From 7ba1d4c4c05239d5ce997d7d9cf4df36c3cd9d4b Mon Sep 17 00:00:00 2001 From: f41gh7 Date: Mon, 5 Aug 2024 23:58:25 +0200 Subject: [PATCH] api/vmalertmanagerconfig: rework config validation * adds more strict validation to VMAlertmanagerConfig * skip broken configurations from VMAlertmanager during config build * adds new status fields to the VMalertmanager config: * lastSyncError - that defines last error occured to the config during config generation * status - generic CRD status for health track * additional fields for sync error context, like last error timestamp and name of alertmanager * adds stack trace only to the panic level errors. It should reduce log noise https://github.com/VictoriaMetrics/operator/issues/825 Signed-off-by: f41gh7 --- api/go.mod | 14 +- api/go.sum | 443 ++++++- api/operator/v1beta1/common_scrapeparams.go | 34 + .../v1beta1/vmalertmanager_webhook.go | 5 + .../v1beta1/vmalertmanager_webhook_test.go | 46 +- .../v1beta1/vmalertmanagerconfig_types.go | 76 +- .../v1beta1/vmalertmanagerconfig_webhook.go | 669 +++++++++- .../vmalertmanagerconfig_webhook_test.go | 114 +- api/operator/v1beta1/zz_generated.deepcopy.go | 63 +- config/crd/overlay/crd.yaml | 1099 +++++++++++++++-- .../operator/converter/v1alpha1/apis.go | 40 +- .../operator/factory/alertmanager/config.go | 278 +++-- .../factory/alertmanager/config_test.go | 71 +- .../factory/alertmanager/statefulset.go | 94 +- internal/manager/manager.go | 5 +- 15 files changed, 2645 insertions(+), 406 deletions(-) diff --git a/api/go.mod b/api/go.mod index bc96afb38..504d78f47 100644 --- a/api/go.mod +++ b/api/go.mod @@ -6,6 +6,7 @@ require ( github.com/VictoriaMetrics/VictoriaMetrics v1.101.0 github.com/onsi/ginkgo/v2 v2.17.2 github.com/onsi/gomega v1.33.1 + github.com/prometheus/alertmanager v0.27.0 github.com/stretchr/testify v1.9.0 gopkg.in/yaml.v2 v2.4.0 k8s.io/api v0.30.2 @@ -19,6 +20,7 @@ require ( require ( github.com/VictoriaMetrics/metrics v1.33.1 // indirect github.com/VictoriaMetrics/metricsql v0.75.1 // indirect + github.com/aws/aws-sdk-go v1.51.23 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bmatcuk/doublestar/v4 v4.6.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect @@ -27,11 +29,13 @@ require ( github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/go-kit/log v0.2.1 // indirect + github.com/go-logfmt/logfmt v0.6.0 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/zapr v1.3.0 // indirect - github.com/go-openapi/jsonpointer v0.19.6 // indirect - github.com/go-openapi/jsonreference v0.20.2 // indirect - github.com/go-openapi/swag v0.22.3 // indirect + github.com/go-openapi/jsonpointer v0.20.2 // indirect + github.com/go-openapi/jsonreference v0.20.4 // indirect + github.com/go-openapi/swag v0.22.9 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect @@ -42,18 +46,22 @@ require ( github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect github.com/google/uuid v1.6.0 // indirect github.com/imdario/mergo v0.3.12 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect + github.com/jpillora/backoff v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.17.8 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_golang v1.19.0 // indirect github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.52.3 // indirect + github.com/prometheus/common/sigv4 v0.1.0 // indirect github.com/prometheus/procfs v0.13.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect diff --git a/api/go.sum b/api/go.sum index 0b4495f8b..4ad7822d5 100644 --- a/api/go.sum +++ b/api/go.sum @@ -1,3 +1,38 @@ +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= +cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= +cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= +cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= +cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= +cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= +cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= +cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= +cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= +cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= +cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= +cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= +cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= +cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= +cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= +cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= +cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= +cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= +cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= +cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= +cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= +cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= +cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= +cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= +cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= +cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= +cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= +cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= +cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= +dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/VictoriaMetrics/VictoriaMetrics v1.101.0 h1:9nducJ+trgthdFJ8Fzshj80eotTGlt2DAEhr6pDdiXM= github.com/VictoriaMetrics/VictoriaMetrics v1.101.0/go.mod h1:4ia9nPE84gL/qd5/YYBkXwca1mXFQg9gRRQ+qwJjvvs= github.com/VictoriaMetrics/easyproto v0.1.4 h1:r8cNvo8o6sR4QShBXQd1bKw/VVLSQma/V2KhTBPf+Sc= @@ -6,71 +41,173 @@ github.com/VictoriaMetrics/metrics v1.33.1 h1:CNV3tfm2Kpv7Y9W3ohmvqgFWPR55tV2c7M github.com/VictoriaMetrics/metrics v1.33.1/go.mod h1:r7hveu6xMdUACXvB8TYdAj8WEsKzWB0EkpJN+RDtOf8= github.com/VictoriaMetrics/metricsql v0.75.1 h1:cE5Ex6qSdI9vVT2BnsO6GpepB/8LPoSPKQmrM+fuQ84= github.com/VictoriaMetrics/metricsql v0.75.1/go.mod h1:bEC8gqV+7kjnp97a8Gd6JbV1TraeZhfhvYAuaDuNR/U= +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= github.com/andybalholm/brotli v1.0.3/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= +github.com/aws/aws-sdk-go v1.38.35/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= +github.com/aws/aws-sdk-go v1.51.23 h1:/3TEdsEE/aHmdKGw2NrOp7Sdea76zfffGkTTSXTsDxY= +github.com/aws/aws-sdk-go v1.51.23/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bmatcuk/doublestar/v4 v4.6.1 h1:FH9SifrbvJhnlQpztAx++wlkk70QBf0iBWDwNy7PA4I= github.com/bmatcuk/doublestar/v4 v4.6.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= +github.com/go-kit/log v0.2.1 h1:MRVx0/zhvdseW+Gza6N9rVzU/IVzaeE1SFI4raAhmBU= +github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= +github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= +github.com/go-logfmt/logfmt v0.6.0 h1:wGYYu3uicYdqXVgoYbvnkrPVXkuLM1p1ifugDMEdRi4= +github.com/go-logfmt/logfmt v0.6.0/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= -github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= -github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= -github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= -github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q= +github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs= +github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU= +github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4= +github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE= +github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= +github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= +github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/jpillora/backoff v1.0.0 h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2EA= +github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= +github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU= github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -79,41 +216,72 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU= +github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/alertmanager v0.27.0 h1:V6nTa2J5V4s8TG4C4HtrBP/WNSebCCTYGGv4qecA/+I= +github.com/prometheus/alertmanager v0.27.0/go.mod h1:8Ia/R3urPmbzJ8OsdvmZvIprDwvwmYCmUbwBL+jlPOE= +github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= +github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= +github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU= github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= +github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= +github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.52.3 h1:5f8uj6ZwHSscOGNdIQg6OiZv/ybiK2CO2q2drVZAQSA= github.com/prometheus/common v0.52.3/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U= +github.com/prometheus/common/sigv4 v0.1.0 h1:qoVebwtwwEhS85Czm2dSROY5fTo2PAPEVdDeppTwGX4= +github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI= +github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= +github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.13.0 h1:GqzLlQyfsPbaEHaQkO7tbDlriv/4o5Hudv6OXHGKX7o= github.com/prometheus/procfs v0.13.0/go.mod h1:cd4PFCR54QLnGKPaKGA6l+cfuNXtht43ZKY6tow0Y1g= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= +github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= @@ -132,41 +300,150 @@ github.com/valyala/histogram v1.2.0/go.mod h1:Hb4kBwb4UxsaNbbbh+RRz8ZR6pdodR57tz github.com/valyala/quicktemplate v1.7.0 h1:LUPTJmlVcb46OOUY3IeD9DojFpAVbsG+5WFTcjMJzCM= github.com/valyala/quicktemplate v1.7.0/go.mod h1:sqKJnoaOF88V07vkO+9FL8fb9uZg/VPSJnLYn+LmLk8= github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc= +github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= +go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= +go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= +golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= +golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= +golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= +golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f h1:99ci1mjWVBWwJiEKYY6jWa4d2nTQVIEhZIptnrVb1XY= golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI= +golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= +golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= +golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= +golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= +golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= +golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg= golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= @@ -174,16 +451,60 @@ golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= +golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= +golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= @@ -193,13 +514,95 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= +google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= +google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= +google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= +google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= +google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= +google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= +google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= +google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= +google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= +google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= +google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= +google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= @@ -207,6 +610,13 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= +honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= k8s.io/apiextensions-apiserver v0.30.2 h1:l7Eue2t6QiLHErfn2vwK4KgF4NeDgjQkCXtEbOocKIE= @@ -221,6 +631,9 @@ k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5 k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY= k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= +rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= +rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw= sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= diff --git a/api/operator/v1beta1/common_scrapeparams.go b/api/operator/v1beta1/common_scrapeparams.go index 42a1955fb..5017b8db1 100644 --- a/api/operator/v1beta1/common_scrapeparams.go +++ b/api/operator/v1beta1/common_scrapeparams.go @@ -4,6 +4,7 @@ import ( "encoding/json" "fmt" "reflect" + "strings" v1 "k8s.io/api/core/v1" ) @@ -82,6 +83,24 @@ type OAuth2 struct { EndpointParams map[string]string `json:"endpoint_params,omitempty"` } +func (o *OAuth2) validate() error { + if o == nil { + return nil + } + if o.TokenURL == "" { + return fmt.Errorf("token_url field for oauth2 config must be set") + } + + if o.ClientID == (SecretOrConfigMap{}) { + return fmt.Errorf("client_id field must be set") + } + + if o.ClientID.Secret != nil && o.ClientID.ConfigMap != nil { + return fmt.Errorf("cannot