Add functional tests for forwarding logs to GCP Cloud Logging

Tests application, infrastructure container, and k8s audit log
forwarding to GCP Cloud Logging using a Mockoon mock server with
network-level redirect (host alias + runAsUser 0) since Vector's
gcp_stackdriver_logs sink hardcodes the endpoint.

Extract shared Mockoon utilities into test/helpers/mockoon package

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: vparfonov

internal/generator/vector/output/gcl/gcl.go

@@ -36,7 +36,7 @@ func New(id string, o *adapters.Output, inputs []string, secrets observability.S
 		LogDestination(s, o.GoogleCloudLogging)
 		s.LogId = fmt.Sprintf("{{ _internal.%s }}", componentID)
 		s.SeverityKey = DefaultSeverityKey
-		s.CredentialsPath = auth(g.Authentication, secrets)
+		s.CredentialsPath = auth(g.Authentication)
 		s.Encoding = common.NewApiEncoding("")
 		s.Batch = common.NewApiBatch(o)
 		s.Buffer = common.NewApiBuffer(o)
@@ -50,11 +50,11 @@ func New(id string, o *adapters.Output, inputs []string, secrets observability.S
 	return id, sink, tfs
 }
 
-func auth(spec *obs.GoogleCloudLoggingAuthentication, secrets observability.Secrets) string {
-	if spec == nil {
+func auth(spec *obs.GoogleCloudLoggingAuthentication) string {
+	if spec == nil || spec.Credentials == nil {
 		return ""
 	}
-	return secrets.Path(spec.Credentials, "%s")
+	return helpers.SecretPath(spec.Credentials.SecretName, spec.Credentials.Key, "%s")
 }
 
 // LogDestination is one of BillingAccountID, OrganizationID, FolderID, or ProjectID in that order

test/functional/filters/prune/prune_filter_test.go

@@ -11,7 +11,6 @@ import (
 	"github.com/openshift/cluster-logging-operator/internal/constants"
 	"github.com/openshift/cluster-logging-operator/internal/runtime"
 	"github.com/openshift/cluster-logging-operator/test/framework/functional"
-	"github.com/openshift/cluster-logging-operator/test/helpers/azure"
 	"github.com/openshift/cluster-logging-operator/test/helpers/azure/datacollector"
 	"github.com/openshift/cluster-logging-operator/test/helpers/kafka"
 	"github.com/openshift/cluster-logging-operator/test/helpers/loki"
@@ -488,7 +487,7 @@ var _ = Describe("[Functional][Filters][Prune] Prune filter", func() {
 			f.Secrets = append(f.Secrets, secret)
 
 			Expect(f.DeployWithVisitor(func(b *runtime.PodBuilder) error {
-				altHost := fmt.Sprintf("%s.%s", customerId, azure.AzureDomain)
+				altHost := fmt.Sprintf("%s.%s", customerId, "acme.com")
 				return datacollector.NewMockoonVisitor(b, altHost, f)
 			})).To(BeNil())
 

test/functional/outputs/azuremonitor/forward_to_azuremonitor_test.go

@@ -13,7 +13,6 @@ import (
 	"github.com/openshift/cluster-logging-operator/internal/constants"
 	"github.com/openshift/cluster-logging-operator/internal/runtime"
 	"github.com/openshift/cluster-logging-operator/test/framework/functional"
-	"github.com/openshift/cluster-logging-operator/test/helpers/azure"
 	"github.com/openshift/cluster-logging-operator/test/helpers/azure/datacollector"
 	"github.com/openshift/cluster-logging-operator/test/helpers/rand"
 	"github.com/openshift/cluster-logging-operator/test/matchers"
@@ -46,7 +45,7 @@ var _ = Describe("Forwarding to Azure Monitor Log ", func() {
 				output.AzureMonitor.CustomerId = customerId
 			})
 		Expect(framework.DeployWithVisitor(func(b *runtime.PodBuilder) error {
-			altHost := fmt.Sprintf("%s.%s", customerId, azure.AzureDomain)
+			altHost := fmt.Sprintf("%s.%s", customerId, "acme.com")
 			return datacollector.NewMockoonVisitor(b, altHost, framework)
 		})).To(BeNil())
 	})

