From 9bbeddec2d1e2e0e2817b43d511327bb7c42f281 Mon Sep 17 00:00:00 2001 From: Gabriel Pop Date: Sat, 4 May 2024 23:35:37 +0300 Subject: [PATCH 1/8] add changelog entry --- CHANGELOG.next.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 587b95ef5e5..98f8129f33b 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -162,6 +162,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] - rabbitmq/queue - Change the mapping type of `rabbitmq.queue.consumers.utilisation.pct` to `scaled_float` from `long` because the values fall within the range of `[0.0, 1.0]`. Previously, conversion to integer resulted in reporting either `0` or `1`. - Fix timeout caused by the retrival of which indices are hidden {pull}39165[39165] - Fix Azure Monitor support for multiple aggregation types {issue}39192[39192] {pull}39204[39204] +- Fix http server helper SSL config. {pull}0[0] *Osquerybeat* From 508301b23b71e6a06e0dd7c24be18da28071c53e Mon Sep 17 00:00:00 2001 From: Gabriel Pop Date: Sat, 4 May 2024 23:35:48 +0300 Subject: [PATCH 2/8] fix TLS config --- metricbeat/helper/server/http/http.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metricbeat/helper/server/http/http.go b/metricbeat/helper/server/http/http.go index 782b0938471..1eb1364f22a 100644 --- a/metricbeat/helper/server/http/http.go +++ b/metricbeat/helper/server/http/http.go @@ -76,7 +76,7 @@ func getDefaultHttpServer(mb mb.BaseMetricSet) (*HttpServer, error) { Addr: net.JoinHostPort(config.Host, strconv.Itoa(int(config.Port))), } if tlsConfig != nil { - httpServer.TLSConfig = tlsConfig.BuildModuleClientConfig(config.Host) + httpServer.TLSConfig = tlsConfig.BuildServerConfig(config.Host) } h.server = httpServer return h, nil From baf72d3fccce691eb5243fd30691bd6f3d5381ad Mon Sep 17 00:00:00 2001 From: Gabriel Pop Date: Sat, 4 May 2024 23:53:19 +0300 Subject: [PATCH 3/8] fix changelog pr id --- CHANGELOG.next.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 98f8129f33b..eab033c74b4 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -162,7 +162,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] - rabbitmq/queue - Change the mapping type of `rabbitmq.queue.consumers.utilisation.pct` to `scaled_float` from `long` because the values fall within the range of `[0.0, 1.0]`. Previously, conversion to integer resulted in reporting either `0` or `1`. - Fix timeout caused by the retrival of which indices are hidden {pull}39165[39165] - Fix Azure Monitor