[extension/awslogs_encoding] implement streaming contract for WAF logs (open-telemetry#46223)

#### Description

Based on contract introduced at
open-telemetry#46211,
this PR implements streaming for WAF logs.

WAF logs change is focused at commit titled `streaming for WAF logs`

#### Testing

Unit tests and dedicated streaming tests 

#### Documentation

Updated documentation on streaming contract

---------

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

Author: Kavindu-Dodan

.chloggen/feat_aws-logs-waf-logs.yaml

@@ -0,0 +1,27 @@
+# Use this changelog template to create an entry for release notes.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: enhancement
+
+# The name of the component, or a single word describing the area of concern, (e.g. receiver/filelog)
+component: extension/awslogs_encoding
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Adopt encoding extension streaming contract for WAF logs
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+issues: [46214]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
+
+# If your change doesn't affect end users or the exported elements of any package,
+# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
+# Optional: The change log or logs in which this entry should be included.
+# e.g. '[user]' or '[user, api]'
+# Include 'user' if the change is relevant to end users.
+# Include 'api' if there is a change to a library API.
+# Default: '[user]'
+change_logs: []

extension/encoding/awslogsencodingextension/README.md

@@ -185,6 +185,7 @@ The table below summarizes streaming support details for each log type, along wi
 |---------------------|---------------------|-----------------------------|----------------------------------------------------------------------------------------------|
 | Network Firewall    | Alert/Flow/TLS      | Bytes processed             |                                                                                              |
 | Subscription filter | -                   | Number of records processed | Supports processing multi-line inputs and offset tracks number of records that get processed |
+| WAF Logs            | -                   | Bytes processed             |                                                                                              |
 
 ## Produced Records per Format
 

extension/encoding/awslogsencodingextension/internal/unmarshaler/waf/benchmark_test.go

@@ -44,7 +44,7 @@ func BenchmarkUnmarshalLogs(b *testing.B) {
 		},
 	}
 
-	u := wafLogUnmarshaler{
+	u := WafLogUnmarshaler{
 		buildInfo: component.BuildInfo{},
 	}
 

extension/encoding/awslogsencodingextension/internal/unmarshaler/waf/testdata/missing_webaclid_log.json

