Merge branch 'main' into system-process-pid

elastic · May 22, 2024 · 0dc3e83 · 0dc3e83
2 parents cd52564 + 18a7e54
commit 0dc3e83
Show file tree

Hide file tree

Showing 22 changed files with 1,521 additions and 219 deletions.
diff --git a/.buildkite/x-pack/pipeline.xpack.auditbeat.yml b/.buildkite/x-pack/pipeline.xpack.auditbeat.yml
@@ -29,8 +29,9 @@ env:
 steps:
   - group: "x-pack/auditbeat Mandatory Tests"
     key: "x-pack-auditbeat-mandatory-tests"
+
     steps:
-      - label: ":linux: Ubuntu Unit (MODULE) Tests"
+      - label: ":ubuntu: x-pack/auditbeat Build (MODULE) Tests"
         key: "mandatory-linux-unit-test"
         command: |
           set -euo pipefail
@@ -54,7 +55,7 @@ steps:
           - github_commit_status:
               context: "x-pack/auditbeat: Ubuntu Unit (MODULE) Tests"
 
-      - label: ":rhel: RHEL9 Unit Tests"
+      - label: ":rhel: x-pack/auditbeat RHEL9 Unit Tests"
         key: "mandatory-rhel9-unit-test"
         command: |
           cd x-pack/auditbeat
@@ -71,13 +72,13 @@ steps:
           - "x-pack/auditbeat/build/*.json"
         notify:
           - github_commit_status:
-              context: "x-pack/auditbeat: RHEL Unit Tests"
+              context: "x-pack/auditbeat: RHEL9 Unit Tests"
 
-      - label: ":windows: Windows 2022 Unit Tests"
+      - label: ":windows: x-pack/auditbeat Windows 2022 Unit Tests"
+        key: "mandatory-win-2022-unit-tests"
         command: |
           Set-Location -Path x-pack/auditbeat
           mage build unitTest
-        key: "mandatory-win-2022-unit-tests"
         retry:
           automatic:
             - limit: 3
@@ -94,7 +95,7 @@ steps:
           - github_commit_status:
               context: "x-pack/auditbeat: Windows 2022 Unit Tests"
 
-      - label: ":windows: Windows 2016 Unit Tests"
+      - label: ":windows: x-pack/auditbeat Windows 2016 Unit Tests"
         command: |
           Set-Location -Path x-pack/auditbeat
           mage build unitTest
@@ -118,8 +119,9 @@ steps:
   - group: "x-pack/auditbeat Extended Windows Tests"
     key: "x-pack-auditbeat-extended-win-tests"
     if: build.env("BUILDKITE_PULL_REQUEST") == "false" || build.env("GITHUB_PR_LABELS") =~ /.*[Ww]indows.*/
+
     steps:
-      - label: ":windows: Windows 2019 Unit Tests"
+      - label: ":windows: x-pack/auditbeat Windows 2019 Unit Tests"
         command: |
           Set-Location -Path x-pack/auditbeat
           mage build unitTest
@@ -140,7 +142,7 @@ steps:
           - github_commit_status:
               context: "x-pack/auditbeat: Windows 2019 Extended Tests"
 
-      - label: ":windows: Windows 10 Unit Tests"
+      - label: ":windows: x-pack/auditbeat Windows 10 Unit Tests"
         command: |
           Set-Location -Path x-pack/auditbeat
           mage build unitTest
@@ -161,7 +163,7 @@ steps:
           - github_commit_status:
               context: "x-pack/auditbeat: Windows 10 Extended Tests"
 
-      - label: ":windows: Windows 11 Unit Tests"
+      - label: ":windows: x-pack/auditbeat Windows 11 Unit Tests"
         command: |
           Set-Location -Path x-pack/auditbeat
           mage build unitTest
@@ -182,11 +184,13 @@ steps:
           - github_commit_status:
               context: "x-pack/auditbeat: Windows 11 Extended Tests"
 
-  - group: "x-pack/auditbeat MacOS Extended Tests"
-    key: "x-pack-auditbeat-extended-tests-macos"
-    if: build.env("BUILDKITE_PULL_REQUEST") == "false" || build.env("GITHUB_PR_LABELS") =~ /.*macOS.*/
+  - group: "x-pack/auditbeat Extended Tests"
+    key: "x-pack-auditbeat-extended-tests"
+    if: build.env("BUILDKITE_PULL_REQUEST") == "false" || build.env("GITHUB_PR_LABELS") =~ /.*(macOS|arm).*/
+
     steps:
-      - label: ":mac: MacOS x86_64 Unit Tests"
+      - label: ":mac: x-pack/auditbeat macOS x86_64 Unit Tests"
+        if: build.env("BUILDKITE_PULL_REQUEST") == "false" || build.env("GITHUB_PR_LABELS") =~ /.*macOS.*/
         command: |
           set -euo pipefail
           source .buildkite/scripts/install_macos_tools.sh
@@ -203,9 +207,10 @@ steps:
           - "x-pack/auditbeat/build/*.json"
         notify:
           - github_commit_status:
-              context: "x-pack/auditbeat: macOS x86_64 Extended Tests"
+              context: "x-pack/auditbeat: macOS x86_64 Unit Tests"
 
