* Slack app support
While it's possible to configure Slack app bot tokens using a
combination of http_configs authorization credentials and setting the
Slack API URL to the a specific endpoint, doing so at a global level
leaks the token to any other notification receiver configured, as
http_configs are not specific to notifiers. Slack has also restricted
webhook URLs to only be able to post to a single channel (with the
legacy webhooks being [marked as deprecated and not recommended][1]),
which reduces their usefulness when set at the global level.
This PR adds a way of easily setting Slack App bot tokens at the global
level, as well as overriding at the individual receiver level, while
keeping compatibility with existing configurations.
The decision to have a separate config field for the URL was to be able
to provide a default API URL for Slack apps as well as differentiate
when a webhook url is provided. Ideally we'd change the `slack_api_url`
to be `slack_webhook_url` so as to avoid confusion, but that would be an
unnecessary breaking change.
More context in issue #2513
[1]: https://api.slack.com/legacy/custom-integrations/messaging/webhooks
Signed-off-by: Pedro Araujo <pedro.araujo@teya.com>
* Support transition from workaround to new config
The [Slack app support issue][1] suggested setting the slack API URL to
the `chat.PostMessage` endpoint instead of a webhook URL, and so people
migrating from this workaround to the the new configuration might
encounter a situation where they want to set the `slack_app_token` at
the global level while still retaining the `slack_api_url` while
dynamically configured receivers (such as those set by prometheus
operator) are migrated.
Signed-off-by: Pedro Araujo <pedro.araujo@teya.com>
[1]: https://github.com/prometheus/alertmanager/issues/2513
* Allow override from receiver-level webhook url
Signed-off-by: Pedro Araujo <pedro.araujo@teya.com>
* Fix linter errors
Fixed by running `make common-lint-fix`
Signed-off-by: Pedro Araujo <pedro.araujo@teya.com>
---------
Signed-off-by: Pedro Araujo <pedro.araujo@teya.com>
Co-authored-by: Ben Kochie <superq@gmail.com>
This commit fixes a bug where UTF-8 characters are not allowed
in the Equal field for inhibition rules, even when UTF-8 strict
mode is enabled.
This bug occurred because we forgot to override the validation
in model.LabelName. I have copied the same logic used for
GroupBy with GroupByStr, adding EqualStr.
We would like to upgrade prometheus/common in future and use
the validation there instead, but it presents challenges with
downstream projects like Mimir and Cortex where, at present,
UTF-8 can be enabled and disabled in separate components at the
same time, which is not supported in prometheus/common.
Signed-off-by: George Robinson <george.robinson@grafana.com>
* SMTP config: add global and local password file fields
Add config fields (for both global email config and route-specific email
config) that specify path to file containing SMTP password. We don't
want the password in the config file itself, and reading the password
from a k8s-secret-backed file keeps the password itself "encrypted at
rest" in etcd, and cleanly separated from the rest of the AM config.
I used the same approach as pull request #2534 "Add support to set the
Slack URL in the file"
<https://github.com/prometheus/alertmanager/pull/2534/files> in the
upstream repo.
Signed-off-by: Eric R. Rath <eric.rath@oracle.com>
* changed *AuthPasswordFile field types to string per review feedback
Signed-off-by: Eric R. Rath <eric.rath@oracle.com>
* added error to getPassword() retval per review feedback
Signed-off-by: Eric R. Rath <eric.rath@oracle.com>
* simplified conf.smtp-* files
Signed-off-by: Eric R. Rath <eric.rath@oracle.com>
* update docs to reflect field type change
Signed-off-by: Eric R. Rath <eric.rath@oracle.com>
* don't treat username-without-password as invalid
Signed-off-by: Eric R. Rath <eric.rath@oracle.com>
* test cleanup
Signed-off-by: Eric R. Rath <eric.rath@oracle.com>
* Apply suggestions from code review
Co-authored-by: Simon Pasquier <spasquie@redhat.com>
Signed-off-by: Eric R. Rath <4080262+ericrrath@users.noreply.github.com>
* Updated per review feedback
Signed-off-by: Eric R. Rath <eric.rath@oracle.com>
* added sub-test per review feedback
Signed-off-by: Eric R. Rath <eric.rath@oracle.com>
* added test on Email.getPassword() per feedback
Signed-off-by: Eric R. Rath <eric.rath@oracle.com>
* only inherit global SMTP passwords if neither local password field is set
Signed-off-by: Eric R. Rath <eric.rath@oracle.com>
* removed blank line caught by gofumpt
Signed-off-by: Eric R. Rath <eric.rath@oracle.com>
Signed-off-by: Eric R. Rath <eric.rath@oracle.com>
Signed-off-by: Eric R. Rath <4080262+ericrrath@users.noreply.github.com>
Co-authored-by: Simon Pasquier <spasquie@redhat.com>
- Added support for the file in both the global and the lower level
- Tried to follow configuration patterns I saw in prometheus
- The slack file is read on every request as mentioned in the prometheus issue to enable seamless switches
https://github.com/prometheus/alertmanager/issues/2498
Signed-off-by: Julien Duchesne <julien.duchesne@grafana.com>
- Add support for custom authorization scheme
- Add support for not following redirects in http_client
Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
There was a report that this isn't working.
Updating the config and ensuring the parsing works
correctly indicates that the image_url is being
read into a string.
Signed-off-by: stuart nelson <stuartnelson3@gmail.com>
The variable DefaultGlobalConfig was being used to initialize values, but it stored previous information due to which some things were persisting in the newer initialization.
In this PR, DefaultGlobalConfig is changed to a function so that it returns a fresh GlobalConfig for initialization.
Signed-off-by: Hrishikesh Barman <hrishikeshbman@gmail.com>
To aggregate by all possible labels use '...' as the sole label name.
This effectively disables aggregation entirely, passing through all
alerts as-is. This is unlikely to be what you want, unless you have
a very low alert volume or your upstream notification system performs
its own grouping. Example: group_by: [...]
Signed-off-by: Kyryl Sablin <kyryl.sablin@schibsted.com>
* config: validate URLs at config load time
Signed-off-by: Simon Pasquier <spasquie@redhat.com>
* Address Brian and Lucas comments
Signed-off-by: Simon Pasquier <spasquie@redhat.com>
* Shallow copy of URL instead of reparsing it
Signed-off-by: Simon Pasquier <spasquie@redhat.com>
* Unshadow net/url package
Signed-off-by: Simon Pasquier <spasquie@redhat.com>
* Make a deep-copy of URL struct
Signed-off-by: Simon Pasquier <spasquie@redhat.com>
* Support for custom SMTP hello string
Some MTAs insist that they be greeted with a fully qualified domain
name. The default provided by the net/smtp library, "HELLO localhost",
is not sufficient and will result in rejected messages.
This changeset adds a new configuration option that allows the
alertmanager to do its job in such an environment.
* Test SMTPHello parsing
