Start adding loki to the auth test

Signed-off-by: Pete Wall <pete.wall@grafana.com>

Author: petewall

charts/k8s-monitoring/tests/integration/auth/.rendered/output.yaml

@@ -1,6 +1,5 @@
 htpasswd:
-	htpasswd -c -B -b htpasswd promuser prompassword
-	htpasswd -B -b htpasswd oteluser otelpassword
+	htpasswd -c -B -b htpasswd basicuser basicpassword
 
 passwords.yaml: htpasswd
 	echo "---" > passwords.yaml

charts/k8s-monitoring/tests/integration/auth/configs/Makefile

@@ -7,3 +7,11 @@ datasources:
         type: prometheus
         url: http://prometheus-server.prometheus.svc:9090
         isDefault: true
+
+      - name: Loki
+        type: loki
+        url: http://loki.loki.svc:3100
+        jsonData:
+          httpHeaderName1: X-Scope-OrgID
+        secureJsonData:
+          httpHeaderValue1: "1"

charts/k8s-monitoring/tests/integration/auth/configs/grafana.yaml

@@ -0,0 +1,33 @@
+---
+deploymentMode: SingleBinary
+loki:
+  commonConfig:
+    replication_factor: 1
+  storage:
+    type: 'filesystem'
+  schemaConfig:
+    configs:
+      - from: "2024-01-01"
+        store: tsdb
+        index:
+          prefix: loki_index_
+          period: 24h
+        object_store: filesystem  # we're storing on filesystem so there's no real persistence here.
+        schema: v13
+singleBinary:
+  replicas: 1
+read:
+  replicas: 0
+backend:
+  replicas: 0
+write:
+  replicas: 0
+
+chunksCache:
+  enabled: false
+resultsCache:
+  enabled: false
+lokiCanary:
+  enabled: false
+test:
+  enabled: false

charts/k8s-monitoring/tests/integration/auth/configs/loki.yaml

@@ -0,0 +1,42 @@
+---
+service:
+  type: ClusterIP
+serverBlock: |-
+  server {
+    listen 0.0.0.0:8080;
+    location /metrics/basic/ {
+      auth_basic "Prometheus Basic Auth";
+      auth_basic_user_file /etc/nginx/conf/htpasswd;
+
+      proxy_pass http://prometheus-server.prometheus.svc:9090/;
+    }
+    location /logs/basic/ {
+      auth_basic "Loki Basic Auth";
+      auth_basic_user_file /etc/nginx/conf/htpasswd;
+
+      proxy_pass http://loki.loki.svc:3100/;
+    }
+  
+    location /metrics/bearer/ {
+      if ($http_authorization != "Bearer my-bearer-token") {
+        return 401;
+      }
+
+      proxy_pass http://prometheus-server.prometheus.svc:9090/;
+    }
+    location /logs/bearer/ {
+      if ($http_authorization != "Bearer my-bearer-token") {
+        return 401;
+      }
+
+      proxy_pass http://loki.loki.svc:3100/;
+    }
+  }
+extraVolumes:
+  - name: passwords-file
+    secret:
+      secretName: passwords
+extraVolumeMounts:
+  - name: passwords-file
+    mountPath: /etc/nginx/conf/htpasswd
+    subPath: htpasswd

charts/k8s-monitoring/tests/integration/auth/configs/nginx-auth-gateway.yaml

@@ -1,7 +1,7 @@
 ---
 apiVersion: v1
 data:
-  htpasswd: cHJvbXVzZXI6JDJ5JDA1JGhuSkJnLzM2QWFkY0RBUG1xazZacE9UaTl6ZHkycG9uU1FXYjFuZzBQOEsvejlJSnhZUHRTCm90ZWx1c2VyOiQyeSQwNSQ5aHpUdFZGRnBxY3U5NnZWTmRlcmt1Tzc0Tk43M0hiaU1MY0JObTdtWWxlaTluVVJxRGI2aQo=
+  htpasswd: YmFzaWN1c2VyOiQyeSQwNSRSMmZRTktpYkFSWVltbWhDUjBBdGxlUi9GdnVWNWd5cThVamxMNkFJWWJiWGV0dmVPcXY0Two=
 kind: Secret
 metadata:
   creationTimestamp: null

