[Java] SigV4 logs release testing (#412)

*Issue description:*
This PR implements and validates SigV4 log functionality for Java EC2
ADOT (Stand-Alone ADOT) use case. The implementation focuses on
validating logs sent to the `otlp_logs` log group, ensuring a consistent
and reliable validation approach that can be replicated across different
language implementations.

*Description of changes:*

1. Updated Terraform configuration:
- Added OTLP logs exporter configuration
- Updated environment variables for SigV4 authentication

2. Added validation resources:
- Created new log.mustache template for SigV4 logs validation
- Added log-validation.yml configuration
- Updated PredefinedExpectedTemplate.java to include SigV4 logs template
- Modified CWLogValidator.java to support SigV4 logs validation

3. Workflow Updates:
- Added new validation step for SigV4 logs
- Configured TEST_LOG_GROUP_NAME environment variable

*Rollback procedure:*

1. Reverting the Terraform configuration changes
2. Removing the added validation files and code changes
3. Removing the SigV4 logs validation step from the workflow

Test run- For
[Java](https://github.com/aws-observability/aws-application-signals-test-framework/actions/runs/15570274548)
Also Validating for
[Python](https://github.com/aws-observability/aws-application-signals-test-framework/actions/runs/15450029203)
as the filter pattern was changed in the CWLogValidator.java

<Can we safely revert this commit if needed? If not, detail what must be
done to safely revert and why it is needed.>

*Ensure you've run the following tests on your changes and include the
link below:*

To do so, create a `test.yml` file with `name: Test` and workflow
description to test your changes, then remove the file for your PR. Link
your test run in your PR description. This process is a short term
solution while we work on creating a staging environment for testing.

NOTE: TESTS RUNNING ON A SINGLE EKS CLUSTER CANNOT BE RUN IN PARALLEL.
See the
[needs](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idneeds)
keyword to run tests in succession.
- Run Java EKS on `e2e-playground` in us-east-1 and eu-central-2
- Run Python EKS on `e2e-playground` in us-east-1 and eu-central-2
- Run metric limiter on EKS cluster `e2e-playground` in us-east-1 and
eu-central-2
- Run EC2 tests in all regions
- Run K8s on a separate K8s cluster (check IAD test account for master
node endpoints; these will change as we create and destroy clusters for
OS patching)

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Co-authored-by: Jeel Mehta <[email protected]>
Co-authored-by: Harry <[email protected]>

Author: 3 people

.github/workflows/java-ec2-adot-sigv4-test.yml

@@ -41,7 +41,8 @@ env:
   CPU_ARCHITECTURE: ${{ inputs.cpu-architecture }}
   E2E_TEST_ACCOUNT_ID: ${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ACCOUNT_ID }} # us-east-1 test account
   E2E_TEST_ROLE_NAME: ${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ROLE_NAME }}
-  LOG_GROUP_NAME: aws/spans
+  SPANS_LOG_GROUP_NAME: aws/spans 
+  APPLICATION_LOGS_LOG_GROUP_NAME: otlp_logs # This log group was created manually to store application logs
   TEST_RESOURCES_FOLDER: ${GITHUB_WORKSPACE}
 
 jobs:
@@ -128,6 +129,7 @@ jobs:
               -var="get_adot_jar_command=${{ env.GET_ADOT_JAR_COMMAND }}" \
               -var="language_version=${{ env.JAVA_VERSION }}" \
               -var="cpu_architecture=${{ env.CPU_ARCHITECTURE }}" \
+              -var="application_logs_log_group=${{ env.APPLICATION_LOGS_LOG_GROUP_NAME }}" \
             || deployment_failed=$?
 
