alertmanager: add webhookURL secret validation to checkMSTeamsConfigs#8294
Merged
simonpasquier merged 1 commit intoprometheus-operator:release-0.88from Jan 19, 2026
Conversation
Validate that the webhookURL secret exists in checkMSTeamsConfigs, consistent with checkMSTeamsV2Configs. This prevents operator degradation when an AlertmanagerConfig references a missing secret. Signed-off-by: Jayapriya Pai <slashpai9@gmail.com>
simonpasquier
approved these changes
Jan 19, 2026
8a8faa8
into
prometheus-operator:release-0.88
22 checks passed
heliapb
pushed a commit
to heliapb/prometheus-operator
that referenced
this pull request
Jan 21, 2026
…prometheus-operator#8294) Validate that the webhookURL secret exists in checkMSTeamsConfigs, consistent with checkMSTeamsV2Configs. This prevents operator degradation when an AlertmanagerConfig references a missing secret. Signed-off-by: Jayapriya Pai <slashpai9@gmail.com>
slashpai
added a commit
to slashpai/prometheus-operator
that referenced
this pull request
Jan 23, 2026
…prometheus-operator#8294) Validate that the webhookURL secret exists in checkMSTeamsConfigs, consistent with checkMSTeamsV2Configs. This prevents operator degradation when an AlertmanagerConfig references a missing secret. Signed-off-by: Jayapriya Pai <slashpai9@gmail.com> (cherry picked from commit 8a8faa8)
openshift-cherrypick-robot
pushed a commit
to openshift-cherrypick-robot/prometheus-operator
that referenced
this pull request
Jan 27, 2026
…prometheus-operator#8294) Validate that the webhookURL secret exists in checkMSTeamsConfigs, consistent with checkMSTeamsV2Configs. This prevents operator degradation when an AlertmanagerConfig references a missing secret. Signed-off-by: Jayapriya Pai <slashpai9@gmail.com> (cherry picked from commit 8a8faa8)
slashpai
added a commit
to slashpai/prometheus-operator
that referenced
this pull request
Jan 28, 2026
…prometheus-operator#8294) Validate that the webhookURL secret exists in checkMSTeamsConfigs, consistent with checkMSTeamsV2Configs. This prevents operator degradation when an AlertmanagerConfig references a missing secret. Signed-off-by: Jayapriya Pai <slashpai9@gmail.com>
slashpai
added a commit
to slashpai/prometheus-operator
that referenced
this pull request
Jan 28, 2026
…prometheus-operator#8294) Validate that the webhookURL secret exists in checkMSTeamsConfigs, consistent with checkMSTeamsV2Configs. This prevents operator degradation when an AlertmanagerConfig references a missing secret. Signed-off-by: Jayapriya Pai <slashpai9@gmail.com>
simonpasquier
added a commit
that referenced
this pull request
Jan 28, 2026
* alertmanager: add webhookURL secret validation to checkMSTeamsConfigs (#8294) Validate that the webhookURL secret exists in checkMSTeamsConfigs, consistent with checkMSTeamsV2Configs. This prevents operator degradation when an AlertmanagerConfig references a missing secret. Signed-off-by: Jayapriya Pai <slashpai9@gmail.com> * fix: undo maximum version to EC2 and Lightsail SD Signed-off-by: Hélia Barroso <helia_barroso@hotmail.com> * fix: implement template URL validations This commit relaxes URL validation for Webhook and Pushover configurations because they support Go template syntax. Signed-off-by: Simon Pasquier <spasquie@redhat.com> * fix: am slack templating issue * fix: relax validation on Pushover URL The Pushover URL can be a template string. Related to #8315 Signed-off-by: Simon Pasquier <spasquie@redhat.com> * fix: relax validation on RocketChat template URLs Relates to #8315 Signed-off-by: Simon Pasquier <spasquie@redhat.com> * fix: allow templated URLs in PagerDuty config fields Change ClientURL and Href fields in PagerDutyConfig, PagerDutyImageConfig, and PagerDutyLinkConfig from *URL to *string to support Go templates. Related-to #8315 Signed-off-by: Jayapriya Pai <slashpai9@gmail.com> * fix: relax URL validation on WebhookConfig Relates to #8315 Signed-off-by: Simon Pasquier <spasquie@redhat.com> * fix: correctly assign IconURL, ImageURL, ThumbURL in Slack config Signed-off-by: Jayapriya Pai <slashpai9@gmail.com> * chore: cut v0.88.1 Signed-off-by: Jayapriya Pai <slashpai9@gmail.com> * make generate Signed-off-by: Jayapriya Pai <slashpai9@gmail.com> --------- Signed-off-by: Jayapriya Pai <slashpai9@gmail.com> Signed-off-by: Hélia Barroso <helia_barroso@hotmail.com> Signed-off-by: Simon Pasquier <spasquie@redhat.com> Co-authored-by: Hélia Barroso <helia_barroso@hotmail.com> Co-authored-by: Simon Pasquier <spasquie@redhat.com>
