.2.0→0.2.1), preceding the current version bump path to 0.2.2.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 9255fc3 and cb300d9.

⛔ Files ignored due to path filters (1)

• poetry.lock is excluded by !**/*.lock

📒 Files selected for processing (3)

• pyproject.toml (1 hunks)
• requirements.txt (3 hunks)
• robusta_krr/core/integrations/prometheus/prometheus_utils.py (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• robusta_krr/core/integrations/prometheus/prometheus_utils.py
• pyproject.toml
• requirements.txt

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch aws-irsa-support

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

pyproject.toml (1)

25-44: Add missing boto3 dependency to Poetry

The import scan confirms that robusta_krr/core/integrations/prometheus/prometheus_utils.py uses import boto3 (line 5), but pyproject.toml’s [tool.poetry.dependencies] section does not list boto3, which will cause Poetry-based installations to fail.

• robusta_krr/core/integrations/prometheus/prometheus_utils.py:
– line 5: import boto3
• pyproject.toml – [tool.poetry.dependencies] missing boto3

Suggested patch:

 [tool.poetry.dependencies]
 python = ">=3.9,<=3.12.9"
 typer = { extras = ["all"], version = "^0.7.0" }
 pydantic = "^1.10.7"
 kubernetes = "^26.1.0"
 prometheus-api-client = "0.5.3"
 numpy = ">=1.26.4,<1.27.0"
 alive-progress = "^3.1.2"
+ boto3 = "^1.34.62"
 slack-sdk = "^3.21.3"
 pandas = "2.2.2"
 requests = "2.32.0"
 pyyaml = "6.0.1"
 typing-extensions = "4.6.0"
 idna = "3.7"
 urllib3 = "^1.26.20"
 setuptools = "^80.9.0"
 zipp = "^3.19.1"
 tenacity = "^9.0.0"

robusta_krr/core/integrations/prometheus/prometheus_utils.py (1)

41-55: Guard against missing AWS credentials in default session

session.get_credentials() can return None. Dereferencing it (freezing, accessing fields) will raise. Add a check and raise a clear, actionable error that hints at IRSA or environment setup.

-        credentials = session.get_credentials()
+        credentials = session.get_credentials()
         region = settings.eks_managed_prom_region if settings.eks_managed_prom_region else session.region_name
         token = None
         
         if settings.eks_access_key and settings.eks_secret_key:
@@
-        else:
+        else:
             # we need at least one parameter from credentials, but we should use whatever we can from settings (this has higher precedence)
-            credentials = credentials.get_frozen_credentials()
+            if credentials is None:
+                raise RuntimeError(
+                    "No AWS credentials found. Provide eks_access_key/eks_secret_key or configure the environment/IRSA/profile."
+                )
+            credentials = credentials.get_frozen_credentials()
             access_key = settings.eks_access_key if settings.eks_access_key else credentials.access_key
             secret_key = settings.eks_secret_key.get_secret_value() if settings.eks_secret_key else credentials.secret_key
             token = credentials.token

🧹 Nitpick comments (4)

robusta_krr/core/integrations/prometheus/metrics_service/prometheus_metrics_service.py (1)

127-133: Use total_seconds() when formatting PromQL step to avoid day-truncation

timedelta.seconds ignores days. If we ever pass a step ≥ 24h, it will be truncated. Use int(step.total_seconds()) instead.

-            lambda: self.prometheus.safe_custom_query_range(
-                query=query, start_time=start, end_time=end, step=f"{step.seconds}s"
-            )["result"],
+            lambda: self.prometheus.safe_custom_query_range(
+                query=query,
+                start_time=start,
+                end_time=end,
+                step=f"{int(step.total_seconds())}s",
+            )["result"],

robusta_krr/core/integrations/prometheus/prometheus_utils.py (3)

37-41: AWS profile support — good addition; consider helpful error for bad profile

Selecting a session via profile_name is great. If the named profile is missing, boto3 raises ProfileNotFound. Consider catching that to output a clearer message that mentions the setting name.

