fix: fix build logs in aws logs module

[chalindukodikara]

Purpose

$subject

Approach

Summarize the solution and implementation details.

Related Issues

openchoreo/openchoreo#3298

Checklist

• Tests added or updated (unit, integration, etc.)
• Samples updated (if applicable)

Remarks

Add any additional context, known issues, or TODOs related to this PR.

Summary by CodeRabbit

• Documentation

  • Added comprehensive AWS CLI walkthroughs for Pod Identity setup, EventBridge connection, and IAM configuration
  • Included new Compatibility section mapping module versions with OpenChoreo v1.1.x

• Bug Fixes

  • Improved CloudWatch log message extraction from Fluent Bit JSON payloads
  • Enhanced workflow log filtering with improved pod name matching

• Chores

  • Updated module and Helm chart version to 0.2.1

[coderabbitai]

Warning

Rate limit exceeded

@chalindukodikara has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 26 minutes and 12 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 4e9d8b30-8939-4b34-9bbc-90f15e454f89

📥 Commits

Reviewing files that changed from the base of the PR and between f6e476b and 964cd50.

📒 Files selected for processing (4)

• .github/codecov.yml
• observability-logs-aws-cloudwatch/README.md
• observability-logs-aws-cloudwatch/internal/cloudwatch/queries.go
• observability-logs-aws-cloudwatch/internal/cloudwatch/queries_test.go

📝 Walkthrough

Walkthrough

This PR enhances the AWS CloudWatch observability module to version 0.2.1 by improving log extraction from Fluent Bit messages, refactoring workflow query logic away from annotations, and adding detailed AWS CLI setup documentation for Pod Identity and EventBridge integration.

Changes

AWS CloudWatch Observability Module v0.2.1

Layer / File(s)	Summary
Extract nested log field from Fluent Bit JSON messages observability-logs-aws-cloudwatch/internal/cloudwatch/client.go, observability-logs-aws-cloudwatch/internal/cloudwatch/client_test.go	New extractInnerLog helper parses Fluent Bit JSON envelopes to extract the nested log field. Component and workflow logs now derive their Log field from this extraction instead of raw @message. Tests validate extraction of JSON envelopes, plain text passthrough, missing fields, and invalid JSON.
Refactor workflow queries to use namespace and pod-name filtering observability-logs-aws-cloudwatch/internal/cloudwatch/queries.go, observability-logs-aws-cloudwatch/internal/cloudwatch/queries_test.go	Removed annotation-based pod matching; workflow queries now filter by workflows-<namespace> and pod-name prefix via regex-like matching. Removed annotationField helper and workflow annotation constant. Added container exclusion for init and wait sidecars. Tests updated to validate new query structure.
Version 0.2.1 release and AWS CLI documentation observability-logs-aws-cloudwatch/helm/Chart.yaml, observability-logs-aws-cloudwatch/README.md	Helm chart version and appVersion bumped to 0.2.1. README expanded with comprehensive AWS CLI walkthroughs for EKS Pod Identity addon install, IAM role/policy creation, pod identity associations, static-credentials IAM user setup, EventBridge connection/destination/rule creation, and workload restart guidance. New Compatibility section maps module v0.2.x to OpenChoreo v1.1.x. All Helm install commands updated to reference 0.2.1.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Suggested reviewers

• yashodgayashan
• nilushancosta

---

🐰 A log field unwrapped with care,
Pod names now dance through queries fair,
AWS CLI trails are clear and bright,
Version bumped, the setup's just right,
CloudWatch logs shine with nested delight! 🌟

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is largely incomplete. It contains only a template with minimal content: the Purpose section has only '$subject' placeholder text, and all other sections (Approach, Related Issues, Checklist, Remarks) are empty or unchecked.	Replace the template placeholders with actual content: describe the problem being fixed in Purpose, explain the implementation details in Approach, reference any related issues, check relevant items in the Checklist, and add context or known issues in Remarks.
Docstring Coverage	⚠️ Warning	Docstring coverage is 29.41% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix: fix build logs in aws logs module' directly relates to the main changes in the PR, which involve fixing how logs are extracted and processed in the AWS CloudWatch observability module.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@observability-logs-aws-cloudwatch/internal/cloudwatch/queries.go`:
- Around line 131-134: The pod-name filter built in queries.go currently uses
fmt.Fprintf with escapeInsightsRegex(p.WorkflowRunName) to match any pod_name
prefix, which can overmatch (e.g., my-build-01 vs my-build-010); update the
regex passed to fmt.Fprintf in the same block to add a boundary so only the
exact run name or that run name followed by a hyphen is matched (use the escaped
WorkflowRunName from escapeInsightsRegex and append a regex fragment that
enforces either a hyphen or end-of-string, e.g., .../^%s(-|$)/) so
kubernetes.pod_name matches only the intended workflow run pods.

In `@observability-logs-aws-cloudwatch/README.md`:
- Around line 352-354: The README currently directs creating a customer-managed
IAM policy named OpenChoreoCloudWatchLogsAdapterPolicy which will fail with
EntityAlreadyExists if run twice; update the docs or commands so they are
idempotent by checking for an existing policy before creating it (e.g., query
for a policy with name OpenChoreoCloudWatchLogsAdapterPolicy and skip/create
only if absent) or add a clear note that the policy name must be unique per
account and recommend using a custom name or conditional creation; refer to the
policy name OpenChoreoCloudWatchLogsAdapterPolicy in the README and ensure the
same change is applied to the other occurrence later in the file.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1dbccafa-00e0-44d6-be88-8adcd377203e

📥 Commits

Reviewing files that changed from the base of the PR and between 315da0d and f6e476b.

📒 Files selected for processing (6)

• observability-logs-aws-cloudwatch/README.md
• observability-logs-aws-cloudwatch/helm/Chart.yaml
• observability-logs-aws-cloudwatch/internal/cloudwatch/client.go
• observability-logs-aws-cloudwatch/internal/cloudwatch/client_test.go
• observability-logs-aws-cloudwatch/internal/cloudwatch/queries.go
• observability-logs-aws-cloudwatch/internal/cloudwatch/queries_test.go