test/functional/outputs/gcl/forward_to_gcl_test.go

@@ -0,0 +1,141 @@
+package gcl
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	obstestruntime "github.com/openshift/cluster-logging-operator/test/runtime/observability"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	obs "github.com/openshift/cluster-logging-operator/api/observability/v1"
+	"github.com/openshift/cluster-logging-operator/internal/constants"
+	internalgcl "github.com/openshift/cluster-logging-operator/internal/generator/vector/output/gcl"
+	"github.com/openshift/cluster-logging-operator/internal/runtime"
+	"github.com/openshift/cluster-logging-operator/test/client"
+	"github.com/openshift/cluster-logging-operator/test/framework/functional"
+	gclhelper "github.com/openshift/cluster-logging-operator/test/helpers/gcl"
+	"github.com/openshift/cluster-logging-operator/test/helpers/types"
+	"github.com/openshift/cluster-logging-operator/test/matchers"
+)
+
+var _ = Describe("Forwarding to GCP Cloud Logging", func() {
+	var (
+		framework *functional.CollectorFunctionalFramework
+	)
+
+	setup := func(inputType obs.InputType, testOptions ...client.TestOption) {
+		framework = functional.NewCollectorFunctionalFramework(testOptions...)
+
+		saJSON, err := gclhelper.GenerateFakeServiceAccountJSON(
+			fmt.Sprintf("https://%s/token", gclhelper.GCLDomain))
+		Expect(err).To(BeNil())
+
+		secret := runtime.NewSecret(framework.Namespace, gclhelper.SecretName,
+			map[string][]byte{
+				internalgcl.GoogleApplicationCredentialsKey: saJSON,
+			},
+		)
+		framework.Secrets = append(framework.Secrets, secret)
+
+		obstestruntime.NewClusterLogForwarderBuilder(framework.Forwarder).
+			FromInput(inputType).
+			ToGoogleCloudLoggingOutput()
+		Expect(framework.DeployWithVisitor(
+			gclhelper.NewMockoonVisitor(framework),
+		)).To(BeNil())
+	}
+
+	AfterEach(func() {
+		framework.Cleanup()
+	})
+
+	Context("application logs", func() {
+		BeforeEach(func() {
+			setup(obs.InputTypeApplication)
+		})
+
+		It("should accept application logs", func() {
+			timestamp := "2020-11-04T18:13:59.061892+00:00"
+			nanoTime, _ := time.Parse(time.RFC3339Nano, timestamp)
+			message := "This is my new test message"
+			appLogTemplate := functional.NewApplicationLogTemplate()
+			appLogTemplate.TimestampLegacy = nanoTime
+			appLogTemplate.Message = message
+			appLogTemplate.Level = "**optional**"
+			appLogTemplate.Kubernetes.PodName = framework.Pod.Name
+			appLogTemplate.Kubernetes.ContainerName = constants.CollectorName
+			appLogTemplate.Kubernetes.NamespaceName = framework.Namespace
+
+			applicationLogLine := functional.NewCRIOLogMessage(timestamp, message, false)
+			Expect(framework.WriteMessagesToApplicationLog(applicationLogLine, 3)).To(BeNil())
+			time.Sleep(30 * time.Second)
+
+			collectorLog, err := framework.ReadCollectorLogs()
+			Expect(err).To(BeNil())
+			Expect(collectorLog).ToNot(ContainSubstring("error sending request"))
+
+			appLogs, err := gclhelper.ReadApplicationLog(framework.Namespace, framework.Name)
+			Expect(err).To(BeNil())
+			Expect(appLogs).ToNot(BeNil())
+			Expect(appLogs).To(HaveLen(3))
+			for i := range 3 {
+				Expect(appLogs[i]).To(matchers.FitLogFormatTemplate(appLogTemplate))
+			}
+		})
+	})
+
+	Context("infrastructure logs", func() {
+		BeforeEach(func() {
+			setup(obs.InputTypeInfrastructure, client.UseInfraNamespaceTestOption)
+		})
+
+		It("should accept infrastructure container logs", func() {
+			infraLogTemplate := functional.NewContainerInfrastructureLogTemplate()
+			infraLogTemplate.Level = "**optional**"
+			infraLogTemplate.Kubernetes.ContainerStream = "**optional**"
+
+			Expect(framework.WritesInfraContainerLogs(3)).To(BeNil())
+			time.Sleep(30 * time.Second)
+
+			collectorLog, err := framework.ReadCollectorLogs()
+			Expect(err).To(BeNil())
+			Expect(collectorLog).ToNot(ContainSubstring("error sending request"))
+
+			infraLogs, err := gclhelper.ReadApplicationLog(framework.Namespace, framework.Name)
+			Expect(err).To(BeNil())
+			Expect(infraLogs).ToNot(BeNil())
+			Expect(infraLogs).To(HaveLen(3))
+			for i := range 3 {
+				Expect(infraLogs[i]).To(matchers.FitLogFormatTemplate(infraLogTemplate))
+			}
+		})
+	})
+
+	Context("audit logs", func() {
+		BeforeEach(func() {
+			setup(obs.InputTypeAudit)
+		})
+
+		It("should accept audit logs", func() {
+			Expect(framework.WriteK8sAuditLog(1)).To(BeNil())
+			time.Sleep(30 * time.Second)
+
+			collectorLog, err := framework.ReadCollectorLogs()
+			Expect(err).To(BeNil())
+			Expect(collectorLog).ToNot(ContainSubstring("error sending request"))
+
+			rawEntries, err := gclhelper.ReadRawLogEntries(framework.Namespace, framework.Name)
+			Expect(err).To(BeNil())
+			Expect(rawEntries).ToNot(BeEmpty())
+
+			var auditLogs []types.AuditLogCommon
+			jsonString := fmt.Sprintf("[%s]", strings.Join(rawEntries, ","))
+			Expect(types.ParseLogsFrom(jsonString, &auditLogs, false)).To(Succeed())
+			Expect(auditLogs).To(HaveLen(1))
+			Expect(auditLogs[0].LogType).To(Equal(string(obs.InputTypeAudit)))
+			Expect(auditLogs[0].Timestamp).ToNot(BeZero())
+		})
+	})
+})