Example:

-        session = boto3.Session(profile_name=settings.eks_managed_prom_profile_name)
+        try:
+            session = boto3.Session(profile_name=settings.eks_managed_prom_profile_name)
+        except Exception as e:
+            # boto3.exceptions.ProfileNotFound or similar
+            raise RuntimeError(
+                f"EKS Managed Prometheus profile '{settings.eks_managed_prom_profile_name}' not found"
+            ) from e

---

45-55: Optional: allow explicit session token in settings (if available)

If the settings model exposes a session token (e.g., eks_session_token), prefer it over credentials.token to support explicitly-provided temporary creds. If not present, ignore.

---

56-56: Service name selection may be surprising

service_name = settings.eks_service_name if settings.eks_secret_key else "aps" ties the choice to whether a secret key was provided. If the intent is “use provided override when set, else default to 'aps'”, consider:

-        service_name = settings.eks_service_name if settings.eks_secret_key else "aps"
+        service_name = settings.eks_service_name or "aps"

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 97b49a5 and 9255fc3.

⛔ Files ignored due to path filters (1)

• poetry.lock is excluded by !**/*.lock

📒 Files selected for processing (4)

• pyproject.toml (1 hunks)
• requirements.txt (3 hunks)
• robusta_krr/core/integrations/prometheus/metrics_service/prometheus_metrics_service.py (1 hunks)
• robusta_krr/core/integrations/prometheus/prometheus_utils.py (3 hunks)

🔇 Additional comments (4)

robusta_krr/core/integrations/prometheus/metrics_service/prometheus_metrics_service.py (1)

216-221: More actionable warning — good improvement

Including the actual series count and the original query in the warning will make triage much easier when queries accidentally return 0 or multiple series. LGTM.

pyproject.toml (1)

33-33: Align prometrix to version 0.2.2a3 across all manifests

Verified via direct inspection that the AWSPrometheusConfig model in both 0.2.2a2 and 0.2.2a3 includes a token field, so upgrading is safe and avoids drift:

• pyproject.toml (line 33):

  - prometrix = {version = "0.2.2a2", allow-prereleases = true}
  + prometrix = {version = "0.2.2a3", allow-prereleases = true}

• Regenerate your requirements.txt to match Poetry’s lockfile:

  poetry export -f requirements.txt --without-hashes -o requirements.txt

  (or run pip-compile if you’re using pip-tools)

This alignment ensures that both build paths use the same prometrix version and prevents any “unexpected keyword argument” errors when passing token to AWSPrometheusConfig.

requirements.txt (1)

49-50: Confirm shellingham pin or intentional omission

Typer’s all extra for version 0.7.0 includes both rich and shellingham for nicely formatted errors and automatic shell detection, respectively (pypi.org). Your requirements.txt already pins rich and the transitive colorama, but does not include shellingham.

Please choose one:

• If you need automatic shell detection for --install-completion, add under the same Python markers:

   tenacity==9.0.0  ; python_version >= "3.9" and python_full_version < "3.13"
   typer==0.7.0    ; python_version >= "3.9" and python_full_version < "3.13"
  + shellingham==1.5.4  ; python_version >= "3.9" and python_full_version < "3.13"

• Otherwise, confirm that omitting shellingham is intentional and that you won’t need the --install-completion UX.

robusta_krr/core/integrations/prometheus/prometheus_utils.py (1)

60-67: Ensure prometrix Dependency Supports the token Kwarg

Forwarding the session token for IRSA/temporary credentials is correct, but before merging:

• Verify that the prometrix package version you’ve pinned (in both pyproject.toml and requirements.txt) actually supports passing a token parameter to AWSPrometheusConfig.
• If you’re unsure which version introduced this feature, check the prometrix changelog or run:

  pip show prometrix

  or

  poetry show prometrix

  and confirm the minimum version that includes the token argument.
• Update your dependency constraint accordingly (e.g. prometrix>=<min_version>) to prevent runtime failures if older releases lack this keyword.

[arikalon1]

nice work
some minor comments