Skip to content

Re-enable proxy_url for alertmanager receivers #4741

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 31, 2022
Merged

Re-enable proxy_url for alertmanager receivers #4741

merged 1 commit into from
May 31, 2022

Conversation

padyx
Copy link
Contributor

@padyx padyx commented May 19, 2022

What this PR does:
It re-enables the proxy_url option for alertmanager receivers.

⚠️ Reverts part of a security change! Review well ⚠️

Originally introduced with #4129 . We believe this might have been an overly cautious fix and propose to re-enable this option again. This seems to be the consensus in the follow-up discussion. #4129 (comment) by @alvinlin123

Which issue(s) this PR fixes:
Fixes #4680

Checklist

  • Tests updated
  • Documentation added
  • CHANGELOG.md updated - the order of entries should be [CHANGE], [FEATURE], [ENHANCEMENT], [BUGFIX]

@padyx
Copy link
Contributor Author

padyx commented May 25, 2022

Not sure why the test failed, I've tried that locally and did not see this error.

Rebased the branch to master to retry this, plus added the CHANGELOG.md change which was missing before.

alvinlin123
alvinlin123 reviewed May 26, 2022
View reviewed changes
CHANGELOG.md Outdated
@@ -10,6 +10,7 @@
* [CHANGE] Fix incorrectly named `cortex_cache_fetched_keys` and `cortex_cache_hits` metrics. Renamed to `cortex_cache_fetched_keys_total` and `cortex_cache_hits_total` respectively. #4686
* [CHANGE] Enable Thanos series limiter in store-gateway. #4702
* [CHANGE] Distributor: Apply `max_fetched_series_per_query` limit for `/series` API. #4683
* [CHANGE] Re-enable the `proxy_url` option for receiver configuration. #4680
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In change log, the convention is to put the PR number instead of the issue number. May I ask you to kindly update it? Thanks!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Of course, done!

@padyx
Re-enable proxy_url
0b024df 
Signed-off-by: Patrick Bänziger <[email protected]>
friedrichg
friedrichg approved these changes May 27, 2022
View reviewed changes
Copy link
Member

@friedrichg friedrichg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The proxy url is used by the roundtripper in alertmanager to create connections. That proxy connection is http, https or socks5 (per go Transport.Proxy). There is no risk that a rogue tenant could access local files here.

This can be re-enabled.

@alvinlin123 alvinlin123 merged commit 618a41b into cortexproject:master May 31, 2022
@padyx padyx deleted the reenable-proxyurl branch May 31, 2022 09:04
@Fantaztig Fantaztig mentioned this pull request Jun 7, 2022
Closed
@supergicko supergicko mentioned this pull request Jun 8, 2022
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alvinlin123 alvinlin123 alvinlin123 approved these changes

@friedrichg friedrichg friedrichg approved these changes

@alanprot alanprot Awaiting requested review from alanprot

Assignees
No one assigned
Labels
size/S
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Unable to set a proxy for alertmanager-receivers
3 participants
@padyx @alvinlin123 @friedrichg