Rhobs implementation

CLAUDE.md

@@ -71,8 +71,9 @@ Pre-initialized clients available in investigation resources:
 - **PagerDuty** (`pkg/pagerduty`) - Alert info, incident management, notes
 - **K8s** (`pkg/k8s`) - Kubernetes API client
 - **osd-network-verifier** (`pkg/networkverifier`) - Network verification
+- **RHOBS** (`pkg/rhobs`) - RHOBS Grafana Loki API for HCP log fetching
 
-For HCP clusters, when using `WithManagementRestConfig()`, `WithManagementK8sClient()`, or `WithManagementOCClient()`, the Dynatrace management cluster URL is automatically fetched and available in `r.DynatraceManagementClusterURL`.
+For HCP clusters, when using `WithManagementRestConfig()`, `WithManagementK8sClient()`, or `WithManagementOCClient()`, the RHOBS cell endpoint is automatically fetched from the management cluster's external configuration labels and available in `r.RHOBSCell`. A RHOBS client can be created using the `RHOBSCell` endpoint and `CAD_GRAFANA_TOKEN` to fetch logs from Loki.
 
 ### Workflow
 
@@ -99,6 +100,7 @@ For local development (available via `source test/set_stage_env.sh`):
 - `PD_SIGNATURE` - PagerDuty webhook signature validation
 - `BACKPLANE_URL`, `BACKPLANE_INITIAL_ARN` - Backplane access
 - `CAD_PROMETHEUS_PUSHGATEWAY` - Metrics endpoint
+- `CAD_GRAFANA_TOKEN` - Service account token for RHOBS Grafana/Loki API access (HCP log fetching)
 
 Optional:
 - `BACKPLANE_PROXY` - Required for local development

pkg/controller/controller.go

@@ -79,6 +79,7 @@ type Dependencies struct {
 	BackplaneURL        string
 	BackplaneProxy      string
 	AWSProxy            string
+	GrafanaToken        string
 	ExperimentalEnabled bool
 }
 
@@ -137,6 +138,12 @@ func initializeDependencies() (*Dependencies, error) {
 	experimentalEnabledVar := os.Getenv("CAD_EXPERIMENTAL_ENABLED")
 	experimentalEnabled, _ := strconv.ParseBool(experimentalEnabledVar)
 
+	// Load Grafana/RHOBS token for HCP log fetching
+	grafanaToken := os.Getenv("CAD_GRAFANA_TOKEN")
+	if grafanaToken == "" {
+		return nil, fmt.Errorf("missing required environment variable CAD_GRAFANA_TOKEN")
+	}
+
 	// Create OCM client
 	ocmClient, err := ocm.New(ocmClientID, ocmClientSecret, ocmURL)
 	if err != nil {
@@ -160,6 +167,7 @@ func initializeDependencies() (*Dependencies, error) {
 		BackplaneURL:        backplaneURL,
 		BackplaneProxy:      backplaneProxy,
 		AWSProxy:            awsProxy,
+		GrafanaToken:        grafanaToken,
 		ExperimentalEnabled: experimentalEnabled,
 	}, nil
 }
@@ -250,7 +258,7 @@ func NewController(opts ControllerOptions, deps *Dependencies) (Controller, erro
 func (c *investigationRunner) runInvestigation(ctx context.Context, clusterId string, inv investigation.Investigation, pdClient *pagerduty.SdkClient) error {
 	metrics.Inc(metrics.Alerts, inv.Name())
 
-	builder, err := investigation.NewResourceBuilder(c.ocmClient, c.bpClient, clusterId, inv.Name(), c.dependencies.BackplaneURL)
+	builder, err := investigation.NewResourceBuilder(c.ocmClient, c.bpClient, clusterId, inv.Name(), c.dependencies.BackplaneURL, c.dependencies.GrafanaToken)
 	if pdClient != nil {
 		builder.WithPdClient(pdClient)
 	}

pkg/investigations/etcddatabasequotalowspace/etcddatabasequotalowspace.go

@@ -3,7 +3,6 @@ package etcddatabasequotalowspace
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"net/url"
 	"strings"
@@ -19,6 +18,7 @@ import (
 	"github.com/openshift/configuration-anomaly-detection/pkg/logging"
 	"github.com/openshift/configuration-anomaly-detection/pkg/metrics"
 	"github.com/openshift/configuration-anomaly-detection/pkg/notewriter"
+	"github.com/openshift/configuration-anomaly-detection/pkg/rhobs"
 	"github.com/openshift/configuration-anomaly-detection/pkg/types"
 )
 
