Changes related to supporting Pager Duty as a receiver

Signed-off-by: Anand Rajagopal <anrajag@amazon.com>

Author: rajagopalanand

cmd/alertmanager/main.go

@@ -30,6 +30,9 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/prometheus/alertmanager/secrets"
+	"github.com/prometheus/alertmanager/secrets/providers"
+
 	"github.com/KimMachineGun/automemlimit/memlimit"
 	"github.com/alecthomas/kingpin/v2"
 	"github.com/prometheus/client_golang/prometheus"
@@ -402,8 +405,9 @@ func run() int {
 	}
 
 	var (
-		inhibitor *inhibit.Inhibitor
-		tmpl      *template.Template
+		inhibitor               *inhibit.Inhibitor
+		tmpl                    *template.Template
+		secretsProviderRegistry *secrets.SecretsProviderRegistry
 	)
 
 	dispMetrics := dispatch.NewDispatcherMetrics(false, prometheus.DefaultRegisterer)
@@ -414,6 +418,9 @@ func run() int {
 		prometheus.DefaultRegisterer,
 		configLogger,
 	)
+	defer func() {
+		secretsProviderRegistry.Stop()
+	}()
 	configCoordinator.Subscribe(func(conf *config.Config) error {
 		tmpl, err = template.FromGlobs(conf.Templates)
 		if err != nil {
@@ -428,6 +435,15 @@ func run() int {
 			activeReceivers[r.RouteOpts.Receiver] = struct{}{}
 		})
 
+		if secretsProviderRegistry == nil {
+			secretsProviderRegistry = secrets.NewSecretsProviderRegistry(logger, prometheus.NewRegistry())
+			// currently only one secrets provider is registered. Inline secrets provider is always available
+			if secretsProviderRegistry.Register(providers.AWSSecretsManagerSecretProviderDiscoveryConfig{}) != nil {
+				configLogger.Error("failed to register secrets provider", "err", err)
+			}
+			secretsProviderRegistry.Init()
+		}
+
 		// Build the map of receiver to integrations.
 		receivers := make(map[string][]notify.Integration, len(activeReceivers))
 		var integrationsNum int
@@ -437,7 +453,7 @@ func run() int {
 				configLogger.Info("skipping creation of receiver not referenced by any route", "receiver", rcv.Name)
 				continue
 			}
-			integrations, err := receiver.BuildReceiverIntegrations(rcv, tmpl, logger)
+			integrations, err := receiver.BuildReceiverIntegrations(rcv, tmpl, logger, secretsProviderRegistry)
 			if err != nil {
 				return err
 			}
@@ -463,7 +479,6 @@ func run() int {
 
 		inhibitor = inhibit.NewInhibitor(alerts, conf.InhibitRules, marker, logger)
 		silencer := silence.NewSilencer(silences, marker, logger)
-
 		// An interface value that holds a nil concrete value is non-nil.
 		// Therefore we explicly pass an empty interface, to detect if the
 		// cluster is not enabled in notify.
@@ -522,7 +537,7 @@ func run() int {
 
 		go disp.Run()
 		go inhibitor.Run()
-
+		secretsProviderRegistry.UpdateComplete()
 		return nil
 	})
 

config/config_test.go

@@ -23,6 +23,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/prometheus/alertmanager/secrets"
+
 	commoncfg "github.com/prometheus/common/config"
 	"github.com/prometheus/common/model"
 	"github.com/prometheus/common/promslog"
@@ -528,6 +530,8 @@ func TestHideConfigSecrets(t *testing.T) {
 func TestShowMarshalSecretValues(t *testing.T) {
 	MarshalSecretValue = true
 	defer func() { MarshalSecretValue = false }()
+	secrets.MarshalSecretValue = true
+	defer func() { secrets.MarshalSecretValue = false }()
 
 	c, err := LoadFile("testdata/conf.good.yml")
 	if err != nil {

config/notifiers.go

@@ -22,6 +22,8 @@ import (
 	"text/template"
 	"time"
 
