open-telemetry · swiatekm · Aug 23, 2024 · Jul 11, 2024 · Jul 11, 2024 · Aug 19, 2024
@@ -53,3 +53,8 @@ jobs:
     with:
       path: nodejs
       platforms: linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
+  metrics-basic-auth:
+    uses: ./.github/workflows/reusable-publish-test-e2e-images.yaml
+    with:
+      path: metrics-basic-auth
+      platforms: linux/arm64,linux/amd64,linux/s390x,linux/ppc64le 
@@ -0,0 +1,10 @@
+FROM python:3.11-slim
+
+COPY requirements.txt .
+RUN pip install -r requirements.txt
+
+COPY app.py .
+
+EXPOSE 9123
+
+CMD ["python", "app.py"]
@@ -0,0 +1,8 @@
+# Metrics Basic Auth E2E Test App
+Simple web application used in an end-to-end (E2E) test to verify that the OpenTelemetry collector can retrieve secret authentication details from the target allocator over mTLS.
+
+## Overview
+The web app provides a metrics endpoint secured with basic authentication, simulating real-world scenarios where services require secure access to their metrics. 
+
+## Usage
+This app is used within the E2E test suite to verify the OpenTelemetry operator's handling of mTLS-secured communications.
@@ -0,0 +1,36 @@
+import os
+os.environ['PROMETHEUS_DISABLE_CREATED_SERIES'] = 'true'
+
+from flask import Flask, Response, request
+from prometheus_client import Gauge, generate_latest, REGISTRY, PROCESS_COLLECTOR, PLATFORM_COLLECTOR, GC_COLLECTOR
+
+app = Flask(__name__)
+
+REGISTRY.unregister(PROCESS_COLLECTOR)
+REGISTRY.unregister(PLATFORM_COLLECTOR)
+REGISTRY.unregister(GC_COLLECTOR)
+
+secure = Gauge('authenticated', 'Client was authenticated')
+secure.set(1)
+
+USERNAME = "user"
+PASSWORD = "t0p$ecreT"
+
+def check_auth(username, password):
+    return username == USERNAME and password == PASSWORD
+
+def authenticate():
+    return Response(
+    'Could not verify your access level for that URL.\n'
+    'You have to login with proper credentials', 401,
+    {'WWW-Authenticate': 'Basic realm="Login Required"'})
+
+@app.route('/metrics')
+def metrics():
+    auth = request.authorization
+    if not auth or not check_auth(auth.username, auth.password):
+        return authenticate()
+    return Response(generate_latest(), mimetype='text/plain')
+
+if __name__ == '__main__':
+    app.run(host='0.0.0.0', port=9123)
@@ -0,0 +1,2 @@
+Flask==2.3.3
+prometheus_client==0.20.0