[libbeat] Decode wineventlog processor

[marc-gr]

What does this PR do?

Adds two alternative approaches to add ability to decode Windows Events in xml format, I'd like to discuss which one is preferred.

1. Add a new decode_xml_wineventlog processor.

Pros:

• Isolated completely from the main code path if the feature is not used.
• Single purpose.
• Easier to maintain if the feature evolves.
  Cons:
• Might be confusing to have more than one decode_xml like processor.
• If we have future use cases for similar things, we might end up with even more decode_xml_X processors.

2. Extend decode_xml processor with a schema option.

Pros:

• All xml decoding happens in the same processor
• If we support other schemas in the future might be nicer to have them here.
• Easier to document/user experience.
  Cons:
• Complicates a rather simple processor.
• A bit more difficult to maintain for the same reason.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

[elasticmachine]

❕ Build Aborted

There is a new build on-going so the previous on-going builds have been aborted.

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Build Cause: Pull request #24708 opened

• Reason: Aborted from #2

• Start Time: 2021-03-23T12:21:26.611+0000

• Duration: 183 min 40 sec

• Commit: 4537fc05ad009e091d08b7e27bc233c47fa7d38b

Test stats 🧪

Test	Results
Failed	0
Passed	1061
Skipped	239
Total	1300

Trends 🧪

Steps errors

Expand to view the steps failures

Checks if running on a Unix-like node

• Took 0 min 0 sec . View more details on here
• Description: Required context class hudson.Launcher is missing Perhaps you forgot to surround the code with a ste

Checks if running on a Unix-like node

• Took 0 min 0 sec . View more details on here
• Description: Required context class hudson.Launcher is missing Perhaps you forgot to surround the code with a ste

Checks if running on a Unix-like node

• Took 0 min 0 sec . View more details on here

Error signal

• Took 0 min 0 sec . View more details on here
• Description: Error 'org.jenkinsci.plugins.workflow.steps.FlowInterruptedException'

