fluent-plugin-google-cloud 0.8.4 → 0.9.1

data/lib/fluent/plugin/filter_analyze_config.rb

@@ -0,0 +1,344 @@
+# Copyright 2020 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'fileutils'
+require 'fluent/config'
+require 'fluent/config/v1_parser'
+require 'set'
+
+require_relative 'common'
+require_relative 'monitoring'
+
+module Fluent
+  # Fluentd filter plugin to analyze configuration usage.
+  #
+  # For documentation on inspecting parsed configuration elements, see
+  # https://www.rubydoc.info/github/fluent/fluentd/Fluent/Config/Element
+  class AnalyzeConfigFilter < Filter
+    include Fluent::Config
+    Fluent::Plugin.register_filter('analyze_config', self)
+
+    module Constants
+      # Built-in plugins that are ok to reference in metrics.
+      KNOWN_PLUGINS = {
+        'filter' => Set[
+          'geoip',
+          'grep',
+          'parser',
+          'record_transformer',
+          'stdout',
+        ],
+        'match' => Set[
+          'copy',
+          'elasticsearch',
+          'exec',
+          'exec_filter',
+          'file',
+          'forward',
+          'http',
+          'kafka',
+          'mongo',
+          'mongo_replset',
+          'null',
+          'relabel',
+          'rewrite_tag_filter',
+          'roundrobin',
+          's3',
+          'secondary_file',
+          'stdout',
+          'webhdfs',
+        ],
+        'source' => Set[
+          'dummy',
+          'exec',
+          'forward',
+          'http',
+          'monitor_agent',
+          'syslog',
+          'tail',
+          'tcp',
+          'udp',
+          'unix',
+          'windows_eventlog',
+        ]
+      }.freeze
+
+      # For Google plugins, we collect metrics on the params listed here.
+      GOOGLE_PLUGIN_PARAMS = {
+        'google_cloud' => %w(
+          adjust_invalid_timestamps
+          auth_method
+          autoformat_stackdriver_trace
+          coerce_to_utf8
+          detect_json
+          enable_monitoring
+          gcm_service_address
+          grpc_compression_algorithm
+          http_request_key
+          insert_id_key
+          label_map
+          labels
+          labels_key
+          logging_api_url
+          monitoring_type
+          non_utf8_replacement_string
+          operation_key
+          private_key_email
+          private_key_passphrase
+          private_key_path
+          project_id
+          source_location_key
+          span_id_key
+          statusz_port
+          trace_key
+          trace_sampled_key
+          use_grpc
+          use_metadata_service
+          vm_id
+          vm_name
+          zone
+        ),
+        'detect_exceptions' => %w(
+          languages
+          max_bytes
+          max_lines
+          message
+          multiline_flush_interval
+          remove_tag_prefix
+          stream
+        )
+      }.freeze
+    end
+
+    include self::Constants
+
+    # Disable this warning to conform to fluentd config_param conventions.
+    # rubocop:disable Style/HashSyntax
+
+    # The root configuration file of google-fluentd package.
+    # This only applies to Linux.
+    config_param :google_fluentd_config_path,
+                 :string,
+                 :default => '/etc/google-fluentd/google-fluentd.conf'
+    # Baseline configuration for comparing with local
+    # customizations.
+    config_param :google_fluentd_baseline_config_path,
+                 :string,
+                 :default => '/etc/google-fluentd/baseline/google-fluentd.conf'
+
+    # What system to use when collecting metrics. Possible values are:
+    #   - 'prometheus', in this case default registry in the Prometheus
+    #     client library is used, without actually exposing the endpoint
+    #     to serve metrics in the Prometheus format.
+    #    - any other value will result in the absence of metrics.