specify both Secret and ConfigMap for client_id field") + } + return nil +} + // Authorization configures generic authorization params type Authorization struct { // Type of authorization, default to bearer @@ -94,6 +113,21 @@ type Authorization struct { CredentialsFile string `json:"credentialsFile,omitempty"` } +func (ac *Authorization) validate() error { + if ac == nil { + return nil + } + + if strings.ToLower(strings.TrimSpace(ac.Type)) == "basic" { + return fmt.Errorf("Authorization type cannot be set to 'basic', use 'basic_auth' instead`") + } + + if ac.Credentials == nil && len(ac.CredentialsFile) == 0 { + return fmt.Errorf("at least `credentials` or `credentials_file` must be set") + } + return nil +} + // RelabelConfig allows dynamic rewriting of the label set // More info: https://docs.victoriametrics.com/#relabeling // +k8s:openapi-gen=true diff --git a/api/operator/v1beta1/vmalertmanager_webhook.go b/api/operator/v1beta1/vmalertmanager_webhook.go index a9c3a0f54..770685d01 100644 --- a/api/operator/v1beta1/vmalertmanager_webhook.go +++ b/api/operator/v1beta1/vmalertmanager_webhook.go @@ -41,6 +41,11 @@ func (r *VMAlertmanager) SetupWebhookWithManager(mgr ctrl.Manager) error { var _ webhook.Validator = &VMAlertmanager{} func (r *VMAlertmanager) sanityCheck() error { + if len(r.Spec.ConfigRawYaml) > 0 { + if err := ValidateAlertmanagerConfigSpec([]byte(r.Spec.ConfigRawYaml)); err != nil { + return fmt.Errorf("bad config syntax at spec.configRawYaml: %w", err) + } + } if r.Spec.ConfigSecret == r.ConfigSecretName() { return fmt.Errorf("spec.configSecret uses the same name as built-in config secret used by operator. Please change it's name") } diff --git a/api/operator/v1beta1/vmalertmanager_webhook_test.go b/api/operator/v1beta1/vmalertmanager_webhook_test.go index b98de01b5..615984968 100644 --- a/api/operator/v1beta1/vmalertmanager_webhook_test.go +++ b/api/operator/v1beta1/vmalertmanager_webhook_test.go @@ -18,30 +18,52 @@ package v1beta1 import ( . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) var _ = Describe("VMAlertmanager Webhook", func() { - + var am *VMAlertmanager + BeforeEach(func() { + am = &VMAlertmanager{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-suite", + Namespace: "test", + }, + Spec: VMAlertmanagerSpec{}, + } + }) Context("When creating VMAlertmanager under Validating Webhook", func() { - It("Should deny if a required field is empty", func() { - - // TODO(user): Add your logic here - + It("Should deny config file with bad syntax", func() { + am.Spec.ConfigRawYaml = ` +global: + resolve_timeout: 10m + group_wait: 1s + ` + Expect(am.sanityCheck()).NotTo(Succeed()) }) - It("Should admit if all required fields are provided", func() { - - // TODO(user): Add your logic here - + It("Should allow with correct config syntax", func() { + am.Spec.ConfigRawYaml = ` + global: + resolve_timeout: 5m + route: + group_wait: 10s + group_interval: 2m + group_by: ["alertgroup", "resource_id"] + repeat_interval: 12h + receiver: 'blackhole' + receivers: + # by default route to dev/null + - name: blackhole + ` + Expect(am.sanityCheck()).To(Succeed()) }) }) Context("When creating VMAlertmanager under Conversion Webhook", func() { It("Should get the converted version of VMAlertmanager", func() { - // TODO(user): Add your logic here - }) }) - }) diff --git a/api/operator/v1beta1/vmalertmanagerconfig_types.go b/api/operator/v1beta1/vmalertmanagerconfig_types.go index 19efea647..2c282eec6 100644 --- a/api/operator/v1beta1/vmalertmanagerconfig_types.go +++ b/api/operator/v1beta1/vmalertmanagerconfig_types.go @@ -22,6 +22,7 @@ import ( "reflect" "strings" + amcfg "github.com/prometheus/alertmanager/config" "gopkg.in/yaml.v2" v1 "k8s.io/api/core/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" @@ -29,37 +30,33 @@ import ( ) // VMAlertmanagerConfigSpec defines configuration for VMAlertmanagerConfig +// it must reference only locally defined objects type VMAlertmanagerConfigSpec struct { // Route definition for alertmanager, may include nested routes. Route *Route `json:"route"` - // Receivers defines alert receivers. - // without defined Route, receivers will be skipped. + // Receivers defines alert receivers Receivers []Receiver `json:"receivers"` // InhibitRules will only apply for alerts matching // the resource's namespace. // +optional InhibitRules []InhibitRule `json:"inhibit_rules,omitempty"` - // MuteTimeInterval - global mute time - // See https://prometheus.io/docs/alerting/latest/configuration/#mute_time_interval + // TimeIntervals defines named interval for active/mute notifications interval + // See https://prometheus.io/docs/alerting/latest/configuration/#time_interval // +optional - MutTimeIntervals []MuteTimeInterval `json:"mute_time_intervals,omitempty"` + TimeIntervals []TimeIntervals `json:"time_intervals,omitempty"` // ParsingError contents error with context if operator was failed to parse json object from kubernetes api server - // TimeIntervals modern config option, use it instead of mute_time_intervals - // +optional - TimeIntervals []MuteTimeInterval `json:"time_intervals,omitempty"` - - ParsingError string `json:"-,omitempty" yaml:"-,omitempty"` + ParsingError string `json:"-" yaml:"-"` } -// MuteTimeInterval for alerts -type MuteTimeInterval struct { +// TimeIntervals for alerts +type TimeIntervals struct { // Name of interval // +required Name string `json:"name,omitempty"` // TimeIntervals interval configuration // +required - TimeIntervals []TimeInterval `json:"time_intervals"` + TimeIntervals []TimeInterval `json:"time_intervals" yaml:"time_intervals"` } // TimeInterval defines intervals of time @@ -99,13 +96,22 @@ type TimeRange struct { // VMAlertmanagerConfigStatus defines the observed state of VMAlertmanagerConfig type VMAlertmanagerConfigStatus struct { - // ErrorReason describes validation or any other errors. - ErrorReason string `json:"reason,omitempty"` + // Status defines CRD processing status + Status UpdateStatus `json:"status,omitempty"` + // LastSyncError contains error message for unsuccessful config generation + LastSyncError string `json:"lastSyncError,omitempty"` + LastErrorParentAlertmanagerName string `json:"lastErrorParentAlertmanagerName,omitempty"` + // LastSyncErrorTimestamp defines time when error occured + LastSyncErrorTimestamp int64 `json:"lastSyncErrorTimestamp,omitempty"` + // CurrentSyncError holds an error occured during reconcile loop + CurrentSyncError string `json:"-"` } // VMAlertmanagerConfig is the Schema for the vmalertmanagerconfigs API // +kubebuilder:object:root=true // +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.status" +// +kubebuilder:printcolumn:name="Sync Error",type="string",JSONPath=".status.lastSyncError" // +genclient // +k8s:openapi-gen=true type VMAlertmanagerConfig struct { @@ -161,15 +167,16 @@ type Route struct { // Child routes. // https://prometheus.io/docs/alerting/latest/configuration/#route RawRoutes []apiextensionsv1.JSON `json:"routes,omitempty"` - // MuteTimeIntervals for alerts + // MuteTimeIntervals is a list of interval names that will mute matched alert // +optional - MuteTimeIntervals []string `json:"mute_time_intervals,omitempty"` + MuteTimeIntervals []string `json:"mute_time_intervals,omitempty" yaml:"mute_time_intervals,omitempty"` // ActiveTimeIntervals Times when the route should be active // These must match the name at time_intervals // +optional - ActiveTimeIntervals []string `json:"active_time_intervals,omitempty"` + ActiveTimeIntervals []string `json:"active_time_intervals,omitempty" yaml:"active_time_intervals,omitempty"` } +// SubRoute alias for Route, its needed to proper use json parsing with raw input type SubRoute Route func parseNestedRoutes(src *Route) error { @@ -197,10 +204,12 @@ func (cr *VMAlertmanagerConfig) UnmarshalJSON(src []byte) error { cr.Spec.ParsingError = fmt.Sprintf("cannot parse alertmanager config: %s, err: %s", string(src), err) return nil } + if err := parseNestedRoutes(cr.Spec.Route); err != nil { cr.Spec.ParsingError = fmt.Sprintf("cannot parse routes for alertmanager config: %s at namespace: %s, err: %s", cr.Name, cr.Namespace, err) return nil } + return nil } @@ -267,6 +276,8 @@ type Receiver struct { WebexConfigs []WebexConfig `json:"webex_configs,omitempty"` } +// TelegramConfig configures notification via telegram +// https://prometheus.io/docs/alerting/latest/configuration/#telegram_config type TelegramConfig struct { // SendResolved controls notify about resolved alerts. // +optional @@ -326,13 +337,15 @@ type WeChatConfig struct { SendResolved *bool `json:"send_resolved,omitempty"` // The secret's key that contains the WeChat API key. // The secret needs to be in the same namespace as the AlertmanagerConfig - // object and accessible by the Prometheus Operator. + // fallback to global alertmanager setting if empty // +optional APISecret *v1.SecretKeySelector `json:"api_secret,omitempty"` // The WeChat API URL. + // fallback to global alertmanager setting if empty // +optional APIURL string `json:"api_url,omitempty"` // The corp id for authentication. + // fallback to global alertmanager setting if empty // +optional CorpID string `json:"corp_id,omitempty"` // +optional @@ -361,12 +374,14 @@ type EmailConfig struct { // +optional To string `json:"to,omitempty"` // The sender address. + // fallback to global setting if empty // +optional From string `json:"from,omitempty"` // The hostname to identify to the SMTP server. // +optional Hello string `json:"hello,omitempty"` // The SMTP host through which emails are sent. + // fallback to global setting if empty // +optional Smarthost string `json:"smarthost,omitempty"` // The username to use for authentication. @@ -443,6 +458,7 @@ type VictorOpsConfig struct { SendResolved *bool `json:"send_resolved,omitempty"` // The secret's key that contains the API key to use when talking to the VictorOps API. // It must be at them same namespace as CRD + // fallback to global setting if empty // +optional APIKey *v1.SecretKeySelector `json:"api_key,omitempty"` // The VictorOps API URL. @@ -525,6 +541,7 @@ type SlackConfig struct { SendResolved *bool `json:"send_resolved,omitempty"` // The secret's key that contains the Slack webhook URL. // It must be at them same namespace as CRD + // fallback to global setting if empty // +optional APIURL *v1.SecretKeySelector `json:"api_url,omitempty"` // The channel or user to send notifications to. @@ -634,6 +651,7 @@ type OpsGenieConfig struct { SendResolved *bool `json:"send_resolved,omitempty"` // The secret's key that contains the OpsGenie API key. // It must be at them same namespace as CRD + // fallback to global setting if empty // +optional APIKey *v1.SecretKeySelector `json:"api_key,omitempty"` // The URL to send OpsGenie API requests to. @@ -915,10 +933,9 @@ type WebexConfig struct { HTTPConfig *HTTPConfig `json:"http_config,omitempty"` } -// HTTPConfig defines a client HTTP configuration. +// HTTPConfig defines a client HTTP configuration for VMAlertmanagerConfig objects // See https://prometheus.io/docs/alerting/latest/configuration/#http_config type HTTPConfig struct { - // TODO oAuth2 support // BasicAuth for the client. // +optional BasicAuth *BasicAuth `json:"basic_auth,omitempty"` @@ -935,12 +952,29 @@ type HTTPConfig struct { // Optional proxy URL. // +optional ProxyURL string `json:"proxyURL,omitempty"` + // Authorization header configuration for the client. + // This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + // +optional + Authorization *Authorization `json:"authorization,omitempty"` + // OAuth2 client credentials used to fetch a token for the targets. + // +optional + OAuth2 *OAuth2 `json:"oauth2,omitempty"` } func (amc *VMAlertmanagerConfig) AsKey() string { return fmt.Sprintf("%s/%s", amc.Namespace, amc.Name) } +// ValidateAlertmanagerConfigSpec verifies that provided raw alertmanger configuration is logically valid +// according to alertmanager config parser +func ValidateAlertmanagerConfigSpec(srcYAML []byte) error { + var cfgForTest amcfg.Config + if err := yaml.UnmarshalStrict(srcYAML, &cfgForTest); err != nil { + return err + } + return nil +} + func init() { SchemeBuilder.Register(&VMAlertmanagerConfig{}, &VMAlertmanagerConfigList{}) } diff --git a/api/operator/v1beta1/vmalertmanagerconfig_webhook.go b/api/operator/v1beta1/vmalertmanagerconfig_webhook.go index 9e716de05..8a766acb1 100644 --- a/api/operator/v1beta1/vmalertmanagerconfig_webhook.go +++ b/api/operator/v1beta1/vmalertmanagerconfig_webhook.go @@ -18,6 +18,12 @@ package v1beta1 import ( "fmt" + "html/template" + "net" + "net/url" + "regexp" + "strconv" + "strings" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" @@ -36,11 +42,57 @@ func (r *VMAlertmanagerConfig) SetupWebhookWithManager(mgr ctrl.Manager) error { var _ webhook.Validator = &VMAlertmanagerConfig{} -func (r *VMAlertmanagerConfig) Validate() error { - validateSpec := r.DeepCopy() +// Validate performs logical validation +func (cr *VMAlertmanagerConfig) Validate() error { + if mustSkipValidation(cr) { + return nil + } + validateSpec := cr.DeepCopy() + if cr.Spec.Route == nil { + return fmt.Errorf("no routes provided") + } + if cr.Spec.Route.Receiver == "" { + return fmt.Errorf("root route reciever cannot be empty") + } + + for idx, recv := range cr.Spec.Receivers { + if err := validateReceiver(recv); err != nil { + return fmt.Errorf("receiver at idx=%d is invalid: %w", idx, err) + } + } + if err := parseNestedRoutes(validateSpec.Spec.Route); err != nil { return fmt.Errorf("cannot parse nested route for alertmanager config err: %w", err) } + + names := map[string]struct{}{} + for _, rcv := range cr.Spec.Receivers { + if _, ok := names[rcv.Name]; ok { + return fmt.Errorf("notification config name %q is not unique", rcv.Name) + } + names[rcv.Name] = struct{}{} + } + + if _, ok := names[cr.Spec.Route.Receiver]; !ok { + return fmt.Errorf("receiver=%q for spec root not found at receivers", cr.Spec.Route.Receiver) + } + + tiNames, err := validateTimeIntervals(cr.Spec.TimeIntervals) + if err != nil { + return err + } + + for _, ti := range cr.Spec.Route.ActiveTimeIntervals { + if _, ok := tiNames[ti]; !ok { + return fmt.Errorf("undefined active time interval %q used in root route", ti) + } + } + for idx, sr := range cr.Spec.Route.Routes { + if err := checkRouteReceiver(sr, names, tiNames); err != nil { + return fmt.Errorf("subRoute=%d is not valid: %w", idx, err) + } + } + return nil } @@ -49,9 +101,6 @@ func (r *VMAlertmanagerConfig) ValidateCreate() (admission.Warnings, error) { if r.Spec.ParsingError != "" { return nil, fmt.Errorf(r.Spec.ParsingError) } - if mustSkipValidation(r) { - return nil, nil - } if err := r.Validate(); err != nil { return nil, err } @@ -63,9 +112,7 @@ func (r *VMAlertmanagerConfig) ValidateUpdate(old runtime.Object) (admission.War if r.Spec.ParsingError != "" { return nil, fmt.Errorf(r.Spec.ParsingError) } - if mustSkipValidation(r) { - return nil, nil - } + if err := r.Validate(); err != nil { return nil, err } @@ -76,3 +123,609 @@ func (r *VMAlertmanagerConfig) ValidateUpdate(old runtime.Object) (admission.War func (r *VMAlertmanagerConfig) ValidateDelete() (admission.Warnings, error) { return nil, nil } + +const opsgenieValidTypesRe = `^(team|teams|user|escalation|schedule)$` + +var opsgenieTypeMatcher = regexp.MustCompile(opsgenieValidTypesRe) + +func validateReceiver(recv Receiver) error { + if recv.Name == "" { + return fmt.Errorf("name field cannot be empty") + } + + for idx, cfg := range recv.EmailConfigs { + if cfg.To == "" { + return fmt.Errorf("at idx=%d required field `to` must be set", idx) + } + + if cfg.Smarthost != "" { + _, port, err := net.SplitHostPort(cfg.Smarthost) + if err != nil { + return err + } + if port == "" { + return fmt.Errorf("smarthost=%q: port cannot be empty", cfg.Smarthost) + } + } + + if len(cfg.Headers) > 0 { + normalizedHeaders := map[string]struct{}{} + for key := range cfg.Headers { + normalized := strings.ToLower(key) + if _, ok := normalizedHeaders[normalized]; ok { + return fmt.Errorf("duplicate header %q", normalized) + } + normalizedHeaders[normalized] = struct{}{} + } + } + + } + for idx, cfg := range recv.PagerDutyConfigs { + if cfg.URL != "" { + if _, err := url.Parse(cfg.URL); err != nil { + return fmt.Errorf("at idx=%d pagerduty_configs invalid url=%q: %w", idx, cfg.URL, err) + } + } + if cfg.RoutingKey == nil && cfg.ServiceKey == nil { + return fmt.Errorf("at idx=%d pagerduty_configs one of 'routing_key' or 'service_key' must be configured", idx) + } + if cfg.RoutingKey != nil && cfg.ServiceKey != nil { + return fmt.Errorf("at idx=%d pagerduty_configs at most one of 'routing_key' or 'service_key' must be configured", idx) + } + if err := cfg.HTTPConfig.validate(); err != nil { + return fmt.Errorf("at idx=%d for pagerduty_configs incorrect http_config: %w", idx, err) + } + } + for idx, cfg := range recv.PushoverConfigs { + if cfg.UserKey == nil { + return fmt.Errorf("at idx=%d pushover_configs required field 'user_key' must be set", idx) + } + + if cfg.Token == nil { + return fmt.Errorf("at idx=%d pushover_configs required field 'token' must be set", idx) + } + if err := cfg.HTTPConfig.validate(); err != nil { + return fmt.Errorf("at idx=%d for pushover_configs incorrect http_config: %w", idx, err) + } + } + for idx, cfg := range recv.SlackConfigs { + for _, sa := range cfg.Actions { + if sa.Type == "" { + return fmt.Errorf("at idx=%d required field 'action.type' for slack actions must be set", idx) + } + if sa.Text == "" { + return fmt.Errorf("at idx=%d required field 'action.text' for slack actions must be set", idx) + } + + if sa.URL == "" && sa.Name == "" { + return fmt.Errorf("at idx=%d required field 'action.url' or 'action.name' for slack actions must be set", idx) + } + + if sa.ConfirmField != nil && sa.ConfirmField.Text == "" { + return fmt.Errorf("at idx=%d required field 'confirm_field.text' for slack actions must be set", idx) + } + + } + + for _, field := range cfg.Fields { + if field.Value == "" { + return fmt.Errorf("at idx=%d required field 'value' for slack fields must be set", idx) + } + if field.Title == "" { + return fmt.Errorf("at idx=%d required field 'title' for slack fields must be set", idx) + } + } + if err := cfg.HTTPConfig.validate(); err != nil { + return fmt.Errorf("at idx=%d for slack_configs incorrect http_config: %w", idx, err) + } + } + for idx, cfg := range recv.OpsGenieConfigs { + for _, responder := range cfg.Responders { + if responder.ID == "" && responder.Name == "" && responder.Username == "" { + return fmt.Errorf("at idx=%d opsgenie responder must have at least an id, a name or an username defined", idx) + } + + switch { + case strings.Contains(responder.Type, "{{"): + _, err := template.New("").Parse(responder.Type) + if err != nil { + return fmt.Errorf("responder %v type is not a valid template: %w", responder, err) + } + case opsgenieTypeMatcher.MatchString(responder.Type): + default: + return fmt.Errorf("at idx=%d opsgenie_configs responder type=%q doesnt match requirements, want either template or %s", idx, responder.Type, opsgenieTypeMatcher.String()) + } + + } + if err := cfg.HTTPConfig.validate(); err != nil { + return fmt.Errorf("at idx=%d for opsgenie_configs incorrect http_config: %w", idx, err) + } + } + for idx, cfg := range recv.WebhookConfigs { + if cfg.URL == nil && cfg.URLSecret == nil { + return fmt.Errorf("at idx=%d of webhook_configs one of 'url' or 'url_secret' must be specified", idx) + } + if cfg.URL != nil && cfg.URLSecret != nil { + return fmt.Errorf("at idx=%d of webhook_configs at most one of 'url' or 'url_secret' must be specified", idx) + } + if cfg.URL != nil { + if _, err := url.Parse(*cfg.URL); err != nil { + return fmt.Errorf("invalid 'url': %w", err) + } + } + if err := cfg.HTTPConfig.validate(); err != nil { + return fmt.Errorf("at idx=%d for webhook_configs incorrect http_config: %w", idx, err) + } + } + for idx, cfg := range recv.VictorOpsConfigs { + // from https://github.com/prometheus/alertmanager/blob/a7f9fdadbecbb7e692d2cd8d3334e3d6de1602e1/config/notifiers.go#L497 + reservedFields := map[string]struct{}{ + "routing_key": {}, + "message_type": {}, + "state_message": {}, + "entity_display_name": {}, + "monitoring_tool": {}, + "entity_id": {}, + "entity_state": {}, + } + + if len(cfg.CustomFields) > 0 { + for key := range cfg.CustomFields { + if _, ok := reservedFields[key]; ok { + return fmt.Errorf("at idx=%d of victorops_configs usage of reserved word %q in custom fields", idx, key) + } + } + } + if cfg.RoutingKey == "" { + return fmt.Errorf("at idx=%d of victorops_configs missing 'routing_key' key", idx) + } + + if cfg.APIURL != "" { + if _, err := url.Parse(cfg.APIURL); err != nil { + return fmt.Errorf("at idx=%d of victorops_configs incorrect api_url=%q: %w", idx, cfg.APIURL, err) + } + } + if err := cfg.HTTPConfig.validate(); err != nil { + return fmt.Errorf("at idx=%d for victorops_configs incorrect http_config: %w", idx, err) + } + } + for idx, cfg := range recv.WeChatConfigs { + if cfg.APIURL != "" { + if _, err := url.Parse(cfg.APIURL); err != nil { + return fmt.Errorf("at idx=%d for wechat_configs incorrect api_url=%q: %w", idx, cfg.APIURL, err) + } + } + if err := cfg.HTTPConfig.validate(); err != nil { + return fmt.Errorf("at idx=%d for wechat_configs incorrect http_config: %w", idx, err) + } + } + for idx, cfg := range recv.TelegramConfigs { + if cfg.BotToken == nil { + return fmt.Errorf("at idx=%d for telegram_configs required field 'bot_token' must be set", idx) + } + if cfg.ChatID == 0 { + return fmt.Errorf("at idx=%d for telegram_configs required field 'chat_id' must be set", idx) + } + + if cfg.ParseMode != "" && + cfg.ParseMode != "Markdown" && + cfg.ParseMode != "MarkdownV2" && + cfg.ParseMode != "HTML" { + return fmt.Errorf("at idx=%d unknown parse_mode=%q on telegram_config, must be Markdown, MarkdownV2, HTML or empty string", idx, cfg.ParseMode) + } + if err := cfg.HTTPConfig.validate(); err != nil { + return fmt.Errorf("at idx=%d for telegram_configs incorrect http_config: %w", idx, err) + } + } + for idx, cfg := range recv.MSTeamsConfigs { + if cfg.URL == nil && cfg.URLSecret == nil { + return fmt.Errorf("at idx=%d for msteams_configs of webhook_url or webhook_url_secret must be configured", idx) + } + + if cfg.URL != nil && cfg.URLSecret != nil { + return fmt.Errorf("at idx=%d for msteams_configs at most one of webhook_url or webhook_url_secret must be configured", idx) + } + if cfg.URL != nil { + if _, err := url.Parse(*cfg.URL); err != nil { + return fmt.Errorf("at idx=%d for msteams_configs has invalid webhook_url=%q", idx, *cfg.URL) + } + } + if err := cfg.HTTPConfig.validate(); err != nil { + return fmt.Errorf("at idx=%d for msteams_configs incorrect http_config: %w", idx, err) + } + } + for idx, cfg := range recv.DiscordConfigs { + if cfg.URL == nil && cfg.URLSecret == nil { + return fmt.Errorf("at idx=%d for discord_configs of webhook_url or webhook_url_secret must be configured", idx) + } + + if cfg.URL != nil && cfg.URLSecret != nil { + return fmt.Errorf("at idx=%d for discord_configs at most one of webhook_url or webhook_url_secret must be configured", idx) + } + if cfg.URL != nil { + if _, err := url.Parse(*cfg.URL); err != nil { + return fmt.Errorf("at idx=%d for discord_configs has invalid webhook_url=%q", idx, *cfg.URL) + } + } + if err := cfg.HTTPConfig.validate(); err != nil { + return fmt.Errorf("at idx=%d for discord_configs incorrect http_config: %w", idx, err) + } + } + for idx, cfg := range recv.SNSConfigs { + if cfg.TargetArn == "" && cfg.TopicArn == "" && cfg.PhoneNumber == "" { + return fmt.Errorf("at idx=%d for sns_configs one of target_arn, topic_arn or phone_number fields must be set", idx) + } + if err := cfg.HTTPConfig.validate(); err != nil { + return fmt.Errorf("at idx=%d for sns_configs incorrect http_config: %w", idx, err) + } + } + for idx, cfg := range recv.WebexConfigs { + if cfg.URL != nil && *cfg.URL != "" { + if _, err := url.Parse(*cfg.URL); err != nil { + return fmt.Errorf("at idx=%d for webex_configs incorrect url=%q: %w", idx, *cfg.URL, err) + } + } + if cfg.RoomId == "" { + return fmt.Errorf("at idx=%d for webex_configs missing required field 'room_id'", idx) + } + if cfg.HTTPConfig == nil || cfg.HTTPConfig.Authorization == nil { + return fmt.Errorf("at idx=%d for webex_configs missing http_config.authorization configuration", idx) + } + if err := cfg.HTTPConfig.Authorization.validate(); err != nil { + return fmt.Errorf("at idx=%d for webex_configs incorrect http_config.authorization: %w", idx, err) + } + if err := cfg.HTTPConfig.validate(); err != nil { + return fmt.Errorf("at idx=%d for webex_configs incorrect http_config: %w", idx, err) + } + } + + return nil +} + +// checkRouteReceiver returns an error if a node in the routing tree +// references a receiver not in the given map. +func checkRouteReceiver(r *SubRoute, receivers map[string]struct{}, tiNames map[string]struct{}) error { + for _, ti := range r.ActiveTimeIntervals { + if _, ok := tiNames[ti]; !ok { + return fmt.Errorf("undefined time interval %q used in route", ti) + } + } + if r.Receiver == "" { + return nil + } + if _, ok := receivers[r.Receiver]; !ok { + return fmt.Errorf("undefined receiver %q used in route", r.Receiver) + } + for idx, sr := range r.Routes { + if err := checkRouteReceiver(sr, receivers, tiNames); err != nil { + return fmt.Errorf("nested route=%d: %w", idx, err) + } + } + + return nil +} + +func validateTimeIntervals(timeIntervals []TimeIntervals) (map[string]struct{}, error) { + timeIntervalNames := make(map[string]struct{}, len(timeIntervals)) + + for idx, ti := range timeIntervals { + if err := validateTimeIntervalsEntry(&ti); err != nil { + return