Add missing OAuth2 field to IonosSDConfig generation#8433
Merged
simonpasquier merged 3 commits intoprometheus-operator:mainfrom Mar 12, 2026
Merged
Add missing OAuth2 field to IonosSDConfig generation#8433simonpasquier merged 3 commits intoprometheus-operator:mainfrom
simonpasquier merged 3 commits intoprometheus-operator:mainfrom
Conversation
Signed-off-by: Sanchit2662 <sanchit2662@gmail.com>
Contributor
Author
|
Hi @simonpasquier , please review the change. |
Contributor
|
Better adding the test cases in |
heliapb
reviewed
Mar 11, 2026
Member
heliapb
left a comment
There was a problem hiding this comment.
Hi @Sanchit2662 good catch, but pls follow @nutmos recommendation and add a test as well
Signed-off-by: Sanchit2662 <sanchit2662@gmail.com>
Contributor
Author
|
Hi @heliapb , added the test case. |
Signed-off-by: Sanchit2662 <sanchit2662@gmail.com>
simonpasquier
approved these changes
Mar 12, 2026
edeba24
into
prometheus-operator:main
28 of 30 checks passed
alexlebens
pushed a commit
to alexlebens/infrastructure
that referenced
this pull request
Mar 20, 2026
…r to v0.90.0 (#4885) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [prometheus-operator/prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) | minor | `v0.89.0` → `v0.90.0` | --- >⚠️ **Warning** > > Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/2) for more information. --- ### Release Notes <details> <summary>prometheus-operator/prometheus-operator (prometheus-operator/prometheus-operator)</summary> ### [`v0.90.0`](https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.90.0): 0.90.0 / 2026-03-19 [Compare Source](prometheus-operator/prometheus-operator@v0.89.0...v0.90.0) - \[CHANGE/BUGFIX] Validate that the remote-write URL scheme is either `http` or `https`. [#​8455](prometheus-operator/prometheus-operator#8455) - \[FEATURE] Add `--repair-policy-for-statefulsets` CLI argument to the operator. It defines how the operator manages StatefulSet's pods stuck at an incorrect revision. Users running Kubernetes v1.35+ are encouraged to enable this feature (see [troubleshooting guide](https://prometheus-operator.dev/docs/platform/troubleshooting/#statefulset-rollout-stuck-after-a-bad-update)). [#​8443](prometheus-operator/prometheus-operator#8443) - \[FEATURE] Add `schedulerName` support to the `Prometheus`, `PrometheusAgent`, `Alertmanager` and `ThanosRuler` CRDs. [#​8451](prometheus-operator/prometheus-operator#8451) - \[ENHANCEMENT] Add `--web.tls-curves` CLI argument to the operator and admission-webhook binaries. [#​8385](prometheus-operator/prometheus-operator#8385) - \[ENHANCEMENT] Support minimum TLS version for Thanos gRPC servers. [#​8438](prometheus-operator/prometheus-operator#8438) - \[ENHANCEMENT] Add version label to `ThanosRuler` pods. [#​8441](prometheus-operator/prometheus-operator#8441) - \[ENHANCEMENT] Add `messageText` support for Slack receiver in `AlertmanagerConfig` CRD. [#​8374](prometheus-operator/prometheus-operator#8374) - \[ENHANCEMENT] Add `messageText` support for Slack receiver in Alertmanager secret config. [#​8375](prometheus-operator/prometheus-operator#8375) - \[ENHANCEMENT] Add `forceImplicitTLS` support for SMTP email config in Alertmanager secret config. [#​8384](prometheus-operator/prometheus-operator#8384) [#​8404](prometheus-operator/prometheus-operator#8404) - \[ENHANCEMENT] Add `forceImplicitTLS` support for SMTP email config in `AlertmanagerConfig` CRD. [#​8386](prometheus-operator/prometheus-operator#8386) - \[ENHANCEMENT] Add `forceImplicitTLS` support for SMTP global config in Alertmanager secret config. [#​8405](prometheus-operator/prometheus-operator#8405) - \[ENHANCEMENT] Add `forceImplicitTLS` support for SMTP global config in `Alertmanager` CRD. [#​8406](prometheus-operator/prometheus-operator#8406) - \[ENHANCEMENT] Add support for global Telegram bot token in `Alertmanager` CRD. [#​8372](prometheus-operator/prometheus-operator#8372) - \[ENHANCEMENT] Add `chatIDFile` support for Telegram receiver in Alertmanager secret config. [#​8376](prometheus-operator/prometheus-operator#8376) - \[ENHANCEMENT] Add `wechatAPISecretFile` support in Alertmanager global config. [#​8377](prometheus-operator/prometheus-operator#8377) - \[ENHANCEMENT] Add `authSecretFile` support for email config in Alertmanager secret config. [#​8396](prometheus-operator/prometheus-operator#8396) - \[ENHANCEMENT] Add nested field support for PagerDuty description in Alertmanager secret config. [#​8402](prometheus-operator/prometheus-operator#8402) - \[ENHANCEMENT] Add email threading support in Alertmanager secret config. [#​8388](prometheus-operator/prometheus-operator#8388) - \[ENHANCEMENT] Add field and label selectors for ConfigMap watches. [#​8368](prometheus-operator/prometheus-operator#8368) - \[ENHANCEMENT] Improve ScrapeConfig API consistency and validation. [#​8422](prometheus-operator/prometheus-operator#8422) - \[BUGFIX] Fix `ThanosRuler` config resource status not being updated on initial StatefulSet creation. [#​8358](prometheus-operator/prometheus-operator#8358) - \[BUGFIX] Preserve `LastTransitionTime` in Prometheus status conditions. [#​8346](prometheus-operator/prometheus-operator#8346) - \[BUGFIX] Make Mattermost `text` field optional in `AlertmanagerConfig` CRD. [#​8363](prometheus-operator/prometheus-operator#8363) - \[BUGFIX] Remove nil error wrapping in v1alpha1 duplicate receiver validation. [#​8379](prometheus-operator/prometheus-operator#8379) - \[BUGFIX] Aggregate `Available` condition across Prometheus shards. [#​8434](prometheus-operator/prometheus-operator#8434) - \[BUGFIX] Reconcile resources with inconsistent status. [#​8397](prometheus-operator/prometheus-operator#8397) - \[BUGFIX] Fix namespace lister/watcher compatibility with Kubernetes v1.35 client-go. [#​8431](prometheus-operator/prometheus-operator#8431) - \[BUGFIX] Fix missing OAuth2 field in IonosSDConfig generation. [#​8433](prometheus-operator/prometheus-operator#8433) - \[BUGFIX] Fix missing fields in AzureSDConfig. [#​8444](prometheus-operator/prometheus-operator#8444) - \[BUGFIX] Validate Microsoft Teams V2 URL in `AlertmanagerConfig` CRD. [#​8227](prometheus-operator/prometheus-operator#8227) - \[BUGFIX] Fix `labelmap` relabel action rejecting valid replacement values with template variables for Prometheus 2.x. [#​8337](prometheus-operator/prometheus-operator#8337) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=--> Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4885 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I found a bug in the prometheus-operator where the OAuth2 field in IonosSDConfig was being silently ignored during Prometheus configuration generation.
Here's what was happening: Users could define OAuth2 authentication in their ScrapeConfig's IonosSDConfig block, and the operator would validate it correctly and store the credentials. But when it came time to generate the actual Prometheus configuration, the OAuth2 field was never being rendered into the YAML. So users thought they had OAuth2 configured for IONOS service discovery, but it was completely missing from the final config.I traced through the code and found that every other service discovery config type (HTTPSDConfig, ConsulSDConfig, KubernetesSDConfig, etc.) had a call to addOAuth2ToYaml() in their config generation blocks, but IonosSDConfig was missing this line. It was a simple oversight , just one line that needed to be added.
The fix was straightforward: I added a single line in pkg/prometheus/promcfg.go to call addOAuth2ToYaml() for the OAuth2 field, right after handling the Authorization field. This follows the exact same pattern already established for all other SD configs in the codebase.Now OAuth2 authentication for IONOS service discovery actually gets rendered into the Prometheus configuration as intended, and users won't be silently misconfigured anymore.