+    config_param :monitoring_type, :string,
+                 :default => Monitoring::PrometheusMonitoringRegistry.name
+
+    # Override for the Google Cloud Monitoring service hostname, or
+    # `nil` to leave as the default.
+    config_param :gcm_service_address, :string, :default => nil
+
+    # rubocop:enable Style/HashSyntax
+
+    def start
+      super
+      @log = $log # rubocop:disable Style/GlobalVars
+
+      # Initialize the insertID.
+      @log.info 'Started the analyze_config plugin to analyze configuration.'
+    end
+
+    def parse_config(path)
+      data = File.open(path, 'r', &:read)
+      fname = File.basename(path)
+      basepath = File.dirname(path)
+      eval_context = Kernel.binding
+      # Override instance_eval so that LiteralParser does not actually
+      # evaluate the embedded Ruby, but instead just returns the
+      # source string.  See
+      # https://github.com/fluent/fluentd/blob/master/lib/fluent/config/literal_parser.rb
+      def eval_context.instance_eval(code)
+        code
+      end
+      Fluent::Config::V1Parser.parse(data, fname, basepath, eval_context)
+    end
+
+    # Returns a name for identifying plugins we ship by default.
+    def default_plugin_name(e)
+      case e['@type']
+      when 'syslog'
+        "#{e.name}/syslog/#{e['protocol_type']}"
+      when 'tail'
+        "#{e.name}/tail/#{File.basename(e['pos_file'], '.pos')}"
+      else
+        "#{e.name}/#{e['@type']}"
+      end
+    end
+
+    # Returns a name for identifying plugins not in our default
+    # config.  This should not contain arbitrary user-supplied data.
+    def custom_plugin_name(e)
+      if KNOWN_PLUGINS.key?(e.name) &&
+         KNOWN_PLUGINS[e.name].include?(e['@type'])
+        "#{e.name}/#{e['@type']}"
+      else
+        e.name.to_s
+      end
+    end
+
+    def embedded_ruby?(e)
+      (e.arg.include?('#{') ||
+       e.any? { |_, v| v.include?('#{') } ||
+       e.elements.any? { |ee| embedded_ruby?(ee) })
+    end
+
+    def configure(conf)
+      super
+      if File.file?(@google_fluentd_config_path) &&
+         File.file?(@google_fluentd_baseline_config_path)
+        @log.info(
+          'google-fluentd configuration file found at' \
+          " #{@google_fluentd_config_path}. " \
+          'google-fluentd baseline configuration file found at' \
+          " #{@google_fluentd_baseline_config_path}. " \
+          'google-fluentd Analyzing configuration.')
+
+        utils = Common::Utils.new(@log)
+        platform = utils.detect_platform(true)
+        project_id = utils.get_project_id(platform, nil)
+        vm_id = utils.get_vm_id(platform, nil)
+        zone = utils.get_location(platform, nil, true)
+
+        # All metadata parameters must now be set.
+        utils.check_required_metadata_variables(
+          platform, project_id, zone, vm_id)
+
+        # Retrieve monitored resource.
+        # Fail over to retrieve monitored resource via the legacy path if we
+        # fail to get it from Metadata Agent.
+        resource = utils.determine_agent_level_monitored_resource_via_legacy(
+          platform, nil, false, vm_id, zone)
+
+        unless Monitoring::MonitoringRegistryFactory.supports_monitoring_type(
+          @monitoring_type)
+          @log.warn "monitoring_type '#{@monitoring_type}' is unknown; "\
+                    'there will be no metrics'
+        end
+        registry = Monitoring::MonitoringRegistryFactory.create(
+          @monitoring_type, project_id, resource, @gcm_service_address)
+
+        plugin_usage = registry.counter(
+          :stackdriver_enabled_plugins,
+          [:plugin_name, :is_default_plugin, :has_default_value],
+          'Enabled plugins')
+        config_usage = registry.counter(
+          :stackdriver_config_usage,