@@ -229,6 +229,7 @@ func (i *Investigation) runHCPEtcdAnalysis(ctx context.Context, rb investigation
 	r, err := rb.
 		WithManagementRestConfig().
 		WithManagementK8sClient().
+		WithRHOBSClient().
 		Build()
 	if err != nil {
 		if msg, ok := investigation.ClusterAccessErrorMessage(err); ok {
@@ -316,17 +317,6 @@ func (i *Investigation) runHCPEtcdAnalysis(ctx context.Context, rb investigation
 	r.Notes.AppendAutomation("Created HCP analysis job: %s in namespace %s", etcdAnalysisJob.Name, r.HCPNamespace)
 
 	err = waitForJobCompletion(ctx, r.ManagementK8sClient, etcdAnalysisJob.Name, r.HCPNamespace, analysisJobTimeout)
-
-	// Add Dynatrace logs query URL to notes if available
-	if r.DynatraceManagementClusterURL != "" && r.ManagementClusterName != "" {
-		dynatraceLogsURL := buildDynatraceLogsURL(
-			r.DynatraceManagementClusterURL,
-			r.HCPNamespace,
-			etcdAnalysisJob.Name,
-		)
-		r.Notes.AppendSuccess("Note: Click 'Show full note' to access the full URL. Logs may take up to 5 minutes to appear in Dynatrace.\n\nDynatrace Logs: %s", dynatraceLogsURL)
-	}
-
 	if err != nil {
 		if investigation.IsInfrastructureError(err) {
 			return result, err
@@ -344,14 +334,34 @@ func (i *Investigation) runHCPEtcdAnalysis(ctx context.Context, rb investigation
 		return result, nil
 	}
 
+	r.Notes.AppendSuccess("Analysis job completed successfully, fetching logs from RHOBS")
+
+	// Fetch logs from RHOBS
+	logs, err := fetchRHOBSLogs(ctx, r, r.HCPNamespace, etcdAnalysisJob.Name)
+	if err != nil {
+		r.Notes.AppendWarning("Failed to fetch RHOBS logs: %v", err)
+		logging.Errorf("failed to fetch RHOBS logs: %v", err)
+		result.EtcdDatabaseAnalysis = investigation.InvestigationStep{
+			Performed: true,
+			Labels:    []string{"failure", "rhobs_logs_failed"},
+		}
+		result.Actions = append(
+			executor.NoteAndReportFrom(r.Notes, r.Cluster.ID(), i.Name()),
+			executor.Escalate("Failed to fetch RHOBS logs - manual investigation required"),
+		)
+		return result, nil
+	}
+
+	r.Notes.AppendSuccess("Successfully fetched logs from RHOBS\n\n%s", logs)
+
 	result.EtcdDatabaseAnalysis = investigation.InvestigationStep{
 		Performed: true,
 		Labels:    []string{"success", "completed"},
 	}
 
 	result.Actions = append(
 		executor.NoteAndReportFrom(r.Notes, r.Cluster.ID(), i.Name()),
-		executor.Escalate("HCP etcd analysis complete - see dynatrace logs for details"),
+		executor.Escalate("HCP etcd analysis complete - see logs above for details"),
 	)
 	return result, nil
 }
@@ -576,41 +586,49 @@ func getEtcdctlContainerImage(pod *corev1.Pod) (string, error) {
 	return "", fmt.Errorf("etcdctl container image not found in pod: %s", pod.Name)
 }
 
