Move SMTP auth to the config file#308
Conversation
config/config.go
Outdated
| func smtpAuthParam(key string, gc *GlobalConfig) (string, Secret) { | ||
| // Try to pull it from the global config | ||
| globalKey := "SMTPAuth" + key | ||
| reflected := reflect.Indirect(reflect.ValueOf(gc)) |
There was a problem hiding this comment.
This is getting a bit magic, I think it'd be okay to just switch to config file for this.
|
@brian-brazil updated per your feedback. I can squash as needed if you're OK with this (all into 1 commit or into 2 commits, one for code changes and the other for documentation). |
config/config.go
Outdated
| ) | ||
|
|
||
| var patAuthLine = regexp.MustCompile(`((?:api_key|service_key|api_url|token|user_key):\s+)(".+"|'.+'|[^\s]+)`) | ||
| var patAuthLine = regexp.MustCompile(`((?:api_key|service_key|api_url|token|user_key|auth_password|auth_secret):\s+)(".+"|'.+'|[^\s]+)`) |
There was a problem hiding this comment.
Just making that password and secret will be enough. We are just so specific for key and url because it could be something normal.
|
That looks good, can you squash please? |
| To string `yaml:"to"` | ||
| From string `yaml:"from"` | ||
| Smarthost string `yaml:"smarthost,omitempty"` | ||
| AuthUsername string `yaml:"auth_username"` |
There was a problem hiding this comment.
These all have the same prefix. Would it be worthwhile to move them into their own YAML block?
|
@mpchadwick Thanks a lot! Added two comments. |
|
Rebased to a single commit.
I updated the RegEx to be more loose. I agree that probably we'd always want to obscure anything matching these terms.
I guess it would be something like this? global:
# The smarthost and SMTP sender used for mail notifications.
smtp_smarthost: 'localhost:25'
smtp_from: 'alertmanager@example.org'
smtp_auth:
- username: 'alertmanager'
password: 'password' I didn't address it because your comment was a question, but if you'd prefer that syntax I can. |
|
Yes, that's what I had in mind. I would say grouping things together in a block is a good idea if you have a common prefix. We did it similar to TLS configs in Prometheus. Of course any objections can be discussed. |
|
For TLS there were 20-30 potential fields as things expand, there's only 4 here. I'd see this along the same lines as us not having an |
|
We have a |
|
Ah, I see what you mean. |
|
Yeah. There are a few other possible auth options, but if they come up (sound to be most likely in a full-Windows environment) we can refactor this a bit. |
|
Okay. Thanks @mpchadwick 👍 |
4 participants
Implements enhancement proposed in #306.
Note: I have left support for environment variables as a fallback since we probably don't want people's alerts to break if they pull down master and don't move their credentials from env variables to the config file.Edit: Environment variables are no longer supported
Documentation additionally updated to reflect the fact that the config file is the preferred place to store creds.