RubyGems - fluent-plugin-cloudwatch-logs - Versions diffs - 0.9.5 → 0.11.1 - Diffend - OSS supply chain security and management platform

fluent-plugin-cloudwatch-logs 0.9.5 → 0.11.1

Files changed (9) hide show

checksums.yaml +4 -4
data/.github/workflows/issue-auto-closer.yml +12 -0
data/README.md +72 -1
data/lib/fluent/plugin/cloudwatch/logs/version.rb +1 -1
data/lib/fluent/plugin/in_cloudwatch_logs.rb +83 -15
data/lib/fluent/plugin/out_cloudwatch_logs.rb +44 -8
data/test/plugin/test_in_cloudwatch_logs.rb +84 -4
data/test/plugin/test_out_cloudwatch_logs.rb +67 -0
metadata +8 -7

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 13ef3e0d5f4fd4c12c49b16ccbd07db237b7cff26ea272e4ef6337b09b02e975
-  data.tar.gz: 8cefeed014b1842ccce9f15479ad8cc54aa51b976281abb5d3e1c8828239aaa3
+  metadata.gz: 7d78abf2df32b76a85618e07a9164b6b4b59085bb56054b9cff15a947674eb26
+  data.tar.gz: 935d10a414f4ac4e83d619978695aa98bc2ec784c02ef5e60ec082ac7b39f667
 SHA512:
-  metadata.gz: 41ca6fa20d0c26955fcbab7f7a5a9fb8c032a5fd09f8676ccaaf5e4dd12694ea74c7c5320590f076405c691d436bc87b820e6bc9b75dc516062b2f3e09d8a377
-  data.tar.gz: 1f5bbd694c5962de73ee1e0ca622d8892437fb82d00b76ed87086feeba49f6d2c3a4904edad81bec88ba2d3ca47701c15cb56395470f19742c16b3168dd870e5
+  metadata.gz: 8f5113e44e0fb327000423a12292f1d6c25be4e5e491773e3e074b06a9c4206797ac0a3873c5b252da9dbbfa705d7989bb6b84f71d39e4080c5eb882555c914e
+  data.tar.gz: ee663a6f50e7788703d3bea274c194ea83d4b330d25b284112682247984cf9de344d00a4a7aba8d7f6e7589c396510e0a0970cb48bea73d73841eb1c22e3cd77

data/.github/workflows/issue-auto-closer.yml ADDED

@@ -0,0 +1,12 @@
+name: Autocloser
+on: [issues]
+jobs:
+  autoclose:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Autoclose issues that did not follow issue template
+      uses: roots/issue-closer-action@v1.1
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        issue-close-message: "@${issue.user.login} this issue was automatically closed because it did not follow the issue template."
+        issue-pattern: "(.*Problem.*)|(.*Expected Behavior or What you need to ask.*)|(.*Using Fluentd and CloudWatchLogs plugin versions.*)"

data/README.md CHANGED

@@ -43,6 +43,46 @@ Create IAM user with a policy like the following:
 }
 ```
+More restricted IAM policy for `out_cloudwatch_logs` is:
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": [
+                "logs:PutLogEvents",
+                "logs:CreateLogGroup",
+                "logs:PutRetentionPolicy",
+                "logs:CreateLogStream",
+                "logs:DescribeLogGroups",
+                "logs:DescribeLogStreams"
+            ],
+            "Effect": "Allow",
+            "Resource": "*"
+        }
+    ]
+}
+```
+Also, more restricted IAM policy for `in_cloudwatch_logs` is:
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": [
+                "logs:GetLogEvents",
+                "logs:DescribeLogStreams"
+            ],
+            "Effect": "Allow",
+            "Resource": "*"
+        }
+    ]
+}
+```
 ## Authentication
 There are several methods to provide authentication credentials.  Be aware that there are various tradeoffs for these methods,
@@ -120,6 +160,11 @@ Fetch sample log from CloudWatch Logs:
   #endpoint http://localhost:5000/
   #json_handler json
   #log_rejected_request true
+  #<web_identity_credentials>
+  #  role_arn          "#{ENV['AWS_ROLE_ARN']}"
+  #  role_session_name ROLE_SESSION_NAME
+  #  web_identity_token_file "#{ENV['AWS_WEB_IDENTITY_TOKEN_FILE']}"
+  #</web_identity_credentials>
 </match>
 ```
@@ -154,6 +199,14 @@ Fetch sample log from CloudWatch Logs:
 * `retention_in_days_key`: use specified field of records as retention period
 * `use_tag_as_group`: to use tag as a group name
 * `use_tag_as_stream`: to use tag as a stream name
+* `<web_identity_credentials>`: For EKS authentication.