test/functional/outputs/gcl/suite_test.go

@@ -0,0 +1,13 @@
+package gcl
+
+import (
+	"testing"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+func TestSuite(t *testing.T) {
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "[functional][outputs][gcl] Suite")
+}

test/helpers/azure/datacollector/data_collector.go

@@ -7,7 +7,7 @@ import (
 	"github.com/openshift/cluster-logging-operator/internal/runtime"
 	"github.com/openshift/cluster-logging-operator/internal/utils"
 	"github.com/openshift/cluster-logging-operator/test/framework/functional"
-	"github.com/openshift/cluster-logging-operator/test/helpers/azure"
+	"github.com/openshift/cluster-logging-operator/test/helpers/mockoon"
 	"github.com/openshift/cluster-logging-operator/test/helpers/oc"
 	"github.com/openshift/cluster-logging-operator/test/helpers/types"
 	v1 "k8s.io/api/core/v1"
@@ -22,7 +22,7 @@ const (
 )
 
 func NewMockoonVisitor(pb *runtime.PodBuilder, azureAltHost string, framework *functional.CollectorFunctionalFramework) error {
-	configMap := runtime.NewConfigMap(framework.Namespace, azure.Mockoon, map[string]string{})
+	configMap := runtime.NewConfigMap(framework.Namespace, mockoon.ContainerName, map[string]string{})
 	runtime.NewConfigMapBuilder(configMap).Add(apiJsonFile, apiConfig)
 	if err := framework.Test.Create(configMap); err != nil {
 		return err
@@ -34,10 +34,10 @@ func NewMockoonVisitor(pb *runtime.PodBuilder, azureAltHost string, framework *f
 	}
 
 	mountPath := "/data"
-	pb.AddConfigMapVolume("data", azure.Mockoon).
+	pb.AddConfigMapVolume("data", mockoon.ContainerName).
 		AddHostAlias(hostAlias).
-		AddContainer(azure.Mockoon, azure.Image).
-		AddContainerPort(azure.Mockoon, azure.Port).
+		AddContainer(mockoon.ContainerName, mockoon.Image).
+		AddContainerPort(mockoon.ContainerName, mockoon.Port).
 		WithCmdArgs([]string{
 			fmt.Sprintf("--data=%s/%s", mountPath, apiJsonFile),
 			"--log-transaction",
@@ -47,15 +47,15 @@ func NewMockoonVisitor(pb *runtime.PodBuilder, azureAltHost string, framework *f
 }
 