             if [ $deployment_failed -eq 1 ]; then
@@ -178,14 +180,14 @@ jobs:
       # Validation for pulse telemetry data
       - name: Validate generated EMF logs
         id: log-validation
-        run: ./gradlew validator:run --args='-c java/ec2/adot-sigv4/log-validation.yml
+        run: ./gradlew validator:run --args='-c java/ec2/adot-aws-otlp/log-validation.yml
               --testing-id ${{ env.TESTING_ID }}
               --endpoint http://${{ env.MAIN_SERVICE_ENDPOINT }}
               --remote-service-deployment-name ${{ env.REMOTE_SERVICE_IP }}:8080
               --region ${{ env.E2E_TEST_AWS_REGION }}
               --account-id ${{ env.E2E_TEST_ACCOUNT_ID }}
               --metric-namespace ${{ env.METRIC_NAMESPACE }}
-              --log-group ${{ env.LOG_GROUP_NAME }}
+              --log-group ${{ env.SPANS_LOG_GROUP_NAME }}
               --service-name sample-application-${{ env.TESTING_ID }}
               --remote-service-name sample-remote-application-${{ env.TESTING_ID }}
               --query-string ip=${{ env.REMOTE_SERVICE_IP }}&testingId=${{ env.TESTING_ID }}
@@ -196,14 +198,14 @@ jobs:
       - name: Validate generated metrics
         id: metric-validation
         if: (success() || steps.log-validation.outcome == 'failure') && !cancelled()
-        run: ./gradlew validator:run --args='-c java/ec2/adot-sigv4/metric-validation.yml
+        run: ./gradlew validator:run --args='-c java/ec2/adot-aws-otlp/metric-validation.yml
           --testing-id ${{ env.TESTING_ID }}
           --endpoint http://${{ env.MAIN_SERVICE_ENDPOINT }}
           --remote-service-deployment-name sample-remote-application-${{ env.TESTING_ID }}
           --region ${{ env.E2E_TEST_AWS_REGION }}
           --account-id ${{ env.E2E_TEST_ACCOUNT_ID }}
           --metric-namespace ${{ env.METRIC_NAMESPACE }}
-          --log-group ${{ env.LOG_GROUP_NAME }}
+          --log-group ${{ env.SPANS_LOG_GROUP_NAME }}
           --service-name sample-application-${{ env.TESTING_ID }}
           --remote-service-name sample-remote-application-${{ env.TESTING_ID }}
           --query-string ip=${{ env.REMOTE_SERVICE_IP }}&testingId=${{ env.TESTING_ID }}
@@ -214,20 +216,37 @@ jobs:
       - name: Validate generated traces
         id: trace-validation
         if: (success() || steps.log-validation.outcome == 'failure' || steps.metric-validation.outcome == 'failure') && !cancelled()
-        run: ./gradlew validator:run --args='-c java/ec2/adot-sigv4/trace-validation.yml
+        run: ./gradlew validator:run --args='-c java/ec2/adot-aws-otlp/trace-validation.yml
           --testing-id ${{ env.TESTING_ID }}
           --endpoint http://${{ env.MAIN_SERVICE_ENDPOINT }}
           --remote-service-deployment-name ${{ env.REMOTE_SERVICE_IP }}:8080
           --region ${{ env.E2E_TEST_AWS_REGION }}
           --account-id ${{ env.E2E_TEST_ACCOUNT_ID }}
           --metric-namespace ${{ env.METRIC_NAMESPACE }}
-          --log-group ${{ env.LOG_GROUP_NAME }}
+          --log-group ${{ env.SPANS_LOG_GROUP_NAME }}
           --service-name sample-application-${{ env.TESTING_ID }}
           --remote-service-name sample-remote-application-${{ env.TESTING_ID }}
           --query-string ip=${{ env.REMOTE_SERVICE_IP }}&testingId=${{ env.TESTING_ID }}
           --instance-ami ${{ env.EC2_INSTANCE_AMI }}
           --instance-id ${{ env.MAIN_SERVICE_INSTANCE_ID }}
           --rollup'
+      
+      - name: Validate generated otlp logs
+        id: application-log-validation
+        run: ./gradlew validator:run --args='-c java/ec2/adot-aws-otlp/application-log-validation.yml
+              --testing-id ${{ env.TESTING_ID }}
+              --endpoint http://${{ env.MAIN_SERVICE_ENDPOINT }}
+              --remote-service-deployment-name ${{ env.REMOTE_SERVICE_IP }}:8080
+              --region ${{ env.E2E_TEST_AWS_REGION }}
+              --account-id ${{ env.E2E_TEST_ACCOUNT_ID }}
+              --metric-namespace ${{ env.METRIC_NAMESPACE }}
+              --log-group ${{ env.APPLICATION_LOGS_LOG_GROUP_NAME }}
+              --service-name sample-application-${{ env.TESTING_ID }}
+              --remote-service-name sample-remote-application-${{ env.TESTING_ID }}
+              --query-string ip=${{ env.REMOTE_SERVICE_IP }}&testingId=${{ env.TESTING_ID }}
+              --instance-ami ${{ env.EC2_INSTANCE_AMI }}
+              --instance-id ${{ env.MAIN_SERVICE_INSTANCE_ID }}
+              --rollup'
 
