feat: support global smtp_tls_config in alertmanager config secret

Signed-off-by: Jayapriya Pai <slashpai9@gmail.com>
2025-04-21 03:38:43 +00:00 · 2025-02-04 13:15:23 +05:30 · 2025-02-04 13:15:23 +05:30 · eb25705a8a
commit eb25705a8a
parent 9716e268da
5 changed files with 45 additions and 0 deletions
--- a/pkg/alertmanager/amcfg.go
+++ b/pkg/alertmanager/amcfg.go
@ -1734,6 +1734,12 @@ func (gc *globalConfig) sanitize(amVersion semver.Version, logger *slog.Logger)
 		}
 	}

+	if gc.SMTPTLSConfig != nil && amVersion.LT(semver.MustParse("0.28.0")) {
+		msg := "'smtp_tls_config' supported in Alertmanager >= 0.28.0 only - dropping field from provided config"
+		logger.Warn(msg, "current_version", amVersion.String())
+		gc.SMTPTLSConfig = nil
+	}
+
 	// We need to sanitize the config for slack globally
 	// As of v0.22.0 Alertmanager config supports passing URL via file name
 	if gc.SlackAPIURLFile != "" {
--- a/pkg/alertmanager/amcfg_test.go
+++ b/pkg/alertmanager/amcfg_test.go
@ -2380,6 +2380,9 @@ func TestSanitizeConfig(t *testing.T) {
 	versionMSTeamsSummaryAllowed := semver.Version{Major: 0, Minor: 27}
 	versionMSTeamsSummaryNotAllowed := semver.Version{Major: 0, Minor: 26}

+	versionSMTPTLSConfigAllowed := semver.Version{Major: 0, Minor: 28}
+	versionSMTPTLSConfigNotAllowed := semver.Version{Major: 0, Minor: 27}
+
 	for _, tc := range []struct {
 		name           string
 		againstVersion semver.Version
@ -2387,6 +2390,32 @@ func TestSanitizeConfig(t *testing.T) {
 		expectErr      bool
 		golden         string
 	}{
+		{
+			name:           "Test smtp_tls_config is dropped for unsupported versions",
+			againstVersion: versionSMTPTLSConfigNotAllowed,
+			in: &alertmanagerConfig{
+				Global: &globalConfig{
+					SMTPTLSConfig: &tlsConfig{
+						CAFile: "/var/kubernetes/secrets/tls/ca.txt",
+					},
+				},
+			},
+			golden: "test_smtp_tls_config_is_dropped_for_unsupported_versions.golden",
+		},
+		{
+			name:           "Test smtp_tls_config is added for supported versions",
+			againstVersion: versionSMTPTLSConfigAllowed,
+			in: &alertmanagerConfig{
+				Global: &globalConfig{
+					SMTPTLSConfig: &tlsConfig{
+						CAFile:     "/var/kubernetes/secrets/tls/ca.txt",
+						MinVersion: "TLS12",
+						MaxVersion: "TLS13",
+					},
+				},
+			},
+			golden: "test_smtp_tls_config_is_added_for_supported_versions.golden",
+		},
 		{
 			name:           "Test slack_api_url takes precedence in global config",
 			againstVersion: versionFileURLAllowed,
--- a/pkg/alertmanager/testdata/test_smtp_tls_config_is_added_for_supported_versions.golden
+++ b/pkg/alertmanager/testdata/test_smtp_tls_config_is_added_for_supported_versions.golden
@ -0,0 +1,7 @@
+global:
+  smtp_tls_config:
+    ca_file: /var/kubernetes/secrets/tls/ca.txt
+    insecure_skip_verify: false
+    min_version: TLS12
+    max_version: TLS13
+templates: []
--- a/pkg/alertmanager/testdata/test_smtp_tls_config_is_dropped_for_unsupported_versions.golden
+++ b/pkg/alertmanager/testdata/test_smtp_tls_config_is_dropped_for_unsupported_versions.golden
@ -0,0 +1,2 @@
+global: {}
+templates: []
--- a/pkg/alertmanager/types.go
+++ b/pkg/alertmanager/types.go
@ -53,6 +53,7 @@ type globalConfig struct {
 	SMTPAuthSecret       string          `yaml:"smtp_auth_secret,omitempty" json:"smtp_auth_secret,omitempty"`
 	SMTPAuthIdentity     string          `yaml:"smtp_auth_identity,omitempty" json:"smtp_auth_identity,omitempty"`
 	SMTPRequireTLS       *bool           `yaml:"smtp_require_tls,omitempty" json:"smtp_require_tls,omitempty"`
+	SMTPTLSConfig        *tlsConfig      `yaml:"smtp_tls_config,omitempty" json:"smtp_tls_config,omitempty"`
 	SlackAPIURL          *config.URL     `yaml:"slack_api_url,omitempty" json:"slack_api_url,omitempty"`
 	SlackAPIURLFile      string          `yaml:"slack_api_url_file,omitempty" json:"slack_api_url_file,omitempty"`
 	PagerdutyURL         *config.URL     `yaml:"pagerduty_url,omitempty" json:"pagerduty_url,omitempty"`