Merge branch '8.13' into updatecli_8.13_updatecli-beats-8.13

elastic · Apr 8, 2024 · 4c93121 · 4c93121
2 parents 4eea9d7 + 9b1c7be
commit 4c93121
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 30 deletions.
diff --git a/internal/flavors/benchmark/strategy.go b/internal/flavors/benchmark/strategy.go
@@ -38,23 +38,23 @@ type Strategy interface {
  checkDependencies() error
 }
 
-func GetStrategy(cfg *config.Config) (Strategy, error) {
+func GetStrategy(cfg *config.Config, log *logp.Logger) (Strategy, error) {
  switch cfg.Benchmark {
  case config.CIS_AWS:
  if cfg.CloudConfig.Aws.AccountType == config.OrganizationAccount {
  return &AWSOrg{
- IdentityProvider: awslib.IdentityProvider{},
+ IdentityProvider: awslib.IdentityProvider{Logger: log},
  AccountProvider: awslib.AccountProvider{},
  }, nil
  }
 
  return &AWS{
- IdentityProvider: awslib.IdentityProvider{},
+ IdentityProvider: awslib.IdentityProvider{Logger: log},
  }, nil
  case config.CIS_EKS:
  return &EKS{
  AWSCfgProvider: awslib.ConfigProvider{MetadataProvider: awslib.Ec2MetadataProvider{}},
- AWSIdentityProvider: awslib.IdentityProvider{},
+ AWSIdentityProvider: awslib.IdentityProvider{Logger: log},
  AWSMetadataProvider: awslib.Ec2MetadataProvider{},
  EKSClusterNameProvider: awslib.EKSClusterNameProvider{},
  ClientProvider: k8s.ClientGetter{},
@@ -73,7 +73,8 @@ func GetStrategy(cfg *config.Config) (Strategy, error) {
  case config.CIS_AZURE:
  return &Azure{
  cfgProvider: &azure_auth.ConfigProvider{AuthProvider: &azure_auth.AzureAuthProvider{}},
- providerInitializer: &azurelib.ProviderInitializer{}}, nil
+ providerInitializer: &azurelib.ProviderInitializer{},
+ }, nil
  }
  return nil, fmt.Errorf("unknown benchmark: '%s'", cfg.Benchmark)
 }
diff --git a/internal/flavors/benchmark/strategy_test.go b/internal/flavors/benchmark/strategy_test.go
@@ -93,7 +93,7 @@ func TestGetStrategy(t *testing.T) {
  }
  for _, tt := range tests {
  t.Run(fmt.Sprintf("%T", tt.wantType), func(t *testing.T) {
- got, err := GetStrategy(&tt.cfg)
+ got, err := GetStrategy(&tt.cfg, testhelper.NewLogger(t))
  if tt.wantErr {
  require.Error(t, err)
  return

diff --git a/internal/flavors/posture.go b/internal/flavors/posture.go
@@ -51,7 +51,7 @@ func newPostureFromCfg(b *beat.Beat, cfg *config.Config) (*posture, error) {
  log.Info("Config initiated with cycle period of ", cfg.Period)
  ctx, cancel := context.WithCancel(context.Background())
 
- strategy, err := benchmark.GetStrategy(cfg)
+ strategy, err := benchmark.GetStrategy(cfg, log)
  if err != nil {
  cancel()
  return nil, err

diff --git a/security-policies/RULES.md b/security-policies/RULES.md
@@ -404,7 +404,7 @@
 
 #### Manual rules: 0/74 (0%)
 
-#### Integration Tests Coverage: 102/302 (34%)
+#### Integration Tests Coverage: 100/302 (33%)
 