@@ -1,100 +1 @@
-{
-    "timestamp":1748208718574,
-    "formatVersion":1,
-    "terminatingRuleId":"Default_Action",
-    "terminatingRuleType":"REGULAR",
-    "action":"ALLOW",
-    "terminatingRuleMatchDetails":[ ],
-    "httpSourceName":"CF",
-    "httpSourceId":"E3DTJP8YLL6OBQ",
-    "ruleGroupList":[ ],
-    "rateBasedRuleList":[
-        {
-            "rateBasedRuleId":"arn:aws:wafv2:us-east-1:123456789101_MANAGED:global/ipset/e3132a63-134d-4da9-a0c4-b166ddd6de6c_77ce5c35-14fa-4731-9710-86216d568f12_IPV4/77ce5c35-14fa-4731-9710-86216d568f12",
-            "rateBasedRuleName":"rule-1",
-            "limitKey":"IP",
-            "maxRateAllowed":10000,
-            "evaluationWindowSec":300,
-            "limitValue":"178.84.204.171"
-        }
-    ],
-    "nonTerminatingMatchingRules":[ ],
-    "requestHeadersInserted":null,
-    "responseCodeSent":null,
-    "httpRequest":{
-        "clientIp":"178.84.204.171",
-        "country":"NL",
-        "headers":[
-            {
-                "name":"host",
-                "value":"dsx1234tsajqz63.cloudfront.net"
-            },
-            {
-                "name":"user-agent",
-                "value":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:138.0) Gecko/20100101 Firefox/138.0"
-            },
-            {
-                "name":"accept",
-                "value":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5"
-            },
-            {
-                "name":"accept-language",
-                "value":"en-US,en;q=0.5"
-            },
-            {
-                "name":"accept-encoding",
-                "value":"gzip, deflate, br, zstd"
-            },
-            {
-                "name":"referer",
-                "value":"https://dsx88tsajqz63.cloudfront.net/"
-            },
-            {
-                "name":"sec-fetch-dest",
-                "value":"image"
-            },
-            {
-                "name":"sec-fetch-mode",
-                "value":"no-cors"
-            },
-            {
-                "name":"sec-fetch-site",
-                "value":"same-origin"
-            },
-            {
-                "name":"dnt",
-                "value":"1"
-            },
-            {
-                "name":"sec-gpc",
-                "value":"1"
-            },
-            {
-                "name":"priority",
-                "value":"u=6"
-            },
-            {
-                "name":"te",
-                "value":"trailers"
-            }
-        ],
-        "uri":"/favicon.ico",
-        "args":"",
-        "httpVersion":"HTTP/2.0",
-        "httpMethod":"GET",
-        "requestId":"n6LHLPqblIh_4qRsVj0940K9LxKyrkiUUE7lyMol1eTptabtlhHiXQ==",
-        "fragment":"",
-        "scheme":"https",
-        "host":"dsx88tsajqz63.cloudfront.net"
-    },
-    "labels":[
-        {
-            "name":"awswaf:clientip:geo:country:NL"
-        },
-        {
-            "name":"awswaf:clientip:geo:region:NL-NH"
-        }
-    ],
-    "ja3Fingerprint":"6f7889b9fb1a62a9577e685c1fcfa919",
-    "ja4Fingerprint":"t13d1717h2_5b57614c22b0_3cbfd9057e0d"
-}
+{"timestamp":1748208718574,"formatVersion":1,"terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E3DTJP8YLL6OBQ","ruleGroupList":[],"rateBasedRuleList":[{"rateBasedRuleId":"arn:aws:wafv2:us-east-1:123456789101_MANAGED:global/ipset/e3132a63-134d-4da9-a0c4-b166ddd6de6c_77ce5c35-14fa-4731-9710-86216d568f12_IPV4/77ce5c35-14fa-4731-9710-86216d568f12","rateBasedRuleName":"rule-1","limitKey":"IP","maxRateAllowed":10000,"evaluationWindowSec":300,"limitValue":"178.84.204.171"}],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"178.84.204.171","country":"NL","headers":[{"name":"host","value":"dsx1234tsajqz63.cloudfront.net"},{"name":"user-agent","value":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:138.0) Gecko/20100101 Firefox/138.0"},{"name":"accept","value":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5"},{"name":"accept-language","value":"en-US,en;q=0.5"},{"name":"accept-encoding","value":"gzip, deflate, br, zstd"},{"name":"referer","value":"https://dsx88tsajqz63.cloudfront.net/"},{"name":"sec-fetch-dest","value":"image"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"dnt","value":"1"},{"name":"sec-gpc","value":"1"},{"name":"priority","value":"u=6"},{"name":"te","value":"trailers"}],"uri":"/favicon.ico","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"n6LHLPqblIh_4qRsVj0940K9LxKyrkiUUE7lyMol1eTptabtlhHiXQ==","fragment":"","scheme":"https","host":"dsx88tsajqz63.cloudfront.net"},"labels":[{"name":"awswaf:clientip:geo:country:NL"},{"name":"awswaf:clientip:geo:region:NL-NH"}],"ja3Fingerprint":"6f7889b9fb1a62a9577e685c1fcfa919","ja4Fingerprint":"t13d1717h2_5b57614c22b0_3cbfd9057e0d"}

extension/encoding/awslogsencodingextension/internal/unmarshaler/waf/testdata/valid_log.json

