add e2e test to ensure that k8s.pod.ip metadata is not added

Signed-off-by: ChrsMark <[email protected]>

Author: ChrsMark

processor/k8sattributesprocessor/e2e_test.go

@@ -32,6 +32,7 @@ const (
 	equal = iota
 	regex
 	exist
+	shouldnotexist
 	testKubeConfig = "/tmp/kube-config-otelcol-e2e-testing"
 	uidRe          = "[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}"
 	startTimeRe    = "^\\\\d{4}-\\\\d{2}-\\\\d{2}T\\\\d{2}%3A\\\\d{2}%3A\\\\d{2}(?:%2E\\\\d+)?[A-Z]?(?:[+.-](?:08%3A\\\\d{2}|\\\\d{2}[A-Z]))?$"
@@ -722,6 +723,146 @@ func TestE2E_MixRBAC(t *testing.T) {
 	}
 }
 
+// Test with `filter::namespace` set and only role binding to collector's SA. We can't get node and namespace labels/annotations.
+// While `k8s.pod.ip` is not set in `k8sattributes:extract:metadata` and the `pod_association` is not `connection`
+// we expect that the `k8s.pod.ip` metadata is not added.
+func TestE2E_NamespacedRBACNoPodIP(t *testing.T) {
+	testDir := filepath.Join("testdata", "e2e", "namespacedrbacnopodip")
+
+	k8sClient, err := k8stest.NewK8sClient(testKubeConfig)
+	require.NoError(t, err)
+
+	nsFile := filepath.Join(testDir, "namespace.yaml")
+	buf, err := os.ReadFile(nsFile)
+	require.NoErrorf(t, err, "failed to read namespace object file %s", nsFile)
+	nsObj, err := k8stest.CreateObject(k8sClient, buf)
+	require.NoErrorf(t, err, "failed to create k8s namespace from file %s", nsFile)
+	nsName := nsObj.GetName()
+	defer func() {
+		require.NoErrorf(t, k8stest.DeleteObject(k8sClient, nsObj), "failed to delete namespace %s", nsName)
+	}()
+
+	metricsConsumer := new(consumertest.MetricsSink)
+	tracesConsumer := new(consumertest.TracesSink)
+	logsConsumer := new(consumertest.LogsSink)
+	shutdownSinks := startUpSinks(t, metricsConsumer, tracesConsumer, logsConsumer)
+	defer shutdownSinks()
+
+	testID := uuid.NewString()[:8]
+	collectorObjs := k8stest.CreateCollectorObjects(t, k8sClient, testID, filepath.Join(testDir, "collector"))
+	createTeleOpts := &k8stest.TelemetrygenCreateOpts{
+		ManifestsDir: filepath.Join(testDir, "telemetrygen"),
+		TestID:       testID,
+		OtlpEndpoint: fmt.Sprintf("otelcol-%s.%s:4317", testID, nsName),
+		DataTypes:    []string{"metrics", "logs", "traces"},
+	}
+	telemetryGenObjs, telemetryGenObjInfos := k8stest.CreateTelemetryGenObjects(t, k8sClient, createTeleOpts)
+	defer func() {
+		for _, obj := range append(collectorObjs, telemetryGenObjs...) {
+			require.NoErrorf(t, k8stest.DeleteObject(k8sClient, obj), "failed to delete object %s", obj.GetName())
+		}
+	}()
+
+	for _, info := range telemetryGenObjInfos {
+		k8stest.WaitForTelemetryGenToStart(t, k8sClient, info.Namespace, info.PodLabelSelectors, info.Workload, info.DataType)
+	}
+
+	wantEntries := 20 // Minimal number of metrics/traces/logs to wait for.
+	waitForData(t, wantEntries, metricsConsumer, tracesConsumer, logsConsumer)
+
+	tcs := []struct {
+		name     string
+		dataType component.DataType
+		service  string
+		attrs    map[string]*expectedValue
+	}{
+		{
+			name:     "traces-deployment",
+			dataType: component.DataTypeTraces,
+			service:  "test-traces-deployment",
+			attrs: map[string]*expectedValue{
+				"k8s.pod.name":             newExpectedValue(regex, "telemetrygen-"+testID+"-traces-deployment-[a-z0-9]*-[a-z0-9]*"),
+				"k8s.pod.ip":               newExpectedValue(shouldnotexist, ""),
+				"k8s.pod.uid":              newExpectedValue(regex, uidRe),
+				"k8s.pod.start_time":       newExpectedValue(exist, startTimeRe),
+				"k8s.node.name":            newExpectedValue(exist, ""),
+				"k8s.namespace.name":       newExpectedValue(equal, nsName),
+				"k8s.deployment.name":      newExpectedValue(equal, "telemetrygen-"+testID+"-traces-deployment"),
+				"k8s.deployment.uid":       newExpectedValue(regex, uidRe),
+				"k8s.replicaset.name":      newExpectedValue(regex, "telemetrygen-"+testID+"-traces-deployment-[a-z0-9]*"),
+				"k8s.replicaset.uid":       newExpectedValue(regex, uidRe),
+				"k8s.annotations.workload": newExpectedValue(equal, "deployment"),
+				"k8s.labels.app":           newExpectedValue(equal, "telemetrygen-"+testID+"-traces-deployment"),