 <details><summary><h3>Full Table 📋</h3></summary>
 
@@ -501,7 +501,7 @@
 | [4.3.6](bundle/compliance/cis_azure/rules/cis_4_3_6) | PostgreSQL Database Server | Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server | :white_check_mark: | Passed :white_check_mark: / Failed :white_check_mark: | Automated |
 | [4.3.7](bundle/compliance/cis_azure/rules/cis_4_3_7) | PostgreSQL Database Server | Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled | :white_check_mark: | Passed :white_check_mark: / Failed :white_check_mark: | Automated |
 | [4.3.8](bundle/compliance/cis_azure/rules/cis_4_3_8) | PostgreSQL Database Server | Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' | :white_check_mark: | Passed :x: / Failed :white_check_mark: | Automated |
-| [4.4.1](bundle/compliance/cis_azure/rules/cis_4_4_1) | MySQL Database | Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server | :white_check_mark: | Passed :white_check_mark: / Failed :white_check_mark: | Automated |
+| [4.4.1](bundle/compliance/cis_azure/rules/cis_4_4_1) | MySQL Database | Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server | :white_check_mark: |  Passed :x: / Failed :x:  | Automated |
 | [4.4.2](bundle/compliance/cis_azure/rules/cis_4_4_2) | MySQL Database | Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server | :white_check_mark: | Passed :white_check_mark: / Failed :x: | Automated |
 | 4.4.3 | MySQL Database | Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server | :x: | Passed :x: / Failed :x: | Manual |
 | 4.4.4 | MySQL Database | Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL Database Server | :x: | Passed :x: / Failed :x: | Manual |

diff --git a/tests/product/tests/data/azure/azure_database_service_test_cases.py b/tests/product/tests/data/azure/azure_database_service_test_cases.py
@@ -23,7 +23,9 @@
 CIS_4_3_6 = "CIS 4.3.6"
 CIS_4_3_7 = "CIS 4.3.7"
 CIS_4_3_8 = "CIS 4.3.8"
-CIS_4_4_1 = "CIS 4.4.1"
+# Disable 4.4.1 - Azure Database for MySQL - Single Server is being retired
+# See: https://learn.microsoft.com/en-us/azure/mysql/single-server/whats-happening-to-mysql-single-server
+# CIS_4_4_1 = "CIS 4.4.1"
 CIS_4_4_2 = "CIS 4.4.2"
 CIS_4_5_1 = "CIS 4.5.1"
 
@@ -327,24 +329,24 @@
 
 # 4.4.* Rules ====================================
 
-cis_azure_4_4_1_pass = AzureServiceCase(
- rule_tag=CIS_4_4_1,
- case_identifier="rule-441",
- expected=RULE_PASS_STATUS,
-)
-
-cis_azure_4_4_1_fail = AzureServiceCase(
- rule_tag=CIS_4_4_1,
- case_identifier="rule-441-fail",
- expected=RULE_FAIL_STATUS,
-)
-
-cis_azure_4_4_1 = {
- """4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled'
- for Standard MySQL Database Server expect: passed""": cis_azure_4_4_1_pass,
- """4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled'
- for Standard MySQL Database Server expect: failed""": cis_azure_4_4_1_fail,
-}
+# cis_azure_4_4_1_pass = AzureServiceCase(
+#  rule_tag=CIS_4_4_1,
+#  case_identifier="rule-441",
+#  expected=RULE_PASS_STATUS,
+# )
+#
+# cis_azure_4_4_1_fail = AzureServiceCase(
+#  rule_tag=CIS_4_4_1,
+#  case_identifier="rule-441-fail",
+#  expected=RULE_FAIL_STATUS,
+# )
+#
+# cis_azure_4_4_1 = {
+#  """4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled'
+#  for Standard MySQL Database Server expect: passed""": cis_azure_4_4_1_pass,
+#  """4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled'
+#  for Standard MySQL Database Server expect: failed""": cis_azure_4_4_1_fail,
+# }
 
 cis_azure_4_4_2_pass = AzureServiceCase(
  rule_tag=CIS_4_4_2,
@@ -395,7 +397,7 @@
  **cis_azure_4_3_6,
  **cis_azure_4_3_7,
  **cis_azure_4_3_8,
- **cis_azure_4_4_1,
+ # **cis_azure_4_4_1,
  **cis_azure_4_4_2,
  **cis_azure_4_5_1,
 }
diff --git a/version/version.go b/version/version.go
@@ -18,7 +18,7 @@
 package version
 
 // name matches github.com/elastic/beats/v7/dev-tools/mage/settings.go parseBeatVersion
-const defaultBeatVersion = "8.13.2"
+const defaultBeatVersion = "8.13.3"
 
 // Version represents version information for a package
 type Version struct {