From e2326649a76738f15ad7676198c3fcd7710fa11d Mon Sep 17 00:00:00 2001
From: Tito Lins <tito.linsesilva@grafana.com>
Date: Fri, 20 Sep 2024 02:25:49 +0200
Subject: [PATCH] use tlsConfig to send webhooks

---
 pkg/alertmanager/sender.go | 44 +++++++++++++++++++++-----------------
 1 file changed, 24 insertions(+), 20 deletions(-)

diff --git a/pkg/alertmanager/sender.go b/pkg/alertmanager/sender.go
index 1a3fa42a472..01e8b145892 100644
--- a/pkg/alertmanager/sender.go
+++ b/pkg/alertmanager/sender.go
@@ -24,32 +24,14 @@ import (
 	"github.com/grafana/mimir/pkg/util/version"
 )
 
-var (
-	ErrInvalidMethod = errors.New("webhook only supports HTTP methods PUT or POST")
-)
+var ErrInvalidMethod = errors.New("webhook only supports HTTP methods PUT or POST")
 
 type Sender struct {
-	c   *http.Client
 	log log.Logger
 }
 
 func NewSender(log log.Logger) *Sender {
-	netTransport := &http.Transport{
-		TLSClientConfig: &tls.Config{
-			Renegotiation: tls.RenegotiateFreelyAsClient,
-		},
-		Proxy: http.ProxyFromEnvironment,
-		Dial: (&net.Dialer{
-			Timeout: 30 * time.Second,
-		}).Dial,
-		TLSHandshakeTimeout: 5 * time.Second,
-	}
-	c := &http.Client{
-		Timeout:   time.Second * 30,
-		Transport: netTransport,
-	}
 	return &Sender{
-		c:   c,
 		log: log,
 	}
 }
@@ -86,7 +68,7 @@ func (s *Sender) SendWebhook(ctx context.Context, cmd *alertingReceivers.SendWeb
 		request.Header.Set(k, v)
 	}
 
-	resp, err := s.c.Do(request)
+	resp, err := tlsClient(cmd.TLSConfig).Do(request)
 	if err != nil {
 		return err
 	}
@@ -117,3 +99,25 @@ func (s *Sender) SendWebhook(ctx context.Context, cmd *alertingReceivers.SendWeb
 	level.Debug(s.log).Log("msg", "Webhook failed", "url", cmd.URL, "statuscode", resp.Status, "body", string(body))
 	return fmt.Errorf("webhook response status %v", resp.Status)
 }
+
+func tlsClient(tlsConfig *tls.Config) *http.Client {
+	nc := func(tlsConfig *tls.Config) *http.Client {
+		return &http.Client{
+			Timeout: time.Second * 30,
+			Transport: &http.Transport{
+				TLSClientConfig: tlsConfig,
+				Proxy:           http.ProxyFromEnvironment,
+				Dial: (&net.Dialer{
+					Timeout: 30 * time.Second,
+				}).Dial,
+				TLSHandshakeTimeout: 5 * time.Second,
+			},
+		}
+	}
+
+	if tlsConfig == nil {
+		return nc(&tls.Config{Renegotiation: tls.RenegotiateFreelyAsClient})
+	}
+
+	return nc(tlsConfig)
+}