 func ReadApplicationLog(framework *functional.CollectorFunctionalFramework) ([]types.ApplicationLog, error) {
-	output, err := oc.Literal().From("oc logs -n %s pod/%s -c %s", framework.Test.NS.Name, framework.Name, azure.Mockoon).Run()
+	output, err := oc.Literal().From("oc logs -n %s pod/%s -c %s", framework.Test.NS.Name, framework.Name, mockoon.ContainerName).Run()
 	if err != nil {
 		return nil, err
 	}
 	return extractStructuredLogs(output, "application")
 }
 
 func extractStructuredLogs(output, logType string) ([]types.ApplicationLog, error) {
-	logs, err := azure.DecodeMockoonLogs(output)
+	logs, err := mockoon.DecodeLogs(output)
 	if err != nil {
 		return nil, err
 	}

test/helpers/azure/datacollector/data_collector_test.go

@@ -6,7 +6,7 @@ import (
 
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
-	"github.com/openshift/cluster-logging-operator/test/helpers/azure"
+	"github.com/openshift/cluster-logging-operator/test/helpers/mockoon"
 )
 
 //go:embed test_mockoon.log
@@ -21,14 +21,14 @@ var _ = Describe("Parsing Mockoon logs for Azure Monitor (Data Collector API)",
 	})
 
 	It("should ignore non-POST requests", func() {
-		input := azure.MockoonLine("GET", "/api/logs", 200, `[{"log_type":"application","message":"should be ignored"}]`)
+		input := mockoon.NewLogLine("GET", "/api/logs", 200, `[{"log_type":"application","message":"should be ignored"}]`)
 		logs, err := extractStructuredLogs(input, "application")
 		Expect(err).ToNot(HaveOccurred())
 		Expect(logs).To(BeEmpty())
 	})
 
 	It("should ignore non-200 responses", func() {
-		input := azure.MockoonLine("POST", "/api/logs", 500, `[{"log_type":"application","message":"should be ignored"}]`)
+		input := mockoon.NewLogLine("POST", "/api/logs", 500, `[{"log_type":"application","message":"should be ignored"}]`)
 		logs, err := extractStructuredLogs(input, "application")
 		Expect(err).ToNot(HaveOccurred())
 		Expect(logs).To(BeEmpty())
@@ -42,16 +42,16 @@ var _ = Describe("Parsing Mockoon logs for Azure Monitor (Data Collector API)",
 	})
 
 	It("should skip malformed body without error", func() {
-		input := azure.MockoonLine("POST", "/api/logs", 200, `not-valid-json`)
+		input := mockoon.NewLogLine("POST", "/api/logs", 200, `not-valid-json`)
 		logs, err := extractStructuredLogs(input, "application")
 		Expect(err).ToNot(HaveOccurred())
 		Expect(logs).To(BeEmpty())
 	})
 
 	It("should aggregate logs across multiple batches", func() {
-		line1 := azure.MockoonLine("POST", "/api/logs", 200,
+		line1 := mockoon.NewLogLine("POST", "/api/logs", 200,
 			`[{"log_type":"application","message":"batch1-msg1"}]`)
-		line2 := azure.MockoonLine("POST", "/api/logs", 200,
+		line2 := mockoon.NewLogLine("POST", "/api/logs", 200,
 			`[{"log_type":"application","message":"batch2-msg1"},{"log_type":"infrastructure","message":"infra-msg"}]`)
 		input := strings.Join([]string{line1, line2}, "\n")
 

test/helpers/azure/logsingestion/log_ingestion.go

@@ -9,8 +9,8 @@ import (
 	"github.com/openshift/cluster-logging-operator/internal/runtime"
 	"github.com/openshift/cluster-logging-operator/internal/utils"
 	"github.com/openshift/cluster-logging-operator/test/framework/functional"
-	"github.com/openshift/cluster-logging-operator/test/helpers/azure"
 	"github.com/openshift/cluster-logging-operator/test/helpers/certificate"
+	"github.com/openshift/cluster-logging-operator/test/helpers/mockoon"
 	"github.com/openshift/cluster-logging-operator/test/helpers/oc"
 	"github.com/openshift/cluster-logging-operator/test/helpers/types"
 	v1 "k8s.io/api/core/v1"
@@ -23,6 +23,7 @@ const (
 	apiJsonFile         = "azure-log-ingestion-api.json"
 	SecretName          = "azure-client-secret"
 	ClientSecretKeyName = "client_secret"
+	acme                = "acme.com"
 )
 