nil, fmt.Errorf("time interval at idx=%d is invalid: %w", idx, err) + } + if _, ok := timeIntervalNames[ti.Name]; ok { + return nil, fmt.Errorf("time interval at idx=%d is not unique with name=%q", idx, ti.Name) + } + timeIntervalNames[ti.Name] = struct{}{} + } + return timeIntervalNames, nil +} + +func validateTimeIntervalsEntry(ti *TimeIntervals) error { + if ti.Name == "" { + return fmt.Errorf("empty name field for time interval") + } + + for i, ti := range ti.TimeIntervals { + for _, time := range ti.Times { + if err := validateTimeRangeForInterval(time); err != nil { + return fmt.Errorf("time range=%q at idx=%d is invalid: %w", time, i, err) + } + } + for _, weekday := range ti.Weekdays { + if err := validateWeekDays(weekday); err != nil { + return fmt.Errorf("weekday range=%q at idx=%d is invalid: %w", weekday, i, err) + } + } + for _, dom := range ti.DaysOfMonth { + if err := validateDoM(dom); err != nil { + return fmt.Errorf("day of month range=%q at idx=%d is invalid: %w", dom, i, err) + } + } + for _, month := range ti.Months { + if err := validateMonths(month); err != nil { + return fmt.Errorf("month range=%q at idx=%d is invalid: %w", month, i, err) + } + } + for _, year := range ti.Years { + if err := validateYears(year); err != nil { + return fmt.Errorf("year range=%q at idx=%d is invalid: %w", year, i, err) + } + } + } + return nil +} + +func validateYears(s string) error { + startStr, endStr, err := parseRange(s) + if err != nil { + return err + } + + start, err := strconv.ParseInt(startStr, 10, 64) + if err != nil { + return fmt.Errorf("start year cannot be %s parsed: %w", startStr, err) + } + + end, err := strconv.ParseInt(endStr, 10, 64) + if err != nil { + return fmt.Errorf("end year cannot be %s parsed: %w", endStr, err) + } + + if start > end { + return fmt.Errorf("end year %d is before start year %d", end, start) + } + return nil +} + +var months = map[string]int{ + "january": 1, + "february": 2, + "march": 3, + "april": 4, + "may": 5, + "june": 6, + "july": 7, + "august": 8, + "september": 9, + "october": 10, + "november": 11, + "december": 12, + "1": 1, + "2": 2, + "3": 3, + "4": 4, + "5": 5, + "6": 6, + "7": 7, + "8": 8, + "9": 9, + "10": 10, + "11": 11, + "12": 12, +} + +func validateMonths(s string) error { + startStr, endStr, err := parseRange(s) + if err != nil { + return err + } + + stToInt := func(rs string) (int, error) { + i, ok := months[strings.ToLower(rs)] + if !ok { + return 0, fmt.Errorf("month value=%q is not valid, expect month number of name", rs) + } + return i, nil + } + + start, err := stToInt(startStr) + if err != nil { + return fmt.Errorf("failed to parse start month from month range: %w", err) + } + + end, err := stToInt(endStr) + if err != nil { + return fmt.Errorf("failed to parse start month from month range: %w", err) + } + + if start > end { + return fmt.Errorf("end month %s is before start month %s", endStr, startStr) + } + return nil +} + +func validateDoM(s string) error { + startStr, endStr, err := parseRange(s) + if err != nil { + return fmt.Errorf("cannot parse time range for days_of_month=%q: %w", s, err) + } + start, err := strconv.ParseInt(startStr, 10, 64) + if err != nil { + return fmt.Errorf("cannot parse start=%q as integer: %w", startStr, err) + } + end, err := strconv.ParseInt(endStr, 10, 64) + if err != nil { + return fmt.Errorf("cannot parse end=%q as integer: %w", endStr, err) + } + + // Check beginning <= end accounting for negatives day of month indices as well. + // Months != 31 days can't be addressed here and are clamped, but at least we can catch blatant errors. + if start == 0 || start < -31 || start > 31 { + return fmt.Errorf("%d is not a valid day of the month: out of range", start) + } + if end == 0 || end < -31 || end > 31 { + return fmt.Errorf("%d is not a valid day of the month: out of range", end) + } + // Restricting here prevents errors where begin > end in longer months but not shorter months. + if start < 0 && end > 0 { + return fmt.Errorf("end day must be negative if start day is negative") + } + // Check begin <= end. We can't know this for sure when using negative indices, + // but we can prevent cases where its always invalid (using 28 day minimum length). + checkBegin := start + checkEnd := end + if start < 0 { + checkBegin = 28 + start + } + if end < 0 { + checkEnd = 28 + end + } + if checkBegin > checkEnd { + return fmt.Errorf("end day %d is always before start day %d", end, start) + } + return nil +} + +var daysOfWeek = map[string]int{ + "sunday": 0, + "monday": 1, + "tuesday": 2, + "wednesday": 3, + "thursday": 4, + "friday": 5, + "saturday": 6, + "0": 0, + "1": 1, + "2": 2, + "3": 3, + "4": 4, + "5": 5, + "6": 6, +} + +func validateWeekDays(wds string) error { + startStr, endStr, err := parseRange(wds) + if err != nil { + return err + } + + stToInt := func(s string) (int, error) { + s = strings.ToLower(s) + dw, ok := daysOfWeek[s] + if !ok { + return 0, fmt.Errorf("day of week=%q is not valid, expect day name from sunday to saturday or number from 0 to 6", s) + } + return dw, nil + } + + start, err := stToInt(startStr) + if err != nil { + return fmt.Errorf("cannot convert startStr: %w", err) + } + end, err := stToInt(endStr) + if err != nil { + return fmt.Errorf("cannot convert endStr: %w", err) + } + if start > end { + return fmt.Errorf("start week day cannot be before end day") + } + + return nil +} + +func parseRange(s string) (start, end string, err error) { + if !strings.Contains(s, ":") { + start, end = s, s + return + } + + ranges := strings.Split(s, ":") + if len(ranges) != 2 { + err = fmt.Errorf("") + return + } + return ranges[0], ranges[1], nil +} + +func validateTimeRangeForInterval(tr TimeRange) error { + if tr.StartTime == "" || tr.EndTime == "" { + return fmt.Errorf("start and end are required") + } + + start, err := parseTime(string(tr.StartTime)) + if err != nil { + return fmt.Errorf("start time invalid: %w", err) + } + + end, err := parseTime(string(tr.EndTime)) + if err != nil { + return fmt.Errorf("end time invalid: %w", err) + } + + if start >= end { + return fmt.Errorf("start time %d cannot be equal or greater than end time %d", start, end) + } + return nil +} + +var ( + validTime = "^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$)" + validTimeRE = regexp.MustCompile(validTime) +) + +// Converts a string of the form "HH:MM" into the number of minutes elapsed in the day. +func parseTime(in string) (mins int, err error) { + if !validTimeRE.MatchString(in) { + return 0, fmt.Errorf("couldn't parse timestamp %s, invalid format", in) + } + timestampComponents := strings.Split(in, ":") + if len(timestampComponents) != 2 { + return 0, fmt.Errorf("invalid timestamp format: %s", in) + } + timeStampHours, err := strconv.Atoi(timestampComponents[0]) + if err != nil { + return 0, err + } + timeStampMinutes, err := strconv.Atoi(timestampComponents[1]) + if err != nil { + return 0, err + } + if timeStampHours < 0 || timeStampHours > 24 || timeStampMinutes < 0 || timeStampMinutes > 60 { + return 0, fmt.Errorf("timestamp %s out of range", in) + } + // Timestamps are stored as minutes elapsed in the day, so multiply hours by 60. + mins = timeStampHours*60 + timeStampMinutes + return mins, nil +} + +func (hc *HTTPConfig) validate() error { + if hc == nil { + return nil + } + + if (hc.BasicAuth != nil || hc.OAuth2 != nil) && (hc.BearerTokenSecret != nil) { + return fmt.Errorf("at most one of basicAuth, oauth2, bearerTokenSecret must be configured") + } + + if hc.Authorization != nil { + if hc.BearerTokenSecret != nil || len(hc.BearerTokenFile) > 0 { + return fmt.Errorf("authorization is not compatible with bearer_token_secret and Bearer_token_file") + } + + if hc.BasicAuth != nil || hc.OAuth2 != nil { + return fmt.Errorf("at most one of basicAuth, oauth2 & authorization must be configured") + } + + if err := hc.Authorization.validate(); err != nil { + return err + } + } + + if hc.OAuth2 != nil { + if hc.BasicAuth != nil { + return fmt.Errorf("at most one of basicAuth, oauth2 & authorization must be configured") + } + + if err := hc.OAuth2.validate(); err != nil { + return err + } + } + + if hc.TLSConfig != nil { + if err := hc.TLSConfig.Validate(); err != nil { + return err + } + } + + return nil +} diff --git a/api/operator/v1beta1/vmalertmanagerconfig_webhook_test.go b/api/operator/v1beta1/vmalertmanagerconfig_webhook_test.go index bca9721e9..f1a6b7913 100644 --- a/api/operator/v1beta1/vmalertmanagerconfig_webhook_test.go +++ b/api/operator/v1beta1/vmalertmanagerconfig_webhook_test.go @@ -17,31 +17,115 @@ limitations under the License. package v1beta1 import ( + "encoding/json" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + "gopkg.in/yaml.v2" ) var _ = Describe("VMAlertmanagerConfig Webhook", func() { - Context("When creating VMAlertmanagerConfig under Validating Webhook", func() { - It("Should deny if a required field is empty", func() { - - // TODO(user): Add your logic here - - }) - - It("Should admit if all required fields are provided", func() { - - // TODO(user): Add your logic here - - }) + DescribeTable("fail validation", + func(srcYAML string, wantErrText string) { + var amc VMAlertmanagerConfig + Expect(yaml.Unmarshal([]byte(srcYAML), &amc)).To(Succeed()) + cfgJSON, err := json.Marshal(amc) + Expect(err).ShouldNot(HaveOccurred()) + Expect(json.Unmarshal(cfgJSON, &amc)).ShouldNot(HaveOccurred()) + Expect(amc.Validate()).To(MatchError(wantErrText)) + }, + Entry("non-exist receiver at root route", ` + apiVersion: v1 + kind: VMAlertmanagerConfig + metadata: + name: test-fail + spec: + receivers: + - name: blackhole + route: + receiver: non-exist + routes: + - receiver: blackhole + routes: + - matcher: [nested=env] + `, `receiver="non-exist" for spec root not found at receivers`), + Entry("non-exist receiver at nested routes", ` + apiVersion: v1 + kind: VMAlertmanagerConfig + metadata: + name: test-fail + spec: + receivers: + - name: blackhole + route: + receiver: blackhole + routes: + - receiver: blackhole + routes: + - matcher: [nested=env] + receiver: non-exist + `, `subRoute=0 is not valid: nested route=0: undefined receiver "non-exist" used in route`), + Entry("missing receiver at root", ` + apiVersion: v1 + kind: VMAlertmanagerConfig + metadata: + name: test-fail + spec: + receivers: + - name: blackhole + route: + routes: + - receiver: blackhole + routes: + - matcher: [nested=env] + `, `root reciever must be set`), + Entry("missing mute interval", ` + apiVersion: v1 + kind: VMAlertmanagerConfig + metadata: + name: test-fail + spec: + receivers: + - name: blackhole + route: + receiver: blackhole + mute_time_intervals: + - daily + routes: + - receiver: blackhole + routes: + - matcher: [nested=env] + `, `undefined mute time interval "daily" used in root route`), + Entry("missing active time interval", ` + apiVersion: v1 + kind: VMAlertmanagerConfig + metadata: + name: test-fail + spec: + receivers: + - name: blackhole + mute_item_intervals: + - name: daily + time_intervals: + - months: [may:august] + route: + receiver: blackhole + mute_time_intervals: + - months + active_time_intervals: + - daily + routes: + - receiver: blackhole + routes: + - matcher: [nested=env] + `, `undefined mute time interval "months" used in root route`), + ) }) Context("When creating VMAlertmanagerConfig under Conversion Webhook", func() { It("Should get the converted version of VMAlertmanagerConfig", func() { - // TODO(user): Add your logic here - }) }) - }) diff --git a/api/operator/v1beta1/zz_generated.deepcopy.go b/api/operator/v1beta1/zz_generated.deepcopy.go index 428996004..4da7f9265 100644 --- a/api/operator/v1beta1/zz_generated.deepcopy.go +++ b/api/operator/v1beta1/zz_generated.deepcopy.go @@ -1179,6 +1179,16 @@ func (in *HTTPConfig) DeepCopyInto(out *HTTPConfig) { *out = new(TLSConfig) (*in).DeepCopyInto(*out) } + if in.Authorization != nil { + in, out := &in.Authorization, &out.Authorization + *out = new(Authorization) + (*in).DeepCopyInto(*out) + } + if in.OAuth2 != nil { + in, out := &in.OAuth2, &out.OAuth2 + *out = new(OAuth2) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPConfig. @@ -1462,28 +1472,6 @@ func (in *MSTeamsConfig) DeepCopy() *MSTeamsConfig { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MuteTimeInterval) DeepCopyInto(out *MuteTimeInterval) { - *out = *in - if in.TimeIntervals != nil { - in, out := &in.TimeIntervals, &out.TimeIntervals - *out = make([]TimeInterval, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MuteTimeInterval. -func (in *MuteTimeInterval) DeepCopy() *MuteTimeInterval { - if in == nil { - return nil - } - out := new(MuteTimeInterval) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NamespaceDiscovery) DeepCopyInto(out *NamespaceDiscovery) { *out = *in @@ -2904,6 +2892,28 @@ func (in *TimeInterval) DeepCopy() *TimeInterval { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TimeIntervals) DeepCopyInto(out *TimeIntervals) { + *out = *in + if in.TimeIntervals != nil { + in, out := &in.TimeIntervals, &out.TimeIntervals + *out = make([]TimeInterval, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TimeIntervals. +func (in *TimeIntervals) DeepCopy() *TimeIntervals { + if in == nil { + return nil + } + out := new(TimeIntervals) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TimeRange) DeepCopyInto(out *TimeRange) { *out = *in @@ -4182,16 +4192,9 @@ func (in *VMAlertmanagerConfigSpec) DeepCopyInto(out *VMAlertmanagerConfigSpec) (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.MutTimeIntervals != nil { - in, out := &in.MutTimeIntervals, &out.MutTimeIntervals - *out = make([]MuteTimeInterval, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } if in.TimeIntervals != nil { in, out := &in.TimeIntervals, &out.TimeIntervals - *out = make([]MuteTimeInterval, len(*in)) + *out = make([]TimeIntervals, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } diff --git a/config/crd/overlay/crd.yaml b/config/crd/overlay/crd.yaml index dd2dfa4c1..8b9af0369 100644 --- a/config/crd/overlay/crd.yaml +++ b/config/crd/overlay/crd.yaml @@ -4183,7 +4183,14 @@ spec: singular: vmalertmanagerconfig scope: Namespaced versions: - - name: v1beta1 + - additionalPrinterColumns: + - jsonPath: .status.status + name: Status + type: string + - jsonPath: .status.lastSyncError + name: Sync Error + type: string + name: v1beta1 schema: openAPIV3Schema: description: VMAlertmanagerConfig is the Schema for the vmalertmanagerconfigs @@ -4207,10 +4214,10 @@ spec: metadata: type: object spec: - description: VMAlertmanagerConfigSpec defines configuration for VMAlertmanagerConfig + description: |- + VMAlertmanagerConfigSpec defines configuration for VMAlertmanagerConfig + it must reference only locally defined objects properties: - '-': - type: string inhibit_rules: description: |- InhibitRules will only apply for alerts matching @@ -4245,79 +4252,8 @@ spec: type: array type: object type: array - mute_time_intervals: - description: |- - MuteTimeInterval - global mute time - See https://prometheus.io/docs/alerting/latest/configuration/#mute_time_interval - items: - description: MuteTimeInterval for alerts - properties: - name: - description: Name of interval - type: string - time_intervals: - description: TimeIntervals interval configuration - items: - description: TimeInterval defines intervals of time - properties: - days_of_month: - description: |- - DayOfMonth defines list of numerical days in the month. Days begin at 1. Negative values are also accepted. - for example, ['1:5', '-3:-1'] - items: - type: string - type: array - location: - description: Location in golang time location form, e.g. - UTC - type: string - months: - description: |- - Months defines list of calendar months identified by a case-insensitive name (e.g. ‘January’) or numeric 1. - For example, ['1:3', 'may:august', 'december'] - items: - type: string - type: array - times: - description: Times defines time range for mute - items: - description: TimeRange ranges inclusive of the starting - time and exclusive of the end time - properties: - end_time: - description: EndTime for example HH:MM - type: string - start_time: - description: StartTime for example HH:MM - type: string - required: - - end_time - - start_time - type: object - type: array - weekdays: - description: Weekdays defines list of days of the week, - where the week begins on Sunday and ends on Saturday. - items: - type: string - type: array - years: - description: |- - Years defines numerical list of years, ranges are accepted. - For example, ['2020:2022', '2030'] - items: - type: string - type: array - type: object - type: array - required: - - time_intervals - type: object - type: array receivers: - description: |- - Receivers defines alert receivers. - without defined Route, receivers will be skipped. + description: Receivers defines alert receivers items: description: Receiver defines one or more notification integrations. properties: @@ -4327,10 +4263,48 @@ spec: http_config: description: HTTP client configuration. properties: - basic_auth: + authorization: description: |- - TODO oAuth2 support - BasicAuth for the client. + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: Reference to the secret with value + for authorization + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + description: File with value for authorization + type: string + type: + description: Type of authorization, default to + bearer + type: string + type: object + basic_auth: + description: BasicAuth for the client. properties: password: description: |- @@ -4426,6 +4400,120 @@ spec: - key type: object x-kubernetes-map-type: atomic + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + client_id: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + client_secret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + client_secret_file: + description: ClientSecretFile defines path for + client secret file. + type: string + endpoint_params: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + token_url: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - client_id + - token_url + type: object proxyURL: description: Optional proxy URL. type: string @@ -4711,7 +4799,9 @@ spec: description: The username to use for authentication. type: string from: - description: The sender address. + description: |- + The sender address. + fallback to global setting if empty type: string headers: additionalProperties: @@ -4736,7 +4826,9 @@ spec: alerts. type: boolean smarthost: - description: The SMTP host through which emails are sent. + description: |- + The SMTP host through which emails are sent. + fallback to global setting if empty type: string text: description: The text body of the email notification. @@ -4917,10 +5009,48 @@ spec: http_config: description: HTTP client configuration. properties: - basic_auth: + authorization: description: |- - TODO oAuth2 support - BasicAuth for the client. + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: Reference to the secret with value + for authorization + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + description: File with value for authorization + type: string + type: + description: Type of authorization, default to + bearer + type: string + type: object + basic_auth: + description: BasicAuth for the client. properties: password: description: |- @@ -5008,14 +5138,128 @@ spec: More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + client_id: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + client_secret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + client_secret_file: + description: ClientSecretFile defines path for + client secret file. + type: string + endpoint_params: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + token_url: + description: The URL to fetch the token from + minLength: 1 + type: string required: - - key + - client_id + - token_url type: object - x-kubernetes-map-type: atomic proxyURL: description: Optional proxy URL. type: string @@ -5255,6 +5499,7 @@ spec: description: |- The secret's key that contains the OpsGenie API key. It must be at them same namespace as CRD + fallback to global setting if empty properties: key: description: The key of the secret to select from. Must @@ -5662,6 +5907,7 @@ spec: description: |- The secret's key that contains the Slack webhook URL. It must be at them same namespace as CRD + fallback to global setting if empty properties: key: description: The key of the secret to select from. Must @@ -5769,10 +6015,48 @@ spec: http_config: description: HTTP client configuration. properties: - basic_auth: + authorization: description: |- - TODO oAuth2 support - BasicAuth for the client. + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: Reference to the secret with value + for authorization + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + description: File with value for authorization + type: string + type: + description: Type of authorization, default to + bearer + type: string + type: object + basic_auth: + description: BasicAuth for the client. properties: password: description: |- @@ -5868,6 +6152,120 @@ spec: - key type: object x-kubernetes-map-type: atomic + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + client_id: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + client_secret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + client_secret_file: + description: ClientSecretFile defines path for + client secret file. + type: string + endpoint_params: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + token_url: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - client_id + - token_url + type: object proxyURL: description: Optional proxy URL. type: string @@ -6144,6 +6542,9 @@ spec: type: array telegram_configs: items: + description: |- + TelegramConfig configures notification via telegram + https://prometheus.io/docs/alerting/latest/configuration/#telegram_config properties: api_url: description: APIUrl the Telegram API URL i.e. https://api.telegram.org. @@ -6216,6 +6617,7 @@ spec: description: |- The secret's key that contains the API key to use when talking to the VictorOps API. It must be at them same namespace as CRD + fallback to global setting if empty properties: key: description: The key of the secret to select from. Must @@ -6256,10 +6658,48 @@ spec: http_config: description: The HTTP client's configuration. properties: - basic_auth: + authorization: description: |- - TODO oAuth2 support - BasicAuth for the client. + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: Reference to the secret with value + for authorization + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + description: File with value for authorization + type: string + type: + description: Type of authorization, default to + bearer + type: string + type: object + basic_auth: + description: BasicAuth for the client. properties: password: description: |- @@ -6352,9 +6792,123 @@ spec: key must be defined type: boolean required: - - key + - key + type: object + x-kubernetes-map-type: atomic + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + client_id: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + client_secret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + client_secret_file: + description: ClientSecretFile defines path for + client secret file. + type: string + endpoint_params: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + token_url: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - client_id + - token_url type: object - x-kubernetes-map-type: atomic proxyURL: description: Optional proxy URL. type: string @@ -6561,10 +7115,48 @@ spec: configuration to supply the bot token as part of the HTTP `Authorization` header. properties: - basic_auth: + authorization: description: |- - TODO oAuth2 support - BasicAuth for the client. + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: Reference to the secret with value + for authorization + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + description: File with value for authorization + type: string + type: + description: Type of authorization, default to + bearer + type: string + type: object + basic_auth: + description: BasicAuth for the client. properties: password: description: |- @@ -6660,6 +7252,120 @@ spec: - key type: object x-kubernetes-map-type: atomic + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + client_id: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + client_secret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + client_secret_file: + description: ClientSecretFile defines path for + client secret file. + type: string + endpoint_params: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + token_url: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - client_id + - token_url + type: object proxyURL: description: Optional proxy URL. type: string @@ -6915,7 +7621,7 @@ spec: description: |- The secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig - object and accessible by the Prometheus Operator. + fallback to global alertmanager setting if empty properties: key: description: The key of the secret to select from. Must @@ -6941,18 +7647,60 @@ spec: type: object x-kubernetes-map-type: atomic api_url: - description: The WeChat API URL. + description: |- + The WeChat API URL. + fallback to global alertmanager setting if empty type: string corp_id: - description: The corp id for authentication. + description: |- + The corp id for authentication. + fallback to global alertmanager setting if empty type: string http_config: description: HTTP client configuration. properties: - basic_auth: + authorization: description: |- - TODO oAuth2 support - BasicAuth for the client. + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: Reference to the secret with value + for authorization + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + description: File with value for authorization + type: string + type: + description: Type of authorization, default to + bearer + type: string + type: object + basic_auth: + description: BasicAuth for the client. properties: password: description: |- @@ -7048,6 +7796,120 @@ spec: - key type: object x-kubernetes-map-type: atomic + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + client_id: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + client_secret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + client_secret_file: + description: ClientSecretFile defines path for + client secret file. + type: string + endpoint_params: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + token_url: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - client_id + - token_url + type: object proxyURL: description: Optional proxy URL. type: string @@ -7280,7 +8142,8 @@ spec: type: string type: array mute_time_intervals: - description: MuteTimeIntervals for alerts + description: MuteTimeIntervals is a list of interval names that + will mute matched alert items: type: string type: array @@ -7303,10 +8166,10 @@ spec: type: object time_intervals: description: |- - ParsingError contents error with context if operator was failed to parse json object from kubernetes api server - TimeIntervals modern config option, use it instead of mute_time_intervals + TimeIntervals defines named interval for active/mute notifications interval + See https://prometheus.io/docs/alerting/latest/configuration/#time_interval items: - description: MuteTimeInterval for alerts + description: TimeIntervals for alerts properties: name: description: Name of interval @@ -7378,8 +8241,18 @@ spec: description: VMAlertmanagerConfigStatus defines the observed state of VMAlertmanagerConfig properties: - reason: - description: ErrorReason describes validation or any other errors. + lastErrorParentAlertmanagerName: + type: string + lastSyncError: + description: LastSyncError contains error message for unsuccessful + config generation + type: string + lastSyncErrorTimestamp: + description: LastSyncErrorTimestamp defines time when error occured + format: int64 + type: integer + status: + description: Status defines CRD processing status type: string type: object type: object diff --git a/internal/controller/operator/converter/v1alpha1/apis.go b/internal/controller/operator/converter/v1alpha1/apis.go index ff487255e..b705525f0 100644 --- a/internal/controller/operator/converter/v1alpha1/apis.go +++ b/internal/controller/operator/converter/v1alpha1/apis.go @@ -46,8 +46,8 @@ func convertRoute(promRoute *promv1alpha1.Route) (*vmv1beta1.Route, error) { GroupInterval: promRoute.GroupInterval, RepeatInterval: promRoute.RepeatInterval, Matchers: convertMatchers(promRoute.Matchers), - MuteTimeIntervals: promRoute.MuteTimeIntervals, ActiveTimeIntervals: promRoute.ActiveTimeIntervals, + MuteTimeIntervals: promRoute.MuteTimeIntervals, } for _, route := range promRoute.Routes { var promRoute promv1alpha1.Route @@ -83,41 +83,6 @@ func convertInhibitRules(promIRs []promv1alpha1.InhibitRule) []vmv1beta1.Inhibit return vmIRs } -func convertMuteIntervals(promMIs []promv1alpha1.MuteTimeInterval) []vmv1beta1.MuteTimeInterval { - if promMIs == nil { - return nil - } - - vmMIs := make([]vmv1beta1.MuteTimeInterval, 0, len(promMIs)) - for _, promMI := range promMIs { - vmMI := vmv1beta1.MuteTimeInterval{ - Name: promMI.Name, - TimeIntervals: make([]vmv1beta1.TimeInterval, 0, len(promMI.TimeIntervals)), - } - for _, tis := range promMI.TimeIntervals { - var vmTIs vmv1beta1.TimeInterval - for _, t := range tis.Times { - vmTIs.Times = append(vmTIs.Times, vmv1beta1.TimeRange{EndTime: string(t.EndTime), StartTime: string(t.StartTime)}) - } - for _, dm := range tis.DaysOfMonth { - vmTIs.DaysOfMonth = append(vmTIs.DaysOfMonth, fmt.Sprintf("%d:%d", dm.Start, dm.End)) - } - for _, wm := range tis.Weekdays { - vmTIs.Weekdays = append(vmTIs.Weekdays, string(wm)) - } - for _, y := range tis.Years { - vmTIs.Years = append(vmTIs.Years, string(y)) - } - for _, m := range tis.Months { - vmTIs.Months = append(vmTIs.Months, string(m)) - } - vmMI.TimeIntervals = append(vmMI.TimeIntervals, vmTIs) - } - vmMIs = append(vmMIs, vmMI) - } - return vmMIs -} - func convertReceivers(promReceivers []promv1alpha1.Receiver) ([]vmv1beta1.Receiver, error) { // yaml instead of json is used by purpose // prometheus-operator objects has different field tags @@ -142,8 +107,7 @@ func ConvertAlertmanagerConfig(promAMCfg *promv1alpha1.AlertmanagerConfig, conf Labels: converter.FilterPrefixes(promAMCfg.Labels, conf.FilterPrometheusConverterLabelPrefixes), }, Spec: vmv1beta1.VMAlertmanagerConfigSpec{ - InhibitRules: convertInhibitRules(promAMCfg.Spec.InhibitRules), - MutTimeIntervals: convertMuteIntervals(promAMCfg.Spec.MuteTimeIntervals), + InhibitRules: convertInhibitRules(promAMCfg.Spec.InhibitRules), }, } convertedRoute, err := convertRoute(promAMCfg.Spec.Route) diff --git a/internal/controller/operator/factory/alertmanager/config.go b/internal/controller/operator/factory/alertmanager/config.go index 22518b693..813493851 100644 --- a/internal/controller/operator/factory/alertmanager/config.go +++ b/internal/controller/operator/factory/alertmanager/config.go @@ -12,59 +12,85 @@ import ( "github.com/VictoriaMetrics/operator/internal/controller/operator/factory/build" "gopkg.in/yaml.v2" corev1 "k8s.io/api/core/v1" - v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" ) type parsedConfig struct { - Data []byte - BadObjectsCount int - ParseErrors []string + data []byte + amcfgs []*vmv1beta1.VMAlertmanagerConfig + brokenAMCfgs []*vmv1beta1.VMAlertmanagerConfig } -func buildConfig(ctx context.Context, rclient client.Client, mustAddNamespaceMatcher, disableRouteContinueEnforce bool, baseCfg []byte, amcfgs map[string]*vmv1beta1.VMAlertmanagerConfig, tlsAssets map[string]string) (*parsedConfig, error) { +func buildConfig(ctx context.Context, rclient client.Client, mustAddNamespaceMatcher, disableRouteContinueEnforce bool, baseCfg []byte, amcfgs []*vmv1beta1.VMAlertmanagerConfig, tlsAssets map[string]string) (*parsedConfig, error) { // fast path. if len(amcfgs) == 0 { - return &parsedConfig{Data: baseCfg}, nil + return &parsedConfig{data: baseCfg}, nil + } + var globalConfigOpts globalAlertmanagerConfig + if err := yaml.Unmarshal(baseCfg, &globalConfigOpts); err != nil { + return nil, fmt.Errorf("cannot parse global config options: %w", err) } var baseYAMlCfg alertmanagerConfig if err := yaml.Unmarshal(baseCfg, &baseYAMlCfg); err != nil { return nil, fmt.Errorf("cannot parse base cfg :%w", err) } - amConfigIdentifiers := make([]string, len(amcfgs)) - i := 0 - for k := range amcfgs { - amConfigIdentifiers[i] = k - i++ - } - sort.Strings(amConfigIdentifiers) + if baseYAMlCfg.Route == nil { + baseYAMlCfg.Route = &route{ + Receiver: "blackhole", + } + var isBlacholeDefined bool + for _, recv := range baseYAMlCfg.Receivers { + var recvName string + for _, entry := range recv { + if entry.Key == "name" { + s, ok := entry.Value.(string) + if !ok { + return nil, fmt.Errorf("incorrect base configuration=%q, expected receiver name=%v to be a string", string(baseCfg), entry.Value) + } + recvName = s + break + } + } + if recvName == "blackhole" { + isBlacholeDefined = true + break + } + } + if !isBlacholeDefined { + baseYAMlCfg.Receivers = append(baseYAMlCfg.Receivers, yaml.MapSlice{ + { + Key: "name", + Value: "blackhole", + }, + }) + } + } + sort.Slice(amcfgs, func(i, j int) bool { + return amcfgs[i].AsKey() < amcfgs[j].AsKey() + }) var subRoutes []yaml.MapSlice - var muteIntervals []yaml.MapSlice + var timeIntervals []yaml.MapSlice secretCache := make(map[string]*corev1.Secret) configmapCache := make(map[string]*corev1.ConfigMap) - var firstReceiverName string - var badObjectsCount int - var parseErrors []string + var result parsedConfig + var cnt int OUTER: - for _, posIdx := range amConfigIdentifiers { - receiverNameList := map[string]struct{}{} + for _, amcKey := range amcfgs { + if amcKey.Spec.Route == nil { + amcKey.Status.CurrentSyncError = "spec.route cannot be empty" + result.brokenAMCfgs = append(result.brokenAMCfgs, amcKey) + continue + } var receiverCfgs []yaml.MapSlice - amcKey := amcfgs[posIdx] for _, receiver := range amcKey.Spec.Receivers { - if _, ok := receiverNameList[receiver.Name]; ok { - parseErrors = append(parseErrors, fmt.Sprintf("got duplicate receiver name %s in object %s, will ignore vmalertmanagerconfig %s", receiver.Name, amcKey.AsKey(), amcKey.Name)) - badObjectsCount++ - continue OUTER - } - receiverNameList[receiver.Name] = struct{}{} - receiverCfg, err := buildReceiver(ctx, rclient, amcKey, receiver, secretCache, configmapCache, tlsAssets) + receiverCfg, err := buildReceiver(ctx, rclient, amcKey, receiver, &globalConfigOpts, secretCache, configmapCache, tlsAssets) if err != nil { // skip broken configs - parseErrors = append(parseErrors, fmt.Sprintf("%s in object: %s, will ignore vmalertmanagerconfig %s", err, amcKey.AsKey(), amcKey.Name)) - badObjectsCount++ + result.brokenAMCfgs = append(result.brokenAMCfgs, amcKey) + amcKey.Status.CurrentSyncError = err.Error() continue OUTER } if len(receiverCfg) > 0 { @@ -72,25 +98,18 @@ OUTER: } } - mtis, intervalNameList, err := buildGlobalTimeIntervals(amcKey) + mtis, err := buildGlobalTimeIntervals(amcKey) if err != nil { - parseErrors = append(parseErrors, fmt.Sprintf("%v in object %s, will ignore vmalertmanagerconfig %s", err, amcKey.AsKey(), amcKey.Name)) - badObjectsCount++ + result.brokenAMCfgs = append(result.brokenAMCfgs, amcKey) + amcKey.Status.CurrentSyncError = err.Error() continue } - if amcKey.Spec.Route == nil { - continue - } - // use first route receiver name as default receiver. - if len(firstReceiverName) == 0 && len(amcKey.Spec.Route.Receiver) > 0 { - firstReceiverName = buildCRPrefixedName(amcKey, amcKey.Spec.Route.Receiver) - } - route, err := buildRoute(amcKey, amcKey.Spec.Route, true, disableRouteContinueEnforce, mustAddNamespaceMatcher, receiverNameList, intervalNameList) + route, err := buildRoute(amcKey, amcKey.Spec.Route, true, disableRouteContinueEnforce, mustAddNamespaceMatcher) if err != nil { - parseErrors = append(parseErrors, fmt.Sprintf("%v in object %s, will ignore vmalertmanagerconfig %s", err, amcKey.AsKey(), amcKey.Name)) - badObjectsCount++ - continue OUTER + result.brokenAMCfgs = append(result.brokenAMCfgs, amcKey) + amcKey.Status.CurrentSyncError = err.Error() + continue } baseYAMlCfg.Receivers = append(baseYAMlCfg.Receivers, receiverCfgs...) @@ -98,28 +117,28 @@ OUTER: baseYAMlCfg.InhibitRules = append(baseYAMlCfg.InhibitRules, buildInhibitRule(amcKey.Namespace, rule, mustAddNamespaceMatcher)) } if len(mtis) > 0 { - muteIntervals = append(muteIntervals, mtis...) + timeIntervals = append(timeIntervals, mtis...) } subRoutes = append(subRoutes, route) - - } - if baseYAMlCfg.Route == nil && len(subRoutes) > 0 { - baseYAMlCfg.Route = &route{ - Receiver: firstReceiverName, - } + amcfgs[cnt] = amcKey + cnt++ } + amcfgs = amcfgs[:cnt] + if len(subRoutes) > 0 { baseYAMlCfg.Route.Routes = append(baseYAMlCfg.Route.Routes, subRoutes...) } - if len(muteIntervals) > 0 { - baseYAMlCfg.MuteTimeIntervals = append(baseYAMlCfg.MuteTimeIntervals, muteIntervals...) + if len(timeIntervals) > 0 { + baseYAMlCfg.TimeIntervals = append(baseYAMlCfg.TimeIntervals, timeIntervals...) } - result, err := yaml.Marshal(baseYAMlCfg) + data, err := yaml.Marshal(baseYAMlCfg) if err != nil { return nil, err } - return &parsedConfig{Data: result, BadObjectsCount: badObjectsCount, ParseErrors: parseErrors}, nil + result.amcfgs = amcfgs + result.data = data + return &result, nil } // addConfigTemplates adds external templates to the given based configuration @@ -153,17 +172,13 @@ func addConfigTemplates(baseCfg []byte, templates []string) ([]byte, error) { return yaml.Marshal(baseYAMlCfg) } -func buildGlobalTimeIntervals(cr *vmv1beta1.VMAlertmanagerConfig) ([]yaml.MapSlice, map[string]struct{}, error) { +func buildGlobalTimeIntervals(cr *vmv1beta1.VMAlertmanagerConfig) ([]yaml.MapSlice, error) { var r []yaml.MapSlice timeIntervalNameList := map[string]struct{}{} tis := cr.Spec.TimeIntervals - // muteTimeInterval is deprecated, use TimeIntervals instead - if len(tis) == 0 && len(cr.Spec.MutTimeIntervals) > 0 { - tis = cr.Spec.MutTimeIntervals - } for _, mti := range tis { if _, ok := timeIntervalNameList[mti.Name]; ok { - return r, nil, fmt.Errorf("got duplicate timeInterval name %s", mti.Name) + return r, fmt.Errorf("got duplicate timeInterval name %s", mti.Name) } timeIntervalNameList[mti.Name] = struct{}{} if len(mti.TimeIntervals) == 0 { @@ -203,10 +218,10 @@ func buildGlobalTimeIntervals(cr *vmv1beta1.VMAlertmanagerConfig) ([]yaml.MapSli r = append(r, yaml.MapSlice{{Key: "name", Value: buildCRPrefixedName(cr, mti.Name)}, {Key: "time_intervals", Value: temp}}) } } - return r, timeIntervalNameList, nil + return r, nil } -func buildRoute(cr *vmv1beta1.VMAlertmanagerConfig, cfgRoute *vmv1beta1.Route, topLevel, disableRouteContinueEnforce, mustAddNamespaceMatcher bool, receiverNameList, intervalNameList map[string]struct{}) (yaml.MapSlice, error) { +func buildRoute(cr *vmv1beta1.VMAlertmanagerConfig, cfgRoute *vmv1beta1.Route, topLevel, disableRouteContinueEnforce, mustAddNamespaceMatcher bool) (yaml.MapSlice, error) { var r yaml.MapSlice matchers := cfgRoute.Matchers // enforce continue when route is first-level and vmalertmanager disableRouteContinueEnforce filed is not set, @@ -223,7 +238,7 @@ func buildRoute(cr *vmv1beta1.VMAlertmanagerConfig, cfgRoute *vmv1beta1.Route, t for _, nestedRoute := range cfgRoute.Routes { // namespace matcher not needed for nested routes tmpRoute := vmv1beta1.Route(*nestedRoute) - route, err := buildRoute(cr, &tmpRoute, false, false, false, receiverNameList, intervalNameList) + route, err := buildRoute(cr, &tmpRoute, false, false, false) if err != nil { return r, err } @@ -251,37 +266,16 @@ func buildRoute(cr *vmv1beta1.VMAlertmanagerConfig, cfgRoute *vmv1beta1.Route, t r = append(r, yaml.MapItem{Key: key, Value: tis}) } } - // check if timeInterval already defined outside - checkTimeIntervalExistence := func(interval []string, intervalNames map[string]struct{}) error { - for _, item := range interval { - if _, ok := intervalNames[item]; !ok { - return fmt.Errorf("time_intervals %s not defined", item) - } - } - return nil - } + toYaml("matchers", matchers) toYaml("group_by", cfgRoute.GroupBy) - - err := checkTimeIntervalExistence(cfgRoute.MuteTimeIntervals, intervalNameList) - if err != nil { - return nil, err - } - err = checkTimeIntervalExistence(cfgRoute.ActiveTimeIntervals, intervalNameList) - if err != nil { - return nil, err - } - toYamlTimeIntervals("mute_time_intervals", cfgRoute.MuteTimeIntervals) toYamlTimeIntervals("active_time_intervals", cfgRoute.ActiveTimeIntervals) + toYamlTimeIntervals("mute_time_intervals", cfgRoute.MuteTimeIntervals) toYamlString("group_interval", cfgRoute.GroupInterval) toYamlString("group_wait", cfgRoute.GroupWait) toYamlString("repeat_interval", cfgRoute.RepeatInterval) if len(cfgRoute.Receiver) > 0 { - // check if receiver name already defined outside - if _, ok := receiverNameList[cfgRoute.Receiver]; !ok { - return r, fmt.Errorf("receiver %s not defined", cfgRoute.Receiver) - } r = append(r, yaml.MapItem{Key: "receiver", Value: buildCRPrefixedName(cr, cfgRoute.Receiver)}) } r = append(r, yaml.MapItem{Key: "continue", Value: continueSetting}) @@ -313,15 +307,29 @@ func buildCRPrefixedName(cr *vmv1beta1.VMAlertmanagerConfig, name string) string return fmt.Sprintf("%s-%s-%s", cr.Namespace, cr.Name, name) } +// contains only global configuration param for config validation +type globalAlertmanagerConfig struct { + Global struct { + SMTPFrom string `yaml:"smtp_from,omitempty" json:"smtp_from,omitempty"` + SMTPSmarthost string `yaml:"smtp_smarthost,omitempty" json:"smtp_smarthost,omitempty"` + SlackAPIURL string `yaml:"slack_api_url,omitempty" json:"slack_api_url,omitempty"` + SlackAPIURLFile string `yaml:"slack_api_url_file,omitempty" json:"slack_api_url_file,omitempty"` + OpsGenieAPIKey string `yaml:"opsgenie_api_key,omitempty" json:"opsgenie_api_key,omitempty"` + OpsGenieAPIKeyFile string `yaml:"opsgenie_api_key_file,omitempty" json:"opsgenie_api_key_file,omitempty"` + WeChatAPISecret string `yaml:"wechat_api_secret,omitempty" json:"wechat_api_secret,omitempty"` + WeChatAPICorpID string `yaml:"wechat_api_corp_id,omitempty" json:"wechat_api_corp_id,omitempty"` + VictorOpsAPIKey string `yaml:"victorops_api_key,omitempty" json:"victorops_api_key,omitempty"` + VictorOpsAPIKeyFile string `yaml:"victorops_api_key_file,omitempty" json:"victorops_api_key_file,omitempty"` + } `yaml:"global,omitempty"` +} + type alertmanagerConfig struct { - Global interface{} `yaml:"global,omitempty" json:"global,omitempty"` - Route *route `yaml:"route,omitempty" json:"route,omitempty"` - InhibitRules []yaml.MapSlice `yaml:"inhibit_rules,omitempty" json:"inhibit_rules,omitempty"` - Receivers []yaml.MapSlice `yaml:"receivers,omitempty" json:"receivers,omitempty"` - // TODO remove MuteTimeIntervals and move to TimeIntervals. Since it will be removed at v1.0 version of AM - MuteTimeIntervals []yaml.MapSlice `yaml:"mute_time_intervals,omitempty" json:"mute_time_intervals"` - TimeIntervals []yaml.MapSlice `yaml:"time_intervals,omitempty" json:"time_intervals"` - Templates []string `yaml:"templates" json:"templates"` + Global interface{} `yaml:"global,omitempty" json:"global,omitempty"` + Route *route `yaml:"route,omitempty" json:"route,omitempty"` + InhibitRules []yaml.MapSlice `yaml:"inhibit_rules,omitempty" json:"inhibit_rules,omitempty"` + Receivers []yaml.MapSlice `yaml:"receivers,omitempty" json:"receivers,omitempty"` + TimeIntervals []yaml.MapSlice `yaml:"time_intervals,omitempty" json:"time_intervals"` + Templates []string `yaml:"templates" json:"templates"` } type route struct { @@ -343,11 +351,12 @@ func buildReceiver( rclient client.Client, cr *vmv1beta1.VMAlertmanagerConfig, receiver vmv1beta1.Receiver, + globalCfg *globalAlertmanagerConfig, cache map[string]*corev1.Secret, configmapCache map[string]*corev1.ConfigMap, tlsAssets map[string]string, ) (yaml.MapSlice, error) { - cb := initConfigBuilder(ctx, rclient, cr, receiver.Name, cache, configmapCache, tlsAssets) + cb := initConfigBuilder(ctx, rclient, cr, receiver.Name, globalCfg, cache, configmapCache, tlsAssets) cb.result = yaml.MapSlice{ { Key: "name", @@ -362,8 +371,9 @@ func buildReceiver( type configBuilder struct { build.TLSConfigBuilder - currentYaml []yaml.MapSlice - result yaml.MapSlice + globalConfig *globalAlertmanagerConfig + currentYaml []yaml.MapSlice + result yaml.MapSlice } func initConfigBuilder( @@ -371,6 +381,7 @@ func initConfigBuilder( rclient client.Client, cr *vmv1beta1.VMAlertmanagerConfig, receiver string, + globalCfg *globalAlertmanagerConfig, cache map[string]*corev1.Secret, configmapCache map[string]*corev1.ConfigMap, tlsAssets map[string]string, @@ -385,6 +396,7 @@ func initConfigBuilder( ConfigmapCache: configmapCache, TLSAssets: tlsAssets, }, + globalConfig: globalCfg, result: yaml.MapSlice{ { Key: "name", @@ -704,6 +716,9 @@ func (cb *configBuilder) buildSlack(slack vmv1beta1.SlackConfig) error { } temp = append(temp, yaml.MapItem{Key: "http_config", Value: c}) } + if slack.APIURL == nil && cb.globalConfig.Global.SlackAPIURL == "" && cb.globalConfig.Global.SlackAPIURLFile == "" { + return fmt.Errorf("api_url secret is not defined and no global Slack API URL set either inline or in a file") + } if slack.APIURL != nil { s, err := cb.fetchSecretValue(slack.APIURL) if err != nil { @@ -841,6 +856,12 @@ func (cb *configBuilder) buildWebhook(wh vmv1beta1.WebhookConfig) error { } func (cb *configBuilder) buildWeeChat(wc vmv1beta1.WeChatConfig) error { + if wc.APISecret == nil && cb.globalConfig.Global.WeChatAPISecret == "" { + return fmt.Errorf("api_secret is not set and no global Wechat ApiSecret set") + } + if wc.CorpID == "" && cb.globalConfig.Global.WeChatAPICorpID == "" { + return fmt.Errorf("cord_id is not set and no global Wechat CorpID set") + } var temp yaml.MapSlice if wc.HTTPConfig != nil { h, err := cb.buildHTTPConfig(wc.HTTPConfig) @@ -883,6 +904,9 @@ func (cb *configBuilder) buildWeeChat(wc vmv1beta1.WeChatConfig) error { } func (cb *configBuilder) buildVictorOps(vo vmv1beta1.VictorOpsConfig) error { + if vo.APIKey == nil && cb.globalConfig.Global.VictorOpsAPIKey == "" && cb.globalConfig.Global.VictorOpsAPIKeyFile == "" { + return fmt.Errorf("api_key secret is not set and no global VictorOps API Key set") + } var temp yaml.MapSlice if vo.HTTPConfig != nil { h, err := cb.buildHTTPConfig(vo.HTTPConfig) @@ -1081,12 +1105,19 @@ func (cb *configBuilder) buildEmail(email vmv1beta1.EmailConfig) error { if email.RequireTLS != nil { temp = append(temp, yaml.MapItem{Key: "require_tls", Value: *email.RequireTLS}) } + if email.Smarthost == "" && cb.globalConfig.Global.SMTPSmarthost == "" { + return fmt.Errorf("required email smarthost is not set at local and global alertmanager config") + } + if email.From == "" && cb.globalConfig.Global.SMTPFrom == "" { + return fmt.Errorf("required email from is not set at local and global alertmanager config") + } + // skip tls_config if require_tls is false - if email.RequireTLS == nil || *email.RequireTLS { + if email.RequireTLS != nil && *email.RequireTLS { if email.TLSConfig == nil { return fmt.Errorf("incorrect email configuration, tls is required, but no config provided at spec") } - s, err := cb.TLSConfigBuilder.BuildTLSConfig(email.TLSConfig, tlsAssetsDir) + s, err := cb.BuildTLSConfig(email.TLSConfig, tlsAssetsDir) if err != nil { return err } @@ -1134,6 +1165,9 @@ func (cb *configBuilder) buildEmail(email vmv1beta1.EmailConfig) error { } func (cb *configBuilder) buildOpsGenie(og vmv1beta1.OpsGenieConfig) error { + if og.APIKey == nil && cb.globalConfig.Global.OpsGenieAPIKey == "" && cb.globalConfig.Global.OpsGenieAPIKeyFile == "" { + return fmt.Errorf("api_url secret is not defined andno global OpsGenie API Key set either inline or in a file") + } var temp yaml.MapSlice if og.APIKey != nil { s, err := cb.fetchSecretValue(og.APIKey) @@ -1222,6 +1256,13 @@ func (cb *configBuilder) buildHTTPConfig(httpCfg *vmv1beta1.HTTPConfig) (yaml.Ma r = append(r, yaml.MapItem{Key: "tls_config", Value: tls}) } } + if httpCfg.Authorization != nil { + au, err := cb.buildAuthorization(httpCfg.Authorization) + if err != nil { + return nil, err + } + r = append(r, yaml.MapItem{Key: "authorization", Value: au}) + } if httpCfg.BasicAuth != nil { ba, err := cb.buildBasicAuth(httpCfg.BasicAuth) if err != nil { @@ -1285,6 +1326,35 @@ func (cb *configBuilder) buildBasicAuth(basicAuth *vmv1beta1.BasicAuth) (yaml.Ma return r, nil } +func (cb *configBuilder) buildAuthorization(authCfg *vmv1beta1.Authorization) (yaml.MapSlice, error) { + var r yaml.MapSlice + + if len(authCfg.Type) > 0 { + r = append(r, yaml.MapItem{ + Key: "type", + Value: authCfg.Type, + }) + } + if authCfg.Credentials != nil { + hv, err := cb.fetchSecretValue(authCfg.Credentials) + if err != nil { + return nil, fmt.Errorf("cannot fetch credentials secret value: %w", err) + } + r = append(r, yaml.MapItem{ + Key: "credentials", + Value: string(hv), + }) + } + if len(authCfg.CredentialsFile) > 0 { + r = append(r, yaml.MapItem{ + Key: "credentials_file", + Value: authCfg.CredentialsFile, + }) + } + + return r, nil +} + func parseURL(s string) error { u, err := url.Parse(s) if err != nil { @@ -1299,7 +1369,7 @@ func parseURL(s string) error { return nil } -func fetchSecretValue(ctx context.Context, rclient client.Client, ns string, selector *v1.SecretKeySelector, sm map[string]*v1.Secret) ([]byte, error) { +func fetchSecretValue(ctx context.Context, rclient client.Client, ns string, selector *corev1.SecretKeySelector, sm map[string]*corev1.Secret) ([]byte, error) { var s corev1.Secret if existSecret, ok := sm[selector.Name]; ok { s = *existSecret @@ -1312,7 +1382,7 @@ func fetchSecretValue(ctx context.Context, rclient client.Client, ns string, sel return nil, fmt.Errorf("secret key=%q not exists at secret=%q", selector.Key, selector.Name) } -func secretSelectorToAssetKey(selector *v1.SecretKeySelector) string { +func secretSelectorToAssetKey(selector *corev1.SecretKeySelector) string { return fmt.Sprintf("%s_%s", selector.Name, selector.Key) } @@ -1325,7 +1395,7 @@ func buildGossipConfigYAML(ctx context.Context, rclient client.Client, vmaCR *vm gossipCfg := vmaCR.Spec.GossipConfig if gossipCfg.TLSServerConfig != nil { var tlsCfg yaml.MapSlice - secretMap := make(map[string]*v1.Secret) + secretMap := make(map[string]*corev1.Secret) tlsAssetsServerDir := tlsAssetsDir + "/gossip/server/" if gossipCfg.TLSServerConfig.ClientCASecretRef != nil { data, err := fetchSecretValue(ctx, rclient, vmaCR.Namespace, gossipCfg.TLSServerConfig.ClientCASecretRef, secretMap) @@ -1390,7 +1460,7 @@ func buildGossipConfigYAML(ctx context.Context, rclient client.Client, vmaCR *vm if gossipCfg.TLSClientConfig != nil { var tlsCfg yaml.MapSlice - secretMap := make(map[string]*v1.Secret) + secretMap := make(map[string]*corev1.Secret) tlsAssetsClientDir := tlsAssetsDir + "/gossip/client/" if gossipCfg.TLSClientConfig.CASecretRef != nil { data, err := fetchSecretValue(ctx, rclient, vmaCR.Namespace, gossipCfg.TLSClientConfig.CASecretRef, secretMap) @@ -1469,7 +1539,7 @@ func buildWebServerConfigYAML(ctx context.Context, rclient client.Client, vmaCR } if webCfg.TLSServerConfig != nil { var tlsCfg yaml.MapSlice - secretMap := make(map[string]*v1.Secret) + secretMap := make(map[string]*corev1.Secret) tlsAssetsServerDir := tlsAssetsDir + "/web/server/" if webCfg.TLSServerConfig.ClientCASecretRef != nil { data, err := fetchSecretValue(ctx, rclient, vmaCR.Namespace, webCfg.TLSServerConfig.ClientCASecretRef, secretMap) diff --git a/internal/controller/operator/factory/alertmanager/config_test.go b/internal/controller/operator/factory/alertmanager/config_test.go index dcbf077f9..9fcec7bfb 100644 --- a/internal/controller/operator/factory/alertmanager/config_test.go +++ b/internal/controller/operator/factory/alertmanager/config_test.go @@ -26,7 +26,7 @@ func TestBuildConfig(t *testing.T) { ctx context.Context disableNamespaceMatcher bool baseCfg []byte - amcfgs map[string]*vmv1beta1.VMAlertmanagerConfig + amcfgs []*vmv1beta1.VMAlertmanagerConfig } tests := []struct { name string @@ -42,9 +42,10 @@ func TestBuildConfig(t *testing.T) { ctx: context.Background(), baseCfg: []byte(`global: time_out: 1min + smtp_smarthost: some:443 `), - amcfgs: map[string]*vmv1beta1.VMAlertmanagerConfig{ - "default/base": { + amcfgs: []*vmv1beta1.VMAlertmanagerConfig{ + { ObjectMeta: metav1.ObjectMeta{ Name: "base", Namespace: "default", @@ -59,6 +60,7 @@ func TestBuildConfig(t *testing.T) { From: "some-sender", To: "some-dst", Text: "some-text", + RequireTLS: ptr.To(true), TLSConfig: &vmv1beta1.TLSConfig{ CertFile: "some_cert_path", }, @@ -82,9 +84,10 @@ func TestBuildConfig(t *testing.T) { }, }, want: `global: + smtp_smarthost: some:443 time_out: 1min route: - receiver: default-base-email + receiver: blackhole routes: - matchers: - namespace = "default" @@ -92,9 +95,11 @@ route: receiver: default-base-email continue: true receivers: +- name: blackhole - name: default-base-email email_configs: - - tls_config: + - require_tls: true + tls_config: cert_file: some_cert_path from: some-sender text: some-text @@ -115,8 +120,8 @@ templates: [] baseCfg: []byte(`global: time_out: 1min `), - amcfgs: map[string]*vmv1beta1.VMAlertmanagerConfig{ - "default/base": { + amcfgs: []*vmv1beta1.VMAlertmanagerConfig{ + { ObjectMeta: metav1.ObjectMeta{ Name: "base", Namespace: "default", @@ -163,7 +168,7 @@ templates: [] }, }, }, - "monitoring/scrape": { + { ObjectMeta: metav1.ObjectMeta{ Name: "scrape", Namespace: "monitoring", @@ -263,8 +268,8 @@ templates: [] baseCfg: []byte(`global: time_out: 1min `), - amcfgs: map[string]*vmv1beta1.VMAlertmanagerConfig{ - "default/base": { + amcfgs: []*vmv1beta1.VMAlertmanagerConfig{ + { ObjectMeta: metav1.ObjectMeta{ Name: "base", Namespace: "default", @@ -330,8 +335,8 @@ templates: [] baseCfg: []byte(`global: time_out: 1min `), - amcfgs: map[string]*vmv1beta1.VMAlertmanagerConfig{ - "default/base": { + amcfgs: []*vmv1beta1.VMAlertmanagerConfig{ + { ObjectMeta: metav1.ObjectMeta{ Name: "base", Namespace: "default", @@ -433,8 +438,8 @@ templates: [] baseCfg: []byte(`global: time_out: 1min `), - amcfgs: map[string]*vmv1beta1.VMAlertmanagerConfig{ - "default/base": { + amcfgs: []*vmv1beta1.VMAlertmanagerConfig{ + { ObjectMeta: metav1.ObjectMeta{ Name: "base", Namespace: "default", @@ -551,8 +556,8 @@ templates: [] baseCfg: []byte(`global: time_out: 1min `), - amcfgs: map[string]*vmv1beta1.VMAlertmanagerConfig{ - "default/base": { + amcfgs: []*vmv1beta1.VMAlertmanagerConfig{ + { ObjectMeta: metav1.ObjectMeta{ Name: "tg", Namespace: "default", @@ -611,8 +616,8 @@ templates: [] baseCfg: []byte(`global: time_out: 1min `), - amcfgs: map[string]*vmv1beta1.VMAlertmanagerConfig{ - "default/base": { + amcfgs: []*vmv1beta1.VMAlertmanagerConfig{ + { ObjectMeta: metav1.ObjectMeta{ Name: "base", Namespace: "default", @@ -666,8 +671,8 @@ templates: [] baseCfg: []byte(`global: time_out: 1min `), - amcfgs: map[string]*vmv1beta1.VMAlertmanagerConfig{ - "default/base": { + amcfgs: []*vmv1beta1.VMAlertmanagerConfig{ + { ObjectMeta: metav1.ObjectMeta{ Name: "tg", Namespace: "default", @@ -697,7 +702,7 @@ templates: [] }, }, }, - "mon/base": { + { ObjectMeta: metav1.ObjectMeta{ Name: "tg", Namespace: "default", @@ -750,8 +755,8 @@ templates: [] baseCfg: []byte(`global: time_out: 1min `), - amcfgs: map[string]*vmv1beta1.VMAlertmanagerConfig{ - "default/base": { + amcfgs: []*vmv1beta1.VMAlertmanagerConfig{ + { ObjectMeta: metav1.ObjectMeta{ Name: "base", Namespace: "default", @@ -797,14 +802,14 @@ templates: [] baseCfg: []byte(`global: time_out: 1min `), - amcfgs: map[string]*vmv1beta1.VMAlertmanagerConfig{ - "default/base": { + amcfgs: []*vmv1beta1.VMAlertmanagerConfig{ + { ObjectMeta: metav1.ObjectMeta{ Name: "base", Namespace: "default", }, Spec: vmv1beta1.VMAlertmanagerConfigSpec{ - TimeIntervals: []vmv1beta1.MuteTimeInterval{ + TimeIntervals: []vmv1beta1.TimeIntervals{ { Name: "duplicate-interval", TimeIntervals: []vmv1beta1.TimeInterval{{Times: []vmv1beta1.TimeRange{{StartTime: "00:00", EndTime: "10:00"}}}}, @@ -836,8 +841,8 @@ templates: [] baseCfg: []byte(`global: time_out: 1min `), - amcfgs: map[string]*vmv1beta1.VMAlertmanagerConfig{ - "default/base": { + amcfgs: []*vmv1beta1.VMAlertmanagerConfig{ + { ObjectMeta: metav1.ObjectMeta{ Name: "base", Namespace: "default", @@ -864,8 +869,8 @@ templates: [] baseCfg: []byte(`global: time_out: 1min `), - amcfgs: map[string]*vmv1beta1.VMAlertmanagerConfig{ - "default/base": { + amcfgs: []*vmv1beta1.VMAlertmanagerConfig{ + { ObjectMeta: metav1.ObjectMeta{ Name: "base", Namespace: "default", @@ -894,10 +899,10 @@ templates: [] t.Errorf("BuildConfig() error = %v, wantErr %v", err, tt.wantErr) return } - if len(got.ParseErrors) > 0 { - assert.Equal(t, tt.parseError, got.ParseErrors[0]) + if len(got.brokenAMCfgs) > 0 { + assert.Equal(t, tt.parseError, got.brokenAMCfgs[0].Status.CurrentSyncError) } - assert.Equal(t, tt.want, string(got.Data)) + assert.Equal(t, tt.want, string(got.data)) }) } } diff --git a/internal/controller/operator/factory/alertmanager/statefulset.go b/internal/controller/operator/factory/alertmanager/statefulset.go index d8ae70c5d..90fbd7ca8 100644 --- a/internal/controller/operator/factory/alertmanager/statefulset.go +++ b/internal/controller/operator/factory/alertmanager/statefulset.go @@ -7,6 +7,7 @@ import ( "path" "sort" "strings" + "time" vmv1beta1 "github.com/VictoriaMetrics/operator/api/operator/v1beta1" "github.com/VictoriaMetrics/operator/internal/config" @@ -685,8 +686,8 @@ func getSecretContentForAlertmanager(ctx context.Context, rclient client.Client, } func buildAlertmanagerConfigWithCRDs(ctx context.Context, rclient client.Client, cr *vmv1beta1.VMAlertmanager, originConfig []byte, l logr.Logger, tlsAssets map[string]string) ([]byte, error) { - amConfigs := make(map[string]*vmv1beta1.VMAlertmanagerConfig) - var badCfgCount int + var amCfgs []*vmv1beta1.VMAlertmanagerConfig + var badCfgs []*vmv1beta1.VMAlertmanagerConfig if err := k8stools.VisitObjectsForSelectorsAtNs(ctx, rclient, cr.Spec.ConfigNamespaceSelector, cr.Spec.ConfigSelector, cr.Namespace, cr.Spec.SelectAllByDefault, func(ams *vmv1beta1.VMAlertmanagerConfigList) { for i := range ams.Items { @@ -695,31 +696,33 @@ func buildAlertmanagerConfigWithCRDs(ctx context.Context, rclient client.Client, continue } if item.Spec.ParsingError != "" { - badCfgCount++ - l.Error(fmt.Errorf(item.Spec.ParsingError), "parsing failed for alertmanager config", "objectName", item.Name) + item.Status.CurrentSyncError = item.Spec.ParsingError + badCfgs = append(badCfgs, &item) continue } if err := item.Validate(); err != nil { - l.Error(err, "validation failed for alertmanager config", "objectName", item.Name) - badCfgCount++ + item.Status.CurrentSyncError = err.Error() + badCfgs = append(badCfgs, &item) continue } - amConfigs[item.AsKey()] = &item + amCfgs = append(amCfgs, &item) } }); err != nil { return nil, fmt.Errorf("cannot select alertmanager configs: %w", err) } - parsedCfg, err := buildConfig(ctx, rclient, !cr.Spec.DisableNamespaceMatcher, cr.Spec.DisableRouteContinueEnforce, originConfig, amConfigs, tlsAssets) + parsedCfg, err := buildConfig(ctx, rclient, !cr.Spec.DisableNamespaceMatcher, cr.Spec.DisableRouteContinueEnforce, originConfig, amCfgs, tlsAssets) if err != nil { return nil, err } - l.Info("selected alertmanager configs", "len", len(amConfigs), "invalid configs", badCfgCount+parsedCfg.BadObjectsCount) - if len(parsedCfg.ParseErrors) > 0 { - l.Error(fmt.Errorf("errors: %s", strings.Join(parsedCfg.ParseErrors, ";")), "bad configs found during alertmanager config building") + parsedCfg.brokenAMCfgs = append(parsedCfg.brokenAMCfgs, badCfgs...) + l.Info("selected alertmanager configs", "len", len(amCfgs), "invalid configs", len(parsedCfg.brokenAMCfgs)) + if err := updateConfigsStatuses(ctx, rclient, cr, parsedCfg.amcfgs, parsedCfg.brokenAMCfgs); err != nil { + return nil, fmt.Errorf("failed to update vmalertmanagerConfigs statuses: %w", err) } - badConfigsTotal.Add(float64(badCfgCount)) - return parsedCfg.Data, nil + + badConfigsTotal.Add(float64(len(badCfgs))) + return parsedCfg.data, nil } func subPathForStorage(s *vmv1beta1.StorageSpec) string { @@ -729,3 +732,68 @@ func subPathForStorage(s *vmv1beta1.StorageSpec) string { return "alertmanager-db" } + +const ( + errorStatusUpdateTTL = 5 * time.Minute + errorStatusExpireTTL = 15 * time.Minute +) + +// performs status update for given alertmanager configs +func updateConfigsStatuses(ctx context.Context, rclient client.Client, amCR *vmv1beta1.VMAlertmanager, okConfigs, badconfig []*vmv1beta1.VMAlertmanagerConfig) error { + var errors []string + + alertmanagerNamespacedName := fmt.Sprintf("%s/%s", amCR.Namespace, amCR.Name) + for _, badCfg := range badconfig { + + // change status only at different error + if badCfg.Status.CurrentSyncError != "" && badCfg.Status.CurrentSyncError != badCfg.Status.LastSyncError { + // allow to change message only to single alertmanager + if badCfg.Status.LastErrorParentAlertmanagerName == "" || badCfg.Status.LastErrorParentAlertmanagerName == alertmanagerNamespacedName { + // patch update status + pt := client.RawPatch(types.MergePatchType, + []byte(fmt.Sprintf(`{"status": {"lastSyncError": %q , "status": %q, "lastErrorParentAlertmanagerName": %q, "lastSyncErrorTimestamp": %d} }`, + badCfg.Status.CurrentSyncError, vmv1beta1.UpdateStatusFailed, + alertmanagerNamespacedName, time.Now().Unix()))) + if err := rclient.Status().Patch(ctx, badCfg, pt); err != nil { + return fmt.Errorf("failed to patch status of broken VMAlertmanagerConfig=%q: %w", badCfg.Name, err) + } + } + } + // need to update ttl and parent alertmanager name + // race condition is possible, but it doesn't really matter. + lastTs := time.Unix(badCfg.Status.LastSyncErrorTimestamp, 0) + if time.Since(lastTs) > errorStatusUpdateTTL { + // update ttl + pt := client.RawPatch(types.MergePatchType, + []byte(fmt.Sprintf(`{"status": { "lastErrorParentAlertmanagerName": %q, "lastSyncErrorTimestamp": %d} }`, + alertmanagerNamespacedName, time.Now().Unix()))) + if err := rclient.Status().Patch(ctx, badCfg, pt); err != nil { + return fmt.Errorf("failed to patch status of broken VMAlertmanagerConfig=%q: %w", badCfg.Name, err) + } + } + + errors = append(errors, fmt.Sprintf("parent=%s config=namespace/name=%s/%s error text: %s", alertmanagerNamespacedName, badCfg.Namespace, badCfg.Name, badCfg.Status.CurrentSyncError)) + } + if len(errors) > 0 { + logger.WithContext(ctx).Error(fmt.Errorf("VMAlertmanagerConfigs have errors"), "skip it for config generation", "errors", strings.Join(errors, ",")) + } + for _, amCfg := range okConfigs { + if amCfg.Status.LastSyncError != "" || amCfg.Status.Status != vmv1beta1.UpdateStatusOperational { + if amCfg.Status.LastErrorParentAlertmanagerName != alertmanagerNamespacedName { + // transit to ok status only if it's the same alertmanager that set error + // ot ttl passed + lastTs := time.Unix(amCfg.Status.LastSyncErrorTimestamp, 0) + if time.Since(lastTs) < errorStatusExpireTTL { + continue + } + } + amCfg.Status.LastSyncError = "" + pt := client.RawPatch(types.MergePatchType, + []byte(fmt.Sprintf(`{"status": {"lastSyncError": "" , "status": %q, "lastSyncErrorTimestamp": 0, "lastErrorParentAlertmanagerName": "" } }`, vmv1beta1.UpdateStatusOperational))) + if err := rclient.Status().Patch(ctx, amCfg, pt); err != nil { + return fmt.Errorf("failed to patch status of VMAlertmanagerConfig=%q: %w", amCfg.Name, err) + } + } + } + return nil +} diff --git a/internal/manager/manager.go b/internal/manager/manager.go index e2bc1ea0c..0d3f6a61c 100644 --- a/internal/manager/manager.go +++ b/internal/manager/manager.go @@ -19,6 +19,7 @@ import ( promv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" "github.com/prometheus/client_golang/prometheus" + "go.uber.org/zap/zapcore" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apimachinery/pkg/runtime" @@ -84,7 +85,9 @@ func init() { func RunManager(ctx context.Context) error { // Add flags registered by imported packages (e.g. glog and // controller-runtime) - opts := zap.Options{} + opts := zap.Options{ + StacktraceLevel: zapcore.PanicLevel, + } opts.BindFlags(flag.CommandLine) vmcontroller.BindFlags(flag.CommandLine) flag.Parse()