mirror of
https://github.com/prometheus/prometheus.git
synced 2024-12-25 05:34:05 -08:00
feat: add AWS sigv4 support to alertmanager endpoints
Addresses: #12536 This commit adds support for configuring sigv4 to an `alertmanager_config`. Based heavily on the sigv4 work in the remote write client. Signed-off-by: TJ Hoplock <t.hoplock@gmail.com>
This commit is contained in:
parent
db816ce9db
commit
51d1d2cd96
|
@ -819,6 +819,7 @@ type AlertmanagerConfig struct {
|
||||||
|
|
||||||
ServiceDiscoveryConfigs discovery.Configs `yaml:"-"`
|
ServiceDiscoveryConfigs discovery.Configs `yaml:"-"`
|
||||||
HTTPClientConfig config.HTTPClientConfig `yaml:",inline"`
|
HTTPClientConfig config.HTTPClientConfig `yaml:",inline"`
|
||||||
|
SigV4Config *sigv4.SigV4Config `yaml:"sigv4,omitempty"`
|
||||||
|
|
||||||
// The URL scheme to use when talking to Alertmanagers.
|
// The URL scheme to use when talking to Alertmanagers.
|
||||||
Scheme string `yaml:"scheme,omitempty"`
|
Scheme string `yaml:"scheme,omitempty"`
|
||||||
|
@ -854,6 +855,13 @@ func (c *AlertmanagerConfig) UnmarshalYAML(unmarshal func(interface{}) error) er
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
httpClientConfigAuthEnabled := c.HTTPClientConfig.BasicAuth != nil ||
|
||||||
|
c.HTTPClientConfig.Authorization != nil || c.HTTPClientConfig.OAuth2 != nil
|
||||||
|
|
||||||
|
if httpClientConfigAuthEnabled && c.SigV4Config != nil {
|
||||||
|
return fmt.Errorf("at most one of basic_auth, authorization, oauth2, & sigv4 must be configured")
|
||||||
|
}
|
||||||
|
|
||||||
// Check for users putting URLs in target groups.
|
// Check for users putting URLs in target groups.
|
||||||
if len(c.RelabelConfigs) == 0 {
|
if len(c.RelabelConfigs) == 0 {
|
||||||
if err := checkStaticTargets(c.ServiceDiscoveryConfigs); err != nil {
|
if err := checkStaticTargets(c.ServiceDiscoveryConfigs); err != nil {
|
||||||
|
|
|
@ -3287,6 +3287,25 @@ authorization:
|
||||||
# It is mutually exclusive with `credentials`.
|
# It is mutually exclusive with `credentials`.
|
||||||
[ credentials_file: <filename> ]
|
[ credentials_file: <filename> ]
|
||||||
|
|
||||||
|
# Optionally configures AWS's Signature Verification 4 signing process to
|
||||||
|
# sign requests. Cannot be set at the same time as basic_auth, authorization, or oauth2.
|
||||||
|
# To use the default credentials from the AWS SDK, use `sigv4: {}`.
|
||||||
|
sigv4:
|
||||||
|
# The AWS region. If blank, the region from the default credentials chain
|
||||||
|
# is used.
|
||||||
|
[ region: <string> ]
|
||||||
|
|
||||||
|
# The AWS API keys. If blank, the environment variables `AWS_ACCESS_KEY_ID`
|
||||||
|
# and `AWS_SECRET_ACCESS_KEY` are used.
|
||||||
|
[ access_key: <string> ]
|
||||||
|
[ secret_key: <secret> ]
|
||||||
|
|
||||||
|
# Named AWS profile used to authenticate.
|
||||||
|
[ profile: <string> ]
|
||||||
|
|
||||||
|
# AWS Role ARN, an alternative to using AWS API keys.
|
||||||
|
[ role_arn: <string> ]
|
||||||
|
|
||||||
# Optional OAuth 2.0 configuration.
|
# Optional OAuth 2.0 configuration.
|
||||||
# Cannot be used at the same time as basic_auth or authorization.
|
# Cannot be used at the same time as basic_auth or authorization.
|
||||||
oauth2:
|
oauth2:
|
||||||
|
|
|
@ -31,6 +31,7 @@ import (
|
||||||
"github.com/prometheus/alertmanager/api/v2/models"
|
"github.com/prometheus/alertmanager/api/v2/models"
|
||||||
"github.com/prometheus/client_golang/prometheus"
|
"github.com/prometheus/client_golang/prometheus"
|
||||||
config_util "github.com/prometheus/common/config"
|
config_util "github.com/prometheus/common/config"
|
||||||
|
"github.com/prometheus/common/sigv4"
|
||||||
"github.com/prometheus/common/model"
|
"github.com/prometheus/common/model"
|
||||||
"github.com/prometheus/common/version"
|
"github.com/prometheus/common/version"
|
||||||
"go.uber.org/atomic"
|
"go.uber.org/atomic"
|
||||||
|
@ -640,6 +641,17 @@ func newAlertmanagerSet(cfg *config.AlertmanagerConfig, logger log.Logger, metri
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
t := client.Transport
|
||||||
|
|
||||||
|
if cfg.SigV4Config != nil {
|
||||||
|
t, err = sigv4.NewSigV4RoundTripper(cfg.SigV4Config, client.Transport)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
client.Transport = t
|
||||||
|
|
||||||
s := &alertmanagerSet{
|
s := &alertmanagerSet{
|
||||||
client: client,
|
client: client,
|
||||||
cfg: cfg,
|
cfg: cfg,
|
||||||
|
|
Loading…
Reference in a new issue