support for multiple aggregation types {issue}39192[39192] {pull}39204[39204] -- Fix http server helper SSL config. {pull}0[0] +- Fix http server helper SSL config. {pull}39405[39405] *Osquerybeat* From 29f870ba583c1fd4af5a821b9780026b25f0f819 Mon Sep 17 00:00:00 2001 From: Gabriel Pop Date: Sat, 4 May 2024 23:57:08 +0300 Subject: [PATCH 4/8] golangci-lint fixes --- metricbeat/helper/server/http/http.go | 14 ++++++++------ metricbeat/helper/server/http/http_test.go | 4 ++-- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/metricbeat/helper/server/http/http.go b/metricbeat/helper/server/http/http.go index 1eb1364f22a..4665a30eeab 100644 --- a/metricbeat/helper/server/http/http.go +++ b/metricbeat/helper/server/http/http.go @@ -19,10 +19,11 @@ package http import ( "context" - "io/ioutil" + "io" "net" "net/http" "strconv" + "time" "github.com/elastic/beats/v7/metricbeat/helper/server" "github.com/elastic/beats/v7/metricbeat/mb" @@ -73,7 +74,8 @@ func getDefaultHttpServer(mb mb.BaseMetricSet) (*HttpServer, error) { } httpServer := &http.Server{ - Addr: net.JoinHostPort(config.Host, strconv.Itoa(int(config.Port))), + Addr: net.JoinHostPort(config.Host, strconv.Itoa(config.Port)), + ReadHeaderTimeout: 10 * time.Second, } if tlsConfig != nil { httpServer.TLSConfig = tlsConfig.BuildServerConfig(config.Host) @@ -126,7 +128,7 @@ func (h *HttpServer) Start() error { func (h *HttpServer) Stop() { close(h.done) h.stop() - h.server.Shutdown(h.ctx) + _ = h.server.Shutdown(h.ctx) close(h.eventQueue) } @@ -147,7 +149,7 @@ func (h *HttpServer) handleFunc(writer http.ResponseWriter, req *http.Request) { meta["Content-Type"] = contentType } - body, err := ioutil.ReadAll(req.Body) + body, err := io.ReadAll(req.Body) if err != nil { logp.Err("Error reading body: %v", err) http.Error(writer, "Unexpected error reading request payload", http.StatusBadRequest) @@ -168,9 +170,9 @@ func (h *HttpServer) handleFunc(writer http.ResponseWriter, req *http.Request) { case "GET": writer.WriteHeader(http.StatusOK) if req.TLS != nil { - writer.Write([]byte("HTTPS Server accepts data via POST")) + _, _ = writer.Write([]byte("HTTPS Server accepts data via POST")) } else { - writer.Write([]byte("HTTP Server accepts data via POST")) + _, _ = writer.Write([]byte("HTTP Server accepts data via POST")) } } diff --git a/metricbeat/helper/server/http/http_test.go b/metricbeat/helper/server/http/http_test.go index 7decdd821be..729ca58dd7f 