+          [:plugin_name, :param, :is_present, :has_default_value],
+          'Parameter usage for Google Cloud plugins')
+        config_bool_values = registry.counter(
+          :stackdriver_config_bool_values,
+          [:plugin_name, :param, :value],
+          'Values for bool parameters in Google Cloud plugins')
+
+        config = parse_config(@google_fluentd_config_path)
+        baseline_config = parse_config(@google_fluentd_baseline_config_path)
+
+        # Create hash of all baseline elements by their plugin names.
+        baseline_elements = Hash[baseline_config.elements.collect do |e|
+                                   [default_plugin_name(e), e]
+                                 end]
+        baseline_google_element = baseline_config.elements.find do |e|
+          e['@type'] == 'google_cloud'
+        end
+
+        # Look at each top-level config element and see whether it
+        # matches the baseline value.
+        #
+        # Note on custom configurations: If the plugin has a custom
+        # value (e.g. if a tail plugin has pos_file
+        # /var/lib/google-fluentd/pos/my-custom-value.pos), then the
+        # default_plugin_name (e.g. source/tail/my-custom-value) won't
+        # be a key in baseline_elements below, so it won't be
+        # used.  Instead it will use the custom_plugin_name
+        # (e.g. source/tail).
+        config.elements.each do |e|
+          plugin_name = default_plugin_name(e)
+          if baseline_elements.key?(plugin_name)
+            is_default_plugin = true
+            has_default_value = (baseline_elements[plugin_name] == e)
+          else
+            plugin_name = custom_plugin_name(e)
+            is_default_plugin = false
+            has_default_value = false
+          end
+          plugin_usage.increment(
+            labels: {
+              plugin_name: plugin_name,
+              is_default_plugin: is_default_plugin,
+              has_default_value: has_default_value,
+              has_ruby_snippet: embedded_ruby?(e)
+            },
+            by: 1)
+
+          # Additional metric for Google plugins (google_cloud and
+          # detect_exceptions).
+          next unless GOOGLE_PLUGIN_PARAMS.key?(e['@type'])
+          GOOGLE_PLUGIN_PARAMS[e['@type']].each do |p|
+            config_usage.increment(
+              labels: {
+                plugin_name: e['@type'],
+                param: p,
+                is_present: e.key?(p),
+                has_default_value: (e.key?(p) &&
+                                    baseline_google_element.key?(p) &&
+                                    e[p] == baseline_google_element[p])
+              },
+              by: 1)
+            next unless e.key?(p) && %w(true false).include?(e[p])
+            config_bool_values.increment(
+              labels: {
+                plugin_name: e['@type'],
+                param: p,
+                value: e[p] == 'true'
+              },
+              by: 1)
+          end
+        end
+      else
+        @log.info(
+          'google-fluentd configuration file does not exist at' \
+          " #{@google_fluentd_config_path} or " \
+          'google-fluentd baseline configuration file does not exist at' \
+          " #{@google_fluentd_baseline_config_path} or " \
+          '. Skipping configuration analysis.')
+      end
+    rescue => e
+      # Do not crash the agent due to configuration analysis failures.
+      @log.warn(
+        'Failed to optionally analyze the google-fluentd configuration' \
+        " file. Proceeding anyway. Error: #{e}")
+    end
+
+    def shutdown
+      super
+    end
+
+    # rubocop:disable Lint/UnusedMethodArgument
+    def filter(tag, time, record)
+      # Skip the actual filtering process.
+      record
+    end
+    # rubocop:enable Lint/UnusedMethodArgument
+  end
+end

