Add tenant isolation smoke test for telemetry stack

This commit introduces a new script `tenant_isolation_smoke.py` that performs smoke tests to validate tenant isolation in the telemetry storage stack (Tempo + Loki) with mutual TLS enabled. The script checks that traces and logs pushed with specific tenant headers are only accessible to the corresponding tenants, ensuring proper enforcement of multi-tenancy. The tests include pushing a trace and a log entry, followed by assertions to verify access restrictions based on tenant IDs.

deploy/compose/docker-compose.telemetry.yaml

@@ -8,11 +8,19 @@ services:
       - "--config=/etc/otel-collector/config.yaml"
     environment:
       STELLAOPS_OTEL_TLS_CERT: /etc/otel-collector/tls/collector.crt
-      STELLAOPS_OTEL_TLS_KEY: /etc/otel-collector/tls/collector.key
-      STELLAOPS_OTEL_TLS_CA: /etc/otel-collector/tls/ca.crt
-      STELLAOPS_OTEL_PROMETHEUS_ENDPOINT: 0.0.0.0:9464
-      STELLAOPS_OTEL_REQUIRE_CLIENT_CERT: "true"
-      STELLAOPS_TENANT_ID: dev
+      STELLAOPS_OTEL_TLS_KEY: /etc/otel-collector/tls/collector.key
+      STELLAOPS_OTEL_TLS_CA: /etc/otel-collector/tls/ca.crt
+      STELLAOPS_OTEL_PROMETHEUS_ENDPOINT: 0.0.0.0:9464
+      STELLAOPS_OTEL_REQUIRE_CLIENT_CERT: "true"
+      STELLAOPS_TENANT_ID: dev
+      STELLAOPS_TEMPO_ENDPOINT: https://stellaops-tempo:3200
+      STELLAOPS_TEMPO_TLS_CERT_FILE: /etc/otel-collector/tls/client.crt
+      STELLAOPS_TEMPO_TLS_KEY_FILE: /etc/otel-collector/tls/client.key
+      STELLAOPS_TEMPO_TLS_CA_FILE: /etc/otel-collector/tls/ca.crt
+      STELLAOPS_LOKI_ENDPOINT: https://stellaops-loki:3100/loki/api/v1/push
+      STELLAOPS_LOKI_TLS_CERT_FILE: /etc/otel-collector/tls/client.crt
+      STELLAOPS_LOKI_TLS_KEY_FILE: /etc/otel-collector/tls/client.key
+      STELLAOPS_LOKI_TLS_CA_FILE: /etc/otel-collector/tls/ca.crt
     volumes:
       - ../telemetry/otel-collector-config.yaml:/etc/otel-collector/config.yaml:ro
       - ../telemetry/certs:/etc/otel-collector/tls:ro