Skip to content

Commit

Permalink
Add sigv4 as a global config option
Browse files Browse the repository at this point in the history
Signed-off-by: Tyler Reid <tyler.reid@grafana.com>
  • Loading branch information
Tyler Reid committed Jul 7, 2021
1 parent 7ecb6bc commit 4c2a5f1
Show file tree
Hide file tree
Showing 3 changed files with 77 additions and 28 deletions.
82 changes: 64 additions & 18 deletions config/config.go
Expand Up @@ -28,6 +28,7 @@ import (
"github.com/pkg/errors"
commoncfg "github.com/prometheus/common/config"
"github.com/prometheus/common/model"
"github.com/prometheus/common/sigv4"
"gopkg.in/yaml.v2"

"github.com/prometheus/alertmanager/pkg/labels"
Expand Down Expand Up @@ -454,6 +455,7 @@ func (c *Config) UnmarshalYAML(unmarshal func(interface{}) error) error {
if sns.HTTPConfig == nil {
sns.HTTPConfig = c.Global.HTTPConfig
}
sns.Sigv4 = mergeSigV4Configs(sns.Sigv4, c.Global.Sigv4)
}
names[rcv.Name] = struct{}{}
}
Expand Down Expand Up @@ -522,6 +524,49 @@ func checkTimeInterval(r *Route, timeIntervals map[string]struct{}) error {
return nil
}

func mergeSigV4Configs(snsSigV4Config sigv4.SigV4Config, globalSigV4Config sigv4.SigV4Config) sigv4.SigV4Config {
var (
accessKey string
secretKey commoncfg.Secret
region string
profile string
roleARN string
)

if snsSigV4Config.AccessKey == "" {
accessKey = globalSigV4Config.AccessKey
} else {
accessKey = snsSigV4Config.AccessKey
}
if snsSigV4Config.SecretKey == "" {
secretKey = globalSigV4Config.SecretKey
} else {
secretKey = snsSigV4Config.SecretKey
}
if snsSigV4Config.Region == "" {
region = globalSigV4Config.Region
} else {
region = snsSigV4Config.Region
}
if snsSigV4Config.Profile == "" {
profile = globalSigV4Config.Profile
} else {
profile = snsSigV4Config.Profile
}
if snsSigV4Config.RoleARN == "" {
roleARN = globalSigV4Config.RoleARN
} else {
roleARN = snsSigV4Config.RoleARN
}
return sigv4.SigV4Config{
Region: region,
AccessKey: accessKey,
SecretKey: secretKey,
Profile: profile,
RoleARN: roleARN,
}
}

// DefaultGlobalConfig returns GlobalConfig with default values.
func DefaultGlobalConfig() GlobalConfig {
var defaultHTTPConfig = commoncfg.DefaultHTTPClientConfig
Expand Down Expand Up @@ -636,24 +681,25 @@ type GlobalConfig struct {

HTTPConfig *commoncfg.HTTPClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"`