data/lib/fluent/plugin/out_google_cloud.rb

@@ -28,6 +28,7 @@ require 'google/logging/v2/logging_services_pb'
 require 'google/logging/v2/log_entry_pb'
 require 'googleauth'
 
+require_relative 'common'
 require_relative 'monitoring'
 require_relative 'statusz'
 
@@ -90,73 +91,6 @@ end
 module Fluent
   # fluentd output plugin for the Stackdriver Logging API
   class GoogleCloudOutput < BufferedOutput
-    # Constants for service names, resource types and etc.
-    module ServiceConstants
-      APPENGINE_CONSTANTS = {
-        service: 'appengine.googleapis.com',
-        resource_type: 'gae_app',
-        metadata_attributes: %w(gae_backend_name gae_backend_version)
-      }.freeze
-      COMPUTE_CONSTANTS = {
-        service: 'compute.googleapis.com',
-        resource_type: 'gce_instance'
-      }.freeze
-      GKE_CONSTANTS = {
-        service: 'container.googleapis.com',
-        resource_type: 'container',
-        extra_resource_labels: %w(namespace_id pod_id container_name),
-        extra_common_labels: %w(namespace_name pod_name),
-        metadata_attributes: %w(cluster-name cluster-location),
-        stream_severity_map: {
-          'stdout' => 'INFO',
-          'stderr' => 'ERROR'
-        }
-      }.freeze
-      K8S_CONTAINER_CONSTANTS = {
-        resource_type: 'k8s_container'
-      }.freeze
-      K8S_POD_CONSTANTS = {
-        resource_type: 'k8s_pod'
-      }.freeze
-      K8S_NODE_CONSTANTS = {
-        resource_type: 'k8s_node'
-      }.freeze
-      DATAFLOW_CONSTANTS = {
-        service: 'dataflow.googleapis.com',
-        resource_type: 'dataflow_step',
-        extra_resource_labels: %w(region job_name job_id step_id)
-      }.freeze
-      DATAPROC_CONSTANTS = {
-        service: 'cluster.dataproc.googleapis.com',
-        resource_type: 'cloud_dataproc_cluster',
-        metadata_attributes: %w(dataproc-cluster-uuid dataproc-cluster-name)
-      }.freeze
-      EC2_CONSTANTS = {
-        service: 'ec2.amazonaws.com',
-        resource_type: 'aws_ec2_instance'
-      }.freeze
-      ML_CONSTANTS = {
-        service: 'ml.googleapis.com',
-        resource_type: 'ml_job',
-        extra_resource_labels: %w(job_id task_name)
-      }.freeze
-
-      # The map between a subservice name and a resource type.
-      SUBSERVICE_MAP =
-        [APPENGINE_CONSTANTS, GKE_CONSTANTS, DATAFLOW_CONSTANTS,
-         DATAPROC_CONSTANTS, ML_CONSTANTS]
-        .map { |consts| [consts[:service], consts[:resource_type]] }.to_h
-      # Default back to GCE if invalid value is detected.
-      SUBSERVICE_MAP.default = COMPUTE_CONSTANTS[:resource_type]
-      SUBSERVICE_MAP.freeze
-
-      # The map between a resource type and expected subservice attributes.
-      SUBSERVICE_METADATA_ATTRIBUTES =
-        [APPENGINE_CONSTANTS, GKE_CONSTANTS, DATAPROC_CONSTANTS].map do |consts|
-          [consts[:resource_type], consts[:metadata_attributes].to_set]
-        end.to_h.freeze
-    end
-
     # Constants for configuration.
     module ConfigConstants
       # Default values for JSON payload keys to set the "httpRequest",
@@ -247,7 +181,7 @@ module Fluent
         .freeze
     end
 
-    include self::ServiceConstants
+    include Common::ServiceConstants
     include self::ConfigConstants
     include self::InternalConstants
 
@@ -278,12 +212,6 @@ module Fluent
       end
     end.freeze
 
-    # Name of the the Google cloud logging write scope.
-    LOGGING_SCOPE = 'https://www.googleapis.com/auth/logging.write'.freeze
-
-    # Address of the metadata service.
-    METADATA_SERVICE_ADDR = '169.254.169.254'.freeze
-
     # Disable this warning to conform to fluentd config_param conventions.
     # rubocop:disable Style/HashSyntax
 
@@ -442,10 +370,20 @@ module Fluent
     #   - 'prometheus', in this case default registry in the Prometheus
     #     client library is used, without actually exposing the endpoint
     #     to serve metrics in the Prometheus format.
-    #    - any other value will result in the absence of metrics.
+    #   - 'opencensus', in this case the OpenCensus implementation is
+    #     used to send metrics directly to Google Cloud Monitoring.
+    #   - any other value will result in the absence of metrics.
     config_param :monitoring_type, :string,
                  :default => Monitoring::PrometheusMonitoringRegistry.name
 
+    # The monitored resource to use for OpenCensus metrics. Only valid
+    # when monitoring_type is set to 'opencensus'. This value is a hash in
+    # the form:
+    # {"type":"gce_instance","labels":{"instance_id":"aaa","zone":"bbb"} (JSON)
+    # or type:gce_instance,labels.instance_id:aaa,labels.zone:bbb (Hash)
+    config_param :metrics_resource, :hash,
+                 :symbolize_keys => true, :default => nil
+
     # Whether to call metadata agent to retrieve monitored resource. This flag
     # is kept for backwards compatibility, and is no longer used.
     # TODO: Breaking change. Remove this flag in Logging Agent 2.0.0 release.
@@ -495,6 +433,7 @@ module Fluent
     attr_reader :vm_id
     attr_reader :resource
     attr_reader :common_labels
+    attr_reader :monitoring_resource
 
     def initialize
       super
@@ -539,7 +478,9 @@ module Fluent
 
       set_regexp_patterns
 
-      @platform = detect_platform
+      @utils = Common::Utils.new(@log)
+
+      @platform = @utils.detect_platform(@use_metadata_service)
 
