From 8f559aad343f2935e440409468594610ba5a2b98 Mon Sep 17 00:00:00 2001 From: Simon Rozet Date: Thu, 2 Feb 2023 17:23:51 +0100 Subject: [PATCH] mark webhook URL as a secret (#3228) Signed-off-by: Simon Rozet --- config/notifiers.go | 3 ++- docs/configuration.md | 2 +- notify/webhook/webhook.go | 2 +- notify/webhook/webhook_test.go | 20 +++++++++++++++++++- 4 files changed, 23 insertions(+), 4 deletions(-) diff --git a/config/notifiers.go b/config/notifiers.go index d84fa184..645fb92b 100644 --- a/config/notifiers.go +++ b/config/notifiers.go @@ -473,7 +473,8 @@ type WebhookConfig struct { HTTPConfig *commoncfg.HTTPClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"` // URL to send POST request to. - URL *URL `yaml:"url" json:"url"` + URL *SecretURL `yaml:"url" json:"url"` + // MaxAlerts is the maximum number of alerts to be sent per webhook message. // Alerts exceeding this threshold will be truncated. Setting this to 0 // allows an unlimited number of alerts. diff --git a/docs/configuration.md b/docs/configuration.md index e128afad..371fe56c 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -1116,7 +1116,7 @@ The webhook receiver allows configuring a generic receiver. [ send_resolved: | default = true ] # The endpoint to send HTTP POST requests to. -url: +url: # The HTTP client's configuration. [ http_config: | default = global.http_config ] diff --git a/notify/webhook/webhook.go b/notify/webhook/webhook.go index 463a3416..c229eeb9 100644 --- a/notify/webhook/webhook.go +++ b/notify/webhook/webhook.go @@ -103,7 +103,7 @@ func (n *Notifier) Notify(ctx context.Context, alerts ...*types.Alert) (bool, er resp, err := notify.PostJSON(ctx, n.client, n.conf.URL.String(), &buf) if err != nil { - return true, err + return true, notify.RedactURL(err) } defer notify.Drain(resp) diff --git a/notify/webhook/webhook_test.go b/notify/webhook/webhook_test.go index 116ee1c2..0bb5806c 100644 --- a/notify/webhook/webhook_test.go +++ b/notify/webhook/webhook_test.go @@ -37,7 +37,7 @@ func TestWebhookRetry(t *testing.T) { } notifier, err := New( &config.WebhookConfig{ - URL: &config.URL{URL: u}, + URL: &config.SecretURL{URL: u}, HTTPConfig: &commoncfg.HTTPClientConfig{}, }, test.CreateTmpl(t), @@ -98,3 +98,21 @@ func TestWebhookTruncateAlerts(t *testing.T) { require.Len(t, truncatedAlerts, 10) require.EqualValues(t, numTruncated, 0) } + +func TestWebhookRedactedURL(t *testing.T) { + ctx, u, fn := test.GetContextWithCancelingURL() + defer fn() + + secret := "secret" + notifier, err := New( + &config.WebhookConfig{ + URL: &config.SecretURL{URL: u}, + HTTPConfig: &commoncfg.HTTPClientConfig{}, + }, + test.CreateTmpl(t), + log.NewNopLogger(), + ) + require.NoError(t, err) + + test.AssertNotifyLeaksNoSecret(ctx, t, notifier, secret) +}