SMTPFrom string `yaml:"smtp_from,omitempty" json:"smtp_from,omitempty"`
SMTPHello string `yaml:"smtp_hello,omitempty" json:"smtp_hello,omitempty"`
SMTPSmarthost HostPort `yaml:"smtp_smarthost,omitempty" json:"smtp_smarthost,omitempty"`
SMTPAuthUsername string `yaml:"smtp_auth_username,omitempty" json:"smtp_auth_username,omitempty"`
SMTPAuthPassword Secret `yaml:"smtp_auth_password,omitempty" json:"smtp_auth_password,omitempty"`
SMTPAuthSecret Secret `yaml:"smtp_auth_secret,omitempty" json:"smtp_auth_secret,omitempty"`
SMTPAuthIdentity string `yaml:"smtp_auth_identity,omitempty" json:"smtp_auth_identity,omitempty"`
SMTPRequireTLS bool `yaml:"smtp_require_tls" json:"smtp_require_tls,omitempty"`
SlackAPIURL *SecretURL `yaml:"slack_api_url,omitempty" json:"slack_api_url,omitempty"`
SlackAPIURLFile string `yaml:"slack_api_url_file,omitempty" json:"slack_api_url_file,omitempty"`
PagerdutyURL *URL `yaml:"pagerduty_url,omitempty" json:"pagerduty_url,omitempty"`
OpsGenieAPIURL *URL `yaml:"opsgenie_api_url,omitempty" json:"opsgenie_api_url,omitempty"`
OpsGenieAPIKey Secret `yaml:"opsgenie_api_key,omitempty" json:"opsgenie_api_key,omitempty"`
WeChatAPIURL *URL `yaml:"wechat_api_url,omitempty" json:"wechat_api_url,omitempty"`
WeChatAPISecret Secret `yaml:"wechat_api_secret,omitempty" json:"wechat_api_secret,omitempty"`
WeChatAPICorpID string `yaml:"wechat_api_corp_id,omitempty" json:"wechat_api_corp_id,omitempty"`
VictorOpsAPIURL *URL `yaml:"victorops_api_url,omitempty" json:"victorops_api_url,omitempty"`
VictorOpsAPIKey Secret `yaml:"victorops_api_key,omitempty" json:"victorops_api_key,omitempty"`
SMTPFrom string `yaml:"smtp_from,omitempty" json:"smtp_from,omitempty"`
SMTPHello string `yaml:"smtp_hello,omitempty" json:"smtp_hello,omitempty"`
SMTPSmarthost HostPort `yaml:"smtp_smarthost,omitempty" json:"smtp_smarthost,omitempty"`
SMTPAuthUsername string `yaml:"smtp_auth_username,omitempty" json:"smtp_auth_username,omitempty"`
SMTPAuthPassword Secret `yaml:"smtp_auth_password,omitempty" json:"smtp_auth_password,omitempty"`
SMTPAuthSecret Secret `yaml:"smtp_auth_secret,omitempty" json:"smtp_auth_secret,omitempty"`
SMTPAuthIdentity string `yaml:"smtp_auth_identity,omitempty" json:"smtp_auth_identity,omitempty"`
SMTPRequireTLS bool `yaml:"smtp_require_tls" json:"smtp_require_tls,omitempty"`
SlackAPIURL *SecretURL `yaml:"slack_api_url,omitempty" json:"slack_api_url,omitempty"`
SlackAPIURLFile string `yaml:"slack_api_url_file,omitempty" json:"slack_api_url_file,omitempty"`
PagerdutyURL *URL `yaml:"pagerduty_url,omitempty" json:"pagerduty_url,omitempty"`
OpsGenieAPIURL *URL `yaml:"opsgenie_api_url,omitempty" json:"opsgenie_api_url,omitempty"`
OpsGenieAPIKey Secret `yaml:"opsgenie_api_key,omitempty" json:"opsgenie_api_key,omitempty"`
WeChatAPIURL *URL `yaml:"wechat_api_url,omitempty" json:"wechat_api_url,omitempty"`
WeChatAPISecret Secret `yaml:"wechat_api_secret,omitempty" json:"wechat_api_secret,omitempty"`
WeChatAPICorpID string `yaml:"wechat_api_corp_id,omitempty" json:"wechat_api_corp_id,omitempty"`
VictorOpsAPIURL *URL `yaml:"victorops_api_url,omitempty" json:"victorops_api_url,omitempty"`
VictorOpsAPIKey Secret `yaml:"victorops_api_key,omitempty" json:"victorops_api_key,omitempty"`
Sigv4 sigv4.SigV4Config `yaml:"sigv4,omitempty" json:"sigv4,omitempty"`
}

// UnmarshalYAML implements the yaml.Unmarshaler interface for GlobalConfig.
Expand Down
10 changes: 5 additions & 5 deletions config/testdata/conf.sns-topic-arn.yml
@@ -1,15 +1,15 @@
route:
receiver: 'sns-api-notifications'
group_by: [alertname]

global:
sigv4:
region: us-east-2
access_key: access_key
secret_key: secret_ket
receivers:
- name: 'sns-api-notifications'
sns_configs:
- api_url: https://sns.us-east-2.amazonaws.com
topic_arn: arn:aws:sns:us-east-2:123456789012:My-Topic
sigv4:
region: us-east-2
access_key: access_key
secret_key: secret_ket
attributes:
severity: Sev2
13 changes: 8 additions & 5 deletions docs/configuration.md
Expand Up @@ -90,6 +90,9 @@ global:
[ wechat_api_url: <string> | default = "https://qyapi.weixin.qq.com/cgi-bin/" ]
[ wechat_api_secret: <secret> ]
[ wechat_api_corp_id: <string> ]
# Configures AWS's Signature Verification 4 signing process to sign requests.
sigv4:
[ <sigv4_config> ]

# The default HTTP client configuration
[ http_config: <http_config> ]
Expand Down Expand Up @@ -737,18 +740,18 @@ attributes:
###`<sigv4_config>`
```yaml
# The AWS region. If blank, the region from the default credentials chain is used.
[ region: <string> ]
[ region: <string> | default = global.sigv4.region ]

# The AWS API keys. Both access_key and secret_key must be supplied or both must be blank.
# If blank the environment variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` are used.
[ access_key: <string> ]
[ secret_key: <secret> ]
[ access_key: <string> | default = global.sigv4.access_key ]
[ secret_key: <secret> | default = global.sigv4.secret_key ]

# Named AWS profile used to authenticate.
[ profile: <string> ]
[ profile: <string> | default = global.sigv4.profile ]

# AWS Role ARN, an alternative to using AWS API keys.
[ role_arn: <string> ]
[ role_arn: <string> | default = global.sigv4.role_arn ]
```

## `<matcher>`
Expand Down

0 comments on commit 4c2a5f1

Please sign in to comment.