-      - label: ":mac: MacOS arm64 Unit Tests"
+      - label: ":mac: x-pack/auditbeat macOS arm64 Unit Tests"
+        if: build.env("BUILDKITE_PULL_REQUEST") == "false" || build.env("GITHUB_PR_LABELS") =~ /.*macOS.*/
         command: |
           set -euo pipefail
           source .buildkite/scripts/install_macos_tools.sh
@@ -222,13 +227,10 @@ steps:
           - "x-pack/auditbeat/build/*.json"
         notify:
           - github_commit_status:
-              context: "x-pack/auditbeat: macOS arm64 Extended Tests"
+              context: "x-pack/auditbeat: macOS arm64 Unit Tests"
 
-  - group: "x-pack/auditbeat Linux arm Extended Tests"
-    key: "x-pack-auditbeat-extended-tests-linux-arm"
-    if: build.env("BUILDKITE_PULL_REQUEST") == "false" || build.env("GITHUB_PR_LABELS") =~ /.*arm.*/
-    steps:
-      - label: ":linux: Ubuntu ARM Unit Tests"
+      - label: ":linux: x-pack/auditbeat Ubuntu ARM Unit Tests"
+        if: build.env("BUILDKITE_PULL_REQUEST") == "false" || build.env("GITHUB_PR_LABELS") =~ /.*arm.*/
         command: |
           cd x-pack/auditbeat
           mage build unitTest
@@ -244,7 +246,7 @@ steps:
           - "x-pack/auditbeat/build/*.json"
         notify:
           - github_commit_status:
-              context: "x-pack/auditbeat: Linux arm64 Extended Tests"
+              context: "x-pack/auditbeat: Linux arm64 Unit Tests"
 
   - wait: ~
     # with PRs, we want to run packaging only if mandatory tests succeed
@@ -256,8 +258,9 @@ steps:
 
   - group: "x-pack/auditbeat Packaging"
     key: "x-pack-auditbeat-packaging"
+
     steps:
-      - label: ":linux: Packaging Linux"
+      - label: ":ubuntu: x-pack/auditbeat Packaging Linux"
         key: "packaging-linux"
         command: |
           cd x-pack/auditbeat
@@ -276,9 +279,9 @@ steps:
           PLATFORMS: "+all linux/amd64 linux/arm64 windows/amd64 darwin/amd64 darwin/arm64"
         notify:
           - github_commit_status:
-              context: "x-pack/auditbeat: Packaging Linux Linux"
+              context: "x-pack/auditbeat: Packaging Linux"
 
-      - label: ":linux: Packaging ARM"
+      - label: ":ubuntu: x-pack/auditbeat Packaging Linux arm64"
         key: "packaging-arm"
         command: |
           cd x-pack/auditbeat
@@ -296,4 +299,4 @@ steps:
           PACKAGES: "docker"
         notify:
           - github_commit_status:
-              context: "x-pack/auditbeat: Packaging Linux ARM"
+              context: "x-pack/auditbeat: Packaging Linux arm64"
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -40,6 +40,25 @@ updates:
       - dependency-name: github.com/elastic/mito
     open-pull-requests-limit: 2
 
+  # Cloud providers' SDK dependencies
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    labels:
+      - automation
+      - dependabot
+    reviewers:
+      - "elastic/obs-ds-hosted-services"
+      - "elastic/obs-infraobs-integrations"
+    groups:
+      azure-sdks:
+        patterns:
+          - "github.com/Azure/azure-sdk-for-go/*"
+          - "github.com/Azure/azure-event-hubs-go/*"
+          - "github.com/Azure/go-autorest/*"
+          - "github.com/Azure/azure-storage-blob-go/*"
+
   # GitHub actions
   - package-ecosystem: "github-actions"
     directory: "/"

diff --git a/.github/workflows/bump-elastic-stack-snapshot.yml b/.github/workflows/bump-elastic-stack-snapshot.yml
@@ -21,22 +21,42 @@ jobs:
 
   bump-elastic-stack:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
     needs: [filter]
     strategy:
       fail-fast: false
       matrix: ${{ fromJson(needs.filter.outputs.matrix) }}
     steps:
       - uses: actions/checkout@v4
 
