From 150292197be06da0eddbc980f6acb1ce02bdfc5a Mon Sep 17 00:00:00 2001 From: Sam McBroom Date: Mon, 6 Oct 2025 13:47:19 -0700 Subject: [PATCH] feat: add support for configuring `use_fips_sts_endpoint` in sigv4 config Using `AWS_USE_FIPS_ENDPOINT` to configure FIPS endpoint usage no longer works (see https://github.com/prometheus/prometheus/issues/16752). This must be done using the `use_fips_sts_endpoint` config option added in https://github.com/prometheus/common/pull/649. It is also available in the new sigv4 package: https://github.com/prometheus/sigv4. Fixes #7986 Signed-off-by: Sam McBroom --- .github/workflows/cspell.json | 6 +- Documentation/api-reference/api.md | 13 ++++ bundle.yaml | 25 ++++++ ...toring.coreos.com_alertmanagerconfigs.yaml | 10 +++ ...onitoring.coreos.com_prometheusagents.yaml | 5 ++ .../monitoring.coreos.com_prometheuses.yaml | 10 +++ .../monitoring.coreos.com_thanosrulers.yaml | 5 ++ ...toring.coreos.com_alertmanagerconfigs.yaml | 5 ++ ...onitoring.coreos.com_prometheusagents.yaml | 5 ++ .../monitoring.coreos.com_prometheuses.yaml | 10 +++ .../monitoring.coreos.com_thanosrulers.yaml | 5 ++ .../alertmanagerconfigs-crd.json | 4 + .../alertmanagerconfigs-v1beta1-crd.libsonnet | 4 + .../prometheusagents-crd.json | 4 + .../prometheus-operator/prometheuses-crd.json | 8 ++ .../prometheus-operator/thanosrulers-crd.json | 4 + pkg/apis/monitoring/v1/prometheus_types.go | 5 ++ .../monitoring/v1/zz_generated.deepcopy.go | 5 ++ .../applyconfiguration/monitoring/v1/sigv4.go | 19 +++-- pkg/prometheus/promcfg.go | 4 + pkg/prometheus/promcfg_test.go | 78 +++++++++++++++++++ .../testdata/RemoteWriteConfig_v2.53.0.golden | 26 +++++++ .../testdata/RemoteWriteConfig_v2.54.0.golden | 27 +++++++ 23 files changed, 280 insertions(+), 7 deletions(-) create mode 100644 pkg/prometheus/testdata/RemoteWriteConfig_v2.53.0.golden create mode 100644 pkg/prometheus/testdata/RemoteWriteConfig_v2.54.0.golden diff --git a/.github/workflows/cspell.json b/.github/workflows/cspell.json index 1a50e1593..13e516098 100644 --- a/.github/workflows/cspell.json +++ b/.github/workflows/cspell.json @@ -417,6 +417,8 @@ "authzed", "resolv", "finalizer", - "selfsigned" + "selfsigned", + "FIPS", + "FIPSSTS" ] -} \ No newline at end of file +} diff --git a/Documentation/api-reference/api.md b/Documentation/api-reference/api.md index 6dfe374d4..aa7ec43cc 100644 --- a/Documentation/api-reference/api.md +++ b/Documentation/api-reference/api.md @@ -18481,6 +18481,19 @@ string

roleArn defines the named AWS profile used to authenticate.

+ + +useFIPSSTSEndpoint
+ +bool + + + +(Optional) +

useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. +It requires Prometheus >= v2.54.0.