       # Treat an empty setting of the credentials file path environment variable
       # as unset. This way the googleauth lib could fetch the credentials
@@ -548,12 +489,57 @@ module Fluent
         ENV[CREDENTIALS_PATH_ENV_VAR] == ''
 
       # Set required variables: @project_id, @vm_id, @vm_name and @zone.
-      set_required_metadata_variables
+      @project_id = @utils.get_project_id(@platform, @project_id)
+      @vm_id = @utils.get_vm_id(@platform, @vm_id)
+      @vm_name = @utils.get_vm_name(@vm_name)
+      @zone = @utils.get_location(@platform, @zone, @use_aws_availability_zone)
+
+      # All metadata parameters must now be set.
+      @utils.check_required_metadata_variables(
+        @platform, @project_id, @zone, @vm_id)
 
       # Retrieve monitored resource.
       # Fail over to retrieve monitored resource via the legacy path if we fail
       # to get it from Metadata Agent.
-      @resource ||= determine_agent_level_monitored_resource_via_legacy
+      @resource ||= @utils.determine_agent_level_monitored_resource_via_legacy(
+        @platform, @subservice_name, @detect_subservice, @vm_id, @zone)
+
+      if @metrics_resource
+        unless @metrics_resource[:type].is_a?(String)
+          raise Fluent::ConfigError,
+                'metrics_resource.type must be a string:' \
+                " #{@metrics_resource}."
+        end
+        if @metrics_resource.key?(:labels)
+          unless @metrics_resource[:labels].is_a?(Hash)
+            raise Fluent::ConfigError,
+                  'metrics_resource.labels must be a hash:' \
+                  " #{@metrics_resource}."
+          end
+          extra_keys = @metrics_resource.reject do |k, _|
+            k == :type || k == :labels
+          end
+          unless extra_keys.empty?
+            raise Fluent::ConfigError,
+                  "metrics_resource has unrecognized keys: #{extra_keys.keys}."
+          end
+        else
+          extra_keys = @metrics_resource.reject do |k, _|
+            k == :type || k.to_s.start_with?('labels.')
+          end
+          unless extra_keys.empty?
+            raise Fluent::ConfigError,
+                  "metrics_resource has unrecognized keys: #{extra_keys.keys}."
+          end
+          # Transform the Hash form of the metrics_resource config if necessary.
+          resource_type = @metrics_resource[:type]
+          resource_labels = @metrics_resource.each_with_object({}) \
+            do |(k, v), h|
+              h[k.to_s.sub('labels.', '')] = v if k.to_s.start_with? 'labels.'
+            end
+          @metrics_resource = { type: resource_type, labels: resource_labels }
+        end
+      end
 
       # If monitoring is enabled, register metrics in the default registry
       # and store metric objects for future use.
@@ -563,9 +549,15 @@ module Fluent
           @log.warn "monitoring_type '#{@monitoring_type}' is unknown; "\
                     'there will be no metrics'
         end
+        if @metrics_resource
+          @monitoring_resource = @utils.create_monitored_resource(
+            @metrics_resource[:type], @metrics_resource[:labels])
+        else
+          @monitoring_resource = @resource
+        end
         @registry = Monitoring::MonitoringRegistryFactory
-                    .create(@monitoring_type, @project_id, @resource,
-                            @gcm_service_address)
+                    .create(@monitoring_type, @project_id,
+                            @monitoring_resource, @gcm_service_address)
         # Export metrics every 60 seconds.
         timer_execute(:export_metrics, 60) { @registry.export }
         # Uptime should be a gauge, but the metric definition is a counter and
@@ -611,7 +603,7 @@ module Fluent
 
       # Determine the common labels that should be added to all log entries
       # processed by this logging agent.
-      @common_labels = determine_agent_level_common_labels
+      @common_labels = determine_agent_level_common_labels(@resource)
 
       # The resource and labels are now set up; ensure they can't be modified
       # without first duping them.
@@ -627,7 +619,7 @@ module Fluent
         @write_request = method(:write_request_via_rest)
       end
 
