mirror of
https://github.com/coreos/prometheus-operator.git
synced 2026-02-05 06:45:27 +01:00
alertmanager: add webhookURL secret validation to checkMSTeamsConfigs (#8294)
Validate that the webhookURL secret exists in checkMSTeamsConfigs, consistent with checkMSTeamsV2Configs. This prevents operator degradation when an AlertmanagerConfig references a missing secret. Signed-off-by: Jayapriya Pai <slashpai9@gmail.com>
This commit is contained in:
Jayapriya Pai
@@ -1682,6 +1682,10 @@ func checkMSTeamsConfigs(
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if _, err := store.GetSecretKey(ctx, namespace, config.WebhookURL); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
if err := configureHTTPConfigInStore(ctx, config.HTTPConfig, namespace, store); err != nil {
|
if err := configureHTTPConfigInStore(ctx, config.HTTPConfig, namespace, store); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1141,6 +1141,81 @@ func TestCheckAlertmanagerConfig(t *testing.T) {
|
|||||||
},
|
},
|
||||||
ok: false,
|
ok: false,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
amConfig: &monitoringv1alpha1.AlertmanagerConfig{
|
||||||
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
|
Name: "msteams-with-missing-webhook-url-secret",
|
||||||
|
Namespace: "ns1",
|
||||||
|
},
|
||||||
|
Spec: monitoringv1alpha1.AlertmanagerConfigSpec{
|
||||||
|
Route: &monitoringv1alpha1.Route{
|
||||||
|
Receiver: "recv1",
|
||||||
|
},
|
||||||
|
Receivers: []monitoringv1alpha1.Receiver{{
|
||||||
|
Name: "recv1",
|
||||||
|
MSTeamsConfigs: []monitoringv1alpha1.MSTeamsConfig{
|
||||||
|
{
|
||||||
|
WebhookURL: v1.SecretKeySelector{
|
||||||
|
LocalObjectReference: v1.LocalObjectReference{Name: "not-existing-secret"},
|
||||||
|
Key: "url",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
ok: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
amConfig: &monitoringv1alpha1.AlertmanagerConfig{
|
||||||
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
|
Name: "msteams-with-missing-webhook-url-key",
|
||||||
|
Namespace: "ns1",
|
||||||
|
},
|
||||||
|
Spec: monitoringv1alpha1.AlertmanagerConfigSpec{
|
||||||
|
Route: &monitoringv1alpha1.Route{
|
||||||
|
Receiver: "recv1",
|
||||||
|
},
|
||||||
|
Receivers: []monitoringv1alpha1.Receiver{{
|
||||||
|
Name: "recv1",
|
||||||
|
MSTeamsConfigs: []monitoringv1alpha1.MSTeamsConfig{
|
||||||
|
{
|
||||||
|
WebhookURL: v1.SecretKeySelector{
|
||||||
|
LocalObjectReference: v1.LocalObjectReference{Name: "secret"},
|
||||||
|
Key: "not-existing",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
ok: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
amConfig: &monitoringv1alpha1.AlertmanagerConfig{
|
||||||
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
|
Name: "msteams-with-valid-webhook-url-secret",
|
||||||
|
Namespace: "ns1",
|
||||||
|
},
|
||||||
|
Spec: monitoringv1alpha1.AlertmanagerConfigSpec{
|
||||||
|
Route: &monitoringv1alpha1.Route{
|
||||||
|
Receiver: "recv1",
|
||||||
|
},
|
||||||
|
Receivers: []monitoringv1alpha1.Receiver{{
|
||||||
|
Name: "recv1",
|
||||||
|
MSTeamsConfigs: []monitoringv1alpha1.MSTeamsConfig{
|
||||||
|
{
|
||||||
|
WebhookURL: v1.SecretKeySelector{
|
||||||
|
LocalObjectReference: v1.LocalObjectReference{Name: "secret"},
|
||||||
|
Key: "key1",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
ok: true,
|
||||||
|
},
|
||||||
} {
|
} {
|
||||||
t.Run(tc.amConfig.Name, func(t *testing.T) {
|
t.Run(tc.amConfig.Name, func(t *testing.T) {
|
||||||
store := assets.NewStoreBuilder(c.CoreV1(), c.CoreV1())
|
store := assets.NewStoreBuilder(c.CoreV1(), c.CoreV1())
|
||||||
|
|||||||
Reference in New Issue
Block a user