charts/k8s-monitoring/tests/integration/auth/configs/nginx-basic-auth.yaml

@@ -9,24 +9,24 @@ deployments:
     version: ^25
     namespace: prometheus
     valuesFile: configs/prometheus.yaml
+  - name: loki
+    type: helm
+    repo: https://grafana.github.io/helm-charts
+    chart: loki
+    namespace: loki
+    valuesFile: configs/loki.yaml
+
   - name: passwords
     type: manifest
-    namespace: prometheus
+    namespace: default
     file: configs/passwords.yaml
-  - name: nginx-basic-auth
-    type: helm
-    repo: https://charts.bitnami.com/bitnami
-    chart: nginx
-    version: 18.2.5
-    namespace: prometheus
-    valuesFile: configs/nginx-basic-auth.yaml
-  - name: nginx-bearer-token
+  - name: nginx-auth-gateway
     type: helm
     repo: https://charts.bitnami.com/bitnami
     chart: nginx
     version: 18.2.5
-    namespace: prometheus
-    valuesFile: configs/nginx-bearer-token.yaml
+    namespace: default
+    valuesFile: configs/nginx-auth-gateway.yaml
 
   - name: grafana
     type: helm

charts/k8s-monitoring/tests/integration/auth/configs/nginx-bearer-token.yaml

@@ -2,6 +2,8 @@
 tests:
   - env:
       PROMETHEUS_URL: http://prometheus-server.prometheus.svc:9090/api/v1/query
+      LOKI_URL: http://loki.loki.svc:3100/loki/api/v1/query
+      LOKI_TENANTID: 1
     queries:
       - query: kubernetes_build_info{cluster="auth-integration-test", destination="prometheus-noauth"}
         type: promql
@@ -15,3 +17,16 @@ tests:
         type: promql
       - query: kubernetes_build_info{cluster="auth-integration-test", destination="prometheus-otlp-bearer-token"}
         type: promql
+
+      - query: count_over_time({cluster="auth-integration-test", destination="loki-noauth", job!="integrations/kubernetes/eventhandler"}[1h])
+        type: logql
+      - query: count_over_time({cluster="auth-integration-test", destination="loki-basicauth", job!="integrations/kubernetes/eventhandler"}[1h])
+        type: logql
+      - query: count_over_time({cluster="auth-integration-test", destination="loki-bearer-token", job!="integrations/kubernetes/eventhandler"}[1h])
+        type: logql
+#      - query: count_over_time({cluster="auth-integration-test", destination="loki-otlp-noauth", job!="integrations/kubernetes/eventhandler"}[1h])
+#        type: logql
+#      - query: count_over_time({cluster="auth-integration-test", destination="loki-otlp-basicauth", job!="integrations/kubernetes/eventhandler"}[1h])
+#        type: logql
+#      - query: count_over_time({cluster="auth-integration-test", destination="loki-otlp-bearer-token", job!="integrations/kubernetes/eventhandler"}[1h])
+#        type: logql

charts/k8s-monitoring/tests/integration/auth/configs/passwords.yaml

@@ -12,20 +12,20 @@ destinations:
 
   - name: prometheus-basicauth
     type: prometheus
-    url: http://nginx-basic-auth.prometheus.svc/auth-gateway/api/v1/write
+    url: http://nginx-auth-gateway.default.svc/metrics/basic/api/v1/write
     auth:
       type: basic
-      username: promuser
-      password: prompassword
+      username: basicuser
+      password: basicpassword
     extraLabels:
       destination: prometheus-basicauth
 
   - name: prometheus-bearer-token
     type: prometheus
-    url: http://nginx-bearer-token.prometheus.svc/remote-write/api/v1/write
+    url: http://nginx-auth-gateway.default.svc/metrics/bearer/api/v1/write
     auth:
       type: bearerToken
-      bearerToken: my-secret-remote-write-token
+      bearerToken: my-bearer-token
     extraLabels:
       destination: prometheus-bearer-token
 