-      if [Platform::GCE, Platform::EC2].include?(@platform)
+      if [Common::Platform::GCE, Common::Platform::EC2].include?(@platform)
         # Log an informational message containing the Logs viewer URL
         @log.info 'Logs viewer address: https://console.cloud.google.com/logs/',
                   "viewer?project=#{@project_id}&resource=#{@resource.type}/",
@@ -1094,66 +1086,6 @@ module Fluent
       nil
     end
 
-    # "enum" of Platform values
-    module Platform
-      OTHER = 0  # Other/unkown platform
-      GCE = 1    # Google Compute Engine
-      EC2 = 2    # Amazon EC2
-    end
-
-    # Determine what platform we are running on by consulting the metadata
-    # service (unless the user has explicitly disabled using that).
-    def detect_platform
-      unless @use_metadata_service
-        @log.info 'use_metadata_service is false; not detecting platform'
-        return Platform::OTHER
-      end
-
-      begin
-        open('http://' + METADATA_SERVICE_ADDR, proxy: false) do |f|
-          if f.meta['metadata-flavor'] == 'Google'
-            @log.info 'Detected GCE platform'
-            return Platform::GCE
-          end
-          if f.meta['server'] == 'EC2ws'
-            @log.info 'Detected EC2 platform'
-            return Platform::EC2
-          end
-        end
-      rescue StandardError => e
-        @log.error 'Failed to access metadata service: ', error: e
-      end
-
-      @log.info 'Unable to determine platform'
-      Platform::OTHER
-    end
-
-    def fetch_gce_metadata(metadata_path)
-      raise "Called fetch_gce_metadata with platform=#{@platform}" unless
-        @platform == Platform::GCE
-      # See https://cloud.google.com/compute/docs/metadata
-      open('http://' + METADATA_SERVICE_ADDR + '/computeMetadata/v1/' +
-           metadata_path, 'Metadata-Flavor' => 'Google', :proxy => false,
-           &:read)
-    end
-
-    # EC2 Metadata server returns everything in one call. Store it after the
-    # first fetch to avoid making multiple calls.
-    def ec2_metadata
-      raise "Called ec2_metadata with platform=#{@platform}" unless
-        @platform == Platform::EC2
-      unless @ec2_metadata
-        # See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
-        open('http://' + METADATA_SERVICE_ADDR +
-             '/latest/dynamic/instance-identity/document', proxy: false) do |f|
-          contents = f.read
-          @ec2_metadata = JSON.parse(contents)
-        end
-      end
-
-      @ec2_metadata
-    end
-
     # Set regexp patterns to parse tags and logs.
     def set_regexp_patterns
       @compiled_kubernetes_tag_regexp = Regexp.new(@kubernetes_tag_regexp) if
@@ -1163,187 +1095,14 @@ module Fluent
         /^\s*(?<seconds>\d+)(?<decimal>\.\d+)?\s*s\s*$/
     end
 