@@ -1,101 +1 @@
-{
-    "timestamp":1748208718574,
-    "formatVersion":1,
-    "webaclId":"arn:aws:wafv2:us-east-1:123456789101:global/webacl/open-telemetry-waf/e3132a63-134d-4da9-a0c4-b166ddd6de6c",
-    "terminatingRuleId":"Default_Action",
-    "terminatingRuleType":"REGULAR",
-    "action":"ALLOW",
-    "terminatingRuleMatchDetails":[ ],
-    "httpSourceName":"CF",
-    "httpSourceId":"E3DTJP8YLL6OBQ",
-    "ruleGroupList":[ ],
-    "rateBasedRuleList":[
-        {
-            "rateBasedRuleId":"arn:aws:wafv2:us-east-1:123456789101_MANAGED:global/ipset/e3132a63-134d-4da9-a0c4-b166ddd6de6c_77ce5c35-14fa-4731-9710-86216d568f12_IPV4/77ce5c35-14fa-4731-9710-86216d568f12",
-            "rateBasedRuleName":"rule-1",
-            "limitKey":"IP",
-            "maxRateAllowed":10000,
-            "evaluationWindowSec":300,
-            "limitValue":"178.84.204.171"
-        }
-    ],
-    "nonTerminatingMatchingRules":[ ],
-    "requestHeadersInserted":null,
-    "responseCodeSent":null,
-    "httpRequest":{
-        "clientIp":"178.84.204.171",
-        "country":"NL",
-        "headers":[
-            {
-                "name":"host",
-                "value":"dsx1234tsajqz63.cloudfront.net"
-            },
-            {
-                "name":"user-agent",
-                "value":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:138.0) Gecko/20100101 Firefox/138.0"
-            },
-            {
-                "name":"accept",
-                "value":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5"
-            },
-            {
-                "name":"accept-language",
-                "value":"en-US,en;q=0.5"
-            },
-            {
-                "name":"accept-encoding",
-                "value":"gzip, deflate, br, zstd"
-            },
-            {
-                "name":"referer",
-                "value":"https://dsx88tsajqz63.cloudfront.net/"
-            },
-            {
-                "name":"sec-fetch-dest",
-                "value":"image"
-            },
-            {
-                "name":"sec-fetch-mode",
-                "value":"no-cors"
-            },
-            {
-                "name":"sec-fetch-site",
-                "value":"same-origin"
-            },
-            {
-                "name":"dnt",
-                "value":"1"
-            },
-            {
-                "name":"sec-gpc",
-                "value":"1"
-            },
-            {
-                "name":"priority",
-                "value":"u=6"
-            },
-            {
-                "name":"te",
-                "value":"trailers"
-            }
-        ],
-        "uri":"/favicon.ico",
-        "args":"",
-        "httpVersion":"HTTP/2.0",
-        "httpMethod":"GET",
-        "requestId":"n6LHLPqblIh_4qRsVj0940K9LxKyrkiUUE7lyMol1eTptabtlhHiXQ==",
-        "fragment":"",
-        "scheme":"https",
-        "host":"dsx88tsajqz63.cloudfront.net"
-    },
-    "labels":[
-        {
-            "name":"awswaf:clientip:geo:country:NL"
-        },
-        {
-            "name":"awswaf:clientip:geo:region:NL-NH"
-        }
-    ],
-    "ja3Fingerprint":"6f7889b9fb1a62a9577e685c1fcfa919",
-    "ja4Fingerprint":"t13d1717h2_5b57614c22b0_3cbfd9057e0d"
-}
+{"timestamp":1748208718574,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:123456789101:global/webacl/open-telemetry-waf/e3132a63-134d-4da9-a0c4-b166ddd6de6c","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E3DTJP8YLL6OBQ","ruleGroupList":[],"rateBasedRuleList":[{"rateBasedRuleId":"arn:aws:wafv2:us-east-1:123456789101_MANAGED:global/ipset/e3132a63-134d-4da9-a0c4-b166ddd6de6c_77ce5c35-14fa-4731-9710-86216d568f12_IPV4/77ce5c35-14fa-4731-9710-86216d568f12","rateBasedRuleName":"rule-1","limitKey":"IP","maxRateAllowed":10000,"evaluationWindowSec":300,"limitValue":"178.84.204.171"}],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"178.84.204.171","country":"NL","headers":[{"name":"host","value":"dsx1234tsajqz63.cloudfront.net"},{"name":"user-agent","value":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:138.0) Gecko/20100101 Firefox/138.0"},{"name":"accept","value":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5"},{"name":"accept-language","value":"en-US,en;q=0.5"},{"name":"accept-encoding","value":"gzip, deflate, br, zstd"},{"name":"referer","value":"https://dsx88tsajqz63.cloudfront.net/"},{"name":"sec-fetch-dest","value":"image"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"dnt","value":"1"},{"name":"sec-gpc","value":"1"},{"name":"priority","value":"u=6"},{"name":"te","value":"trailers"}],"uri":"/favicon.ico","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"n6LHLPqblIh_4qRsVj0940K9LxKyrkiUUE7lyMol1eTptabtlhHiXQ==","fragment":"","scheme":"https","host":"dsx88tsajqz63.cloudfront.net"},"labels":[{"name":"awswaf:clientip:geo:country:NL"},{"name":"awswaf:clientip:geo:region:NL-NH"}],"ja3Fingerprint":"6f7889b9fb1a62a9577e685c1fcfa919","ja4Fingerprint":"t13d1717h2_5b57614c22b0_3cbfd9057e0d"}

extension/encoding/awslogsencodingextension/internal/unmarshaler/waf/testdata/valid_log_multi.json

