[updatecli] Update to elastic/beats@4c04c1ad8631

.github/workflows/arm-template-lint.yml

@@ -0,0 +1,36 @@
+name: ARM Templates
+
+on:
+  pull_request:
+    paths:
+      - "deploy/azure/*.json"
+  push:
+    branches:
+      - main
+    paths:
+      - "deploy/azure/*.json"
+
+jobs:
+  lint-arm-ttk:
+    name: Lint
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        template: [ "ARM-for-organization-account", "ARM-for-single-account" ]
+    steps:
+      - uses: actions/checkout@v4
+
+        # Copy files to its own folder because it's what the official ARM-TTK action expects
+        # Docs https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/test-toolkit#test-parameters
+      - name: copy file
+        working-directory: ./deploy/azure
+        run: |
+          mkdir ${{ matrix.template }}
+          cp ${{ matrix.template }}.json ${{ matrix.template }}/azuredeploy.json
+
+      - uses: microsoft/action-armttk@v1
+        name: lint ${{ matrix.template }}
+        with:
+          github_token: ${{ secrets.github_token }}
+          workdir: "./deploy/azure/${{ matrix.template }}"

.github/workflows/ci-pull_request.yml

@@ -0,0 +1,105 @@
+name: Unit Tests and Lints
+
+on:
+  pull_request:
+    branches:
+      - main
+      - "[0-9]+.[0-9]+"
+    types: [opened, synchronize, reopened]
+  push:
+    branches:
+      - main
+      - "[0-9]+.[0-9]+"
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-22.04
+    timeout-minutes: 60
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+
+      - name: Initialize hermit
+        shell: bash
+        run: |
+          ./bin/hermit env --raw >> "$GITHUB_ENV"
+
+      - name: Initialize poetry
+        shell: bash
+        run: |
+          pip3 install poetry
+          (cd security-policies && poetry install --no-root)
+
+      - name: Pre-commit Hooks
+        env:
+          # Skipping golangci-lint as it's tested by golangci-lint
+          SKIP: golangci-lint
+        shell: bash
+        run: |
+          pre-commit run --all-files
+
+      - name: golangci-lint
+        shell: bash
+        run: golangci-lint run --out-format github-actions
+
+      - name: Mage Check
+        shell: bash
+        run: mage check
+
+      - name: Mage checkLicenseHeaders
+        shell: bash
+        run: mage checkLicenseHeaders
+
+      - name: Validate mocks
+        shell: bash
+        run: just validate-mocks
+
+      - name: Terraform fmt
+        shell: bash
+        run: terraform fmt -check -recursive
+
+  unit-test:
+    name: Unit Test
+    runs-on: ubuntu-22.04
+    timeout-minutes: 60
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+
+      - name: Initialize hermit
+        shell: bash
+        run: |
+          ./bin/hermit env --raw >> "$GITHUB_ENV"
+
+      - name: Build opa bundle
+        shell: bash
+        run: mage buildOpaBundle
+
+      - name: Unit-Test
+        shell: bash
+        run: |
+          go install gotest.tools/gotestsum
+          GOOS=linux TEST_DIRECTORY=./... gotestsum --format pkgname -- -race -coverpkg=./... -coverprofile=cover.out.tmp
+          cat cover.out.tmp | grep -v "mock_.*.go" > cover.out # remove mock files from coverage report
+
+      - name: Upload coverage artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage-file
+          path: cover.out
+          overwrite: true
+
+      - name: Send coverage
+        env:
+          COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        shell: bash
+        run: |
+          go install github.com/mattn/goveralls@latest
+          goveralls -coverprofile=cover.out -service=github

.github/workflows/ci.yml

@@ -29,100 +29,6 @@ jobs:
         with:
           init-tools: 'true'
 
-  lint:
-    name: Lint
-    runs-on: ubuntu-22.04
-    timeout-minutes: 60
-    steps:
-      - name: Check out the repo
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event_name == 'push' && github.ref || format('refs/pull/{0}/merge', github.event.number) }}
-          # If the event is push to branch use the default ref.
-          # If the event is pull request (`pull_request_target` in our case) use merge commit as ref to run lint over the PR's code.
-
-      - name: Initialize hermit
-        shell: bash
-        run: |
-          ./bin/hermit env --raw >> "$GITHUB_ENV"
-
-      - name: Initialize poetry
-        shell: bash
-        run: |
-          pip3 install poetry
-          (cd security-policies && poetry install --no-root)
-
-      - name: Pre-commit Hooks
-        env:
-          # Skipping golangci-lint as it's tested by golangci-lint
-          SKIP: golangci-lint
-        shell: bash
-        run: |
-          pre-commit run --all-files
-
-      - name: golangci-lint
-        shell: bash
-        run: golangci-lint run --out-format github-actions
-
-      - name: Mage Check
-        shell: bash
-        run: mage check
-
-      - name: Mage checkLicenseHeaders
-        shell: bash
-        run: mage checkLicenseHeaders
-
-      - name: Validate mocks
-        shell: bash
-        run: just validate-mocks
-
-      - name: Terraform fmt
-        shell: bash
-        run: terraform fmt -check -recursive
-
-  unit-test:
-    name: Unit Test
-    runs-on: ubuntu-22.04
-    timeout-minutes: 60
-    steps:
-      - name: Check out the repo
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event_name == 'push' && github.ref || format('refs/pull/{0}/merge', github.event.number) }}
-          # If the event is push to branch use the default ref.
-          # If the event is pull request (`pull_request_target` in our case) use merge commit as ref to run unit tests over the PR's code.
-
-      - name: Initialize hermit
-        shell: bash
-        run: |
-          ./bin/hermit env --raw >> "$GITHUB_ENV"
-
-      - name: Build opa bundle
-        shell: bash
-        run: mage buildOpaBundle
-
-      - name: Unit-Test
-        shell: bash
-        run: |
-          go install gotest.tools/gotestsum
-          GOOS=linux TEST_DIRECTORY=./... gotestsum --format pkgname -- -race -coverpkg=./... -coverprofile=cover.out.tmp
-          cat cover.out.tmp | grep -v "mock_.*.go" > cover.out # remove mock files from coverage report
-
-      - name: Upload coverage artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: coverage-file
-          path: cover.out
-          overwrite: true
-
-      - name: Send coverage
-        env:
-          COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        shell: bash
-        run: |
-          go install github.com/mattn/goveralls@latest
-          goveralls -coverprofile=cover.out -service=github
-
   ci-azure:
     needs: [ init-hermit ]
     name: CIS Azure CI

