feat(audit-logs): adds otel-collector for auditing purposes, initial version

This adds an audit-logs otel-collector for the purpose of audit logs. At this point in time only 'audit-poller' information is ingested and sent to OpenSearch.

---------

on-behalf-of: @SAP Simon Olander (simon.olander@sap.com)

Author: olandr

system/audit-logs-otel/Chart.lock

@@ -0,0 +1,15 @@
+dependencies:
+- name: audit-logs-otel
+  repository: file://../../../extensions-greenhouse/audit-logs-otel/charts
+  version: 0.0.2
+- name: audit-poller
+  repository: file://vendor/audit-poller
+  version: 0.0.38
+- name: owner-info
+  repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
+  version: 1.0.0
+- name: linkerd-support
+  repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
+  version: 0.1.3
+digest: sha256:43eb7fd718df96936780697d4b9fe5c2f13915bc41a576b6e23627155899141e
+generated: "2025-08-18T16:02:41.96179+02:00"

system/audit-logs-otel/Chart.yaml

@@ -0,0 +1,37 @@
+# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: v2
+name: audit-logs-otel
+description: OpenTelemetry Collector Helm chart for audit-logs
+icon: https://raw.githubusercontent.com/cncf/artwork/a718fa97fffec1b9fd14147682e9e3ac0c8817cb/projects/opentelemetry/icon/color/opentelemetry-icon-color.png
+type: application
+version: 0.0.2
+appVersion: "v0.121.0"
+maintainers:
+- name: olandr
+- name: kuckkuck
+- name: timojohlo
+sources:
+- https://github.com/cloudoperators/greenhouse-extensions
+dependencies:
+  - name: audit-logs-otel
+    alias: openTelemetryPlugin
+    #repository: oci://ghcr.io/cloudoperators/greenhouse-extensions/charts
+    repository: file://../../../extensions-greenhouse/audit-logs-otel/charts
+    version: 0.0.2
+    condition: openTelemetry.enabled
+      
+  - name: audit-poller
+    alias: auditPoller
+    repository: file://vendor/audit-poller
+    version: 0.0.38
+    condition: auditPoller.enabled
+
+  - name: owner-info
+    repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
+    version: 1.0.0
+
+  - name: linkerd-support
+    repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
+    version: 0.1.3

system/audit-logs-otel/ci/test-values.yaml

@@ -0,0 +1,13 @@
+# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors
+# SPDX-License-Identifier: Apache-2.0
+
+auditLogs:
+  openSearchLogs:
+    failover_username_a: testusera
+    failover_password_a: passworda
+    failover_username_b: testuserb
+    failover_password_b: passwordb
+    endpoint: test-endpoint
+    index: test
+  cluster: test
+  region: test

system/audit-logs-otel/logo.png

@@ -0,0 +1,34 @@
+{{- define "auditpoller.receiver" }}
+filelog/auditpoller:
+  include_file_path: true
+  include: [ /audit/*.log ]
+  exclude: [ /audit/*.pos ]
+{{ end }}
+
+{{- define "auditpoller.processors" }}
+
+transform/auditpoller:
+  error_mode: ignore
+  log_statements:
+    - context: log
+      statements:
+        - set(log.time_unix_nano, log.observed_time_unix_nano)
+        - merge_maps(log.attributes, ParseJSON(log.body), "upsert") where IsMatch(log.body, "^\\{")
+
+attributes/auditpoller:
+  actions:
+    - action: insert
+      key: log.type
+      value: "auditpoller"
+    - action: insert
+      key: audit.source
+      value: "ias-auditlog"
+{{ end }}
+
+{{- define "auditpoller.pipelines" }}
+logs/auditpoller_logs:
+  receivers: [filelog/auditpoller]
+  processors: [transform/auditpoller,attributes/auditpoller,k8sattributes,attributes/cluster]
+  exporters: [forward]
+{{- end }}
+

system/audit-logs-otel/templates/_auditpoller-config.tpl

@@ -0,0 +1,30 @@
+{{- define "failover.attributes" }}
+attributes/failover_username_b:
+  actions:
+    - action: insert
+      key: failover_username_opensearch
+      value: ${failover_username_b}
+{{- end }}
+
+{{- define "failover.exporter" }}
+opensearch/failover_b:
+  http:
+    auth:
+      authenticator: basicauth/failover_b
+    endpoint: {{ .Values.openTelemetryPlugin.auditLogs.openSearchLogs.endpoint }}
+  logs_index: ${index}-datastream
+{{- end }}
+
+{{- define "failover.extension" }}
+basicauth/failover_b:
+  client_auth:
+    username: ${failover_username_b}
+    password: ${failover_password_b}
+{{- end }}
+
+{{- define "failover.pipeline" }}
+logs/failover_b:
+    receivers: [failover]
+    processors: [attributes/failover_username_b]
+    exporters: [opensearch/failover_b]
+{{- end }}