Log output

Expand to view the last 100 lines of log output

[2021-03-23T15:23:58.277Z] 	at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
[2021-03-23T15:23:58.277Z] 	at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1213)
[2021-03-23T15:23:58.277Z] 	at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1022)
[2021-03-23T15:23:58.277Z] 	at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.call(PogoMetaClassSite.java:42)
[2021-03-23T15:23:58.277Z] 	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
[2021-03-23T15:23:58.277Z] 	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
[2021-03-23T15:23:58.277Z] 	at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:163)
[2021-03-23T15:23:58.277Z] 	at org.kohsuke.groovy.sandbox.GroovyInterceptor.onMethodCall(GroovyInterceptor.java:23)
[2021-03-23T15:23:58.277Z] 	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:157)
[2021-03-23T15:23:58.277Z] 	at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161)
[2021-03-23T15:23:58.277Z] 	at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165)
[2021-03-23T15:23:58.277Z] 	at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)
[2021-03-23T15:23:58.277Z] 	at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:17)
[2021-03-23T15:23:58.277Z] 	at WorkflowScript.archiveTestOutput(WorkflowScript:699)
[2021-03-23T15:23:58.277Z] 	at ___cps.transform___(Native Method)
[2021-03-23T15:23:58.277Z] 	at com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:86)
[2021-03-23T15:23:58.277Z] 	at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:113)
[2021-03-23T15:23:58.277Z] 	at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixName(FunctionCallBlock.java:78)
[2021-03-23T15:23:58.277Z] 	at sun.reflect.GeneratedMethodAccessor494.invoke(Unknown Source)
[2021-03-23T15:23:58.277Z] 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[2021-03-23T15:23:58.277Z] 	at java.lang.reflect.Method.invoke(Method.java:498)
[2021-03-23T15:23:58.277Z] 	at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
[2021-03-23T15:23:58.277Z] 	at com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21)
[2021-03-23T15:23:58.277Z] 	at com.cloudbees.groovy.cps.Next.step(Next.java:83)
[2021-03-23T15:23:58.277Z] 	at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:174)
[2021-03-23T15:23:58.277Z] 	at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:163)
[2021-03-23T15:23:58.277Z] 	at org.codehaus.groovy.runtime.GroovyCategorySupport$ThreadCategoryInfo.use(GroovyCategorySupport.java:129)
[2021-03-23T15:23:58.277Z] 	at org.codehaus.groovy.runtime.GroovyCategorySupport.use(GroovyCategorySupport.java:268)
[2021-03-23T15:23:58.277Z] 	at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:163)
[2021-03-23T15:23:58.277Z] 	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:18)
[2021-03-23T15:23:58.277Z] 	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:51)
[2021-03-23T15:23:58.277Z] 	at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:185)
[2021-03-23T15:23:58.277Z] 	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:400)
[2021-03-23T15:23:58.277Z] 	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$400(CpsThreadGroup.java:96)
[2021-03-23T15:23:58.277Z] 	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:312)
[2021-03-23T15:23:58.277Z] 	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:276)
[2021-03-23T15:23:58.277Z] 	at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:67)
[2021-03-23T15:23:58.278Z] 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[2021-03-23T15:23:58.278Z] 	at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:139)
[2021-03-23T15:23:58.278Z] 	at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
[2021-03-23T15:23:58.278Z] 	at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
[2021-03-23T15:23:58.278Z] 	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
[2021-03-23T15:23:58.278Z] 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[2021-03-23T15:23:58.278Z] 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[2021-03-23T15:23:58.278Z] 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[2021-03-23T15:23:58.278Z] 	at java.lang.Thread.run(Thread.java:748)
[2021-03-23T15:23:58.499Z] org.jenkinsci.plugins.workflow.steps.MissingContextVariableException: Required context class hudson.Launcher is missing
[2021-03-23T15:23:58.499Z] Perhaps you forgot to surround the code with a step that provides this, such as: node
[2021-03-23T15:23:58.499Z] 	at org.jenkinsci.plugins.workflow.steps.StepDescriptor.checkContextAvailability(StepDescriptor.java:266)
[2021-03-23T15:23:58.499Z] 	at org.jenkinsci.plugins.workflow.cps.DSL.invokeStep(DSL.java:296)
[2021-03-23T15:23:58.499Z] 	at org.jenkinsci.plugins.workflow.cps.DSL.invokeMethod(DSL.java:193)
[2021-03-23T15:23:58.499Z] 	at org.jenkinsci.plugins.workflow.cps.CpsScript.invokeMethod(CpsScript.java:122)
[2021-03-23T15:23:58.499Z] 	at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.call(PogoMetaClassSite.java:48)
[2021-03-23T15:23:58.499Z] 	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
[2021-03-23T15:23:58.499Z] 	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
[2021-03-23T15:23:58.499Z] 	at com.cloudbees.groovy.cps.sandbox.DefaultInvoker.methodCall(DefaultInvoker.java:20)
[2021-03-23T15:23:58.499Z] 	at cmd.call(cmd.groovy:30)
[2021-03-23T15:23:58.499Z] 	at WorkflowScript.tearDown(WorkflowScript:623)
[2021-03-23T15:23:58.499Z] 	at ___cps.transform___(Native Method)
[2021-03-23T15:23:58.499Z] 	at com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:86)
[2021-03-23T15:23:58.499Z] 	at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:113)
[2021-03-23T15:23:58.499Z] 	at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixName(FunctionCallBlock.java:78)
[2021-03-23T15:23:58.499Z] 	at sun.reflect.GeneratedMethodAccessor494.invoke(Unknown Source)
[2021-03-23T15:23:58.499Z] 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[2021-03-23T15:23:58.499Z] 	at java.lang.reflect.Method.invoke(Method.java:498)
[2021-03-23T15:23:58.499Z] 	at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
[2021-03-23T15:23:58.499Z] 	at com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21)
[2021-03-23T15:23:58.499Z] 	at com.cloudbees.groovy.cps.Next.step(Next.java:83)
[2021-03-23T15:23:58.499Z] 	at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:174)
[2021-03-23T15:23:58.499Z] 	at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:163)
[2021-03-23T15:23:58.499Z] 	at org.codehaus.groovy.runtime.GroovyCategorySupport$ThreadCategoryInfo.use(GroovyCategorySupport.java:129)
[2021-03-23T15:23:58.499Z] 	at org.codehaus.groovy.runtime.GroovyCategorySupport.use(GroovyCategorySupport.java:268)
[2021-03-23T15:23:58.499Z] 	at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:163)
[2021-03-23T15:23:58.499Z] 	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:18)
[2021-03-23T15:23:58.499Z] 	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:51)
[2021-03-23T15:23:58.499Z] 	at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:185)
[2021-03-23T15:23:58.499Z] 	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:400)
[2021-03-23T15:23:58.499Z] 	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$400(CpsThreadGroup.java:96)
[2021-03-23T15:23:58.499Z] 	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:312)
[2021-03-23T15:23:58.499Z] 	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:276)
[2021-03-23T15:23:58.499Z] 	at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:67)
[2021-03-23T15:23:58.499Z] 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[2021-03-23T15:23:58.499Z] 	at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:139)
[2021-03-23T15:23:58.499Z] 	at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
[2021-03-23T15:23:58.499Z] 	at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
[2021-03-23T15:23:58.499Z] 	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
[2021-03-23T15:23:58.499Z] 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[2021-03-23T15:23:58.499Z] 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[2021-03-23T15:23:58.499Z] 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[2021-03-23T15:23:58.499Z] 	at java.lang.Thread.run(Thread.java:748)
[2021-03-23T15:24:00.251Z] Failed in branch filebeat-build
[2021-03-23T15:24:04.572Z] Stage "Packaging" skipped due to earlier failure(s)
[2021-03-23T15:24:04.744Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-24708/src/github.com/elastic/beats
[2021-03-23T15:24:05.361Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats_PR-24708
[2021-03-23T15:24:05.489Z] [INFO] getVaultSecret: Getting secrets
[2021-03-23T15:24:05.633Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2021-03-23T15:24:06.731Z] + chmod 755 generate-build-data.sh
[2021-03-23T15:24:06.731Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-24708/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-24708/runs/1 ABORTED 10959841
[2021-03-23T15:24:06.982Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-24708/runs/1/steps/?limit=10000 -o steps-info.json
[2021-03-23T15:24:08.843Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-24708/runs/1/tests/?status=FAILED -o tests-errors.json

[leehinman]

I could live with either one, but I have a slight preference for option 2. I think from a user perspective having one place where we decode XML is easier to find.

[andrewkroh]

Option 2 looks good to me and doesn't complicate the processor too much.

[marc-gr]

If there is no disagreement, I will close this and open a PR to implement option 2: #24726