From 0edf8bef447f1055723a90da213501dda5942f58 Mon Sep 17 00:00:00 2001 From: Simon Pasquier Date: Wed, 3 Apr 2019 17:44:32 +0200 Subject: [PATCH] notify: redact Slack webhook URL from logs Signed-off-by: Simon Pasquier --- notify/impl.go | 15 +++++++++++++-- notify/impl_test.go | 35 ++++++++++++++++++++++++++++++++++- 2 files changed, 47 insertions(+), 3 deletions(-) diff --git a/notify/impl.go b/notify/impl.go index 23ae8637..765556cb 100644 --- a/notify/impl.go +++ b/notify/impl.go @@ -585,9 +585,10 @@ func (n *Slack) Notify(ctx context.Context, as ...*types.Alert) (bool, error) { return false, err } - resp, err := post(ctx, c, n.conf.APIURL.String(), contentTypeJSON, &buf) + u := n.conf.APIURL.String() + resp, err := post(ctx, c, u, contentTypeJSON, &buf) if err != nil { - return true, err + return true, redactURL(err) } resp.Body.Close() @@ -1276,6 +1277,16 @@ func hashKey(s string) string { return fmt.Sprintf("%x", h.Sum(nil)) } +// redactURL removes the URL part from an error of *url.Error type. +func redactURL(err error) error { + e, ok := err.(*url.Error) + if !ok { + return err + } + e.URL = "" + return e +} + func post(ctx context.Context, client *http.Client, url string, bodyType string, body io.Reader) (*http.Response, error) { req, err := http.NewRequest("POST", url, body) if err != nil { diff --git a/notify/impl_test.go b/notify/impl_test.go index 1ebafb12..a731cb03 100644 --- a/notify/impl_test.go +++ b/notify/impl_test.go @@ -21,17 +21,19 @@ import ( "io" "io/ioutil" "net/http" + "net/http/httptest" "net/url" "testing" "time" "github.com/go-kit/kit/log" + commoncfg "github.com/prometheus/common/config" + "github.com/prometheus/common/model" "github.com/stretchr/testify/require" "github.com/prometheus/alertmanager/config" "github.com/prometheus/alertmanager/template" "github.com/prometheus/alertmanager/types" - "github.com/prometheus/common/model" ) func TestWebhookRetry(t *testing.T) { @@ -122,6 +124,37 @@ func TestSlackRetry(t *testing.T) { } } +func TestSlackRedactedURL(t *testing.T) { + done := make(chan struct{}) + ctx, cancel := context.WithCancel(context.Background()) + + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + cancel() + <-done + })) + defer func() { + close(done) + srv.Close() + }() + + u, err := url.Parse(srv.URL) + require.NoError(t, err) + + notifier := NewSlack( + &config.SlackConfig{ + APIURL: &config.SecretURL{URL: u}, + HTTPConfig: &commoncfg.HTTPClientConfig{}, + }, + createTmpl(t), + log.NewNopLogger(), + ) + + ok, err := notifier.Notify(ctx, []*types.Alert{}...) + require.True(t, ok) + require.Error(t, err) + require.NotContains(t, err.Error(), srv.URL) +} + func TestHipchatRetry(t *testing.T) { notifier := new(Hipchat) retryCodes := append(defaultRetryCodes(), http.StatusTooManyRequests)