+  * `role_arn`: The Amazon Resource Name (ARN) of the role to assume. This parameter is required when using `<web_identity_credentials>`.
+  * `role_session_name`: An identifier for the assumed role session.  This parameter is required when using `<web_identity_credentials>`.
+  * `web_identity_token_file`: The absolute path to the file on disk containing the OIDC token. This parameter is required when using `<web_identity_credentials>`.
+  * `policy`: An IAM policy in JSON format. (default `nil`)
+  * `duration_seconds`: The duration, in seconds, of the role session. The value can range from
+900 seconds (15 minutes) to 43200 seconds (12 hours). By default, the value
+is set to 3600 seconds (1 hour). (default `nil`)
 **NOTE:** `retention_in_days` requests additional IAM permission `logs:PutRetentionPolicy` for log_group.
 Please refer to [the PutRetentionPolicy column in documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/permissions-reference-cwl.html) for details.
@@ -178,6 +231,14 @@ Please refer to [the PutRetentionPolicy column in documentation](https://docs.aw
   #<parse>
   # @type none # or csv, tsv, regexp etc.
   #</parse>
+  #<storage>
+  # @type local # or redis, memcached, etc.
+  #</storage>
+  #<web_identity_credentials>
+  #  role_arn          "#{ENV['AWS_ROLE_ARN']}"
+  #  role_session_name ROLE_SESSION_NAME
+  #  web_identity_token_file "#{ENV['AWS_WEB_IDENTITY_TOKEN_FILE']}"
+  #</web_identity_credentials>
 </source>
 ```
@@ -194,7 +255,8 @@ Please refer to [the PutRetentionPolicy column in documentation](https://docs.aw
 * `log_stream_name`: name of log stream to fetch logs
 * `region`: AWS Region.  See [Authentication](#authentication) for more information.
 * `throttling_retry_seconds`: time period in seconds to retry a request when aws CloudWatch rate limit exceeds (default: nil)
-* `state_file`: file to store current state (e.g. next\_forward\_token)
+* `include_metadata`: include metadata such as `log_group_name` and `log_stream_name`. (default: false)
+* `state_file`: file to store current state (e.g. next\_forward\_token). This parameter is deprecated. Use `<storage>` instead.
 * `tag`: fluentd tag
 * `use_log_stream_name_prefix`: to use `log_stream_name` as log stream name prefix (default false)
 * `use_todays_log_stream`: use todays and yesterdays date as log stream name prefix (formatted YYYY/MM/DD). (default: `false`)
@@ -204,6 +266,15 @@ Please refer to [the PutRetentionPolicy column in documentation](https://docs.aw
 * `time_range_format`: specify time format for time range. (default: `%Y-%m-%d %H:%M:%S`)
 * `format`: specify CloudWatchLogs' log format. (default `nil`)
 * `<parse>`: specify parser plugin configuration. see also: https://docs.fluentd.org/v/1.0/parser#how-to-use
+* `<storage>`: specify storage plugin configuration. see also: https://docs.fluentd.org/v/1.0/storage#how-to-use
+* `<web_identity_credentials>`: For EKS authentication.
+  * `role_arn`: The Amazon Resource Name (ARN) of the role to assume. This parameter is required when using `<web_identity_credentials>`.
+  * `role_session_name`: An identifier for the assumed role session.  This parameter is required when using `<web_identity_credentials>`.
+  * `web_identity_token_file`: The absolute path to the file on disk containing the OIDC token. This parameter is required when using `<web_identity_credentials>`.