.github/workflows/periodic-ci.yml

@@ -156,7 +156,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Create k8s Kind Cluster
-        uses: helm/kind-action@v1.9.0
+        uses: helm/kind-action@v1.10.0
         with:
           config: deploy/k8s/kind/kind-mono.yml
 

.github/workflows/weekly-enviroment.yml

@@ -83,7 +83,7 @@ jobs:
 
       # Once https://github.com/slackapi/slack-github-action/issues/84 will be resolved we can push the payload to a different file
       - name: Send custom JSON data to Slack workflow
-        uses: slackapi/slack-github-action@v1.25.0
+        uses: slackapi/slack-github-action@v1.26.0
         with:
           payload: |
             {

.go-version

@@ -1 +1 @@
-1.21.8
+1.22.2

.mergify.yml

@@ -287,3 +287,16 @@ pull_request_rules:
         labels:
           - "backport"
         title: "[{{ destination_branch }}](backport #{{ number }}) {{ title }}"
+  - name: backport patches to 8.14 branch
+    conditions:
+      - merged
+      - label=backport-v8.14.0
+    actions:
+      backport:
+        assignees:
+          - "{{ author }}"
+        branches:
+          - "8.14"
+        labels:
+          - "backport"
+        title: "[{{ destination_branch }}](backport #{{ number }}) {{ title }}"

_meta/config/processors.yml.tmpl

@@ -3,7 +3,8 @@
 # Configure processors to enhance or manipulate events generated by the beat.
 
 processors:
-  - add_host_metadata: ~
+# in case you run in EKS/Kubernetes environment, you can use the following processor to add node metadata
+# - add_host_metadata: ~
   - add_cloud_metadata: ~
   - add_docker_metadata: ~
   # in case you run in EKS/Kubernetes environment, you can use the following processor to add cluster id

bin/go

@@ -1 +1 @@
-.go-1.21.8.pkg
+.go-1.22.2.pkg

bin/gofmt

@@ -1 +1 @@
-.go-1.21.8.pkg
+.go-1.22.2.pkg

bin/hermit.hcl

@@ -1,4 +1,4 @@
 env = {
-  "CLOUDBEAT_VERSION": "8.14.0",
+  "CLOUDBEAT_VERSION": "8.15.0",
   "ELK_VERSION": "${CLOUDBEAT_VERSION}-SNAPSHOT",
 }

cloudbeat.yml

@@ -117,7 +117,8 @@ output.elasticsearch:
 # Configure processors to enhance or manipulate events generated by the beat.
 
 processors:
-  - add_host_metadata: ~
+# in case you run in EKS/Kubernetes environment, you can use the following processor to add node metadata
+# - add_host_metadata: ~
   - add_cloud_metadata: ~
   - add_docker_metadata: ~
   # in case you run in EKS/Kubernetes environment, you can use the following processor to add cluster id

cmd/root.go

@@ -23,6 +23,7 @@ import (
 	"github.com/elastic/beats/v7/libbeat/cmd"
 	"github.com/elastic/beats/v7/libbeat/cmd/instance"
 	"github.com/elastic/beats/v7/libbeat/common/reload"
+	"github.com/elastic/beats/v7/libbeat/publisher/processing"
 	_ "github.com/elastic/beats/v7/x-pack/libbeat/include"
 	"github.com/elastic/beats/v7/x-pack/libbeat/management"
 	"github.com/elastic/elastic-agent-client/v7/pkg/client"
@@ -36,7 +37,16 @@ import (
 var Name = "cloudbeat"
 
 // RootCmd to handle beats cli
-var RootCmd = cmd.GenRootCmdWithSettings(beater.New, instance.Settings{Name: Name, Version: version.CloudbeatSemanticVersion()})
+var RootCmd = cmd.GenRootCmdWithSettings(
+	beater.New,
+	instance.Settings{
+		Name:    Name,
+		Version: version.CloudbeatSemanticVersion(),
+		// Supply our own processing pipeline. Same as processing.MakeDefaultBeatSupport, but without
+		// `processing.WithHost`.
+		Processing: processing.MakeDefaultSupport(true, nil, processing.WithECS, processing.WithAgentMeta()),
+	},
+)
 
 func cloudbeatCfg(rawIn *proto.UnitExpectedConfig, agentInfo *client.AgentInfo) ([]*reload.ConfigWithMeta, error) {
 	modules, err := management.CreateInputsFromStreams(rawIn, "logs", agentInfo)

deploy/aws/cloudbeat-aws.yml

@@ -47,7 +47,6 @@ output.elasticsearch:
 
 # ================================= Processors =================================
 processors:
-  - add_host_metadata: ~
   - add_cloud_metadata: ~
   - add_docker_metadata: ~