renovate bot
added a commit
to sdwilsh/ansible-playbooks
that referenced
this pull request
Feb 21, 2026
…r to v0.89.0 ##### [\`v0.89.0\`](https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.89.0) - \[ENHANCEMENT] Add `hostNetwork` field to the `Alertmanager` CRD. [#8281](prometheus-operator/prometheus-operator#8281) - \[ENHANCEMENT] Add the `crds` and `full-crds` commands to the operator's binary. [#8251](prometheus-operator/prometheus-operator#8251) - \[ENHANCEMENT] Report deprecated field usage in the `Reconciled` condition type. [#8236](prometheus-operator/prometheus-operator#8236) - \[ENHANCEMENT] Avoid unnecessary reconciliation upon creation of the `ThanosRuler` StatefulSet. [#8347](prometheus-operator/prometheus-operator#8347) - \[ENHANCEMENT] Add `bodySizeLimit` to the ScrapeConfig CRD. [#8348](prometheus-operator/prometheus-operator#8348) - \[ENHANCEMENT] Support `http_headers` field in the Alertmanager Secret. [#8357](prometheus-operator/prometheus-operator#8357) - \[ENHANCEMENT] Add the `-kubelet-http-metrics` flag to enable/disable the HTTP metrics port in the Kubelet endpoint (default=enabled). [#8350](prometheus-operator/prometheus-operator#8350) - \[ENHANCEMENT] Include `operator.prometheus.io/version` annotation in the full version of CRDs. [#8279](prometheus-operator/prometheus-operator#8279) - \[BUGFIX] Validate VictorOps global configuration in the `Alertmanager` CRD. [#8020](prometheus-operator/prometheus-operator#8020) - \[BUGFIX] Validate Jira global configuration in the `Alertmanager` CRD. [#8265](prometheus-operator/prometheus-operator#8265) - \[BUGFIX] Validate VictorOps receiver's URL in the `AlertmanagerConfig` CRD. [#8258](prometheus-operator/prometheus-operator#8258) - \[BUGFIX] Validate Webex receiver's URL in the `AlertmanagerConfig` CRD. [#8255](prometheus-operator/prometheus-operator#8255) - \[BUGFIX] Validate Jira receiver's URL configuration in the `AlertmanagerConfig` CRD. [#8230](prometheus-operator/prometheus-operator#8230) - \[BUGFIX] Validate OpsGenie receiver configuration in the `AlertmanagerConfig` CRD. [#8267](prometheus-operator/prometheus-operator#8267) - \[BUGFIX] Validate WeChat receiver configuration in the `AlertmanagerConfig` CRD. [#8271](prometheus-operator/prometheus-operator#8271) - \[BUGFIX] Validate SNS receiver configuration in the `AlertmanagerConfig` CRD. [#8217](prometheus-operator/prometheus-operator#8217) - \[BUGFIX] Validate Webex global configuration in the `Alertmanager` CRD. [#7979](prometheus-operator/prometheus-operator#7979) - \[BUGFIX] Validate Telegram global configuration in the `Alertmanager` CRD. [#8268](prometheus-operator/prometheus-operator#8268) - \[BUGFIX] Restore statefulset's labels if the creation fails with AlreadyExists. [#8343](prometheus-operator/prometheus-operator#8343) - \[BUGFIX] Fix potential panic due to informer cache races. [#8310](prometheus-operator/prometheus-operator#8310) - \[BUGFIX] Support probers defined with IPv6 addresses in the `Probe` CRD. [#8354](prometheus-operator/prometheus-operator#8354) - \[BUGFIX] Prevent group and repeat intervals with zero duration from breaking Alertmanager. [#8126](prometheus-operator/prometheus-operator#8126) - \[BUGFIX] Propagate all supported RocketChat attributes for `AlertmanagerConfig` CRD. [#8016](prometheus-operator/prometheus-operator#8016) - \[BUGFIX] Add URL validation for WeChat receiver. [#8256](prometheus-operator/prometheus-operator#8256) - \[BUGFIX] Add URL validation for SNS receiver. [#8259](prometheus-operator/prometheus-operator#8259) - \[BUGFIX] Fix GCE service discovery for the `ScrapeConfig` CRD. [#8284](prometheus-operator/prometheus-operator#8284) - \[BUGFIX] Avoid stale conditions in `Alertmanager`, `ThanosRuler`, `Prometheus` and `PrometheusAgent` resources. [#8304](prometheus-operator/prometheus-operator#8304) - \[BUGFIX] Fix race condition when updating rule ConfigMaps. [#8290](prometheus-operator/prometheus-operator#8290) - \[BUGFIX] Fix race condition when patching finalizers. [#8323](prometheus-operator/prometheus-operator#8323) - \[BUGFIX] Reconcile `ScrapeConfig` resources when namespace selection