+  * `policy`: An IAM policy in JSON format. (default `nil`)
+  * `duration_seconds`: The duration, in seconds, of the role session. The value can range from
+900 seconds (15 minutes) to 43200 seconds (12 hours). By default, the value
+is set to 3600 seconds (1 hour). (default `nil`)
 ## Test

data/lib/fluent/plugin/cloudwatch/logs/version.rb CHANGED

@@ -2,7 +2,7 @@ module Fluent
   module Plugin
     module Cloudwatch
       module Logs
-        VERSION = "0.9.5"
+        VERSION = "0.11.1"
       end
     end
   end

data/lib/fluent/plugin/in_cloudwatch_logs.rb CHANGED

@@ -8,20 +8,24 @@ module Fluent::Plugin
   class CloudwatchLogsInput < Input
     Fluent::Plugin.register_input('cloudwatch_logs', self)
-    helpers :parser, :thread, :compat_parameters
+    helpers :parser, :thread, :compat_parameters, :storage
+    DEFAULT_STORAGE_TYPE = 'local'
     config_param :aws_key_id, :string, default: nil, secret: true
     config_param :aws_sec_key, :string, default: nil, secret: true
     config_param :aws_use_sts, :bool, default: false
     config_param :aws_sts_role_arn, :string, default: nil
     config_param :aws_sts_session_name, :string, default: 'fluentd'
+    config_param :aws_sts_endpoint_url, :string, default: nil
     config_param :region, :string, default: nil
     config_param :endpoint, :string, default: nil
     config_param :tag, :string
     config_param :log_group_name, :string
     config_param :log_stream_name, :string, default: nil
     config_param :use_log_stream_name_prefix, :bool, default: false
-    config_param :state_file, :string
+    config_param :state_file, :string, default: nil,
+                 deprecated: "Use <stroage> instead."
     config_param :fetch_interval, :time, default: 60
     config_param :http_proxy, :string, default: nil
     config_param :json_handler, :enum, list: [:yajl, :json], default: :yajl
@@ -31,11 +35,25 @@ module Fluent::Plugin
     config_param :end_time, :string, default: nil
     config_param :time_range_format, :string, default: "%Y-%m-%d %H:%M:%S"
     config_param :throttling_retry_seconds, :time, default: nil
+    config_param :include_metadata, :bool, default: false
+    config_section :web_identity_credentials, multi: false do
+      config_param :role_arn, :string
+      config_param :role_session_name, :string
+      config_param :web_identity_token_file, :string, default: nil #required
+      config_param :policy, :string, default: nil
+      config_param :duration_seconds, :time, default: nil
+    end
     config_section :parse do
       config_set_default :@type, 'none'
     end
+    config_section :storage do
+      config_set_default :usage, 'store_next_tokens'
+      config_set_default :@type, DEFAULT_STORAGE_TYPE
+      config_set_default :persistent, false
+    end
     def initialize
       super
@@ -53,6 +71,7 @@ module Fluent::Plugin
       if @start_time && @end_time && (@end_time < @start_time)
         raise Fluent::ConfigError, "end_time(#{@end_time}) should be greater than start_time(#{@start_time})."