-// buildDynatraceLogsURL constructs a Dynatrace UI URL with a DQL query for the analysis job logs
-func buildDynatraceLogsURL(baseURL, namespace, jobId string) string {
-	query := fmt.Sprintf(
-		`fetch logs, from:now()-1h | filter matchesValue(event.type, "LOG") and (matchesValue(k8s.namespace.name, "%s")) and (matchesValue(k8s.pod.name, "%s*")) | sort timestamp desc | limit 1000`,
-		namespace,
-		jobId,
-	)
+// buildRHOBSLogsURL constructs a Grafana/RHOBS explore URL with a LogQL query for the analysis job logs
+func buildRHOBSLogsURL(rhobsCell, namespace, jobId string) string {
+	logQLQuery := fmt.Sprintf(`{kubernetes_namespace_name="%s", kubernetes_pod_name=~"%s.*"}`, namespace, jobId)
+
+	leftParam := url.QueryEscape(fmt.Sprintf(
+		`{"datasource":"Loki","queries":[{"refId":"A","expr":"%s","queryType":"range"}],"range":{"from":"now-30m","to":"now"}}`,
+		logQLQuery,
+	))
+
+	return fmt.Sprintf("https://%s/explore?left=%s", rhobsCell, leftParam)
+}
+
+// fetchRHOBSLogs fetches logs from RHOBS Grafana Loki for the analysis job
+func fetchRHOBSLogs(ctx context.Context, r *investigation.Resources, namespace, jobName string) (string, error) {
+	if r.RHOBSClient == nil {
+		return "", fmt.Errorf("RHOBS client not available")
+	}
+
+	logging.Infof("Fetching logs from RHOBS for job %s in namespace %s", jobName, namespace)
 
-	// Build the state object for Dynatrace logs UI
-	// The order of fields matters for some Dynatrace UI versions
-	state := map[string]interface{}{
-		"version": 2,
-		"dt.timeframe": map[string]string{
-			"from": "now()-30m",
-			"to":   "now()",
-		},
-		"tableConfig": map[string]interface{}{
-			"columns": []string{"timestamp", "status", "Log message"},
-		},
-		"showDqlEditor":    true,
-		"filterFieldQuery": query,
-		"dt.query":         query,
-		"facetsCollapse":   true,
-	}
-
-	jsonBytes, err := json.Marshal(state)
+	logQLQuery := fmt.Sprintf(`{kubernetes_namespace_name="%s", kubernetes_pod_name=~"%s.*"}`, namespace, jobName)
+
+	now := time.Now()
+	start := now.Add(-30 * time.Minute)
+
+	logging.Debugf("Querying RHOBS with LogQL: %s (time range: %s to %s)", logQLQuery, start.Format(time.RFC3339), now.Format(time.RFC3339))
+
+	result, err := r.RHOBSClient.QueryLogs(ctx, logQLQuery, start, now, 1000)
 	if err != nil {
-		jsonBytes = []byte("{}")
-		logging.Warnf("failed to marshal Dynatrace state to JSON: %v", err)
+		return "", fmt.Errorf("failed to query RHOBS logs: %w", err)
 	}
 
-	// URL encode the JSON state
-	// Note: QueryEscape uses + for spaces, but hash fragments need %20
-	encodedState := url.QueryEscape(string(jsonBytes))
-	encodedState = strings.ReplaceAll(encodedState, "+", "%20")
+	if result.TotalLines == 0 {
+		logging.Warnf("No logs found in RHOBS for job %s", jobName)
+		return "No logs found in RHOBS for this job. Logs may take up to 5 minutes to appear.", nil
+	}
+
+	logging.Infof("Successfully fetched %d log lines from RHOBS", result.TotalLines)
+
+	formattedLogs := rhobs.FormatLogsForDisplay(result, 100)
+
+	exploreURL := buildRHOBSLogsURL(r.RHOBSCell, namespace, jobName)
+	formattedLogs += fmt.Sprintf("\n\nView full logs in Grafana: %s", exploreURL)
 
-	return fmt.Sprintf("%sui/apps/dynatrace.logs/#%s", baseURL, encodedState)
+	return formattedLogs, nil
 }