@@ -47,11 +47,11 @@ destinations:
   - name: prometheus-otlp-basicauth
     type: otlp
     protocol: http
-    url: http://nginx-basic-auth.prometheus.svc/auth-gateway/api/v1/otlp
+    url: http://nginx-auth-gateway.default.svc/metrics/basic/api/v1/otlp
     auth:
       type: basic
-      username: oteluser
-      password: otelpassword
+      username: basicuser
+      password: basicpassword
     processors:
       attributes:
         actions:
@@ -65,10 +65,10 @@ destinations:
   - name: prometheus-otlp-bearer-token
     type: otlp
     protocol: http
-    url: http://nginx-bearer-token.prometheus.svc/otlp/api/v1/otlp
+    url: http://nginx-auth-gateway.default.svc/metrics/bearer/api/v1/otlp
     auth:
       type: bearerToken
-      bearerToken: my-secret-otlp-token
+      bearerToken: my-bearer-token
     processors:
       attributes:
         actions:
@@ -79,6 +79,89 @@ destinations:
     logs:     {enabled: false}
     traces:   {enabled: false}
 
+
+  - name: loki-noauth
+    type: loki
+    url: http://loki.loki.svc:3100/loki/api/v1/push
+    tenantId: 1
+    extraLabels:
+      destination: loki-noauth
+
+  - name: loki-basicauth
+    type: loki
+    url: http://nginx-auth-gateway.default.svc/logs/basic/loki/api/v1/push
+    tenantId: 1
+    auth:
+      type: basic
+      username: basicuser
+      password: basicpassword
+    extraLabels:
+      destination: loki-basicauth
+
+  - name: loki-bearer-token
+    type: loki
+    url: http://nginx-auth-gateway.default.svc/logs/bearer/loki/api/v1/push
+    tenantId: 1
+    auth:
+      type: bearerToken
+      bearerToken: my-bearer-token
+    extraLabels:
+      destination: loki-bearer-token
+
+
+#  - name: loki-otlp-noauth
+#    type: otlp
+#    protocol: http
+#    url: http://loki.loki.svc:3100/otlp
+#    tenantId: 1
+#    processors:
+#      attributes:
+#        actions:
+#          - key: destination
+#            action: upsert
+#            value: loki-otlp-noauth
+#    metrics:  {enabled: false}
+#    logs:     {enabled: true}
+#    traces:   {enabled: false}
+#
+#  - name: loki-otlp-basicauth
+#    type: otlp
+#    protocol: http
+#    url: http://nginx-auth-gateway.default.svc/logs/basic/otlp
+#    tenantId: 1
+#    auth:
+#      type: basic
+#      username: basicuser
+#      password: basicpassword
+#    processors:
+#      attributes:
+#        actions:
+#          - key: destination
+#            action: upsert
+#            value: loki-otlp-basicauth
+#    metrics:  {enabled: false}
+#    logs:     {enabled: true}
+#    traces:   {enabled: false}
+#
+#  - name: loki-otlp-bearer-token
+#    type: otlp
+#    protocol: http
+#    url: http://nginx-auth-gateway.default.svc/logs/bearer/otlp
+#    tenantId: 1
+#    auth:
+#      type: bearerToken
+#      bearerToken: my-bearer-token
+#    processors:
+#      attributes:
+#        actions:
+#          - key: destination
+#            action: upsert
+#            value: loki-otlp-bearer-token
+#    metrics:  {enabled: false}
+#    logs:     {enabled: true}
+#    traces:   {enabled: false}
+
+
 clusterMetrics:
   enabled: true
   destinations: [prometheus-noauth, prometheus-basicauth, prometheus-bearer-token, prometheus-otlp-noauth, prometheus-otlp-basicauth, prometheus-otlp-bearer-token]
@@ -91,9 +174,13 @@ clusterMetrics:
   node-exporter:      {enabled: false, deploy: false}
   windows-exporter:   {enabled: false, deploy: false}
 
+podLogs:
+  enabled: true
+#  destinations: [loki-noauth, loki-basicauth, loki-bearer-token, loki-otlp-noauth, loki-otlp-basicauth, loki-otlp-bearer-token]
+  namespaces: ["default"]
+
 alloy-metrics:
   enabled: true
-  liveDebugging:
-    enabled: true
-  alloy:
-    stabilityLevel: experimental
+
+alloy-logs:
+  enabled: true