       end
+      @next_token_storage = storage_create(usage: 'store_next_tokens', conf: config, default_type: DEFAULT_STORAGE_TYPE)
     end
     def start
@@ -64,10 +83,29 @@ module Fluent::Plugin
       if @aws_use_sts
         Aws.config[:region] = options[:region]
-        options[:credentials] = Aws::AssumeRoleCredentials.new(
+        credentials_options = {
           role_arn: @aws_sts_role_arn,
           role_session_name: @aws_sts_session_name
-        )
+        }
+        credentials_options[:sts_endpoint_url] = @aws_sts_endpoint_url if @aws_sts_endpoint_url
+        if @region and @aws_sts_endpoint_url
+          credentails_options[:client] = Aws::STS::Client.new(:region => @region, endpoint: @aws_sts_endpoint_url)
+        elsif @region
+          credentails_options[:client] = Aws::STS::Client.new(:region => @region)
+        end
+        options[:credentials] = Aws::AssumeRoleCredentials.new(credentials_options)
+      elsif @web_identity_credentials
+        c = @web_identity_credentials
+        credentials_options = {}
+        credentials_options[:role_arn] = c.role_arn
+        credentials_options[:role_session_name] = c.role_session_name
+        credentials_options[:web_identity_token_file] = c.web_identity_token_file
+        credentials_options[:policy] = c.policy if c.policy
+        credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
+        if @region
+          credentials_options[:client] = Aws::STS::Client.new(:region => @region)
+        end
+        options[:credentials] = Aws::AssumeRoleWebIdentityCredentials.new(credentials_options)
       else
         options[:credentials] = Aws::Credentials.new(@aws_key_id, @aws_sec_key) if @aws_key_id && @aws_sec_key
       end
@@ -99,20 +137,28 @@ module Fluent::Plugin
       end
     end
-    def state_file_for(log_stream_name)
-      return "#{@state_file}_#{log_stream_name.gsub(File::SEPARATOR, '-')}" if log_stream_name
-      return @state_file
+    def state_key_for(log_stream_name)
+      if log_stream_name
+        "#{@state_file}_#{log_stream_name.gsub(File::SEPARATOR, '-')}"
+      else
+        @state_file
+      end
+    end
+    def migrate_state_file_to_storage(log_stream_name)
+      @next_token_storage.put(:"#{state_key_for(log_stream_name)}", File.read(state_key_for(log_stream_name)).chomp)
+      File.delete(state_key_for(log_stream_name))
     end
     def next_token(log_stream_name)
-      return nil unless File.exist?(state_file_for(log_stream_name))
-      File.read(state_file_for(log_stream_name)).chomp
+      if @next_token_storage.persistent && File.exist?(state_key_for(log_stream_name))
+        migrate_state_file_to_storage(log_stream_name)
+      end
+      @next_token_storage.get(:"#{state_key_for(log_stream_name)}")
     end
     def store_next_token(token, log_stream_name = nil)
-      File.open(state_file_for(log_stream_name), 'w') do |f|
-        f.write token
-      end
+      @next_token_storage.put(:"#{state_key_for(log_stream_name)}", token)
     end
     def run
@@ -130,8 +176,16 @@ module Fluent::Plugin
               log_streams.each do |log_stream|
                 log_stream_name = log_stream.log_stream_name
                 events = get_events(log_stream_name)
+                metadata = if @include_metadata
+                             {
+                               "log_stream_name" => log_stream_name,
+                               "log_group_name" => @log_group_name
+                             }
+                           else
+                             {}
+                           end
                 events.each do |event|
-                  emit(log_stream_name, event)
+                  emit(log_stream_name, event, metadata)
                 end
               end
             rescue Aws::CloudWatchLogs::Errors::ResourceNotFoundException
@@ -140,8 +194,16 @@ module Fluent::Plugin
             end
           else
             events = get_events(@log_stream_name)
+            metadata = if @include_metadata
+                          {
+                            "log_stream_name" => @log_stream_name,
+                            "log_group_name" => @log_group_name
+                          }
+                        else
+                          {}
+                        end
             events.each do |event|
-              emit(log_stream_name, event)
+              emit(log_stream_name, event, metadata)
             end
           end
         end
@@ -149,18 +211,24 @@ module Fluent::Plugin
       end
     end
-    def emit(stream, event)
+    def emit(stream, event, metadata)
       if @parser
         @parser.parse(event.message) {|time,record|
           if @use_aws_timestamp
             time = (event.timestamp / 1000).floor
           end
+          unless metadata.empty?
+            record.merge!("metadata" => metadata)
+          end
           router.emit(@tag, time, record)
         }
       else
         time = (event.timestamp / 1000).floor
         begin
           record = @json_handler.load(event.message)
+          unless metadata.empty?
