Enable agent to send custom headers to kibana/ES #26275
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
michalpristas
added
enhancement
v7.14.0
Team:Elastic-Agent
|
Pinging @elastic/agent (Team:Agent) |
botelastic
bot
added
needs_team
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪💚 Flaky test reportTests succeeded. Expand to view the summary
Test stats 🧪
|
|
/package |
|
/package |
blakerouse
reviewed
Jun 14, 2021
| @@ -29,6 +29,7 @@ const maxRetriesloadAgentInfo = 5 | |||
|
|
|||
| type persistentAgentInfo struct { | |||
| ID string `json:"id" yaml:"id" config:"id"` | |||
| CustomHeaders map[string]string `json:"custom_headers" yaml:"custom_headers" config:"custom_headers"` | |||
There was a problem hiding this comment.
Why prefix with custom? Why not just "headers"?
That would match the elasticsearch configuration - https://www.elastic.co/guide/en/beats/filebeat/current/elasticsearch-output.html#_headers
There was a problem hiding this comment.
following naming from cloud
There was a problem hiding this comment.
They are asking for the feature but we should align the naming with what is in beats to easy the transition to our users from beats to Elastic Agent. Unless we feel that headers is not a good name and now is the time to change it. I feel that headers is a better name over custom_headers.
| InsecureHTTP: envBool("FLEET_SERVER_INSECURE_HTTP"), | ||
| PolicyID: envWithDefault("", "FLEET_SERVER_POLICY_ID", "FLEET_SERVER_POLICY"), | ||
| Port: envWithDefault("", "FLEET_SERVER_PORT"), | ||
| CustomHeaders: envMap("FLEET_CUSTOM_HEADER"), |
There was a problem hiding this comment.
I would go with FLEET_HEADER instead of FLEET_CUSTOM_HEADER.
| @@ -90,6 +91,8 @@ func (r *RuleList) MarshalYAML() (interface{}, error) { | |||
| name = "fix_stream" | |||
| case *InsertDefaultsRule: | |||
| name = "insert_defaults" | |||
| case *InjectCustomHeadersRule: | |||
There was a problem hiding this comment.
How about just inject_headers?
|
@michalpristas Can you link the related issue in the description? I also moved it to the iteration board. |
blakerouse
reviewed
Jun 15, 2021
| @@ -59,6 +60,7 @@ func addEnrollFlags(cmd *cobra.Command) { | |||
| cmd.Flags().Uint16P("fleet-server-port", "", 0, "Fleet Server HTTP binding port (overrides the policy)") | |||
| cmd.Flags().StringP("fleet-server-cert", "", "", "Certificate to use for exposed Fleet Server HTTPS endpoint") | |||
| cmd.Flags().StringP("fleet-server-cert-key", "", "", "Private key to use for exposed Fleet Server HTTPS endpoint") | |||
| cmd.Flags().StringSliceP("header", "", []string{}, "App auth token used for elasticsearch") | |||
There was a problem hiding this comment.
Documentation for this flag is incorrect, seems like a copy/paste error.
There was a problem hiding this comment.
thanks for noticing
|
💚 CLA has been signed |
blakerouse
approved these changes
Jun 17, 2021
…26276) * fixing some typos in the default oracle config, and adding default values * adding changelog entry
…lastic#26263) In the script processor, the `decode_xml` and `decode_xml_wineventlog` processors are now available as `DecodeXML` and `DecodeXMLWineventlog` respectively. This follows the same naming conventions as other processors exposed though the `script` processor. For example you can write `new processor.DecodeXML({...})`.
…stic#26273) * Add preserve_original_event option to o365audit input * Use String method from MapStr * Add test
Use configured CPU as total, use it to calculate free too. Total and free resources are only reported if they are configured with a total greater than zero.
* Add log.flags and object metadata to aws-s3 input events This adds the log.flags field created by the line readers to aws-s3 events. log.flags contains metadata like `multiline` and `truncated` to indicate how the data was processed. This also adds a config option to include S3 object metadata in the event if it exists. The use case for me was to get the Last-Modified timestamp for cases where the log does not have a timestamp or it cannot be parsed. Then this can be used as a fallback. * Pass metadata using s3Info struct to avoid adding new func params
The libbeat LineReader implementation did not handle the case where the underlying io.Reader
it was reading from returns bytes and io.EOF. It was discarding the data in this case.
As per the io.Reader contract:
a Reader returning a non-zero number of bytes at the end of the input stream may return either err == EOF or err == nil.
