Address review comments

- Made a change to demarcate `AlertSourceToken` as required

- Now error if an authorization header is set, and a alert_source_token is set

- Ensure the alert source endpoint is no longer secret

- Add documentation for the incidentio_config

Signed-off-by: Rory Malcolm <[email protected]>

Author: rorymalcolm

config/notifiers.go

@@ -535,16 +535,18 @@ type IncidentioConfig struct {
 	HTTPConfig *commoncfg.HTTPClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"`
 
 	// URL to send POST request to.
-	URL     *SecretURL `yaml:"url" json:"url"`
-	URLFile string     `yaml:"url_file" json:"url_file"`
+	URL     *URL   `yaml:"url" json:"url"`
+	URLFile string `yaml:"url_file" json:"url_file"`
 
 	// AlertSourceToken is the key used to authenticate with the alert source in incident.io.
 	AlertSourceToken     Secret `yaml:"alert_source_token,omitempty" json:"alert_source_token,omitempty"`
 	AlertSourceTokenFile string `yaml:"alert_source_token_file,omitempty" json:"alert_source_token_file,omitempty"`
 
 	// MaxAlerts is the maximum number of alerts to be sent per incident.io message.
 	// Alerts exceeding this threshold will be truncated. Setting this to 0
-	// allows an unlimited number of alerts.
+	// allows an unlimited number of alerts. Note that if the payload exceeds
+	// incident.io's size limits, you will receive a 429 response and alerts
+	// will not be ingested.
 	MaxAlerts uint64 `yaml:"max_alerts" json:"max_alerts"`
 
 	// Timeout is the maximum time allowed to invoke incident.io. Setting this to 0
@@ -568,6 +570,12 @@ func (c *IncidentioConfig) UnmarshalYAML(unmarshal func(interface{}) error) erro
 	if c.AlertSourceToken != "" && c.AlertSourceTokenFile != "" {
 		return errors.New("at most one of alert_source_token & alert_source_token_file must be configured")
 	}
+	if c.AlertSourceToken == "" && c.AlertSourceTokenFile == "" {
+		return errors.New("one of alert_source_token or alert_source_token_file must be configured")
+	}
+	if c.HTTPConfig != nil && c.HTTPConfig.Authorization != nil && (c.AlertSourceToken != "" || c.AlertSourceTokenFile != "") {
+		return errors.New("cannot specify both alert_source_token/alert_source_token_file and http_config.authorization")
+	}
 	return nil
 }
 

docs/configuration.md

@@ -748,6 +748,8 @@ opsgenie_configs:
   [ - <opsgenie_config>, ... ]
 pagerduty_configs:
   [ - <pagerduty_config>, ... ]
+incidentio_configs:
+  [ - <incidentio_config>, ... ]
 pushover_configs:
   [ - <pushover_config>, ... ]
 rocketchat_configs:
@@ -1673,6 +1675,40 @@ There is a list of
 [integrations](https://prometheus.io/docs/operating/integrations/#alertmanager-webhook-receiver) with
 this feature.
 
+### `<incidentio_config>`
+
+incident.io notifications are sent via the [incident.io Alert Sources API](https://incident.io/docs/api/alert-sources).
+
+```yaml
+# Whether to notify about resolved alerts.
+[ send_resolved: <boolean> | default = true ]
+
+# The HTTP client's configuration.
+[ http_config: <http_config> | default = global.http_config ]
+
+# The URL to send the incident.io alert. This would typically be provided by the 
+# incident.io team when setting up an alert source.
+# URL and URL_file are mutually exclusive.
+url: <string>
+url_file: <filepath>
+
+# The alert source token is used to authenticate with incident.io.
+# alert_source_token and alert_source_token_file are mutually exclusive.
+[ alert_source_token: <secret> ]
+[ alert_source_token_file: <filepath> ]
+
+# The maximum number of alerts to be sent per incident.io message.
+# Alerts exceeding this threshold will be truncated. Setting this to 0
+# allows an unlimited number of alerts. Note that if the payload exceeds 
+# incident.io's size limits, you will receive a 429 response and alerts 
+# will not be ingested.
+[ max_alerts: <int> | default = 0 ]
+
+# Timeout is the maximum time allowed to invoke incident.io. Setting this to 0
+# does not impose a timeout.
+[ timeout: <duration> | default = 0s ]
+```
+
 ### `<wechat_config>`
 