+				"k8s.container.name":       newExpectedValue(equal, "telemetrygen"),
+				"container.image.name":     newExpectedValue(equal, "ghcr.io/open-telemetry/opentelemetry-collector-contrib/telemetrygen"),
+				"container.image.tag":      newExpectedValue(equal, "latest"),
+				"container.id":             newExpectedValue(exist, ""),
+			},
+		},
+		{
+			name:     "metrics-deployment",
+			dataType: component.DataTypeMetrics,
+			service:  "test-metrics-deployment",
+			attrs: map[string]*expectedValue{
+				"k8s.pod.name":             newExpectedValue(regex, "telemetrygen-"+testID+"-metrics-deployment-[a-z0-9]*-[a-z0-9]*"),
+				"k8s.pod.ip":               newExpectedValue(shouldnotexist, ""),
+				"k8s.pod.uid":              newExpectedValue(regex, uidRe),
+				"k8s.pod.start_time":       newExpectedValue(exist, startTimeRe),
+				"k8s.node.name":            newExpectedValue(exist, ""),
+				"k8s.namespace.name":       newExpectedValue(equal, nsName),
+				"k8s.deployment.name":      newExpectedValue(equal, "telemetrygen-"+testID+"-metrics-deployment"),
+				"k8s.deployment.uid":       newExpectedValue(regex, uidRe),
+				"k8s.replicaset.name":      newExpectedValue(regex, "telemetrygen-"+testID+"-metrics-deployment-[a-z0-9]*"),
+				"k8s.replicaset.uid":       newExpectedValue(regex, uidRe),
+				"k8s.annotations.workload": newExpectedValue(equal, "deployment"),
+				"k8s.labels.app":           newExpectedValue(equal, "telemetrygen-"+testID+"-metrics-deployment"),
+				"k8s.container.name":       newExpectedValue(equal, "telemetrygen"),
+				"container.image.name":     newExpectedValue(equal, "ghcr.io/open-telemetry/opentelemetry-collector-contrib/telemetrygen"),
+				"container.image.tag":      newExpectedValue(equal, "latest"),
+				"container.id":             newExpectedValue(exist, ""),
+			},
+		},
+		{
+			name:     "logs-deployment",
+			dataType: component.DataTypeLogs,
+			service:  "test-logs-deployment",
+			attrs: map[string]*expectedValue{
+				"k8s.pod.name":             newExpectedValue(regex, "telemetrygen-"+testID+"-logs-deployment-[a-z0-9]*-[a-z0-9]*"),
+				"k8s.pod.ip":               newExpectedValue(shouldnotexist, ""),
+				"k8s.pod.uid":              newExpectedValue(regex, uidRe),
+				"k8s.pod.start_time":       newExpectedValue(exist, startTimeRe),
+				"k8s.node.name":            newExpectedValue(exist, ""),
+				"k8s.namespace.name":       newExpectedValue(equal, nsName),
+				"k8s.deployment.name":      newExpectedValue(equal, "telemetrygen-"+testID+"-logs-deployment"),
+				"k8s.deployment.uid":       newExpectedValue(regex, uidRe),
+				"k8s.replicaset.name":      newExpectedValue(regex, "telemetrygen-"+testID+"-logs-deployment-[a-z0-9]*"),
+				"k8s.replicaset.uid":       newExpectedValue(regex, uidRe),
+				"k8s.annotations.workload": newExpectedValue(equal, "deployment"),
+				"k8s.labels.app":           newExpectedValue(equal, "telemetrygen-"+testID+"-logs-deployment"),
+				"k8s.container.name":       newExpectedValue(equal, "telemetrygen"),
+				"container.image.name":     newExpectedValue(equal, "ghcr.io/open-telemetry/opentelemetry-collector-contrib/telemetrygen"),
+				"container.image.tag":      newExpectedValue(equal, "latest"),
+				"container.id":             newExpectedValue(exist, ""),
+			},
+		},
+	}
+
+	for _, tc := range tcs {
+		t.Run(tc.name, func(t *testing.T) {
+			switch tc.dataType {
+			case component.DataTypeTraces:
+				scanTracesForAttributes(t, tracesConsumer, tc.service, tc.attrs)
+			case component.DataTypeMetrics:
+				scanMetricsForAttributes(t, metricsConsumer, tc.service, tc.attrs)
+			case component.DataTypeLogs:
+				scanLogsForAttributes(t, logsConsumer, tc.service, tc.attrs)
+			default:
+				t.Fatalf("unknown data type %s", tc.dataType)
+			}
+		})
+	}
+}
+
 func scanTracesForAttributes(t *testing.T, ts *consumertest.TracesSink, expectedService string,
 	kvs map[string]*expectedValue) {
 	// Iterate over the received set of traces starting from the most recent entries due to a bug in the processor:
@@ -787,8 +928,12 @@ func scanLogsForAttributes(t *testing.T, ls *consumertest.LogsSink, expectedServ
 