-    # Set required variables like @project_id, @vm_id, @vm_name and @zone.
-    def set_required_metadata_variables
-      set_project_id
-      set_vm_id
-      set_vm_name
-      set_location
-
-      # All metadata parameters must now be set.
-      missing = []
-      missing << 'project_id' unless @project_id
-      if @platform != Platform::OTHER
-        missing << 'zone' unless @zone
-        missing << 'vm_id' unless @vm_id
-      end
-      return if missing.empty?
-      raise Fluent::ConfigError,
-            "Unable to obtain metadata parameters: #{missing.join(' ')}"
-    end
-
-    # 1. Return the value if it is explicitly set in the config already.
-    # 2. If not, try to retrieve it by calling metadata server directly.
-    # 3. If still not set, try to obtain it from the credentials.
-    def set_project_id
-      @project_id ||= CredentialsInfo.project_id
-      @project_id ||= fetch_gce_metadata('project/project-id') if
-        @platform == Platform::GCE
-    end
-
-    # 1. Return the value if it is explicitly set in the config already.
-    # 2. If not, try to retrieve it by calling metadata servers directly.
-    def set_vm_id
-      @vm_id ||= fetch_gce_metadata('instance/id') if @platform == Platform::GCE
-      @vm_id ||= ec2_metadata['instanceId'] if @platform == Platform::EC2
-    rescue StandardError => e
-      @log.error 'Failed to obtain vm_id: ', error: e
-    end
-
-    # 1. Return the value if it is explicitly set in the config already.
-    # 2. If not, try to retrieve it locally.
-    def set_vm_name
-      @vm_name ||= Socket.gethostname
-    rescue StandardError => e
-      @log.error 'Failed to obtain vm name: ', error: e
-    end
-
-    # 1. Return the value if it is explicitly set in the config already.
-    # 2. If not, try to retrieve it locally.
-    def set_location
-      # Response format: "projects/<number>/zones/<zone>"
-      @zone ||= fetch_gce_metadata('instance/zone').rpartition('/')[2] if
-        @platform == Platform::GCE
-      aws_location_key = if @use_aws_availability_zone
-                           'availabilityZone'
-                         else
-                           'region'
-                         end
-      @zone ||= 'aws:' + ec2_metadata[aws_location_key] if
-        @platform == Platform::EC2 && ec2_metadata.key?(aws_location_key)
-    rescue StandardError => e
-      @log.error 'Failed to obtain location: ', error: e
-    end
-
-    # Retrieve monitored resource via the legacy way.
-    #
-    # Note: This is just a failover plan if we fail to get metadata from
-    # Metadata Agent. Thus it should be equivalent to what Metadata Agent
-    # returns.
-    def determine_agent_level_monitored_resource_via_legacy
-      resource = Google::Apis::LoggingV2::MonitoredResource.new(
-        labels: {})
-      resource.type = determine_agent_level_monitored_resource_type
-      resource.labels = determine_agent_level_monitored_resource_labels(
-        resource.type)
-      resource
-    end
-
-    # Determine agent level monitored resource type.
-    def determine_agent_level_monitored_resource_type
-      case @platform
-      when Platform::OTHER
-        # Unknown platform will be defaulted to GCE instance.
-        return COMPUTE_CONSTANTS[:resource_type]
-
-      when Platform::EC2
-        return EC2_CONSTANTS[:resource_type]
-
-      when Platform::GCE
-        # Resource types determined by @subservice_name config.
-        return SUBSERVICE_MAP[@subservice_name] if @subservice_name
-
-        # Resource types determined by @detect_subservice config.
-        if @detect_subservice
-          begin
-            attributes = fetch_gce_metadata('instance/attributes/').split.to_set
-            SUBSERVICE_METADATA_ATTRIBUTES.each do |resource_type, expected|
-              return resource_type if attributes.superset?(expected)
-            end
-          rescue StandardError => e
-            @log.error 'Failed to detect subservice: ', error: e
-          end
-        end
-
-        # GCE instance.
-        return COMPUTE_CONSTANTS[:resource_type]
-      end
-    end
-
-    # Determine agent level monitored resource labels based on the resource
-    # type. Each resource type has its own labels that need to be filled in.
-    def determine_agent_level_monitored_resource_labels(type)
-      case type
-      # GAE app.
-      when APPENGINE_CONSTANTS[:resource_type]
-        return {
-          'module_id' =>
-            fetch_gce_metadata('instance/attributes/gae_backend_name'),
-          'version_id' =>
-            fetch_gce_metadata('instance/attributes/gae_backend_version')
-        }
-
-      # GCE.
-      when COMPUTE_CONSTANTS[:resource_type]
-        raise "Cannot construct a #{type} resource without vm_id and zone" \
-          unless @vm_id && @zone
-        return {
-          'instance_id' => @vm_id,
-          'zone' => @zone
-        }
-
-      # GKE container.
-      when GKE_CONSTANTS[:resource_type]
-        raise "Cannot construct a #{type} resource without vm_id and zone" \
-          unless @vm_id && @zone
-        return {
-          'instance_id' => @vm_id,
-          'zone' => @zone,
-          'cluster_name' =>
-            fetch_gce_metadata('instance/attributes/cluster-name')
-        }
-
-      # Cloud Dataproc.
-      when DATAPROC_CONSTANTS[:resource_type]
-        return {
-          'cluster_uuid' =>
-            fetch_gce_metadata('instance/attributes/dataproc-cluster-uuid'),
-          'cluster_name' =>
-            fetch_gce_metadata('instance/attributes/dataproc-cluster-name'),
-          'region' =>
-            fetch_gce_metadata('instance/attributes/dataproc-region')
-        }
-
-      # EC2.
-      when EC2_CONSTANTS[:resource_type]
-        raise "Cannot construct a #{type} resource without vm_id and zone" \
-          unless @vm_id && @zone
-        labels = {
-          'instance_id' => @vm_id,
-          'region' => @zone
-        }
-        labels['aws_account'] = ec2_metadata['accountId'] if
-          ec2_metadata.key?('accountId')
-        return labels
-      end
-
-      {}
-    rescue StandardError => e
-      if [Platform::GCE, Platform::EC2].include?(@platform)
-        @log.error "Failed to set monitored resource labels for #{type}: ",
-                   error: e
-      end
-      {}
-    end
-
     # Determine the common labels that should be added to all log entries
     # processed by this logging agent.
-    def determine_agent_level_common_labels
+    def determine_agent_level_common_labels(resource)
       labels = {}
       # User can specify labels via config. We want to capture those as well.
       labels.merge!(@labels) if @labels
 