+ +

StorageSpec diff --git a/bundle.yaml b/bundle.yaml index 5a434c349..59bdc566b 100644 --- a/bundle.yaml +++ b/bundle.yaml @@ -8048,6 +8048,11 @@ spec: - key type: object x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean type: object subject: description: |- @@ -30932,6 +30937,11 @@ spec: - key type: object x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean type: object tlsConfig: description: tlsConfig to use for the URL. @@ -37581,6 +37591,11 @@ spec: - key type: object x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean type: object timeout: description: timeout defines a per-target Alertmanager timeout @@ -43822,6 +43837,11 @@ spec: - key type: object x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean type: object tlsConfig: description: tlsConfig to use for the URL. @@ -69737,6 +69757,11 @@ spec: - key type: object x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean type: object tlsConfig: description: tlsConfig to use for the URL. diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagerconfigs.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagerconfigs.yaml index f32faba8d..3d55174ec 100644 --- a/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagerconfigs.yaml +++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagerconfigs.yaml @@ -8047,6 +8047,11 @@ spec: - key type: object x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean type: object subject: description: |- @@ -19869,6 +19874,11 @@ spec: - key type: object x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean type: object subject: description: |- diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusagents.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusagents.yaml index bfad096e8..f9f48821b 100644 --- a/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusagents.yaml +++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusagents.yaml @@ -6248,6 +6248,11 @@ spec: - key type: object x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean type: object tlsConfig: description: tlsConfig to use for the URL. diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheuses.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheuses.yaml index 739e062f7..e2749c5b3 100644 --- a/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheuses.yaml +++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheuses.yaml @@ -1585,6 +1585,11 @@ spec: - key type: object x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean type: object timeout: description: timeout defines a per-target Alertmanager timeout @@ -7826,6 +7831,11 @@ spec: - key type: object x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean type: object tlsConfig: description: tlsConfig to use for the URL. diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_thanosrulers.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_thanosrulers.yaml index f5669c404..84068cde0 100644 --- a/example/prometheus-operator-crd-full/monitoring.coreos.com_thanosrulers.yaml +++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_thanosrulers.yaml @@ -5591,6 +5591,11 @@ spec: - key type: object x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean type: object tlsConfig: description: tlsConfig to use for the URL. diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml index a8dbb0a0d..b764037d1 100644 --- a/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +++ b/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml @@ -8048,6 +8048,11 @@ spec: - key type: object x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean type: object subject: description: |- diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml index ad94ed02e..9e541b821 100644 --- a/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +++ b/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml @@ -6249,6 +6249,11 @@ spec: - key type: object