 func resourceHasAttributes(resource pcommon.Resource, kvs map[string]*expectedValue) error {
 	foundAttrs := make(map[string]bool)
-	for k := range kvs {
-		foundAttrs[k] = false
+	shouldNotFoundAttrs := make(map[string]bool)
+	for k, v := range kvs {
+		if v.mode != shouldnotexist {
+			foundAttrs[k] = false
+		}
+		shouldNotFoundAttrs[k] = false
 	}
 
 	resource.Attributes().Range(
@@ -806,6 +951,8 @@ func resourceHasAttributes(resource pcommon.Resource, kvs map[string]*expectedVa
 					}
 				case exist:
 					foundAttrs[k] = true
+				case shouldnotexist:
+					shouldNotFoundAttrs[k] = true
 				}
 
 			}
@@ -814,6 +961,11 @@ func resourceHasAttributes(resource pcommon.Resource, kvs map[string]*expectedVa
 	)
 
 	var err error
+	for k, v := range shouldNotFoundAttrs {
+		if v {
+			err = multierr.Append(err, fmt.Errorf("%v attribute should not be added", k))
+		}
+	}
 	for k, v := range foundAttrs {
 		if !v {
 			err = multierr.Append(err, fmt.Errorf("%v attribute not found", k))

processor/k8sattributesprocessor/testdata/e2e/namespacedrbacnopodip/collector/configmap.yaml