       - name: Refresh AWS Credentials
         if: ${{ github.event.repository.name == 'aws-application-signals-test-framework' }}

terraform/java/ec2/adot-sigv4/main.tf

@@ -132,13 +132,14 @@ resource "null_resource" "main_service_setup" {
 
       # OTEL_INSTRUMENTATION_COMMON_EXPERIMENTAL_CONTROLLER_TELEMETRY_ENABLED=true \
       export JAVA_TOOL_OPTIONS=' -javaagent:/home/ec2-user/adot.jar'
-      export OTEL_AWS_APPLICATION_SIGNALS_ENABLED=false
-      export OTEL_RESOURCE_PROVIDERS_AWS_ENABLED=true
-      export OTEL_LOGS_EXPORT=none
+      export OTEL_LOGS_EXPORTER=otlp
       export OTEL_METRICS_EXPORTER=none
       export OTEL_TRACES_EXPORTER=otlp
       export OTEL_EXPORTER_OTLP_TRACES_PROTOCOL=http/protobuf
+      export OTEL_EXPORTER_OTLP_LOGS_PROTOCOL=http/protobuf
       export OTEL_EXPORTER_OTLP_TRACES_ENDPOINT=https://xray.${var.aws_region}.amazonaws.com/v1/traces
+      export OTEL_EXPORTER_OTLP_LOGS_ENDPOINT=https://logs.${var.aws_region}.amazonaws.com/v1/logs
+      export OTEL_EXPORTER_OTLP_LOGS_HEADERS=x-aws-log-group=${var.application_logs_log_group},x-aws-log-stream=default
       export OTEL_RESOURCE_ATTRIBUTES=service.name=sample-application-${var.test_id}
       nohup java -jar main-service.jar &> nohup.out &
 
@@ -222,13 +223,14 @@ resource "null_resource" "remote_service_setup" {
 
       # OTEL_INSTRUMENTATION_COMMON_EXPERIMENTAL_CONTROLLER_TELEMETRY_ENABLED=true \
       export JAVA_TOOL_OPTIONS=' -javaagent:/home/ec2-user/adot.jar'
-      export OTEL_AWS_APPLICATION_SIGNALS_ENABLED=false
-      export OTEL_RESOURCE_PROVIDERS_AWS_ENABLED=true
-      export OTEL_LOGS_EXPORT=none
+      export OTEL_LOGS_EXPORTER=otlp
       export OTEL_METRICS_EXPORTER=none
       export OTEL_TRACES_EXPORTER=otlp
       export OTEL_EXPORTER_OTLP_TRACES_PROTOCOL=http/protobuf
+      export OTEL_EXPORTER_OTLP_LOGS_PROTOCOL=http/protobuf
       export OTEL_EXPORTER_OTLP_TRACES_ENDPOINT=https://xray.${var.aws_region}.amazonaws.com/v1/traces
+      export OTEL_EXPORTER_OTLP_LOGS_ENDPOINT=https://logs.${var.aws_region}.amazonaws.com/v1/logs
+      export OTEL_EXPORTER_OTLP_LOGS_HEADERS=x-aws-log-group=${var.application_logs_log_group},x-aws-log-stream=default
       OTEL_RESOURCE_ATTRIBUTES=service.name=sample-remote-application-${var.test_id} \
       nohup java -jar remote-service.jar &> nohup.out &
 