+	"github.com/prometheus/alertmanager/secrets"
+
 	commoncfg "github.com/prometheus/common/config"
 	"github.com/prometheus/common/model"
 	"github.com/prometheus/sigv4"
@@ -328,22 +330,22 @@ type PagerdutyConfig struct {
 
 	HTTPConfig *commoncfg.HTTPClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"`
 
-	ServiceKey     Secret            `yaml:"service_key,omitempty" json:"service_key,omitempty"`
-	ServiceKeyFile string            `yaml:"service_key_file,omitempty" json:"service_key_file,omitempty"`
-	RoutingKey     Secret            `yaml:"routing_key,omitempty" json:"routing_key,omitempty"`
-	RoutingKeyFile string            `yaml:"routing_key_file,omitempty" json:"routing_key_file,omitempty"`
-	URL            *URL              `yaml:"url,omitempty" json:"url,omitempty"`
-	Client         string            `yaml:"client,omitempty" json:"client,omitempty"`
-	ClientURL      string            `yaml:"client_url,omitempty" json:"client_url,omitempty"`
-	Description    string            `yaml:"description,omitempty" json:"description,omitempty"`
-	Details        map[string]string `yaml:"details,omitempty" json:"details,omitempty"`
-	Images         []PagerdutyImage  `yaml:"images,omitempty" json:"images,omitempty"`
-	Links          []PagerdutyLink   `yaml:"links,omitempty" json:"links,omitempty"`
-	Source         string            `yaml:"source,omitempty" json:"source,omitempty"`
-	Severity       string            `yaml:"severity,omitempty" json:"severity,omitempty"`
-	Class          string            `yaml:"class,omitempty" json:"class,omitempty"`
-	Component      string            `yaml:"component,omitempty" json:"component,omitempty"`
-	Group          string            `yaml:"group,omitempty" json:"group,omitempty"`
+	ServiceKey     secrets.GenericSecret `yaml:"service_key,omitempty" json:"service_key,omitempty"`
+	ServiceKeyFile string                `yaml:"service_key_file,omitempty" json:"service_key_file,omitempty"`
+	RoutingKey     secrets.GenericSecret `yaml:"routing_key,omitempty" json:"routing_key,omitempty"`
+	RoutingKeyFile string                `yaml:"routing_key_file,omitempty" json:"routing_key_file,omitempty"`
+	URL            *URL                  `yaml:"url,omitempty" json:"url,omitempty"`
+	Client         string                `yaml:"client,omitempty" json:"client,omitempty"`
+	ClientURL      string                `yaml:"client_url,omitempty" json:"client_url,omitempty"`
+	Description    string                `yaml:"description,omitempty" json:"description,omitempty"`
+	Details        map[string]string     `yaml:"details,omitempty" json:"details,omitempty"`
+	Images         []PagerdutyImage      `yaml:"images,omitempty" json:"images,omitempty"`
+	Links          []PagerdutyLink       `yaml:"links,omitempty" json:"links,omitempty"`
+	Source         string                `yaml:"source,omitempty" json:"source,omitempty"`
+	Severity       string                `yaml:"severity,omitempty" json:"severity,omitempty"`
+	Class          string                `yaml:"class,omitempty" json:"class,omitempty"`
+	Component      string                `yaml:"component,omitempty" json:"component,omitempty"`
+	Group          string                `yaml:"group,omitempty" json:"group,omitempty"`
 }
 
 // PagerdutyLink is a link.
@@ -359,20 +361,24 @@ type PagerdutyImage struct {
 	Href string `yaml:"href,omitempty" json:"href,omitempty"`
 }
 