-      - uses: elastic/apm-pipeline-library/.github/actions/updatecli@current
-        with:
-          vaultUrl: ${{ secrets.VAULT_ADDR }}
-          vaultRoleId: ${{ secrets.VAULT_ROLE_ID }}
-          vaultSecretId: ${{ secrets.VAULT_SECRET_ID }}
-          pipeline: .github/workflows/updatecli.d/bump-elastic-stack-snapshot.yml
-          values: .github/workflows/updatecli.d/scm.yml
-          command: '--experimental apply'
-          notifySlackChannel: "#ingest-notifications"
-          messageIfFailure: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`, `@update-me-with-the-slack-team-to-be-poked` please look what's going on <${{ env.JOB_URL }}|here>"
+      - name: Install Updatecli in the runner
+        uses: updatecli/updatecli-action@9a37c7e35598d7b37d8e7568b40ed9538112be01 # v0.76.1
+
+      - name: Run Updatecli in Apply mode
+        run: updatecli --experimental apply --config .github/workflows/updatecli.d/bump-elastic-stack-snapshot.yml --values .github/workflows/updatecli.d/scm.yml
         env:
           BRANCH: ${{ matrix.branch }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - if: ${{ failure()  }}
+        uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
+        with:
+          channel-id: '#ingest-notifications'
+          payload: |
+            {
+              "text": "${{ env.SLACK_MESSAGE }}",
+              "blocks": [
+                {
+                  "type": "section",
+                  "text": {
+                    "type": "mrkdwn",
+                    "text": "${{ env.SLACK_MESSAGE }}"
+                  }
+                }
+              ]
+            }
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+          SLACK_MESSAGE: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`, `@update-me-with-the-slack-team-to-be-poked` please look what's going on <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>"
diff --git a/.github/workflows/bump-golang.yml b/.github/workflows/bump-golang.yml
@@ -10,34 +10,43 @@ permissions:
   contents: read
 
 jobs:
-  bump-main:
+  bump:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    strategy:
+      fail-fast: false
+      matrix:
+        file: ['bump-golang.yml', 'bump-golang-7.17.yml']
     steps:
       - uses: actions/checkout@v4
 
-      - uses: elastic/apm-pipeline-library/.github/actions/updatecli@current
-        with:
-          vaultUrl: ${{ secrets.VAULT_ADDR }}
-          vaultRoleId: ${{ secrets.VAULT_ROLE_ID }}
-          vaultSecretId: ${{ secrets.VAULT_SECRET_ID }}
-          pipeline: .github/workflows/updatecli.d/bump-golang.yml
-          values: .github/workflows/updatecli.d/scm.yml
-          command: '--experimental apply'
-          notifySlackChannel: "#ingest-notifications"
-          messageIfFailure: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`, `@update-me-with-the-slack-team-to-be-poked` please look what's going on <${{ env.JOB_URL }}|here>"
+      - name: Install Updatecli in the runner
+        uses: updatecli/updatecli-action@9a37c7e35598d7b37d8e7568b40ed9538112be01 # v0.76.1
 
-  bump-7-17:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
+      - name: Run Updatecli in Apply mode
+        run: updatecli --experimental apply --config .github/workflows/updatecli.d/${{ matrix.file }} --values .github/workflows/updatecli.d/scm.yml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: elastic/apm-pipeline-library/.github/actions/updatecli@current
+      - if: ${{ failure()  }}
+        uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
         with:
-          vaultUrl: ${{ secrets.VAULT_ADDR }}
-          vaultRoleId: ${{ secrets.VAULT_ROLE_ID }}
-          vaultSecretId: ${{ secrets.VAULT_SECRET_ID }}
-          pipeline: .github/workflows/updatecli.d/bump-golang-7.17.yml
-          values: .github/workflows/updatecli.d/scm.yml
-          command: '--experimental apply'
-          notifySlackChannel: "#ingest-notifications"
-          messageIfFailure: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`, `@update-me-with-the-slack-team-to-be-poked` please look what's going on <${{ env.JOB_URL }}|here>"
+          channel-id: '#ingest-notifications'
+          payload: |
+            {
+              "text": "${{ env.SLACK_MESSAGE }}",
+              "blocks": [
+                {
+                  "type": "section",
+                  "text": {
+                    "type": "mrkdwn",
+                    "text": "${{ env.SLACK_MESSAGE }}"
+                  }
+                }
+              ]
+            }
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+          SLACK_MESSAGE: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`, `@update-me-with-the-slack-team-to-be-poked` please look what's going on <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>"
diff --git a/.github/workflows/notify-stalled-snapshots.yml b/.github/workflows/notify-stalled-snapshots.yml
@@ -10,7 +10,6 @@ permissions:
   contents: read
 
 env:
-  EMAIL_VAULT_SECRET: secret/observability-team/ci/service-account/email-github-actions
   EMAIL: [email protected]
   URL_QUERY: 'https://github.com/elastic/beats/pulls?q=is%3Apr+is%3Aopen+label%3ATeam%3ABeats-On-Call'
   JOB_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
@@ -56,37 +55,22 @@ jobs:
 
