diff --git a/.github/workflows/publish-test-e2e-images.yaml b/.github/workflows/publish-test-e2e-images.yaml index aee5d03ec1..2f91f08549 100644 --- a/.github/workflows/publish-test-e2e-images.yaml +++ b/.github/workflows/publish-test-e2e-images.yaml @@ -53,3 +53,8 @@ jobs: with: path: nodejs platforms: linux/arm64,linux/amd64,linux/s390x,linux/ppc64le + metrics-basic-auth: + uses: ./.github/workflows/reusable-publish-test-e2e-images.yaml + with: + path: metrics-basic-auth + platforms: linux/arm64,linux/amd64,linux/s390x,linux/ppc64le diff --git a/tests/test-e2e-apps/metrics-basic-auth/Dockerfile b/tests/test-e2e-apps/metrics-basic-auth/Dockerfile new file mode 100644 index 0000000000..0a2d008a30 --- /dev/null +++ b/tests/test-e2e-apps/metrics-basic-auth/Dockerfile @@ -0,0 +1,10 @@ +FROM python:3.11-slim + +COPY requirements.txt . +RUN pip install -r requirements.txt + +COPY app.py . + +EXPOSE 9123 + +CMD ["python", "app.py"] diff --git a/tests/test-e2e-apps/metrics-basic-auth/README.md b/tests/test-e2e-apps/metrics-basic-auth/README.md new file mode 100644 index 0000000000..16ccb48474 --- /dev/null +++ b/tests/test-e2e-apps/metrics-basic-auth/README.md @@ -0,0 +1,8 @@ +# Metrics Basic Auth E2E Test App +Simple web application used in an end-to-end (E2E) test to verify that the OpenTelemetry collector can retrieve secret authentication details from the target allocator over mTLS. + +## Overview +The web app provides a metrics endpoint secured with basic authentication, simulating real-world scenarios where services require secure access to their metrics. + +## Usage +This app is used within the E2E test suite to verify the OpenTelemetry operator's handling of mTLS-secured communications. \ No newline at end of file diff --git a/tests/test-e2e-apps/metrics-basic-auth/app.py b/tests/test-e2e-apps/metrics-basic-auth/app.py new file mode 100644 index 0000000000..f2ffaa7f64 --- /dev/null +++ b/tests/test-e2e-apps/metrics-basic-auth/app.py @@ -0,0 +1,36 @@ +import os +os.environ['PROMETHEUS_DISABLE_CREATED_SERIES'] = 'true' + +from flask import Flask, Response, request +from prometheus_client import Gauge, generate_latest, REGISTRY, PROCESS_COLLECTOR, PLATFORM_COLLECTOR, GC_COLLECTOR + +app = Flask(__name__) + +REGISTRY.unregister(PROCESS_COLLECTOR) +REGISTRY.unregister(PLATFORM_COLLECTOR) +REGISTRY.unregister(GC_COLLECTOR) + +secure = Gauge('authenticated', 'Client was authenticated') +secure.set(1) + +USERNAME = "user" +PASSWORD = "t0p$ecreT" + +def check_auth(username, password): + return username == USERNAME and password == PASSWORD + +def authenticate(): + return Response( + 'Could not verify your access level for that URL.\n' + 'You have to login with proper credentials', 401, + {'WWW-Authenticate': 'Basic realm="Login Required"'}) + +@app.route('/metrics') +def metrics(): + auth = request.authorization + if not auth or not check_auth(auth.username, auth.password): + return authenticate() + return Response(generate_latest(), mimetype='text/plain') + +if __name__ == '__main__': + app.run(host='0.0.0.0', port=9123) diff --git a/tests/test-e2e-apps/metrics-basic-auth/requirements.txt b/tests/test-e2e-apps/metrics-basic-auth/requirements.txt new file mode 100644 index 0000000000..865b49ac22 --- /dev/null +++ b/tests/test-e2e-apps/metrics-basic-auth/requirements.txt @@ -0,0 +1,2 @@ +Flask==2.3.3 +prometheus_client==0.20.0