+func (c *PagerdutyConfig) isKeyZero() bool {
+	return c.ServiceKey.IsZero() && c.RoutingKey.IsZero()
+}
+
 // UnmarshalYAML implements the yaml.Unmarshaler interface.
 func (c *PagerdutyConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	*c = DefaultPagerdutyConfig
 	type plain PagerdutyConfig
 	if err := unmarshal((*plain)(c)); err != nil {
 		return err
 	}
-	if c.RoutingKey == "" && c.ServiceKey == "" && c.RoutingKeyFile == "" && c.ServiceKeyFile == "" {
+	if c.isKeyZero() && c.RoutingKeyFile == "" && c.ServiceKeyFile == "" {
 		return errors.New("missing service or routing key in PagerDuty config")
 	}
-	if len(c.RoutingKey) > 0 && len(c.RoutingKeyFile) > 0 {
+	if !c.RoutingKey.IsZero() && len(c.RoutingKeyFile) > 0 {
 		return errors.New("at most one of routing_key & routing_key_file must be configured")
 	}
-	if len(c.ServiceKey) > 0 && len(c.ServiceKeyFile) > 0 {
+	if !c.ServiceKey.IsZero() && len(c.ServiceKeyFile) > 0 {
 		return errors.New("at most one of service_key & service_key_file must be configured")
 	}
 	if c.Details == nil {

config/notifiers_test.go

@@ -142,7 +142,7 @@ routing_key_file: 'xyz'
 func TestPagerdutyServiceKey(t *testing.T) {
 	t.Run("error if no service key or key file", func(t *testing.T) {
 		in := `
-service_key: ''
+service_key:
 `
 		var cfg PagerdutyConfig
 		err := yaml.UnmarshalStrict([]byte(in), &cfg)

config/receiver/receiver.go

@@ -16,6 +16,8 @@ package receiver
 import (
 	"log/slog"
 
+	"github.com/prometheus/alertmanager/secrets"
+
 	commoncfg "github.com/prometheus/common/config"
 	"github.com/prometheus/common/promslog"
 
@@ -43,7 +45,7 @@ import (
 
 // BuildReceiverIntegrations builds a list of integration notifiers off of a
 // receiver config.
-func BuildReceiverIntegrations(nc config.Receiver, tmpl *template.Template, logger *slog.Logger, httpOpts ...commoncfg.HTTPClientOption) ([]notify.Integration, error) {
+func BuildReceiverIntegrations(nc config.Receiver, tmpl *template.Template, logger *slog.Logger, spRegistry *secrets.SecretsProviderRegistry, httpOpts ...commoncfg.HTTPClientOption) ([]notify.Integration, error) {
 	if logger == nil {
 		logger = promslog.NewNopLogger()
 	}
@@ -68,7 +70,9 @@ func BuildReceiverIntegrations(nc config.Receiver, tmpl *template.Template, logg
 		add("email", i, c, func(l *slog.Logger) (notify.Notifier, error) { return email.New(c, tmpl, l), nil })
 	}
 	for i, c := range nc.PagerdutyConfigs {
-		add("pagerduty", i, c, func(l *slog.Logger) (notify.Notifier, error) { return pagerduty.New(c, tmpl, l, httpOpts...) })
+		add("pagerduty", i, c, func(l *slog.Logger) (notify.Notifier, error) {
+			return pagerduty.New(c, tmpl, l, spRegistry, httpOpts...)
+		})
 	}
 	for i, c := range nc.OpsGenieConfigs {
 		add("opsgenie", i, c, func(l *slog.Logger) (notify.Notifier, error) { return opsgenie.New(c, tmpl, l, httpOpts...) })

config/receiver/receiver_test.go

@@ -16,6 +16,11 @@ package receiver
 import (
 	"testing"
 
+	"github.com/prometheus/client_golang/prometheus"
+	"github.com/prometheus/common/promslog"
+
+	"github.com/prometheus/alertmanager/secrets"
+
 	commoncfg "github.com/prometheus/common/config"
 	"github.com/stretchr/testify/require"
 
@@ -71,7 +76,8 @@ func TestBuildReceiverIntegrations(t *testing.T) {
 	} {
 		tc := tc
 		t.Run("", func(t *testing.T) {
-			integrations, err := BuildReceiverIntegrations(tc.receiver, nil, nil)
+			sp := secrets.NewSecretsProviderRegistry(promslog.NewNopLogger(), prometheus.DefaultRegisterer)
+			integrations, err := BuildReceiverIntegrations(tc.receiver, nil, nil, sp)
 			if tc.err {
 				require.Error(t, err)
 				return