terraform/java/ec2/adot-sigv4/variables.tf

@@ -47,4 +47,8 @@ variable "language_version" {
 
 variable "cpu_architecture" {
   default = "x86_64"
+}
+
+variable "application_logs_log_group" {
+  default = "otlp_logs"
 }

validator/src/main/java/com/amazon/aoc/fileconfigs/PredefinedExpectedTemplate.java

@@ -116,23 +116,26 @@ public enum PredefinedExpectedTemplate implements FileConfig {
   JAVA_EC2_UBUNTU_CLIENT_CALL_TRACE("/expected-data-template/java/ec2/ubuntu/client-call-trace.mustache"),
 
   /** Java EC2 ADOT SigV4 (ADOT Stand-Alone) Test Case Validations */
-  JAVA_EC2_ADOT_SIGV4_OUTGOING_HTTP_CALL_LOG("/expected-data-template/java/ec2/adot-sigv4/outgoing-http-call-log.mustache"),
+  JAVA_EC2_ADOT_SIGV4_OUTGOING_HTTP_CALL_LOG("/expected-data-template/java/ec2/adot-aws-otlp/outgoing-http-call-log.mustache"),
   JAVA_EC2_ADOT_SIGV4_OUTGOING_HTTP_CALL_METRIC(
-      "/expected-data-template/java/ec2/adot-sigv4/outgoing-http-call-metric.mustache"),
+      "/expected-data-template/java/ec2/adot-aws-otlp/outgoing-http-call-metric.mustache"),
   JAVA_EC2_ADOT_SIGV4_OUTGOING_HTTP_CALL_TRACE(
-      "/expected-data-template/java/ec2/adot-sigv4/outgoing-http-call-trace.mustache"),
+      "/expected-data-template/java/ec2/adot-aws-otlp/outgoing-http-call-trace.mustache"),
 
-  JAVA_EC2_ADOT_SIGV4_AWS_SDK_CALL_LOG("/expected-data-template/java/ec2/adot-sigv4/aws-sdk-call-log.mustache"),
-  JAVA_EC2_ADOT_SIGV4_AWS_SDK_CALL_METRIC("/expected-data-template/java/ec2/adot-sigv4/aws-sdk-call-metric.mustache"),
-  JAVA_EC2_ADOT_SIGV4_AWS_SDK_CALL_TRACE("/expected-data-template/java/ec2/adot-sigv4/aws-sdk-call-trace.mustache"),
+  JAVA_EC2_ADOT_SIGV4_AWS_SDK_CALL_LOG("/expected-data-template/java/ec2/adot-aws-otlp/aws-sdk-call-log.mustache"),
+  JAVA_EC2_ADOT_SIGV4_AWS_SDK_CALL_METRIC("/expected-data-template/java/ec2/adot-aws-otlp/aws-sdk-call-metric.mustache"),
+  JAVA_EC2_ADOT_SIGV4_AWS_SDK_CALL_TRACE("/expected-data-template/java/ec2/adot-aws-otlp/aws-sdk-call-trace.mustache"),
 
