Do not allow to set OAuth2 proxy_url

Signed-off-by: Marco Pracucci <marco@pracucci.com>

pkg/alertmanager/api.go

@@ -428,6 +428,9 @@ func validateReceiverHTTPConfig(cfg commoncfg.HTTPClientConfig) error {
 	if cfg.OAuth2 != nil && cfg.OAuth2.ClientSecretFile != "" {
 		return errOAuth2SecretFileNotAllowed
 	}
+	if cfg.OAuth2 != nil && cfg.OAuth2.ProxyURL.URL != nil {
+		return errProxyURLNotAllowed
+	}
 	return validateReceiverTLSConfig(cfg.TLSConfig)
 }
 

pkg/alertmanager/api_test.go

@@ -306,6 +306,25 @@ alertmanager_config: |
 `,
 			err: errors.Wrap(errOAuth2SecretFileNotAllowed, "error validating Alertmanager config"),
 		},
+		{
+			name: "Should return error if global OAuth2 proxy_url is set",
+			cfg: `
+alertmanager_config: |
+  global:
+    http_config:
+      oauth2:
+        client_id: test
+        client_secret: xxx
+        token_url: http://example.com
+        proxy_url: http://example.com
+
+  route:
+    receiver: 'default-receiver'
+  receivers:
+    - name: default-receiver
+`,
+			err: errors.Wrap(errProxyURLNotAllowed, "error validating Alertmanager config"),
+		},
 		{
 			name: "Should return error if global OAuth2 TLS key_file is set",
 			cfg: `
@@ -395,6 +414,26 @@ alertmanager_config: |
 `,
 			err: errors.Wrap(errOAuth2SecretFileNotAllowed, "error validating Alertmanager config"),
 		},
+		{
+			name: "Should return error if receiver's OAuth2 proxy_url is set",
+			cfg: `
+alertmanager_config: |
+  receivers:
+    - name: default-receiver
+      webhook_configs:
+        - url: http://localhost
+          http_config:
+            oauth2:
+              client_id: test
+              token_url: http://example.com
+              client_secret: xxx
+              proxy_url: http://localhost
+
+  route:
+    receiver: 'default-receiver'
+`,
+			err: errors.Wrap(errProxyURLNotAllowed, "error validating Alertmanager config"),
+		},
 		{
 			name: "Should return error if receiver's HTTP proxy_url is set",
 			cfg: `