 WeChat notifications are sent via the [WeChat

notify/incidentio/incidentio.go

@@ -17,6 +17,7 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"log/slog"
@@ -43,29 +44,36 @@ type Notifier struct {
 
 // New returns a new incident.io notifier.
 func New(conf *config.IncidentioConfig, t *template.Template, l *slog.Logger, httpOpts ...commoncfg.HTTPClientOption) (*Notifier, error) {
-	// If alert source token is specified, set authorization in HTTP config
+	// Handle authentication configuration
 	if conf.HTTPConfig == nil {
 		conf.HTTPConfig = &commoncfg.HTTPClientConfig{}
 	}
 
+	// Ensure one of AlertSourceToken or AlertSourceTokenFile is provided
+	if conf.AlertSourceToken == "" && conf.AlertSourceTokenFile == "" {
+		return nil, errors.New("one of alert_source_token or alert_source_token_file must be configured")
+	}
+
+	// Error if authorization is already set in HTTPConfig
+	if conf.HTTPConfig.Authorization != nil {
+		return nil, errors.New("cannot specify both alert_source_token/alert_source_token_file and http_config.authorization")
+	}
+
+	// Set authorization from token or token file
 	if conf.AlertSourceToken != "" {
-		if conf.HTTPConfig.Authorization == nil {
-			conf.HTTPConfig.Authorization = &commoncfg.Authorization{
-				Type:        "Bearer",
-				Credentials: commoncfg.Secret(conf.AlertSourceToken),
-			}
+		conf.HTTPConfig.Authorization = &commoncfg.Authorization{
+			Type:        "Bearer",
+			Credentials: commoncfg.Secret(conf.AlertSourceToken),
 		}
 	} else if conf.AlertSourceTokenFile != "" {
 		content, err := os.ReadFile(conf.AlertSourceTokenFile)
 		if err != nil {
 			return nil, fmt.Errorf("failed to read alert_source_token_file: %w", err)
 		}
 
-		if conf.HTTPConfig.Authorization == nil {
-			conf.HTTPConfig.Authorization = &commoncfg.Authorization{
-				Type:        "Bearer",
-				Credentials: commoncfg.Secret(strings.TrimSpace(string(content))),
-			}
+		conf.HTTPConfig.Authorization = &commoncfg.Authorization{
+			Type:        "Bearer",
+			Credentials: commoncfg.Secret(strings.TrimSpace(string(content))),
 		}
 	}
 
@@ -83,10 +91,6 @@ func New(conf *config.IncidentioConfig, t *template.Template, l *slog.Logger, ht
 		retrier: &notify.Retrier{
 			RetryCodes: []int{
 				http.StatusTooManyRequests, // 429
-				http.StatusInternalServerError,
-				http.StatusBadGateway,
-				http.StatusServiceUnavailable,
-				http.StatusGatewayTimeout,
 			},
 			CustomDetailsFunc: errDetails,
 		},
@@ -124,7 +128,7 @@ func (n *Notifier) Notify(ctx context.Context, alerts ...*types.Alert) (bool, er
 	n.logger.Debug("incident.io notification", "groupKey", groupKey)
 
 	msg := &Message{
-		Version:         "4",
+		Version:         "1",
 		Data:            data,
 		GroupKey:        groupKey.String(),
 		TruncatedAlerts: numTruncated,
@@ -197,8 +201,5 @@ func errDetails(status int, body io.Reader) string {
 		parts = append(parts, strings.Join(errorResponse.Errors, ", "))
 	}
 
-	if len(parts) > 0 {
-		return strings.Join(parts, ": ")
-	}
-	return ""
+	return strings.Join(parts, ": ")
 }