-  JAVA_EC2_ADOT_SIGV4_REMOTE_SERVICE_LOG("/expected-data-template/java/ec2/adot-sigv4/remote-service-log.mustache"),
-  JAVA_EC2_ADOT_SIGV4_REMOTE_SERVICE_METRIC("/expected-data-template/java/ec2/adot-sigv4/remote-service-metric.mustache"),
-  JAVA_EC2_ADOT_SIGV4_REMOTE_SERVICE_TRACE("/expected-data-template/java/ec2/adot-sigv4/remote-service-trace.mustache"),
+  JAVA_EC2_ADOT_SIGV4_REMOTE_SERVICE_LOG("/expected-data-template/java/ec2/adot-aws-otlp/remote-service-log.mustache"),
+  JAVA_EC2_ADOT_SIGV4_REMOTE_SERVICE_METRIC("/expected-data-template/java/ec2/adot-aws-otlp/remote-service-metric.mustache"),
+  JAVA_EC2_ADOT_SIGV4_REMOTE_SERVICE_TRACE("/expected-data-template/java/ec2/adot-aws-otlp/remote-service-trace.mustache"),
 
-  JAVA_EC2_ADOT_SIGV4_CLIENT_CALL_LOG("/expected-data-template/java/ec2/adot-sigv4/client-call-log.mustache"),
-  JAVA_EC2_ADOT_SIGV4_CLIENT_CALL_METRIC("/expected-data-template/java/ec2/adot-sigv4/client-call-metric.mustache"),
-  JAVA_EC2_ADOT_SIGV4_CLIENT_CALL_TRACE("/expected-data-template/java/ec2/adot-sigv4/client-call-trace.mustache"),
+  JAVA_EC2_ADOT_SIGV4_CLIENT_CALL_LOG("/expected-data-template/java/ec2/adot-aws-otlp/client-call-log.mustache"),
+  JAVA_EC2_ADOT_SIGV4_CLIENT_CALL_METRIC("/expected-data-template/java/ec2/adot-aws-otlp/client-call-metric.mustache"),
+  JAVA_EC2_ADOT_SIGV4_CLIENT_CALL_TRACE("/expected-data-template/java/ec2/adot-aws-otlp/client-call-trace.mustache"),
+
+  /** Java EC2 ADOT SigV4 Log Exporter Test Case Validation */
+  JAVA_EC2_ADOT_OTLP_LOG("/expected-data-template/java/ec2/adot-aws-otlp/application-log.mustache"),
 
   /** Java EC2 K8s Test Case Validations */
   JAVA_K8S_OUTGOING_HTTP_CALL_LOG("/expected-data-template/java/k8s/outgoing-http-call-log.mustache"),

validator/src/main/java/com/amazon/aoc/validators/CWLogValidator.java

@@ -236,7 +236,7 @@ private Map<String, Object> getActualOtelSpanLog(String operation, String remote
 
   private Map<String, Object> getActualAwsOtlpLog() throws Exception {
     String filterPattern= String.format(
-            "{ ($.attributes.otelServiceName = \"%s\") && ($.body = \"This is a custom log for validation testing\") }",
+            "{ ($.resource.attributes.['service.name'] = \"%s\") && ($.body = \"This is a custom log for validation testing\") }",
             context.getServiceName()
         );
     log.info("Filter Pattern for OTLP Log Search: " + filterPattern);

validator/src/main/resources/expected-data-template/java/ec2/adot-aws-otlp/application-log.mustache

@@ -0,0 +1,16 @@
+[{
+  "resource": {
+    "attributes": {
+      "service.name": "{{serviceName}}",
+      "cloud.provider": "aws",
+      "cloud.region": "{{region}}",
+      "cloud.account.id": "{{accountId}}",
+      "cloud.platform": "aws_ec2"
+    }
+  },
+  "severityNumber": "^[0-9]+$",
+  "severityText": "{{severityText}}",
+  "body": "This is a custom log for validation testing",
+  "traceId": "{{traceId}}",
+  "spanId": "{{spanId}}"
+}]