-      case @resource.type
+      case resource.type
       # GAE, Cloud Dataflow, Cloud Dataproc and Cloud ML.
       when APPENGINE_CONSTANTS[:resource_type],
            DATAFLOW_CONSTANTS[:resource_type],
@@ -1548,44 +1307,6 @@ module Fluent
       [resource, common_labels]
     end
 
-    # TODO: This functionality should eventually be available in another
-    # library, but implement it ourselves for now.
-    module CredentialsInfo
-      # Determine the project ID from the credentials, if possible.
-      # Returns the project ID (as a string) on success, or nil on failure.
-      def self.project_id
-        creds = Google::Auth.get_application_default(LOGGING_SCOPE)
-        if creds.respond_to?(:project_id)
-          return creds.project_id if creds.project_id
-        end
-        if creds.issuer
-          id = extract_project_id(creds.issuer)
-          return id unless id.nil?
-        end
-        if creds.client_id
-          id = extract_project_id(creds.client_id)
-          return id unless id.nil?
-        end
-        nil
-      end
-
-      # Extracts the project id (either name or number) from str and returns
-      # it (as a string) on success, or nil on failure.
-      #
-      # Recognizes IAM format (account@project-name.iam.gserviceaccount.com)
-      # as well as the legacy format with a project number at the front of the
-      # string, terminated by a dash (-) which is not part of the ID, i.e.:
-      # <PROJECT_ID>-<OTHER_PARTS>.apps.googleusercontent.com
-      def self.extract_project_id(str)
-        [/^.*@(?<project_id>.+)\.iam\.gserviceaccount\.com/,
-         /^(?<project_id>\d+)-/].each do |exp|
-          match_data = exp.match(str)
-          return match_data['project_id'] unless match_data.nil?
-        end
-        nil
-      end
-    end
-
     def time_or_nil(ts_secs, ts_nanos)
       Time.at((Integer ts_secs), (Integer ts_nanos) / 1_000.0)
     rescue ArgumentError, TypeError
@@ -2081,7 +1802,7 @@ module Fluent
         Google::Apis::ClientOptions.default.application_version = PLUGIN_VERSION
         @client = Google::Apis::LoggingV2::LoggingService.new
         @client.authorization = Google::Auth.get_application_default(
-          LOGGING_SCOPE)
+          Common::LOGGING_SCOPE)
       end
     end
 
@@ -2310,10 +2031,10 @@ module Fluent
       @k8s_cluster_location = nil if @k8s_cluster_location == ''
 
       begin
-        @k8s_cluster_name ||= fetch_gce_metadata(
-          'instance/attributes/cluster-name')
-        @k8s_cluster_location ||= fetch_gce_metadata(
-          'instance/attributes/cluster-location')
+        @k8s_cluster_name ||= @utils.fetch_gce_metadata(
+          @platform, 'instance/attributes/cluster-name')
+        @k8s_cluster_location ||= @utils.fetch_gce_metadata(
+          @platform, 'instance/attributes/cluster-location')
       rescue StandardError => e
         @log.error 'Failed to retrieve k8s cluster name and location.', \
                    error: e