@@ -0,0 +1,83 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Name }}-config
+  namespace: e2ek8sattribute-namespacedrbac
+data:
+  relay: |
+    exporters:
+      otlp:
+        endpoint: {{ .HostEndpoint }}:4317
+        tls:
+          insecure: true
+    extensions:
+      health_check: {}
+    processors:
+      k8sattributes:
+        filter:
+          namespace: e2ek8sattribute-namespacedrbac
+          node_from_env_var: MY_NODE_NAME
+          labels:
+          - key: component
+            value: telemetrygen
+            op: equals
+          fields:
+          - key: spec.restartPolicy
+            value: Never
+            op: not-equals
+        extract:
+          annotations:
+          - from: pod
+            key: workload
+            tag_name: k8s.annotations.workload
+          labels:
+          - from: pod
+            key: app
+            tag_name: k8s.labels.app
+          metadata:
+          - k8s.pod.name
+          - k8s.pod.start_time
+          - k8s.pod.uid
+          - k8s.namespace.name
+          - k8s.deployment.name
+          - k8s.deployment.uid
+          - k8s.replicaset.name
+          - k8s.replicaset.uid
+          - k8s.node.name
+          - container.id
+          - container.image.name
+          - container.image.tag
+        pod_association:
+          - sources:
+              - from: resource_attribute
+                name: k8s.deployment.name
+    receivers:
+      otlp:
+        protocols:
+          grpc:
+            endpoint: ${env:MY_POD_IP}:4317
+    service:
+      extensions:
+      - health_check
+      pipelines:
+        metrics:
+          exporters:
+          - otlp
+          processors:
+          - k8sattributes
+          receivers:
+          - otlp
+        traces:
+          exporters:
+          - otlp
+          processors:
+          - k8sattributes
+          receivers:
+          - otlp
+        logs:
+          exporters:
+          - otlp
+          processors:
+          - k8sattributes
+          receivers:
+          - otlp

processor/k8sattributesprocessor/testdata/e2e/namespacedrbacnopodip/collector/deployment.yaml

@@ -0,0 +1,64 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Name }}
+  namespace: e2ek8sattribute-namespacedrbac
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: opentelemetry-collector
+      app.kubernetes.io/instance: {{ .Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: opentelemetry-collector
+        app.kubernetes.io/instance: {{ .Name }}
+    spec:
+      serviceAccountName: {{ .Name }}
+      containers:
+        - name: opentelemetry-collector
+          command:
+            - /otelcontribcol
+            - --config=/conf/relay.yaml
+          image: "otelcontribcol:latest"
+          imagePullPolicy: Never
+          ports:
+            - name: otlp
+              containerPort: 4317
+              protocol: TCP
+          env:
+            - name: MY_POD_IP
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: status.podIP
+            - name: MY_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 13133
+            initialDelaySeconds: 3
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 13133
+            initialDelaySeconds: 3
+          resources:
+            limits:
+              cpu: 128m
+              memory: 256Mi
+          volumeMounts:
+            - mountPath: /conf
+              name: opentelemetry-collector-configmap
+      volumes:
+        - name: opentelemetry-collector-configmap
+          configMap:
+            name: {{ .Name }}-config
+            items:
+              - key: relay
+                path: relay.yaml

processor/k8sattributesprocessor/testdata/e2e/namespacedrbacnopodip/collector/role.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Name }}
+  namespace: e2ek8sattribute-namespacedrbac
+rules:
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: ["apps"]
+    resources: ["replicasets"]
+    verbs: ["get", "watch", "list"]

processor/k8sattributesprocessor/testdata/e2e/namespacedrbacnopodip/collector/rolebinding.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Name }}
+  namespace: e2ek8sattribute-namespacedrbac
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ .Name }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Name }}
+    namespace: e2ek8sattribute-namespacedrbac

processor/k8sattributesprocessor/testdata/e2e/namespacedrbacnopodip/collector/service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Name }}
+  namespace: e2ek8sattribute-namespacedrbac
+spec:
+  type: ClusterIP
+  ports:
+    - name: otlp
+      port: 4317
+      targetPort: 4317
+      protocol: TCP
+      appProtocol: grpc
+  selector:
+    app.kubernetes.io/name: opentelemetry-collector
+    app.kubernetes.io/instance: {{ .Name }}

processor/k8sattributesprocessor/testdata/e2e/namespacedrbacnopodip/collector/serviceaccount.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Name }}
+  namespace: e2ek8sattribute-namespacedrbac

processor/k8sattributesprocessor/testdata/e2e/namespacedrbacnopodip/namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: e2ek8sattribute-namespacedrbac
+  labels:
+    foons: barns