Introduce proper basic auth support for Alertmanager Provider

Signed-off-by: Matheus Pimenta <[email protected]>

Author: matheuscscp

docs/spec/v1beta3/providers.md

@@ -924,10 +924,9 @@ To configure a Provider for Prometheus Alertmanager, authentication can be done
 Both methods are supported, but using authentication is optional based on your setup.
 
 Basic Authentication: 
-Create a Secret with [the `address`](#address-example) set to the Prometheus Alertmanager [HTTP API
-URL](https://prometheus.io/docs/alerting/latest/https/#http-traffic)
-including Basic Auth credentials, and an `alertmanager` Provider with a [Secret
-reference](#secret-reference).
+Create a Secret with [the `username` and `password`](#secret-reference) set to the Basic Auth
+credentials, and the [`.spec.address`](#address) field set to the Prometheus Alertmanager
+[HTTP API URL](https://prometheus.io/docs/alerting/latest/https/#http-traffic).
 
 ```yaml
 ---
@@ -938,17 +937,20 @@ metadata:
   namespace: default
 spec:
   type: alertmanager
+  address: https://<alertmanager-hostport>/api/v2/alerts/
   secretRef:
-    name: alertmanager-address
+    name: alertmanager-basic-auth
 ---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: alertmanager-address
+  name: alertmanager-basic-auth
   namespace: default
 stringData:
-    address: https://<username>:<password>@<alertmanager-hostport>/api/v2/alerts/
+  username: <username>
+  password: <password>
 ```
+
 Bearer Token Authentication:
 Create a Secret with [the `token`](#token-example), and an `alertmanager` Provider with a [Secret
 reference](#secret-reference) and the Prometheus Alertmanager [HTTP API
@@ -973,7 +975,7 @@ metadata:
   name: alertmanager-token
   namespace: default
 stringData:
-    token: <token>
+  token: <token>
 ```
 
 ##### Webex
@@ -1100,6 +1102,7 @@ The Kubernetes secret can have any of the following keys:
 - `proxy` - overrides `.spec.proxy` (deprecated, use `.spec.proxySecretRef` instead. **Support for this key will be removed in v1**)
 - `token` - used for authentication
 - `username` - overrides `.spec.username`
+- `password` - used for authentication, often in combination with `username` (or `.spec.username`)
 - `headers` - HTTP headers values included in the POST request
 
 #### Address example

internal/notifier/alertmanager.go

@@ -36,6 +36,8 @@ type Alertmanager struct {
 	ProxyURL  string
 	TLSConfig *tls.Config
 	Token     string
+	Username  string
+	Password  string
 }
 
 type AlertManagerAlert struct {
@@ -74,7 +76,7 @@ func (a *AlertManagerTime) UnmarshalJSON(jsonRepr []byte) error {
 	return nil
 }
 
-func NewAlertmanager(hookURL string, proxyURL string, tlsConfig *tls.Config, token string) (*Alertmanager, error) {
+func NewAlertmanager(hookURL string, proxyURL string, tlsConfig *tls.Config, token, user, pass string) (*Alertmanager, error) {
 	_, err := url.ParseRequestURI(hookURL)
 	if err != nil {
 		return nil, fmt.Errorf("invalid Alertmanager URL %s: '%w'", hookURL, err)
@@ -84,6 +86,8 @@ func NewAlertmanager(hookURL string, proxyURL string, tlsConfig *tls.Config, tok
 		URL:       hookURL,
 		ProxyURL:  proxyURL,
 		Token:     token,
+		Username:  user,
+		Password:  pass,
 		TLSConfig: tlsConfig,
 	}, nil
 }
@@ -149,6 +153,11 @@ func (s *Alertmanager) Post(ctx context.Context, event eventv1.Event) error {
 			request.Header.Add("Authorization", "Bearer "+s.Token)
 		}))
 	}
+	if s.Username != "" && s.Password != "" {
+		opts = append(opts, withRequestModifier(func(request *retryablehttp.Request) {
+			request.SetBasicAuth(s.Username, s.Password)
+		}))
+	}
 
 	if err := postMessage(ctx, s.URL, payload, opts...); err != nil {
 		return fmt.Errorf("postMessage failed: %w", err)

internal/notifier/alertmanager_fuzz_test.go

@@ -46,7 +46,7 @@ func Fuzz_AlertManager(f *testing.F) {
 		var tlsConfig tls.Config
 		_ = fuzz.NewConsumer(seed).GenerateStruct(&tlsConfig)
 
-		alertmanager, err := NewAlertmanager(fmt.Sprintf("%s/%s", ts.URL, urlSuffix), "", &tlsConfig, "")
+		alertmanager, err := NewAlertmanager(fmt.Sprintf("%s/%s", ts.URL, urlSuffix), "", &tlsConfig, "", "", "")
 		if err != nil {
 			return
 		}

internal/notifier/alertmanager_test.go

@@ -38,7 +38,7 @@ func TestAlertmanager_Post(t *testing.T) {
 	}))
 	defer ts.Close()
 
-	alertmanager, err := NewAlertmanager(ts.URL, "", nil, "")
+	alertmanager, err := NewAlertmanager(ts.URL, "", nil, "", "", "")
 	require.NoError(t, err)
 
 	err = alertmanager.Post(context.TODO(), testEvent())

internal/notifier/factory.go

@@ -295,7 +295,7 @@ func opsgenieNotifierFunc(opts notifierOptions) (Interface, error) {
 }
 
 func alertmanagerNotifierFunc(opts notifierOptions) (Interface, error) {
-	return NewAlertmanager(opts.URL, opts.ProxyURL, opts.TLSConfig, opts.Token)
+	return NewAlertmanager(opts.URL, opts.ProxyURL, opts.TLSConfig, opts.Token, opts.Username, opts.Password)
 }
 
 func grafanaNotifierFunc(opts notifierOptions) (Interface, error) {