+            record.merge!("metadata" => metadata)
+          end
           router.emit(@tag, time, record)
         rescue JSON::ParserError, Yajl::ParseError => error # Catch parser errors
           log.error "Invalid JSON encountered while parsing event.message"

data/lib/fluent/plugin/out_cloudwatch_logs.rb CHANGED

@@ -7,6 +7,8 @@ module Fluent::Plugin
   class CloudwatchLogsOutput < Output
     Fluent::Plugin.register_output('cloudwatch_logs', self)
+    class TooLargeEventError < Fluent::UnrecoverableError; end
     helpers :compat_parameters, :inject
     DEFAULT_BUFFER_TYPE = "memory"
@@ -17,6 +19,7 @@ module Fluent::Plugin
     config_param :aws_use_sts, :bool, default: false
     config_param :aws_sts_role_arn, :string, default: nil
     config_param :aws_sts_session_name, :string, default: 'fluentd'
+    config_param :aws_sts_endpoint_url, :string, default: nil
     config_param :region, :string, :default => nil
     config_param :endpoint, :string, :default => nil
     config_param :log_group_name, :string, :default => nil
@@ -44,6 +47,13 @@ module Fluent::Plugin
     config_param :remove_retention_in_days_key, :bool, default: false
     config_param :json_handler, :enum, list: [:yajl, :json], :default => :yajl
     config_param :log_rejected_request, :bool, :default => false
+    config_section :web_identity_credentials, multi: false do
+      config_param :role_arn, :string
+      config_param :role_session_name, :string
+      config_param :web_identity_token_file, :string, default: nil #required
+      config_param :policy, :string, default: nil
+      config_param :duration_seconds, :time, default: nil
+    end
     config_section :buffer do
       config_set_default :@type, DEFAULT_BUFFER_TYPE
@@ -92,10 +102,29 @@ module Fluent::Plugin
       if @aws_use_sts
         Aws.config[:region] = options[:region]
-        options[:credentials] = Aws::AssumeRoleCredentials.new(
+        credentials_options = {
           role_arn: @aws_sts_role_arn,
           role_session_name: @aws_sts_session_name
-        )
+        }
+        credentials_options[:sts_endpoint_url] = @aws_sts_endpoint_url if @aws_sts_endpoint_url
+        if @region and @aws_sts_endpoint_url
+          credentails_options[:client] = Aws::STS::Client.new(:region => @region, endpoint: @aws_sts_endpoint_url)
+        elsif @region
+          credentails_options[:client] = Aws::STS::Client.new(:region => @region)
+        end
+        options[:credentials] = Aws::AssumeRoleCredentials.new(credentials_options)
+      elsif @web_identity_credentials
+        c = @web_identity_credentials
+        credentials_options = {}
+        credentials_options[:role_arn] = c.role_arn
+        credentials_options[:role_session_name] = c.role_session_name
+        credentials_options[:web_identity_token_file] = c.web_identity_token_file
+        credentials_options[:policy] = c.policy if c.policy
+        credentials_options[:duration_seconds] = c.duration_seconds if c.duration_seconds
+        if @region
+          credentials_options[:client] = Aws::STS::Client.new(:region => @region)
+        end
+        options[:credentials] = Aws::AssumeRoleWebIdentityCredentials.new(credentials_options)
       else
         options[:credentials] = Aws::Credentials.new(@aws_key_id, @aws_sec_key) if @aws_key_id && @aws_sec_key
       end
@@ -130,6 +159,9 @@ module Fluent::Plugin
     def write(chunk)
       log_group_name = extract_placeholders(@log_group_name, chunk) if @log_group_name
       log_stream_name = extract_placeholders(@log_stream_name, chunk) if @log_stream_name
+      aws_tags = @log_group_aws_tags.each {|k, v|
+        @log_group_aws_tags[extract_placeholders(k, chunk)] = extract_placeholders(v, chunk)
+      } if @log_group_aws_tags
       queue = Thread::Queue.new
@@ -182,7 +214,7 @@ module Fluent::Plugin
           #as we create log group only once, values from first record will persist
           record = rs[0][2]
-          awstags = @log_group_aws_tags
+          awstags = aws_tags
           unless @log_group_aws_tags_key.nil?
