Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

config.SecretURL type returns Json.Unmarshal() error which can expose the secret url. #3884

Closed
codeknight03 opened this issue Jun 19, 2024 · 1 comment · Fixed by #3887
Closed

config.SecretURL type returns Json.Unmarshal() error which can expose the secret url. #3884

codeknight03 opened this issue Jun 19, 2024 · 1 comment · Fixed by #3887

Comments

@codeknight03
Copy link
Contributor

What did you do?
While running an alertmanager instance using the Alertmanager CRD exposed by Prometheus Operator, we discovered that when UnmarshalJSON() method of SecretURL type is called it returns the url itself as part of the error.
What did you expect to see?
The secret URL should not have been logged as part of the error.
What did you see instead? Under which circumstances?
The secret URL was logged as part of error for parsing a wrong URL.

Environment

  • System information:
    Linux 5.15.153.1-microsoft-standard-WSL2 x86_64

  • Alertmanager version:
    alertmanager, version 0.27.0 (branch: main, revision: 730bd75)
    build user: codeknight@LAPTOP-VI2SBH3S
    build date: 20240619-18:46:55
    go version: go1.22.0
    platform: linux/amd64
    tags: netgo

  • Prometheus version:

  • Alertmanager configuration file:

inhibitRules:
  - equal:
    - alertname
    sourceMatch:
    - name: 'severity'
      value: 'critical'
      matchType: '='
    targetMatch:
    - name: 'severity'
      value: 'warning'
      matchType: '='
  receivers:
  - name: SlackAlerts
    slackConfigs:
      - channel: '#slack-channel-example'
        apiURL:
          name: slack-api-secret
          key: url
        sendResolved: true
  route:
    receiver: 'SlackAlerts'
    groupBy: [cluster_short, alertname]
    groupWait: 60s
    groupInterval: 15m
    repeatInterval: 4h
    continue: true
  • Prometheus configuration file:
Not relevant
  • Logs:
    Logs from the prometheus operator rather than from the alertmanager itself while using config.SecretURL as the type for the URL.
level=warn ts=2024-06-19T19:33:29.629989322Z caller=operator.go:1003 component=alertmanager-controller msg="skipping alertmanagerconfig" error="slack api 'url' secret failed validation: validate url from string failed with error: parse \"://mywrongurl.com\": missing protocol scheme" alertmanagerconfig=test/slack-receivertest namespace=test alertmanager=testalertmanager
level=info ts=2024-06-19T19:33:29.633045784Z caller=operator.go:796 component=alertmanager-controller alertmanager=testalertmanager namespace=test msg="config secret not found, using default Alertmanager configuration" secret=alertmanager-testalertmanager
@codeknight03
Copy link
Contributor Author

codeknight03 commented Jun 19, 2024
edited
Loading

@simonpasquier , Not sure if I am able to explain the context correctly here. Let me know if I can update the issue desc. to make it clear.

@codeknight03 codeknight03 mentioned this issue Jun 20, 2024
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix: Hide config.SecretURL when the URL is incorrect. codeknight03/alertmanager
1 participant
@codeknight03