mark webhook URL as a secret (#3228)

Signed-off-by: Simon Rozet <me@simonrozet.com>
This commit is contained in:
Simon Rozet 2023-02-02 17:23:51 +01:00 committed by GitHub
parent 01f3a474c9
commit 8f559aad34
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 23 additions and 4 deletions

View File

@ -473,7 +473,8 @@ type WebhookConfig struct {
HTTPConfig *commoncfg.HTTPClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"` HTTPConfig *commoncfg.HTTPClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"`
// URL to send POST request to. // URL to send POST request to.
URL *URL `yaml:"url" json:"url"` URL *SecretURL `yaml:"url" json:"url"`
// MaxAlerts is the maximum number of alerts to be sent per webhook message. // MaxAlerts is the maximum number of alerts to be sent per webhook message.
// Alerts exceeding this threshold will be truncated. Setting this to 0 // Alerts exceeding this threshold will be truncated. Setting this to 0
// allows an unlimited number of alerts. // allows an unlimited number of alerts.

View File

@ -1116,7 +1116,7 @@ The webhook receiver allows configuring a generic receiver.
[ send_resolved: <boolean> | default = true ] [ send_resolved: <boolean> | default = true ]
# The endpoint to send HTTP POST requests to. # The endpoint to send HTTP POST requests to.
url: <string> url: <secret>
# The HTTP client's configuration. # The HTTP client's configuration.
[ http_config: <http_config> | default = global.http_config ] [ http_config: <http_config> | default = global.http_config ]

View File

@ -103,7 +103,7 @@ func (n *Notifier) Notify(ctx context.Context, alerts ...*types.Alert) (bool, er
resp, err := notify.PostJSON(ctx, n.client, n.conf.URL.String(), &buf) resp, err := notify.PostJSON(ctx, n.client, n.conf.URL.String(), &buf)
if err != nil { if err != nil {
return true, err return true, notify.RedactURL(err)
} }
defer notify.Drain(resp) defer notify.Drain(resp)

View File

@ -37,7 +37,7 @@ func TestWebhookRetry(t *testing.T) {
} }
notifier, err := New( notifier, err := New(
&config.WebhookConfig{ &config.WebhookConfig{
URL: &config.URL{URL: u}, URL: &config.SecretURL{URL: u},
HTTPConfig: &commoncfg.HTTPClientConfig{}, HTTPConfig: &commoncfg.HTTPClientConfig{},
}, },
test.CreateTmpl(t), test.CreateTmpl(t),
@ -98,3 +98,21 @@ func TestWebhookTruncateAlerts(t *testing.T) {
require.Len(t, truncatedAlerts, 10) require.Len(t, truncatedAlerts, 10)
require.EqualValues(t, numTruncated, 0) require.EqualValues(t, numTruncated, 0)
} }
func TestWebhookRedactedURL(t *testing.T) {
ctx, u, fn := test.GetContextWithCancelingURL()
defer fn()
secret := "secret"
notifier, err := New(
&config.WebhookConfig{
URL: &config.SecretURL{URL: u},
HTTPConfig: &commoncfg.HTTPClientConfig{},
},
test.CreateTmpl(t),
log.NewNopLogger(),
)
require.NoError(t, err)
test.AssertNotifyLeaksNoSecret(ctx, t, notifier, secret)
}