x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean type: object tlsConfig: description: tlsConfig to use for the URL. diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml index 0d7719fed..8415c0410 100644 --- a/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +++ b/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml @@ -1586,6 +1586,11 @@ spec: - key type: object x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean type: object timeout: description: timeout defines a per-target Alertmanager timeout @@ -7827,6 +7832,11 @@ spec: - key type: object x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean type: object tlsConfig: description: tlsConfig to use for the URL. diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml index 7795d6162..dbfa1f844 100644 --- a/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +++ b/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml @@ -5592,6 +5592,11 @@ spec: - key type: object x-kubernetes-map-type: atomic + useFIPSSTSEndpoint: + description: |- + useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. + It requires Prometheus >= v2.54.0. + type: boolean type: object tlsConfig: description: tlsConfig to use for the URL. diff --git a/jsonnet/prometheus-operator/alertmanagerconfigs-crd.json b/jsonnet/prometheus-operator/alertmanagerconfigs-crd.json index 781ab1b9d..41027dfa8 100644 --- a/jsonnet/prometheus-operator/alertmanagerconfigs-crd.json +++ b/jsonnet/prometheus-operator/alertmanagerconfigs-crd.json @@ -7324,6 +7324,10 @@ ], "type": "object", "x-kubernetes-map-type": "atomic" + }, + "useFIPSSTSEndpoint": { + "description": "useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint.\nIt requires Prometheus >= v2.54.0.", + "type": "boolean" } }, "type": "object" diff --git a/jsonnet/prometheus-operator/alertmanagerconfigs-v1beta1-crd.libsonnet b/jsonnet/prometheus-operator/alertmanagerconfigs-v1beta1-crd.libsonnet index 76c3d62e0..e1cbf2749 100644 --- a/jsonnet/prometheus-operator/alertmanagerconfigs-v1beta1-crd.libsonnet +++ b/jsonnet/prometheus-operator/alertmanagerconfigs-v1beta1-crd.libsonnet @@ -7142,6 +7142,10 @@ type: 'object', 'x-kubernetes-map-type': 'atomic', }, + useFIPSSTSEndpoint: { + description: 'useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint.\nIt requires Prometheus >= v2.54.0.', + type: 'boolean', + }, }, type: 'object', }, diff --git a/jsonnet/prometheus-operator/prometheusagents-crd.json b/jsonnet/prometheus-operator/prometheusagents-crd.json index 7f809ac25..3615df942 100644 --- a/jsonnet/prometheus-operator/prometheusagents-crd.json +++ b/jsonnet/prometheus-operator/prometheusagents-crd.json @@ -5277,6 +5277,10 @@ ], "type": "object", "x-kubernetes-map-type": "atomic" + }, + "useFIPSSTSEndpoint": { + "description": "useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint.\nIt requires Prometheus >= v2.54.0.", + "type": "boolean" } }, "type": "object" diff --git a/jsonnet/prometheus-operator/prometheuses-crd.json b/jsonnet/prometheus-operator/prometheuses-crd.json index 28a626952..4942bbf97 100644 --- a/jsonnet/prometheus-operator/prometheuses-crd.json +++ b/jsonnet/prometheus-operator/prometheuses-crd.json @@ -1315,6 +1315,10 @@ ], "type": "object", "x-kubernetes-map-type": "atomic" + }, + "useFIPSSTSEndpoint": { + "description": "useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint.\nIt requires Prometheus >= v2.54.0.", + "type": "boolean" } }, "type": "object" @@ -6656,6 +6660,10 @@ ], "type": "object", "x-kubernetes-map-type": "atomic" + }, + "useFIPSSTSEndpoint": { + "description": "useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint.\nIt requires Prometheus >= v2.54.0.", + "type": "boolean" } }, "type": "object" diff --git a/jsonnet/prometheus-operator/thanosrulers-crd.json b/jsonnet/prometheus-operator/thanosrulers-crd.json index 0919f5e44..6fd12ad4e 100644 --- a/jsonnet/prometheus-operator/thanosrulers-crd.json +++ b/jsonnet/prometheus-operator/thanosrulers-crd.json @@ -4847,6 +4847,10 @@ ], "type": "object", "x-kubernetes-map-type": "atomic" + }, + "useFIPSSTSEndpoint": { + "description": "useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint.\nIt requires Prometheus >= v2.54.0.", + "type": "boolean" } }, "type": "object" diff --git a/pkg/apis/monitoring/v1/prometheus_types.go b/pkg/apis/monitoring/v1/prometheus_types.go index 22b556850..71427906e 100644 --- a/pkg/apis/monitoring/v1/prometheus_types.go +++ b/pkg/apis/monitoring/v1/prometheus_types.go @@ -1863,6 +1863,11 @@ type Sigv4 struct { // roleArn defines the named AWS profile used to authenticate. // +optional RoleArn string `json:"roleArn,omitempty"` + // useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. + // It requires Prometheus >= v2.54.0. + // + // +optional + UseFIPSSTSEndpoint *bool `json:"useFIPSSTSEndpoint,omitempty"` } // AzureAD defines the configuration for remote write's azuread parameters. diff --git a/pkg/apis/monitoring/v1/zz_generated.deepcopy.go b/pkg/apis/monitoring/v1/zz_generated.deepcopy.go index a69ee4bdf..7b0027a84 100644 --- a/pkg/apis/monitoring/v1/zz_generated.deepcopy.go +++ b/pkg/apis/monitoring/v1/zz_generated.deepcopy.go @@ -3598,6 +3598,11 @@ func (in *Sigv4) DeepCopyInto(out *Sigv4) { *out = new(corev1.SecretKeySelector) (*in).DeepCopyInto(*out) } + if in.UseFIPSSTSEndpoint != nil { + in, out := &in.UseFIPSSTSEndpoint, &out.UseFIPSSTSEndpoint + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Sigv4. diff --git a/pkg/client/applyconfiguration/monitoring/v1/sigv4.go b/pkg/client/applyconfiguration/monitoring/v1/sigv4.go index d738fe2e6..3a053c532 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/sigv4.go +++ b/pkg/client/applyconfiguration/monitoring/v1/sigv4.go @@ -23,11 +23,12 @@ import ( // Sigv4ApplyConfiguration represents a declarative configuration of the Sigv4 type for use // with apply. type Sigv4ApplyConfiguration struct { - Region *string `json:"region,omitempty"` - AccessKey *corev1.SecretKeySelector `json:"accessKey,omitempty"` - SecretKey *corev1.SecretKeySelector `json:"secretKey,omitempty"` - Profile *string `json:"profile,omitempty"` - RoleArn *string `json:"roleArn,omitempty"` + Region *string `json:"region,omitempty"` + AccessKey *corev1.SecretKeySelector `json:"accessKey,omitempty"` + SecretKey *corev1.SecretKeySelector `json:"secretKey,omitempty"` + Profile *string `json:"profile,omitempty"` + RoleArn *string `json:"roleArn,omitempty"` + UseFIPSSTSEndpoint *bool `json:"useFIPSSTSEndpoint,omitempty"` } // Sigv4ApplyConfiguration constructs a declarative configuration of the Sigv4 type for use with @@ -75,3 +76,11 @@ func (b *Sigv4ApplyConfiguration) WithRoleArn(value string) *Sigv4ApplyConfigura b.RoleArn = &value return b } + +// WithUseFIPSSTSEndpoint sets the UseFIPSSTSEndpoint field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UseFIPSSTSEndpoint field is set to the value of the last call. +func (b *Sigv4ApplyConfiguration) WithUseFIPSSTSEndpoint(value bool) *Sigv4ApplyConfiguration { + b.UseFIPSSTSEndpoint = &value + return b +} diff --git a/pkg/prometheus/promcfg.go b/pkg/prometheus/promcfg.go index bded3c4cb..ebac9cd23 100644 --- a/pkg/prometheus/promcfg.go +++ b/pkg/prometheus/promcfg.go @@ -663,6 +663,10 @@ func (cg *ConfigGenerator) addSigv4ToYaml(cfg yaml.MapSlice, sigv4Cfg = append(sigv4Cfg, yaml.MapItem{Key: "role_arn", Value: sigv4.RoleArn}) } + if sigv4.UseFIPSSTSEndpoint != nil { + sigv4Cfg = cg.WithMinimumVersion("2.54.0").AppendMapItem(sigv4Cfg, "use_fips_sts_endpoint", *sigv4.UseFIPSSTSEndpoint) + } + return cg.WithKeyVals("component", strings.Split(assetStoreKey, "/")[0]).AppendMapItem(cfg, "sigv4", sigv4Cfg) } diff --git a/pkg/prometheus/promcfg_test.go b/pkg/prometheus/promcfg_test.go index 661f9627a..cba00713f 100644 --- a/pkg/prometheus/promcfg_test.go +++ b/pkg/prometheus/promcfg_test.go @@ -4364,6 +4364,84 @@ func TestRemoteWriteConfig(t *testing.T) { }, golden: "RemoteWriteConfig_v2.29.0_MaxSamplesPerSendMetadataConfig.golden", }, + { + version: "v2.53.0", + remoteWrite: monitoringv1.RemoteWriteSpec{ + URL: "http://example.com", + Sigv4: &monitoringv1.Sigv4{ + Profile: "profilename", + RoleArn: "arn:aws:iam::123456789012:instance-profile/prometheus", + AccessKey: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "sigv4-secret", + }, + Key: "access-key", + }, + SecretKey: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "sigv4-secret", + }, + Key: "secret-key", + }, + Region: "us-central-0", + UseFIPSSTSEndpoint: ptr.To(true), + }, + QueueConfig: &monitoringv1.QueueConfig{ + Capacity: 1000, + MinShards: 1, + MaxShards: 10, + MaxSamplesPerSend: 100, + BatchSendDeadline: ptr.To(monitoringv1.Duration("20s")), + MaxRetries: 3, + MinBackoff: ptr.To(monitoringv1.Duration("1s")), + MaxBackoff: ptr.To(monitoringv1.Duration("10s")), + }, + MetadataConfig: &monitoringv1.MetadataConfig{ + Send: false, + SendInterval: "1m", + }, + }, + golden: "RemoteWriteConfig_v2.53.0.golden", + }, + { + version: "v2.54.0", + remoteWrite: monitoringv1.RemoteWriteSpec{ + URL: "http://example.com", + Sigv4: &monitoringv1.Sigv4{ + Profile: "profilename", + RoleArn: "arn:aws:iam::123456789012:instance-profile/prometheus", + AccessKey: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "sigv4-secret", + }, + Key: "access-key", + }, + SecretKey: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "sigv4-secret", + }, + Key: "secret-key", + }, + Region: "us-central-0", + UseFIPSSTSEndpoint: ptr.To(true), + }, + QueueConfig: &monitoringv1.QueueConfig{ + Capacity: 1000, + MinShards: 1, + MaxShards: 10, + MaxSamplesPerSend: 100, + BatchSendDeadline: ptr.To(monitoringv1.Duration("20s")), + MaxRetries: 3, + MinBackoff: ptr.To(monitoringv1.Duration("1s")), + MaxBackoff: ptr.To(monitoringv1.Duration("10s")), + }, + MetadataConfig: &monitoringv1.MetadataConfig{ + Send: false, + SendInterval: "1m", + }, + }, + golden: "RemoteWriteConfig_v2.54.0.golden", + }, } { t.Run(fmt.Sprintf("i=%d,version=%s", i, tc.version), func(t *testing.T) { p := defaultPrometheus() diff --git a/pkg/prometheus/testdata/RemoteWriteConfig_v2.53.0.golden b/pkg/prometheus/testdata/RemoteWriteConfig_v2.53.0.golden new file mode 100644 index 000000000..6f026e7b1 --- /dev/null +++ b/pkg/prometheus/testdata/RemoteWriteConfig_v2.53.0.golden @@ -0,0 +1,26 @@ +global: + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) + evaluation_interval: 30s +scrape_configs: [] +remote_write: +- url: http://example.com + sigv4: + region: us-central-0 + access_key: access-key + secret_key: secret-key + profile: profilename + role_arn: arn:aws:iam::123456789012:instance-profile/prometheus + queue_config: + capacity: 1000 + min_shards: 1 + max_shards: 10 + max_samples_per_send: 100 + batch_send_deadline: 20s + min_backoff: 1s + max_backoff: 10s + metadata_config: + send: false + send_interval: 1m diff --git a/pkg/prometheus/testdata/RemoteWriteConfig_v2.54.0.golden b/pkg/prometheus/testdata/RemoteWriteConfig_v2.54.0.golden new file mode 100644 index 000000000..e9a9f42e9 --- /dev/null +++ b/pkg/prometheus/testdata/RemoteWriteConfig_v2.54.0.golden @@ -0,0 +1,27 @@ +global: + scrape_interval: 30s + external_labels: + prometheus: default/test + prometheus_replica: $(POD_NAME) + evaluation_interval: 30s +scrape_configs: [] +remote_write: +- url: http://example.com + sigv4: + region: us-central-0 + access_key: access-key + secret_key: secret-key + profile: profilename + role_arn: arn:aws:iam::123456789012:instance-profile/prometheus + use_fips_sts_endpoint: true + queue_config: + capacity: 1000 + min_shards: 1 + max_shards: 10 + max_samples_per_send: 100 + batch_send_deadline: 20s + min_backoff: 1s + max_backoff: 10s + metadata_config: + send: false + send_interval: 1m