feat:validate proxyURL for alertManagerCfg (prometheus-operator#6466)

validate in convertHttpConfig

pkg/alertmanager/amcfg.go

@@ -1541,6 +1541,11 @@ func (cb *configBuilder) convertHTTPConfig(ctx context.Context, in monitoringv1a
 		out.BearerToken = bearerToken
 	}
 
+	if in.ProxyURL != "" {
+		_, err := url.Parse(in.ProxyURL)
+		return nil, fmt.Errorf("failed to parse proxyURL's: %w", err)
+	}
+
 	if in.OAuth2 != nil {
 		clientID, err := cb.store.GetKey(ctx, crKey.Namespace, in.OAuth2.ClientID)
 		if err != nil {
@@ -1724,6 +1729,11 @@ func (hc *httpClientConfig) sanitize(amVersion semver.Version, logger log.Logger
 		return err
 	}
 
+	if hc.ProxyURL != "" {
+		_, err := url.Parse(hc.ProxyURL)
+		return err
+	}
+
 	return hc.OAuth2.sanitize(amVersion, logger)
 }
 

pkg/alertmanager/amcfg_test.go

@@ -2946,6 +2946,40 @@ func TestHTTPClientConfig(t *testing.T) {
 				TLSConfig: &tlsConfig{},
 			},
 		},
+		{
+			name: "Invalid proxyURL",
+			in: &httpClientConfig{
+				ProxyURL:    "https://www.example.com:invalidport",
+				EnableHTTP2: ptr.To(false),
+				TLSConfig: &tlsConfig{
+					MinVersion: "TLS12",
+					MaxVersion: "TLS12",
+				},
+			},
+			againstVersion: httpConfigV25Allowed,
+			expectErr:      true,
+		},
+		{
+			name: "Valid proxyURL",
+			in: &httpClientConfig{
+				ProxyURL:    "http://proxy.svc.cluster.local:80",
+				EnableHTTP2: ptr.To(false),
+				TLSConfig: &tlsConfig{
+					MinVersion: "TLS12",
+					MaxVersion: "TLS12",
+				},
+			},
+			againstVersion: httpConfigV25Allowed,
+			expect: httpClientConfig{
+				ProxyURL:    "http://proxy.svc.cluster.local:80",
+				EnableHTTP2: ptr.To(false),
+				TLSConfig: &tlsConfig{
+					MinVersion: "TLS12",
+					MaxVersion: "TLS12",
+				},
+			},
+			expectErr: false,
+		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			err := tc.in.sanitize(tc.againstVersion, logger)