This occurs often with the gzip.Reader. It returns a large chunk of data at the end of the file and io.EOF at the same time.
…stic#25771) * initial commit * finux linux refactor * fix up freebsd * port main metricset, start openbsd * start work on openbsd vagrantfile * refactors of API, add darwin support * fix darwin implementation * refactor API, move tests, remove old code, take a crack at AIX * fix aix init func * fix tests * regenerate core data.json * small fixes, fix host field * update tests * run correct mage commands * try to fix system tests * more fixes for windows python tests * refactor CPU struct, use reflection * refactor reflection code, add validation * move metrics to its own internal folder * move directories, again * move directories, again * use optional Uint type * cleanup opt files * move around naming of opt types * fix up if block * change opt names * move around opt methods, cpu stat reader refactor * fix IsZero usage * add changelog
* Don't include full ES index template in errors Index templates in some beats can be very large (~1MB) and including the data in errors can use a lot of memory and also makes for very large log lines. If the error is recurring then this makes the effects worse. So this change removes the index template body from the error. Users that need to see the index template for debugging can use `<beatname> export template --es.version=1.2.3`. Fixes elastic#25540 * Update expected log messages in tests
…5999) * elastic#25990: Add `url.extension` to Packetbeat HTTP events * update changelog * add tests * updated per comment
Updated filter expression for filtering 86 artifacts (elastic#26313)
* Forward port 7.13.2 changelog to 7.x (elastic#26315) * docs: Prepare Changelog for 7.13.2 (elastic#26302) * docs: Close changelog for 7.13.2 * Cleanup Co-authored-by: Andres Rodriguez <andresrc@gmail.com> (cherry picked from commit 0075f76) * Edit 7.13.2 changelog (elastic#26304) * Edit 7.13.2 changelog * Remove unneeded line Co-authored-by: Andres Rodriguez <andresrc@gmail.com> (cherry picked from commit 460ebf2) * Cleanup and fixes * More cleanup and fixes Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: DeDe Morton <dede.morton@elastic.co> (cherry picked from commit 3c9c96a) * Cleanup
MongoDB 4.4 uses structured JSON format for logging, add support for this format while keeping support for the old one too.
michalpristas
force-pushed
the
feat/custom-header
branch
from
60128b9
to
b9ee11a
Compare
|
This pull request is now in conflicts. Could you fix it? 🙏 |
michalpristas
added a commit
to michalpristas/beats
that referenced
this pull request
Jun 18, 2021
Enable agent to send custom headers to kibana/ES (elastic#26275)
This was referenced Jun 18, 2021
michalpristas
added a commit
that referenced
this pull request
Jun 18, 2021
…bana/ES (#26362) * update * Update CHANGELOG.next.asciidoc
michalpristas
added a commit
that referenced
this pull request
Jun 18, 2021
mdelapenya
added a commit
to mdelapenya/beats
that referenced
this pull request
Jun 21, 2021
* master: (25 commits) Fix UBI source URL (elastic#26384) Skip test_rotating_file in osx and windows (elastic#26379) Remove outdated k8s manifests for managed elastic-agent (elastic#26368) Enable agent to send custom headers to kibana/ES (elastic#26275) [Automation] Update elastic stack version to 8.0.0-943ef2c0 for testing (elastic#26354) Make the Syslog input GA (elastic#26293) Move Kerberos FAST config flag to shared kerberos config (elastic#26141) Add k8s cluster identifiers (elastic#26056) Store message from MongoDB json logs in message field (elastic#26338) update threatintel ECS version (elastic#26274) update envoyproxy ECS version (elastic#26277) [Filebeat] [MongoDB] Support MongoDB 4.4 json logs (elastic#24774) Update go-structform to 0.0.9 (elastic#26251) Forward port 7.13.2 changelog to master (elastic#26323) Updated filter expression for filtering 86 artifacts (elastic#26313) Osquerybeat: Align with the rest of the beats, set the ECS version (elastic#26324) [Packetbeat] Add `url.extension` to Packetbeat HTTP events (elastic#25999) Change link to snapshots in README (elastic#26317) Don't include full ES index template in errors (elastic#25743) First refactor of the system module - system/cpu and system/core (elastic#25771) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This PR modifies
containerandenrollcommands to accept list of headers which are then sent to kibana/ES when fleet-server or metric/file beat send events or performs setup.Headers are hold in memory and are added to ES output in opt-in manner using
inject_custom_headersrules in a spec file.Why is it important?
To stay in par with other products working in cloud
Fixes: ##26137
Checklist
CHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.