       - if: ${{ contains(steps.search.outputs.found, 'true') }}
         name: Report obsoleted branches (slack)
-        uses: elastic/apm-pipeline-library/.github/actions/slack-message@current
+        uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
         with:
-          url: ${{ secrets.VAULT_ADDR }}
-          roleId: ${{ secrets.VAULT_ROLE_ID }}
-          secretId: ${{ secrets.VAULT_SECRET_ID }}
-          channel: "#ingest-notifications"
-          message: ":red_circle: Elastic Stack version for the `${{ matrix.branch }}` branch has not been updated for a while (`> 7 days`). Review the (<${{ env.URL_QUERY }}|open PRs>)"
-
-      - if: ${{ contains(steps.search.outputs.found, 'true') }}
-        uses: hashicorp/[email protected]
-        with:
-          url: ${{ secrets.VAULT_ADDR }}
-          roleId: ${{ secrets.VAULT_ROLE_ID }}
-          secretId: ${{ secrets.VAULT_SECRET_ID }}
-          method: approle
-          secrets: |
-            ${{ env.EMAIL_VAULT_SECRET }} username | MAIL_USERNAME ;
-            ${{ env.EMAIL_VAULT_SECRET }} app_token | MAIL_PASSWORD;
-            ${{ env.EMAIL_VAULT_SECRET }} from | MAIL_FROM;
-            ${{ env.EMAIL_VAULT_SECRET }} reply | MAIL_REPLY;
-            ${{ env.EMAIL_VAULT_SECRET }} server | MAIL_SERVER
+          channel-id: '#ingest-notifications'
+          payload:  ":red_circle: Elastic Stack version for the `${{ matrix.branch }}` branch has not been updated for a while (`> 7 days`). Review the (<${{ env.URL_QUERY }}|open PRs>)"
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
 
       - if: ${{ contains(steps.search.outputs.found, 'true') }}
         name: Report obsoleted branches (email)
         uses: dawidd6/action-send-mail@6063705cefe50cb915fc53bb06d4049cae2953b2
         with:
-          server_address: ${{ env.MAIL_SERVER }}
-          username: ${{ env.MAIL_USERNAME }}
-          password: ${{ env.MAIL_PASSWORD }}
+          server_address: ${{ secrets.MAIL_SERVER }}
+          username: ${{ secrets.MAIL_USERNAME }}
+          password: ${{ secrets.MAIL_PASSWORD }}
           subject: '[${{ matrix.branch }}] ${{ steps.date.outputs.date }}: Elastic Stack version has not been updated recently.'
           to: ${{ env.EMAIL }}
-          from: ${{ env.MAIL_FROM }}
-          reply_to: ${{ env.MAIL_REPLY }}
+          from: ${{ secrets.MAIL_FROM }}
+          reply_to: ${{ secrets.MAIL_REPLY }}
           body: 'Elastic Stack version for the ${{ matrix.branch }} branch has not been updated for a while (> 7 days). Review the open PRs in ${{ env.URL_QUERY }}. Generated automatically with ${{ env.JOB_URL }}'
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -273,6 +273,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
 - Ensure all responses sent by HTTP Endpoint are HTML-escaped. {pull}39329[39329]
 - Update CEL mito extensions to v1.11.0 to improve type checking. {pull}39460[39460]
 - Improve logging of request and response with request trace logging in error conditions. {pull}39455[39455]
+- Implement Elastic Agent status and health reporting for CEL Filebeat input. {pull}39209[39209]
 - Add HTTP metrics to CEL input. {issue}39501[39501] {pull}39503[39503]
 - Add default user-agent to CEL HTTP requests. {issue}39502[39502] {pull}39587[39587]
 - Improve reindexing support in security module pipelines. {issue}38224[38224] {pull}[]

diff --git a/filebeat/docs/inputs/input-filestream-reader-options.asciidoc b/filebeat/docs/inputs/input-filestream-reader-options.asciidoc
@@ -153,6 +153,7 @@ Available parsers:
 * `ndjson`
 * `container`
 * `syslog`
+* `include_message`
 
 In this example, {beatname_uc} is reading multiline messages that consist of 3 lines
 and are encapsulated in single-line JSON objects.