Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding headers to requests for Alertmanager provider. #1020

Closed
d4rkfella opened this issue Jan 24, 2025 · 3 comments · Fixed by #1021
Closed

Adding headers to requests for Alertmanager provider. #1020

d4rkfella opened this issue Jan 24, 2025 · 3 comments · Fixed by #1021

Comments

@d4rkfella
Copy link
Contributor

Hello, i've been trying to create alertmanager provider using oauth as an authentication method. What i did was create a docker image that runs a script to obtain an access token then create a secret with the obtained token like this .

#!/bin/bash

TOKEN=$(curl -X POST "$KEYCLOAK_URL" \
  -d "client_id=$CLIENT_ID" \
  -d "client_secret=$CLIENT_SECRET" \
  -d "grant_type=client_credentials" \
  -d "scope=$SCOPE" \
  -H "Content-Type: application/x-www-form-urlencoded" | jq -r .access_token)

echo -e "apiVersion: v1
kind: Secret
metadata:
  name: oidc-jwt
stringData:
  headers: |
    Authorization: Bearer $TOKEN" | kubectl apply -f -

I've manually tested the token with curl and i can authenticate no problem, but when the notification controller tries to send an alert it not adding the header i have specified in the referenced secret. Is it currently possible to add headers to the requests for an Alertmanager provider ?
@matheuscscp
Copy link
Member

The Provider API already supports the specification of a token inside a secret:

https://fluxcd.io/flux/components/notification/providers/#token-example

But the alertmanager provider does not use it. We could modify the constructor of this provider to accept a token like opsgenie:

notification-controller/internal/notifier/opsgenie.go

Lines 43 to 57 in fa7d9f2

func NewOpsgenie(hookURL string, proxyURL string, certPool *x509.CertPool, token string) (*Opsgenie, error) {
_, err := url.ParseRequestURI(hookURL)
if err != nil {
return nil, fmt.Errorf("invalid Opsgenie hook URL %s: '%w'", hookURL, err)
}
if token == "" {
return nil, errors.New("empty Opsgenie apikey/token")
}
return &Opsgenie{
URL: hookURL,
ProxyURL: proxyURL,
CertPool: certPool,
ApiKey: token,

And, if the token is not empty, use it more or less like this:

notification-controller/internal/notifier/opsgenie.go

Lines 81 to 83 in fa7d9f2

err := postMessage(ctx, s.URL, s.ProxyURL, s.CertPool, payload, func(req *retryablehttp.Request) {
req.Header.Set("Authorization", "GenieKey "+s.ApiKey)
})

It's an easy implementation. @d4rkfella are you willing to contribute this feature?

@d4rkfella
Copy link
Contributor Author

I could give it a shot . Looks easy enough for me :P

@d4rkfella
Copy link
Contributor Author

Opened a pull request , let me know if i did it correctly.

@matheuscscp matheuscscp mentioned this issue Jan 26, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@matheuscscp @d4rkfella