alertmanager: Support basic auth

2023-02-12 14:15:02 +01:00 · 2023-02-12 14:15:02 +01:00 · 1e44ba5694
commit 1e44ba5694
parent c919ec9af2
4 changed files with 34 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -70,6 +70,9 @@ alertmanager {
    # the request will be proxied through ntfy-alertmanager. Therefore ntfy-alertmanager
    # needs to be exposed to external network requests and base-url has to be set.
    silence-duration 24h
+    # Basic authentication (https://prometheus.io/docs/alerting/latest/https/)
+    user user
+    password pass
 }

 # When the alert-mode is set to single, ntfy-alertmanager will cache each single alert
--- a/config.go
+++ b/config.go
@ -50,6 +50,8 @@ type cacheConfig struct {
 }

 type alertmanagerConfig struct {
+	User            string
+	Password        string
 	SilenceDuration time.Duration
 }

@ -246,6 +248,20 @@ func readConfig(path string) (*config, error) {

 			config.am.SilenceDuration = duration
 		}
+
+		d = amDir.Children.Get("user")
+		if d != nil {
+			if err := d.ParseParams(&config.am.User); err != nil {
+				return nil, err
+			}
+		}
+
+		d = amDir.Children.Get("password")
+		if d != nil {
+			if err := d.ParseParams(&config.am.Password); err != nil {
+				return nil, err
+			}
+		}
 	}

 	return config, nil
--- a/config_test.go
+++ b/config_test.go
@ -55,6 +55,9 @@ alertmanager {
    # the request will be proxied through ntfy-alertmanager. Therefore ntfy-alertmanager
    # needs to be exposed to external network requests and base-url has to be set.
    silence-duration 24h
+    # Basic authentication (https://prometheus.io/docs/alerting/latest/https/)
+    user user
+    password pass
 }

 # When the alert-mode is set to single, ntfy-alertmanager will cache each single alert
@ -83,7 +86,11 @@ cache {
 			},
 		},
 		cache: cacheConfig{CleanupInterval: time.Hour, Duration: 48 * time.Hour},
-		am:    alertmanagerConfig{SilenceDuration: time.Hour * 24},
+		am: alertmanagerConfig{
+			SilenceDuration: time.Hour * 24,
+			User:            "user",
+			Password:        "pass",
+		},
 	}

 	configPath := filepath.Join(t.TempDir(), "config")
--- a/silence.go
+++ b/silence.go
@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/base64"
 	"encoding/json"
+	"fmt"
 	"io"
 	"net/http"
 	"time"
@ -93,6 +94,12 @@ func (rcv *receiver) handleSilences(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	// Basic auth
+	if rcv.cfg.am.User != "" && rcv.cfg.am.Password != "" {
+		auth := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", rcv.cfg.am.User, rcv.cfg.am.Password)))
+		req.Header.Set("Authorization", fmt.Sprintf("Basic %s", auth))
+	}
+
 	req.Header.Add("Content-Type", "application/json")
 	resp, err := client.Do(req)
 	if err != nil {