             if @remove_log_group_aws_tags_key
               awstags = record.delete(@log_group_aws_tags_key)
@@ -319,8 +351,7 @@ module Fluent::Plugin
       while event = events.shift
         event_bytesize = event[:message].bytesize + EVENT_HEADER_SIZE
         if MAX_EVENT_SIZE < event_bytesize
-          log.warn "Log event in #{group_name} is discarded because it is too large: #{event_bytesize} bytes exceeds limit of #{MAX_EVENT_SIZE}"
-          break
+          raise TooLargeEventError, "Log event in #{group_name} is discarded because it is too large: #{event_bytesize} bytes exceeds limit of #{MAX_EVENT_SIZE}"
         end
         new_chunk = chunk + [event]
@@ -377,8 +408,7 @@ module Fluent::Plugin
           end
         rescue Aws::CloudWatchLogs::Errors::InvalidSequenceTokenException, Aws::CloudWatchLogs::Errors::DataAlreadyAcceptedException => err
           sleep 1 # to avoid too many API calls
-          log_stream = find_log_stream(group_name, stream_name)
-          store_next_sequence_token(group_name, stream_name, log_stream.upload_sequence_token)
+          store_next_sequence_token(group_name, stream_name, err.expected_sequence_token)
           log.warn "updating upload sequence token forcefully because unrecoverable error occured", {
             "error" => err,
             "log_group" => group_name,
@@ -400,7 +430,13 @@ module Fluent::Plugin
             raise err
           end
         rescue Aws::CloudWatchLogs::Errors::ThrottlingException => err
-          if !@put_log_events_disable_retry_limit && @put_log_events_retry_limit < retry_count
+          if @put_log_events_retry_limit < 1
+            log.warn "failed to PutLogEvents and discard logs because put_log_events_retry_limit is less than 1", {
+              "error_class" => err.class.to_s,
+              "error" => err.message,
+            }
+            return
+          elsif !@put_log_events_disable_retry_limit && @put_log_events_retry_limit < retry_count
             log.error "failed to PutLogEvents and discard logs because retry count exceeded put_log_events_retry_limit", {
               "error_class" => err.class.to_s,
               "error" => err.message,

data/test/plugin/test_in_cloudwatch_logs.rb CHANGED

@@ -99,6 +99,34 @@ class CloudwatchLogsInputTest < Test::Unit::TestCase
       assert_equal(['test', (time_ms / 1000).floor, {'cloudwatch' => 'logs2'}], emits[1])
     end
+    def test_emit_with_metadata
+      create_log_stream
+      time_ms = (Time.now.to_f * 1000).floor
+      put_log_events([
+        {timestamp: time_ms, message: '{"cloudwatch":"logs1"}'},
+        {timestamp: time_ms, message: '{"cloudwatch":"logs2"}'},
+      ])
+      sleep 5
+      d = create_driver(default_config + %[include_metadata true])
+      d.run(expect_emits: 2, timeout: 5)
+      emits = d.events
+      assert_true(emits[0][2].has_key?("metadata"))
+      assert_true(emits[1][2].has_key?("metadata"))
+      emits[0][2].delete_if {|k, v|
+        k == "metadata"
+      }
+      emits[1][2].delete_if {|k, v|
+        k == "metadata"
+      }
+      assert_equal(2, emits.size)
+      assert_equal(['test', (time_ms / 1000).floor, {'cloudwatch' => 'logs1'}], emits[0])
+      assert_equal(['test', (time_ms / 1000).floor, {'cloudwatch' => 'logs2'}], emits[1])
+    end
     def test_emit_with_aws_timestamp
       create_log_stream
@@ -173,7 +201,6 @@ class CloudwatchLogsInputTest < Test::Unit::TestCase
                            '@type' => 'cloudwatch_logs',
                            'log_group_name' => "#{log_group_name}",
                            'log_stream_name' => "#{log_stream_name}",
-                           'state_file' => '/tmp/state',
                           }
       cloudwatch_config = cloudwatch_config.merge!(config_elementify(aws_key_id)) if ENV['aws_key_id']
       cloudwatch_config = cloudwatch_config.merge!(config_elementify(aws_sec_key)) if ENV['aws_sec_key']
@@ -183,7 +210,49 @@ class CloudwatchLogsInputTest < Test::Unit::TestCase
       csv_format_config = config_element('ROOT', '', cloudwatch_config, [
                                            config_element('parse', '', {'@type' => 'csv',
                                                                         'keys' => 'time,message',
-                                                                        'time_key' => 'time'})
