Alerting: External AM fix parsing basic auth with escape characters (#84681)

This commit is contained in:
Matthew Jacobson 2024-03-18 13:04:57 -04:00 committed by GitHub
parent 494d169980
commit 3ea5c08c88
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 20 additions and 9 deletions

View File

@ -275,17 +275,16 @@ func (d *AlertsRouter) buildExternalURL(ds *datasources.DataSource) (string, err
}
}
// if basic auth is enabled we need to build the url with basic auth baked in
if !ds.BasicAuth {
return parsed.String(), nil
}
// If basic auth is enabled we need to build the url with basic auth baked in.
if ds.BasicAuth {
password := d.secretService.GetDecryptedValue(context.Background(), ds.SecureJsonData, "basicAuthPassword", "")
if password == "" {
return "", fmt.Errorf("basic auth enabled but no password set")
}
return fmt.Sprintf("%s://%s:%s@%s%s%s", parsed.Scheme, ds.BasicAuthUser,
password, parsed.Host, parsed.Path, parsed.RawQuery), nil
parsed.User = url.UserPassword(ds.BasicAuthUser, password)
}
return parsed.String(), nil
}
func (d *AlertsRouter) Send(ctx context.Context, key models.AlertRuleKey, alerts definitions.PostableAlerts) {

View File

@ -461,6 +461,18 @@ func TestBuildExternalURL(t *testing.T) {
},
expectedURL: "https://johndoe:123@localhost:9000",
},
{
name: "datasource with auth that needs escaping",
ds: &datasources.DataSource{
URL: "https://localhost:9000",
BasicAuth: true,
BasicAuthUser: "johndoe",
SecureJsonData: map[string][]byte{
"basicAuthPassword": []byte("123#!"),
},
},
expectedURL: "https://johndoe:123%23%21@localhost:9000",
},
{
name: "datasource with auth and path",
ds: &datasources.DataSource{