changes. [#8334](prometheus-operator/prometheus-operator#8334) --- ##### [\`v0.88.1\`](https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.88.1) - \[BUGFIX] Validate `webhookURL` secret for `MSTeams` receiver in `AlertmanagerConfig` CRD. [#8294](prometheus-operator/prometheus-operator#8294) - \[BUGFIX] Revert maximum version check for `EC2/Lightsail` SD in `ScrapeConfig` CRD. [#8308](prometheus-operator/prometheus-operator#8308) - \[BUGFIX] Relax URL validation in `Slack` receiver in AlertmanagerConfig CRD to support Go templates. [#8299](prometheus-operator/prometheus-operator#8299) [#8331](prometheus-operator/prometheus-operator#8331) - \[BUGFIX] Relax URL validation in `PagerDuty` in AlertmanagerConfig CRD to support Go templates. [#8319](prometheus-operator/prometheus-operator#8319) - \[BUGFIX] Relax URL validation in `WebhookConfig` in AlertmanagerConfig CRD to support Go templates. [#8307](prometheus-operator/prometheus-operator#8307) [#8317](prometheus-operator/prometheus-operator#8317) - \[BUGFIX] Relax URL validation in `RocketChat` receiver in AlertmanagerConfig CRD to support Go templates. [#8318](prometheus-operator/prometheus-operator#8318) - \[BUGFIX] Relax URL validation in `Pushover` receiver in AlertmanagerConfig CRD to support Go templates. [#8307](prometheus-operator/prometheus-operator#8307) [#8316](prometheus-operator/prometheus-operator#8316)
openshift-cherrypick-robot
pushed a commit
to openshift-cherrypick-robot/prometheus-operator
that referenced
this pull request
Feb 24, 2026
…prometheus-operator#8294) Validate that the webhookURL secret exists in checkMSTeamsConfigs, consistent with checkMSTeamsV2Configs. This prevents operator degradation when an AlertmanagerConfig references a missing secret. Signed-off-by: Jayapriya Pai <slashpai9@gmail.com> (cherry picked from commit 8a8faa8)
openshift-cherrypick-robot
pushed a commit
to openshift-cherrypick-robot/prometheus-operator
that referenced
this pull request
Feb 25, 2026
…prometheus-operator#8294) Validate that the webhookURL secret exists in checkMSTeamsConfigs, consistent with checkMSTeamsV2Configs. This prevents operator degradation when an AlertmanagerConfig references a missing secret. Signed-off-by: Jayapriya Pai <slashpai9@gmail.com> (cherry picked from commit 8a8faa8)
openshift-cherrypick-robot
pushed a commit
to openshift-cherrypick-robot/prometheus-operator
that referenced
this pull request
Feb 26, 2026
…prometheus-operator#8294) Validate that the webhookURL secret exists in checkMSTeamsConfigs, consistent with checkMSTeamsV2Configs. This prevents operator degradation when an AlertmanagerConfig references a missing secret. Signed-off-by: Jayapriya Pai <slashpai9@gmail.com> (cherry picked from commit 8a8faa8)
openshift-cherrypick-robot
pushed a commit
to openshift-cherrypick-robot/prometheus-operator
that referenced
this pull request
Feb 27, 2026
…prometheus-operator#8294) Validate that the webhookURL secret exists in checkMSTeamsConfigs, consistent with checkMSTeamsV2Configs. This prevents operator degradation when an AlertmanagerConfig references a missing secret. Signed-off-by: Jayapriya Pai <slashpai9@gmail.com> (cherry picked from commit 8a8faa8)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Validate that the webhookURL secret exists in checkMSTeamsConfigs, consistent with checkMSTeamsV2Configs. This prevents operator degradation when an AlertmanagerConfig references a missing secret.
Description
Describe the big picture of your changes here to communicate to the maintainers why we should accept this pull request.
Closes: #ISSUE-NUMBER
If you're contributing for the first-time, check our contribution guidelines.
Type of change
What type of changes does your code introduce to the Prometheus operator? Put an
xin the box that apply.CHANGE(fix or feature that would cause existing functionality to not work as expected)FEATURE(non-breaking change which adds functionality)BUGFIX(non-breaking change which fixes an issue)ENHANCEMENT(non-breaking change which improves existing functionality)NONE(if none of the other choices apply. Example, tooling, build system, CI, docs, etc.)Verification
Please check the Prometheus-Operator testing guidelines for recommendations about automated tests.
Changelog entry
Please put a one-line changelog entry below. This will be copied to the changelog file during the release process.