go.mod

@@ -7,6 +7,9 @@ require (
 	github.com/alecthomas/kingpin/v2 v2.4.0
 	github.com/alecthomas/units v0.0.0-20240927000941-0f3dac36c52b
 	github.com/aws/aws-sdk-go v1.55.5
+	github.com/aws/aws-sdk-go-v2 v1.36.4
+	github.com/aws/aws-sdk-go-v2/config v1.29.16
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.35.6
 	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/cespare/xxhash/v2 v2.3.0
 	github.com/coder/quartz v0.1.2
@@ -53,6 +56,17 @@ require (
 require (
 	github.com/armon/go-metrics v0.3.10 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.69 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.31 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.35 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.35 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.16 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.25.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.33.21 // indirect
+	github.com/aws/smithy-go v1.22.2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect

go.sum

@@ -80,6 +80,34 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU=
 github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
+github.com/aws/aws-sdk-go-v2 v1.36.4 h1:GySzjhVvx0ERP6eyfAbAuAXLtAda5TEy19E5q5W8I9E=
+github.com/aws/aws-sdk-go-v2 v1.36.4/go.mod h1:LLXuLpgzEbD766Z5ECcRmi8AzSwfZItDtmABVkRLGzg=
+github.com/aws/aws-sdk-go-v2/config v1.29.16 h1:XkruGnXX1nEZ+Nyo9v84TzsX+nj86icbFAeust6uo8A=
+github.com/aws/aws-sdk-go-v2/config v1.29.16/go.mod h1:uCW7PNjGwZ5cOGZ5jr8vCWrYkGIhPoTNV23Q/tpHKzg=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.69 h1:8B8ZQboRc3uaIKjshve/XlvJ570R7BKNy3gftSbS178=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.69/go.mod h1:gPME6I8grR1jCqBFEGthULiolzf/Sexq/Wy42ibKK9c=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.31 h1:oQWSGexYasNpYp4epLGZxxjsDo8BMBh6iNWkTXQvkwk=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.31/go.mod h1:nc332eGUU+djP3vrMI6blS0woaCfHTe3KiSQUVTMRq0=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.35 h1:o1v1VFfPcDVlK3ll1L5xHsaQAFdNtZ5GXnNR7SwueC4=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.35/go.mod h1:rZUQNYMNG+8uZxz9FOerQJ+FceCiodXvixpeRtdESrU=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.35 h1:R5b82ubO2NntENm3SAm0ADME+H630HomNJdgv+yZ3xw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.35/go.mod h1:FuA+nmgMRfkzVKYDNEqQadvEMxtxl9+RLT9ribCwEMs=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 h1:eAh2A4b5IzM/lum78bZ590jy36+d/aFLgKF/4Vd1xPE=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3/go.mod h1:0yKJC/kb8sAnmlYa6Zs3QVYqaC8ug2AbnNChv5Ox3uA=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.16 h1:/ldKrPPXTC421bTNWrUIpq3CxwHwRI/kpc+jPUTJocM=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.16/go.mod h1:5vkf/Ws0/wgIMJDQbjI4p2op86hNW6Hie5QtebrDgT8=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.35.6 h1:l4mxH8imZoflVEWWa8VT8skwObm+t0KEveqEskyiKEo=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.35.6/go.mod h1:1qwmvfRBGTQ5shUxu+eQO/S2+O6o6SxbvcvtN62kmc0=
+github.com/aws/aws-sdk-go-v2/service/sso v1.25.4 h1:EU58LP8ozQDVroOEyAfcq0cGc5R/FTZjVoYJ6tvby3w=
+github.com/aws/aws-sdk-go-v2/service/sso v1.25.4/go.mod h1:CrtOgCcysxMvrCoHnvNAD7PHWclmoFG78Q2xLK0KKcs=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.2 h1:XB4z0hbQtpmBnb1FQYvKaCM7UsS6Y/u8jVBwIUGeCTk=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.2/go.mod h1:hwRpqkRxnQ58J9blRDrB4IanlXCpcKmsC83EhG77upg=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.21 h1:nyLjs8sYJShFYj6aiyjCBI3EcLn1udWrQTjEF+SOXB0=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.21/go.mod h1:EhdxtZ+g84MSGrSrHzZiUm9PYiZkrADNja15wtRJSJo=
+github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ=
+github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=