100644 --- a/metricbeat/helper/server/http/http_test.go +++ b/metricbeat/helper/server/http/http_test.go @@ -24,7 +24,7 @@ import ( "context" "crypto/tls" "fmt" - "io/ioutil" + "io" "net" "net/http" "strconv" @@ -230,7 +230,7 @@ func writeToServer(t *testing.T, message, host string, port int, connectionMetho if connectionMethod == "GET" { if resp.StatusCode == http.StatusOK { - bodyBytes, err2 := ioutil.ReadAll(resp.Body) + bodyBytes, err2 := io.ReadAll(resp.Body) if err2 != nil { t.Error(err) t.FailNow() From 8eb982103eebbf7409dcf2766e0d5ad3857a60bc Mon Sep 17 00:00:00 2001 From: Gabriel Pop Date: Sun, 5 May 2024 00:14:30 +0300 Subject: [PATCH 5/8] mage check --- x-pack/filebeat/input/awss3/input_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/x-pack/filebeat/input/awss3/input_test.go b/x-pack/filebeat/input/awss3/input_test.go index c76e939424f..bf33073cb2a 100644 --- a/x-pack/filebeat/input/awss3/input_test.go +++ b/x-pack/filebeat/input/awss3/input_test.go @@ -8,8 +8,9 @@ import ( "errors" "testing" - aws "github.com/elastic/beats/v7/x-pack/libbeat/common/aws" "github.com/stretchr/testify/assert" + + aws "github.com/elastic/beats/v7/x-pack/libbeat/common/aws" ) func TestGetProviderFromDomain(t *testing.T) { From 68696f7114517323ba460d73008be36f9cfd7f9e Mon Sep 17 00:00:00 2001 From: Gabriel Pop Date: Thu, 16 May 2024 23:53:14 +0300 Subject: [PATCH 6/8] fix http server ssl test --- metricbeat/helper/server/http/http_test.go | 175 ++++++++++++++------- 1 file changed, 120 insertions(+), 55 deletions(-) diff --git a/metricbeat/helper/server/http/http_test.go b/metricbeat/helper/server/http/http_test.go index 729ca58dd7f..fa86c3d56a8 100644 --- a/metricbeat/helper/server/http/http_test.go +++ b/metricbeat/helper/server/http/http_test.go @@ -23,6 +23,7 @@ import ( "bytes" "context" "crypto/tls" + "crypto/x509" "fmt" "io" "net" @@ -141,63 +142,59 @@ func getHTTPServer(t *testing.T, host string, port int, connectionType string) ( } func prepareTLSConfig(t *testing.T, host string) *tls.Config { + certPem := []byte(`-----BEGIN CERTIFICATE----- -MIIDwTCCAqmgAwIBAgIJAONBEV813hm6MA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNV -BAYTAkJSMQswCQYDVQQIDAJTUDEPMA0GA1UEBwwGRlJBTkNBMRAwDgYDVQQKDAdF -TEFTVElDMQswCQYDVQQLDAJPVTERMA8GA1UEAwwIaG9tZS5jb20xGDAWBgkqhkiG -9w0BCQEWCWV1QGV1LmNvbTAeFw0xOTAzMjYxOTMxMjhaFw0yOTAzMjMxOTMxMjha -MHcxCzAJBgNVBAYTAkJSMQswCQYDVQQIDAJTUDEPMA0GA1UEBwwGRlJBTkNBMRAw -DgYDVQQKDAdFTEFTVElDMQswCQYDVQQLDAJPVTERMA8GA1UEAwwIaG9tZS5jb20x -GDAWBgkqhkiG9w0BCQEWCWV1QGV1LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBALOJ2dxpBsQtRvs2hSuUhDsf4w6G3swFqtIXLedPvz1rNuofm75G -dA9pqXiI3hDw2ZuIJZItXE3FfVXxoE/ugsFw6cVLKrnpQ8exIv8K0JNuR22faFcR -LmDx/YLw0wmOnM2maBSaetrM5F4CwoVqDmOwZHs9fbADqthAHrbCAzNTkqnx2B4/ -RWaYPbRWlSQ7CrWQE9cNJ/WMdUjznd5H0IiV7k/cHKIbXi3+JNinCWHAACWWS3ig -DjjCZd9lHkDH6qSpNGsQU5y0eiFAiiBVPqDIdVfPRe4pC81z3Dp6Wqs0uHXHYHqB -o3YWkXngTLlMLZtIMF+pWlCJZkscgLjL/N8CAwEAAaNQME4wHQYDVR0OBBYEFBpI -Tu/9mmRqithdHZZMu5jRLHebMB8GA1UdIwQYMBaAFBpITu/9mmRqithdHZZMu5jR -LHebMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGTS+cvN/vGjbkDF -wZRG8xMeHPHzlCWKNEGwZXTTBADrjfnppW5I2f5cDZzg71+UzQSJmBmHKZd+adrW -2GA888CAT+birIE6EAwIyq7ZGe77ymRspugyb7AK46QOKApED3izxId36Tk5/a0P -QY3WOTC0Y4yvz++gbx/uviYDMoHuJl0nIEXqtT9OZ2V2GqCToJu300RV/MIRtk6s -0U1d9CRDkjNolGVbYo2VnDJbZ8LQtJHS5iDeiEztay5Cky4NvVZsbCxrgNrr3h/v -upHEJ28Q7QzMnRC7d/THI6fRW1mG6BuFT3WPW5K7EAfgQDlyyspTDrACrYTuWC+y -013uTlI= +MIIC9TCCAd2gAwIBAgIUa4hI3ZErW13j7zCXg1Ory+FhITYwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTI0MDUxNjIwNDIwMloYDzMwMjMw +OTE3MjA0MjAyWjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDJcUM8vV6vGTycqImCwu06NSsuIHdKukHQTuvHbRGP +kXwlXNDMYEdoUX1mPArqGFunrQ9/myWoqQA7b9MTIZl4GheHvABuw0kuRos0/t4Y +zCFRRV27ATswAYp/WVBvHRZEedLJj25x8DoMeljV9dq/JKtaNNGKgztMcqWTSFPy +c+pDSSgRiP/sDebUhRaLXUhRVMsud9Wlwf6bmn62Ocj7EgrLj75u0IAb2alQ9bL9 +cLAPAi0/KFx4nl8tCMQUXYM0PyNCkSM8wdwHcLiYNEKOtEx0Y4otiYLH98wlWJcl +AtMzHk5IexcTfCGzOk1fau3gNxbM9fH3+C8WBprm5lT5AgMBAAGjPTA7MBoGA1Ud +EQQTMBGHBH8AAAGCCWxvY2FsaG9zdDAdBgNVHQ4EFgQUjuHPOPincRSGgEC4DnOs +RGR8MW4wDQYJKoZIhvcNAQELBQADggEBAIFdEIGhjWrQMDx5bjif21XOaBr61uKU +3YnKMlX4bJrqjSy164SN0qBaurYUspam8YyC31IU3FSvulRoUVr3Y/VCpnfuDuEw +c5C2XJWvslRUTqZ4TAopj1vvt7wcFOJixfH3PMMdA8sKArWxlV4LtPN8h5Det0qG +F5D03fWQehviLetk7l/fdAElSoigGhJrb3HddfRcepvrWVpcUJEX3rdgwKh5RszN +1WTX/kA6w5o7JAylybV5JNKvzbpfQOH4MQD8306FB+xFPSZHgXUWJ9bJE/CbR5vd +onX6v9itbKD/hxMOZQ6HIn6F1fKK3JMJ77t35cJonwVHwV+/K2HJmNA= -----END CERTIFICATE-----`) - keyPem := []byte(`-----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAs4nZ3GkGxC1G+zaFK5SEOx/jDobezAWq0hct50+/PWs26h+b -vkZ0D2mpeIjeEPDZm4glki1cTcV9VfGgT+6CwXDpxUsquelDx7Ei/wrQk25HbZ9o -VxEuYPH9gvDTCY6czaZoFJp62szkXgLChWoOY7Bkez19sAOq2EAetsIDM1OSqfHY -Hj9FZpg9tFaVJDsKtZAT1w0n9Yx1SPOd3kfQiJXuT9wcohteLf4k2KcJYcAAJZZL -eKAOOMJl32UeQMfqpKk0axBTnLR6IUCKIFU+oMh1V89F7ikLzXPcOnpaqzS4dcdg -eoGjdhaReeBMuUwtm0gwX6laUIlmSxyAuMv83wIDAQABAoIBAD1kY/T0jPXELcN1 -LzBpxpWZH8E16TWGspTIjE/Oeyx7XvnL+SulV8Z1cRfgZV8RnLeMZJyJmkiVwXgD -+bebbWbMP4PRYjjURPMh5T+k6RGg4hfgLIOpQlywIuoFg4R/GatQvcJd2Ki861Ii -S3XngCgihxmFO1dWybLMqjQAP6vq01sbctUXYddFd5STInzrceoXwkLjp3gTR1et -FG+Anmzbxp8e2ETXvwuf7eZhVwCJ2DxBt7tx1j5Csuj1LjaVTe5qR7B1oM7/vo0b -LlY9IixAAi62Rrv4YSvMAtMI6mQt+AM/4uBVqoG/ipgkuoQVuQ+M4lGdmEXwEEkz -Ol7SlMECgYEA11tV+ZekVsujBmasTU7TfWtcYtRHh+FSC040bVLiE6XZbuVJ4sSA -TvuUDs+3XM8blnkfVo826WY4+bKkj1PdCFsmG5pm+wnSTPFKWsCtsSyA3ts85t3O -IvcCxXA/1xL9O/UdWfrl2+IJ3yLDEjEU5QTYP34+KDBZM3u6tJzjWe8CgYEA1WwA -8d75h9UQyFXWEOiwJmR6yX7PGkpYE3J7m2p2giEbLm+9no5CEmE9T74k3m0eLZug -g/F1MA/evhXEYho6f+lS9Q0ZdtyU2EFrdvuLlUw6FJIWnaOLlVR/aC6BvAlxLDRb -RUGqDKDjl1Die0s8F1aDHGvNvGaZRN4Z23BRPBECgYBE8pMGA8yzlSKui/SiE5iW -UOcVJQ15rWPNBs62KZED5VdFr9cF6Q+DOfxe+ZWk+xHEDSdBWTylYPrgxpb05E6h -vDzpHXfW64AO7jl18LYrQSpJLzvCVkUG4LpcZ+GohAXbSlCJXFB3I1kxvTli+5/K -6tApE8vmpgQI/ZX6+Te4tQKBgBcQ3C1H5voaOf0c4czkCR2tIGQkk2eI/2nipp9O -a053G4PySbEYOOXZopG6wCtV6bwOJNP9xaeTH4S1v4rGwOnQIsofR1BEWMXilCXA -2/4fxesxOsaAxXY3Mqnk1NqovpWDdxXOGf3RaaeR81hV8kGndPYeZJbnE8uQoYTI -586xAoGBAI2SR17xbgfiQBZxgGqamslz4NqBkZUBs4DIAGMAXS21rW/2bbbRaSii -mGmkdaXx+l077AuO0peX2uBvJAx6PvAVW0qroeOLcCo6EuUGTNVhBej6L9hMwhIO -r0tZLlMt75zcnJBicMbIrrzIGVYMHjT+m1QTGbrGb/tcEIGtmXwO ------END RSA PRIVATE KEY-----`) + keyPem := []byte(`-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJcUM8vV6vGTyc +qImCwu06NSsuIHdKukHQTuvHbRGPkXwlXNDMYEdoUX1mPArqGFunrQ9/myWoqQA7 +b9MTIZl4GheHvABuw0kuRos0/t4YzCFRRV27ATswAYp/WVBvHRZEedLJj25x8DoM +eljV9dq/JKtaNNGKgztMcqWTSFPyc+pDSSgRiP/sDebUhRaLXUhRVMsud9Wlwf6b +mn62Ocj7EgrLj75u0IAb2alQ9bL9cLAPAi0/KFx4nl8tCMQUXYM0PyNCkSM8wdwH +cLiYNEKOtEx0Y4otiYLH98wlWJclAtMzHk5IexcTfCGzOk1fau3gNxbM9fH3+C8W +Bprm5lT5AgMBAAECggEAEYpJsv/AP1ngs7lfI+IqOt/HT0BncrvOID/G+vntxgUC +fNRcn/cgMJ6r3xuKTcDqNir1BwTw3gM9MG+3vto1nUYUV27Q0NQzSpK861Pn7dvU +aNmz5CUizLbNovIZdVtghXzgFEnncYdb3ptGofbC4dLlErk3p6punuT6stzg5mL2 +y/2yHBrfQEnuDRI8pQ5Vcuo24GioZqWiS35qVGLbonvor0DKv4lkNjMix6ulwwb+ +3rvEAhTOhgYKe7h6RjKnc4SbIsnSpGzhC9M7hLF+F57GIw61uaJnISfkuw/FGhaR +XkeyV8TB8MDTgP30+7xam6pvB2rKcRsrVgPmLC7WgQKBgQDRHgRHDTgpBSx9F+N6 +6KU01g5cemxKVBHMm5L2n99YpR9BoiWViKkFWAWALmRlq/nFk22hq4t2+niH/6a+ +0ioAhIOnZZTXK/n5DsBCdqg1d1ZO4ih4Iw1/TR1iIR0M8ptkIBGVWKslV8OKQNd4 +zNUCmDzb8pmuzVKjwVs7ca9HmQKBgQD2msK7eh81A2dxXPl1chcudFB33zMwA1Y0 +3ZEPsGAinvU5ILwwMlg1w7N1NKwcDYiBkJG1SCoujoTsYoXMKjnlgf5uoklfJJBI +U3QKYMGDRdlqE02V31KBVcv/EdNR8olfjy1xbgCKu04rYnCPGLSLNc6MgcSMYnLr +y9rZlq5UYQKBgQCi0K4f6+j39zFGTF0vCwfl9WvFEQRTctVQ6ygnoR4yVI3bejWt +EXQX1wqhXH2Ks7WK4ViQcZHqluVVbfUTyWoucP5YTTzvsyuzgIqstNoOltW6IVfF +AfW2UgI4rvOBazsVX+qQzzKhpo12jTm2sjR/Cq0HywFhGjfni9pOlBsWsQKBgQDz +3IbFLja+Dee1SuPFKFWUMqGAaNANor8U+CYDBb+LfPWy0JRIdQCV6jkEplmsRBXB +Sl1Mj1hnQbhgqez1wKwQMUSR0xoLY/TqENynhpbWYbRmGUCX/IdyLo3UZqQ6XUVL +oiKmEMmoZyEd9fKpDx06rLLcb1cWHCTY2HZKxZ8PAQKBgF3ftzNurXMCBH9W2RkI +hHhpHArwSLCsDVeGpS6vYDz+EX+RP1t1jJZbTRyOkk/X5RNVA3Yup6Lw8ANWqpPJ +MMbn7YyWGaClkcuHqavOU7kfaqF5S6vECOAtSWd+NPOHUALTDnmBUnLTE4KmzarO +8hd7Y6EEu0Lwkc3GnoQUwzRh +-----END PRIVATE KEY-----`) cfg := &tls.Config{ - ServerName: host, - MinVersion: tls.VersionTLS12, - MaxVersion: tls.VersionTLS12, - InsecureSkipVerify: true, + ServerName: host, + MinVersion: tls.VersionTLS12, + MaxVersion: tls.VersionTLS12, } cfg.Certificates = make([]tls.Certificate, 1) cert, err := tls.X509KeyPair(certPem, keyPem) @@ -213,12 +210,80 @@ func writeToServer(t *testing.T, message, host string, port int, connectionMetho var str = []byte(message) req, err := http.NewRequest(connectionMethod, url, bytes.NewBuffer(str)) req.Header.Set("Content-Type", "text/plain") + client := &http.Client{} + + certPem := []byte(`-----BEGIN CERTIFICATE----- +MIIC9TCCAd2gAwIBAgIUa4hI3ZErW13j7zCXg1Ory+FhITYwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTI0MDUxNjIwNDIwMloYDzMwMjMw +OTE3MjA0MjAyWjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDJcUM8vV6vGTycqImCwu06NSsuIHdKukHQTuvHbRGP +kXwlXNDMYEdoUX1mPArqGFunrQ9/myWoqQA7b9MTIZl4GheHvABuw0kuRos0/t4Y +zCFRRV27ATswAYp/WVBvHRZEedLJj25x8DoMeljV9dq/JKtaNNGKgztMcqWTSFPy +c+pDSSgRiP/sDebUhRaLXUhRVMsud9Wlwf6bmn62Ocj7EgrLj75u0IAb2alQ9bL9 +cLAPAi0/KFx4nl8tCMQUXYM0PyNCkSM8wdwHcLiYNEKOtEx0Y4otiYLH98wlWJcl +AtMzHk5IexcTfCGzOk1fau3gNxbM9fH3+C8WBprm5lT5AgMBAAGjPTA7MBoGA1Ud +EQQTMBGHBH8AAAGCCWxvY2FsaG9zdDAdBgNVHQ4EFgQUjuHPOPincRSGgEC4DnOs +RGR8MW4wDQYJKoZIhvcNAQELBQADggEBAIFdEIGhjWrQMDx5bjif21XOaBr61uKU +3YnKMlX4bJrqjSy164SN0qBaurYUspam8YyC31IU3FSvulRoUVr3Y/VCpnfuDuEw +c5C2XJWvslRUTqZ4TAopj1vvt7wcFOJixfH3PMMdA8sKArWxlV4LtPN8h5Det0qG +F5D03fWQehviLetk7l/fdAElSoigGhJrb3HddfRcepvrWVpcUJEX3rdgwKh5RszN +1WTX/kA6w5o7JAylybV5JNKvzbpfQOH4MQD8306FB+xFPSZHgXUWJ9bJE/CbR5vd +onX6v9itbKD/hxMOZQ6HIn6F1fKK3JMJ77t35cJonwVHwV+/K2HJmNA= +-----END CERTIFICATE-----`) + + keyPem := []byte(`-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJcUM8vV6vGTyc +qImCwu06NSsuIHdKukHQTuvHbRGPkXwlXNDMYEdoUX1mPArqGFunrQ9/myWoqQA7 +b9MTIZl4GheHvABuw0kuRos0/t4YzCFRRV27ATswAYp/WVBvHRZEedLJj25x8DoM +eljV9dq/JKtaNNGKgztMcqWTSFPyc+pDSSgRiP/sDebUhRaLXUhRVMsud9Wlwf6b +mn62Ocj7EgrLj75u0IAb2alQ9bL9cLAPAi0/KFx4nl8tCMQUXYM0PyNCkSM8wdwH +cLiYNEKOtEx0Y4otiYLH98wlWJclAtMzHk5IexcTfCGzOk1fau3gNxbM9fH3+C8W +Bprm5lT5AgMBAAECggEAEYpJsv/AP1ngs7lfI+IqOt/HT0BncrvOID/G+vntxgUC +fNRcn/cgMJ6r3xuKTcDqNir1BwTw3gM9MG+3vto1nUYUV27Q0NQzSpK861Pn7dvU +aNmz5CUizLbNovIZdVtghXzgFEnncYdb3ptGofbC4dLlErk3p6punuT6stzg5mL2 +y/2yHBrfQEnuDRI8pQ5Vcuo24GioZqWiS35qVGLbonvor0DKv4lkNjMix6ulwwb+ +3rvEAhTOhgYKe7h6RjKnc4SbIsnSpGzhC9M7hLF+F57GIw61uaJnISfkuw/FGhaR +XkeyV8TB8MDTgP30+7xam6pvB2rKcRsrVgPmLC7WgQKBgQDRHgRHDTgpBSx9F+N6 +6KU01g5cemxKVBHMm5L2n99YpR9BoiWViKkFWAWALmRlq/nFk22hq4t2+niH/6a+ +0ioAhIOnZZTXK/n5DsBCdqg1d1ZO4ih4Iw1/TR1iIR0M8ptkIBGVWKslV8OKQNd4 +zNUCmDzb8pmuzVKjwVs7ca9HmQKBgQD2msK7eh81A2dxXPl1chcudFB33zMwA1Y0 +3ZEPsGAinvU5ILwwMlg1w7N1NKwcDYiBkJG1SCoujoTsYoXMKjnlgf5uoklfJJBI +U3QKYMGDRdlqE02V31KBVcv/EdNR8olfjy1xbgCKu04rYnCPGLSLNc6MgcSMYnLr +y9rZlq5UYQKBgQCi0K4f6+j39zFGTF0vCwfl9WvFEQRTctVQ6ygnoR4yVI3bejWt +EXQX1wqhXH2Ks7WK4ViQcZHqluVVbfUTyWoucP5YTTzvsyuzgIqstNoOltW6IVfF +AfW2UgI4rvOBazsVX+qQzzKhpo12jTm2sjR/Cq0HywFhGjfni9pOlBsWsQKBgQDz +3IbFLja+Dee1SuPFKFWUMqGAaNANor8U+CYDBb+LfPWy0JRIdQCV6jkEplmsRBXB +Sl1Mj1hnQbhgqez1wKwQMUSR0xoLY/TqENynhpbWYbRmGUCX/IdyLo3UZqQ6XUVL +oiKmEMmoZyEd9fKpDx06rLLcb1cWHCTY2HZKxZ8PAQKBgF3ftzNurXMCBH9W2RkI +hHhpHArwSLCsDVeGpS6vYDz+EX+RP1t1jJZbTRyOkk/X5RNVA3Yup6Lw8ANWqpPJ +MMbn7YyWGaClkcuHqavOU7kfaqF5S6vECOAtSWd+NPOHUALTDnmBUnLTE4KmzarO +8hd7Y6EEu0Lwkc3GnoQUwzRh +-----END PRIVATE KEY-----`) + + certPool := x509.NewCertPool() + if ok := certPool.AppendCertsFromPEM(certPem); !ok { + t.Error("failed to append server certificate to the pool") + t.FailNow() + } + + cfg := &tls.Config{ + ServerName: host, + MinVersion: tls.VersionTLS12, + MaxVersion: tls.VersionTLS12, + RootCAs: certPool, + } + cfg.Certificates = make([]tls.Certificate, 1) + cert, err := tls.X509KeyPair(certPem, keyPem) + if err != nil { + t.Error(err) + } + cfg.Certificates = []tls.Certificate{cert} + if connectionType == "HTTPS" { client.Transport = &http.Transport{ - TLSClientConfig: &tls.Config{ - InsecureSkipVerify: true, // test server certificate is not trusted. - }} + TLSClientConfig: cfg, + } } resp, err := client.Do(req) if err != nil { From 8bf24753c55d6394b4dcc37ed15d3ec9b04136d2 Mon Sep 17 00:00:00 2001 From: Gabriel