+                                                                        'time_key' => 'time'}),
+                                           config_element('storage', '', {'@type' => 'local',
+                                                                          'path' => '/tmp/state'})
+                                         ])
+      create_log_stream
+      time_ms = (Time.now.to_f * 1000).floor
+      log_time_ms = time_ms - 10000
+      put_log_events([
+        {timestamp: time_ms, message: Time.at(log_time_ms/1000.floor).to_s + ",Cloudwatch non json logs1"},
+        {timestamp: time_ms, message: Time.at(log_time_ms/1000.floor).to_s + ",Cloudwatch non json logs2"},
+      ])
+      sleep 5
+      d = create_driver(csv_format_config)
+      d.run(expect_emits: 2, timeout: 5)
+      emits = d.events
+      assert_equal(2, emits.size)
+      assert_equal(['test', (log_time_ms / 1000).floor, {"message"=>"Cloudwatch non json logs1"}], emits[0])
+      assert_equal(['test', (log_time_ms / 1000).floor, {"message"=>"Cloudwatch non json logs2"}], emits[1])
+    end
+    test "emit with <parse> csv with metadata" do
+      cloudwatch_config = {'tag' => "test",
+                           '@type' => 'cloudwatch_logs',
+                           'log_group_name' => "#{log_group_name}",
+                           'log_stream_name' => "#{log_stream_name}",
+                           'include_metadata' => true,
+                          }
+      cloudwatch_config = cloudwatch_config.merge!(config_elementify(aws_key_id)) if ENV['aws_key_id']
+      cloudwatch_config = cloudwatch_config.merge!(config_elementify(aws_sec_key)) if ENV['aws_sec_key']
+      cloudwatch_config = cloudwatch_config.merge!(config_elementify(region)) if ENV['region']
+      cloudwatch_config = cloudwatch_config.merge!(config_elementify(endpoint)) if ENV['endpoint']
+      csv_format_config = config_element('ROOT', '', cloudwatch_config, [
+                                           config_element('parse', '', {'@type' => 'csv',
+                                                                        'keys' => 'time,message',
+                                                                        'time_key' => 'time'}),
+                                           config_element('storage', '', {'@type' => 'local',
+                                                                          'path' => '/tmp/state'})
                                          ])
       create_log_stream
@@ -200,6 +269,14 @@ class CloudwatchLogsInputTest < Test::Unit::TestCase
       d.run(expect_emits: 2, timeout: 5)
       emits = d.events
+      assert_true(emits[0][2].has_key?("metadata"))
+      assert_true(emits[1][2].has_key?("metadata"))
+      emits[0][2].delete_if {|k, v|
+        k == "metadata"
+      }
+      emits[1][2].delete_if {|k, v|
+        k == "metadata"
+      }
       assert_equal(2, emits.size)
       assert_equal(['test', (log_time_ms / 1000).floor, {"message"=>"Cloudwatch non json logs1"}], emits[0])
       assert_equal(['test', (log_time_ms / 1000).floor, {"message"=>"Cloudwatch non json logs2"}], emits[1])
@@ -246,7 +323,6 @@ class CloudwatchLogsInputTest < Test::Unit::TestCase
                            '@type' => 'cloudwatch_logs',
                            'log_group_name' => "#{log_group_name}",
                            'log_stream_name' => "#{log_stream_name}",
-                           'state_file' => '/tmp/state',
                           }
       cloudwatch_config = cloudwatch_config.merge!(config_elementify(aws_key_id)) if ENV['aws_key_id']
       cloudwatch_config = cloudwatch_config.merge!(config_elementify(aws_sec_key)) if ENV['aws_sec_key']
@@ -256,7 +332,9 @@ class CloudwatchLogsInputTest < Test::Unit::TestCase
       regex_format_config = config_element('ROOT', '', cloudwatch_config, [
                                            config_element('parse', '', {'@type' => 'regexp',
                                                                         'expression' => "/^(?<cloudwatch>[^ ]*)?/",
-                                                                       })
+                                                                       }),
+                                           config_element('storage', '', {'@type' => 'local',
+                                                                          'path' => '/tmp/state'})