 // NewMockoonVisitor sets up a Mockoon mock server for the Azure Log Ingestion API.
@@ -33,9 +34,9 @@ func NewMockoonVisitor(pb *runtime.PodBuilder, framework *functional.CollectorFu
 	// The CA and server cert must have different Organization names so that OpenSSL
 	// can distinguish the issuer from the subject when building the certificate chain.
 	ca := certificate.NewCA(nil, "Test CA")
-	serverCert := certificate.NewCert(ca, "test", azure.AzureDomain)
+	serverCert := certificate.NewCert(ca, "test", acme)
 
-	configMap := runtime.NewConfigMap(framework.Namespace, azure.Mockoon, map[string]string{})
+	configMap := runtime.NewConfigMap(framework.Namespace, mockoon.ContainerName, map[string]string{})
 	runtime.NewConfigMapBuilder(configMap).
 		Add(apiJsonFile, apiConfig).
 		Add("tls.crt", string(serverCert.CertificatePEM())).
@@ -47,16 +48,16 @@ func NewMockoonVisitor(pb *runtime.PodBuilder, framework *functional.CollectorFu
 
 	hostAlias := v1.HostAlias{
 		IP:        "127.0.0.1",
-		Hostnames: []string{azure.AzureDomain},
+		Hostnames: []string{acme},
 	}
 
 	mountPath := "/data"
 	mockoonDataVolume := "mockoon-data"
 
-	pb.AddConfigMapVolume(mockoonDataVolume, azure.Mockoon).
+	pb.AddConfigMapVolume(mockoonDataVolume, mockoon.ContainerName).
 		AddHostAlias(hostAlias).
-		AddContainer(azure.Mockoon, azure.Image).
-		AddContainerPort(azure.Mockoon, azure.Port).
+		AddContainer(mockoon.ContainerName, mockoon.Image).
+		AddContainerPort(mockoon.ContainerName, mockoon.Port).
 		WithCmdArgs([]string{
 			fmt.Sprintf("--data=%s/%s", mountPath, apiJsonFile),
 			"--log-transaction",
@@ -67,7 +68,7 @@ func NewMockoonVisitor(pb *runtime.PodBuilder, framework *functional.CollectorFu
 	// trust the Mockoon TLS certificate.
 	combinedBundle := "/tmp/ca-bundle.crt"
 	pb.GetContainer(constants.CollectorName).
-		AddEnvVar("AZURE_AUTHORITY_HOST", fmt.Sprintf("https://%s:%d", azure.AzureDomain, azure.Port)).
+		AddEnvVar("AZURE_AUTHORITY_HOST", fmt.Sprintf("https://%s:%d", acme, mockoon.Port)).
 		AddEnvVar("SSL_CERT_FILE", combinedBundle).
 		WithCmd([]string{"sh", "-c", fmt.Sprintf(
 			"cat /etc/pki/tls/certs/ca-bundle.crt %s/ca.crt > %s && exec /opt/app-root/src/run.sh",
@@ -81,15 +82,15 @@ func NewMockoonVisitor(pb *runtime.PodBuilder, framework *functional.CollectorFu
 // ReadApplicationLog reads and parses application logs from the
 // Mockoon container used for the Azure Log Ingestion API mock.
 func ReadApplicationLog(framework *functional.CollectorFunctionalFramework) ([]types.ApplicationLog, error) {
-	output, err := oc.Literal().From("oc logs -n %s pod/%s -c %s", framework.Test.NS.Name, framework.Name, azure.Mockoon).Run()
+	output, err := oc.Literal().From("oc logs -n %s pod/%s -c %s", framework.Test.NS.Name, framework.Name, mockoon.ContainerName).Run()
 	if err != nil {
 		return nil, err
 	}
 	return extractLogs(output)
 }
 
 func extractLogs(output string) ([]types.ApplicationLog, error) {
-	logs, err := azure.DecodeMockoonLogs(output)
+	logs, err := mockoon.DecodeLogs(output)
 	if err != nil {
 		return nil, err
 	}