Pop <94497545+gpop63@users.noreply.github.com> Date: Thu, 22 Aug 2024 10:58:18 +0300 Subject: [PATCH 7/8] Update metricbeat/helper/server/http/http_test.go Co-authored-by: Tiago Queiroz --- metricbeat/helper/server/http/http_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/metricbeat/helper/server/http/http_test.go b/metricbeat/helper/server/http/http_test.go index fa86c3d56a8..9b5e8a33090 100644 --- a/metricbeat/helper/server/http/http_test.go +++ b/metricbeat/helper/server/http/http_test.go @@ -263,8 +263,7 @@ MMbn7YyWGaClkcuHqavOU7kfaqF5S6vECOAtSWd+NPOHUALTDnmBUnLTE4KmzarO certPool := x509.NewCertPool() if ok := certPool.AppendCertsFromPEM(certPem); !ok { - t.Error("failed to append server certificate to the pool") - t.FailNow() + t.Fatal("failed to append server certificate to the pool") } cfg := &tls.Config{ From d60265100f7882c20db40a291a077dc3041fc02c Mon Sep 17 00:00:00 2001 From: Gabriel Pop Date: Thu, 22 Aug 2024 11:00:39 +0300 Subject: [PATCH 8/8] fix changelog --- CHANGELOG.next.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index fc8122459a5..b5249d01d1d 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -164,7 +164,6 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] - rabbitmq/queue - Change the mapping type of `rabbitmq.queue.consumers.utilisation.pct` to `scaled_float` from `long` because the values fall within the range of `[0.0, 1.0]`. Previously, conversion to integer resulted in reporting either `0` or `1`. - Fix timeout caused by the retrival of which indices are hidden {pull}39165[39165] - Fix Azure Monitor support for multiple aggregation types {issue}39192[39192] {pull}39204[39204] -- Fix http server helper SSL config. {pull}39405[39405] - Fix handling of access errors when reading process metrics {pull}39627[39627] - Fix behavior of cgroups path discovery when monitoring the host system from within a container {pull}39627[39627] - Fix issue where beats may report incorrect metrics for its own process when running inside a container {pull}39627[39627] @@ -180,6 +179,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] - Update beat module with apm-server monitoring metrics fields {pull}40127[40127] - Fix Azure Monitor metric timespan to restore Storage Account PT1H metrics {issue}40376[40376] {pull}40367[40367] - Remove excessive info-level logs in cgroups setup {pull}40491[40491] +- Fix http server helper SSL config. {pull}39405[39405] *Osquerybeat*