@@ -0,0 +1,2 @@
+{"timestamp":1748208718574,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:123456789101:global/webacl/open-telemetry-waf/e3132a63-134d-4da9-a0c4-b166ddd6de6c","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E3DTJP8YLL6OBQ","ruleGroupList":[],"rateBasedRuleList":[{"rateBasedRuleId":"arn:aws:wafv2:us-east-1:123456789101_MANAGED:global/ipset/e3132a63-134d-4da9-a0c4-b166ddd6de6c_77ce5c35-14fa-4731-9710-86216d568f12_IPV4/77ce5c35-14fa-4731-9710-86216d568f12","rateBasedRuleName":"rule-1","limitKey":"IP","maxRateAllowed":10000,"evaluationWindowSec":300,"limitValue":"178.84.204.171"}],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"178.84.204.171","country":"NL","headers":[{"name":"host","value":"dsx1234tsajqz63.cloudfront.net"},{"name":"user-agent","value":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:138.0) Gecko/20100101 Firefox/138.0"},{"name":"accept","value":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5"},{"name":"accept-language","value":"en-US,en;q=0.5"},{"name":"accept-encoding","value":"gzip, deflate, br, zstd"},{"name":"referer","value":"https://dsx88tsajqz63.cloudfront.net/"},{"name":"sec-fetch-dest","value":"image"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"dnt","value":"1"},{"name":"sec-gpc","value":"1"},{"name":"priority","value":"u=6"},{"name":"te","value":"trailers"}],"uri":"/favicon.ico","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"n6LHLPqblIh_4qRsVj0940K9LxKyrkiUUE7lyMol1eTptabtlhHiXQ==","fragment":"","scheme":"https","host":"dsx88tsajqz63.cloudfront.net"},"labels":[{"name":"awswaf:clientip:geo:country:NL"},{"name":"awswaf:clientip:geo:region:NL-NH"}],"ja3Fingerprint":"6f7889b9fb1a62a9577e685c1fcfa919","ja4Fingerprint":"t13d1717h2_5b57614c22b0_3cbfd9057e0d"}
+{"timestamp":1683355579981,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:123456789101:global/webacl/open-telemetry-waf/e3132a63-134d-4da9-a0c4-b166ddd6de6c","terminatingRuleId":"RateBasedRule","terminatingRuleType":"RATE_BASED","action":"BLOCK","terminatingRuleMatchDetails":[],"httpSourceName":"APIGW","httpSourceId":"EXAMPLE11:rjvegx5guh:CanaryTest","ruleGroupList":[],"rateBasedRuleList":[{"rateBasedRuleId":"arn:aws:wafv2:us-east-1:123456789101_MANAGED:global/ipset/e3132a63-134d-4da9-a0c4-b166ddd6de6c_77ce5c35-14fa-4731-9710-86216d568f12_IPV4/77ce5c35-14fa-4731-9710-86216d568f12","rateBasedRuleName":"RateBasedRule","limitKey":"CUSTOMKEYS","maxRateAllowed":100,"evaluationWindowSec":"120","customValues":[{"key":"HEADER","name":"dogname","value":"ella"}]}],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"52.46.82.45","country":"FR","headers":[{"name":"X-Forwarded-For","value":"52.46.82.45"},{"name":"X-Forwarded-Proto","value":"https"},{"name":"X-Forwarded-Port","value":"443"},{"name":"Host","value":"rjvegx5guh.execute-api.eu-west-3.amazonaws.com"},{"name":"X-Amzn-Trace-Id","value":"Root=1-645566cf-7cb058b04d9bb3ee01dc4036"},{"name":"dogname","value":"ella"},{"name":"User-Agent","value":"RateBasedRuleTestKoipOneKeyModulePV2"},{"name":"Accept-Encoding","value":"gzip,deflate"}],"uri":"/CanaryTest","args":"","httpVersion":"HTTP/1.1","httpMethod":"GET","requestId":"Ed0AiHF_CGYF-DA="}}