                                          ])
       create_log_stream
@@ -552,6 +630,8 @@ class CloudwatchLogsInputTest < Test::Unit::TestCase
     end
     test "emit with today's log stream" do
+      omit "This testcase is unstable in CI." if ENV["CI"] == "true"
       config = <<-CONFIG
         tag test
         @type cloudwatch_logs

data/test/plugin/test_out_cloudwatch_logs.rb CHANGED

@@ -492,6 +492,47 @@ class CloudwatchLogsOutputTest < Test::Unit::TestCase
       assert_equal("value2", awstags.fetch("tag2"))
     end
+    def test_log_group_aws_tags_with_placeholders
+      clear_log_group
+      config = {
+        "@type" => "cloudwatch_logs",
+        "auto_create_stream" => true,
+        "use_tag_as_stream" => true,
+        "log_group_name_key" => "group_name_key",
+        "log_group_aws_tags" => '{"tag1": "${tag}", "tag2": "${namespace_name}"}',
+      }
+      config.merge!(config_elementify(aws_key_id)) if aws_key_id
+      config.merge!(config_elementify(aws_sec_key)) if aws_sec_key
+      config.merge!(config_elementify(region)) if region
+      config.merge!(config_elementify(endpoint)) if endpoint
+      d = create_driver(
+        Fluent::Config::Element.new('ROOT', '', config, [
+          Fluent::Config::Element.new('buffer', 'tag, namespace_name', {
+            '@type' => 'memory',
+          }, [])
+        ])
+      )
+      records = [
+        {'cloudwatch' => 'logs1', 'message' => 'message1', 'group_name_key' => log_group_name, "namespace_name" => "fluentd"},
+        {'cloudwatch' => 'logs2', 'message' => 'message1', 'group_name_key' => log_group_name, "namespace_name" => "fluentd"},
+        {'cloudwatch' => 'logs3', 'message' => 'message1', 'group_name_key' => log_group_name, "namespace_name" => "fluentd"},
+      ]
+      time = Time.now
+      d.run(default_tag: fluentd_tag) do
+        records.each_with_index do |record, i|
+          d.feed(time.to_i + i, record)
+        end
+      end
+      awstags = get_log_group_tags
+      assert_equal(fluentd_tag, awstags.fetch("tag1"))
+      assert_equal("fluentd", awstags.fetch("tag2"))
+    end
     def test_retention_in_days
       clear_log_group
@@ -713,6 +754,32 @@ class CloudwatchLogsOutputTest < Test::Unit::TestCase
       assert_equal({'cloudwatch' => 'logs2', 'message' => 'message2'}, JSON.parse(events[1].message))
     end
+    def test_retrying_on_throttling_exception_with_put_log_events_retry_limit_as_zero
+      client = Aws::CloudWatchLogs::Client.new
+      @called = false
+      stub(client).put_log_events(anything) {
+        raise(Aws::CloudWatchLogs::Errors::ThrottlingException.new(nil, "error"))
+      }.once.ordered
+      d = create_driver(<<-EOC)
+        #{default_config}
+        log_group_name #{log_group_name}
+        log_stream_name #{log_stream_name}
+        @log_level debug
+        put_log_events_retry_limit 0
+      EOC
+      time = event_time
+      d.instance.instance_variable_set(:@logs, client)
+      d.run(default_tag: fluentd_tag) do
+        d.feed(time, {'message' => 'message1'})
+      end
+      logs = d.logs
+      assert_equal(0, logs.select {|l| l =~ /Called PutLogEvents API/ }.size)
+      assert_equal(1, logs.select {|l| l =~ /failed to PutLogEvents/ }.size)
+      assert_equal(0, logs.select {|l| l =~ /retry succeeded/ }.size)
+    end
     def test_retrying_on_throttling_exception
       resp = Object.new
       mock(resp).rejected_log_events_info {}

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-cloudwatch-logs
 version: !ruby/object:Gem::Version
-  version: 0.9.5
+  version: 0.11.1
 platform: ruby
 authors:
 - Ryota Arai
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-06-19 00:00:00.000000000 Z
+date: 2020-10-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd
@@ -108,13 +108,14 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description:
+description:
 email:
 - ryota.arai@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/issue-auto-closer.yml"
 - ".gitignore"
 - ".travis.yml"
 - Gemfile
@@ -135,7 +136,7 @@ homepage: https://github.com/fluent-plugins-nursery/fluent-plugin-cloudwatch-log
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -150,8 +151,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key:
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: CloudWatch Logs Plugin for Fluentd
 test_files: