From 256ac0df6381709b36cc6cded75a786c9e7a1102 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Wed, 18 Jun 2025 13:25:31 -0700 Subject: [PATCH 1/4] Add doc about module availability --- x-pack/filebeat/module/azure/_meta/docs.asciidoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/x-pack/filebeat/module/azure/_meta/docs.asciidoc b/x-pack/filebeat/module/azure/_meta/docs.asciidoc index 9ed929f510d3..50ee7bb2443a 100644 --- a/x-pack/filebeat/module/azure/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/azure/_meta/docs.asciidoc @@ -5,6 +5,8 @@ == Azure module +WARNING: This module is not available in FIPS-capable Filebeat. + include::{libbeat-dir}/shared/integration-link.asciidoc[] The azure module retrieves different types of log data from Azure. From 80a7d960170a0e4fe1cd5cac7db8a4aa529219a5 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Tue, 24 Jun 2025 15:30:32 -0700 Subject: [PATCH 2/4] Make azure-eventhub input use FIPSAwareInput interface --- x-pack/filebeat/input/azureeventhub/v1_input.go | 9 +++++++++ x-pack/filebeat/input/azureeventhub/v2_input.go | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/x-pack/filebeat/input/azureeventhub/v1_input.go b/x-pack/filebeat/input/azureeventhub/v1_input.go index c7d97d8603fa..230c1f1ba7bc 100644 --- a/x-pack/filebeat/input/azureeventhub/v1_input.go +++ b/x-pack/filebeat/input/azureeventhub/v1_input.go @@ -59,6 +59,15 @@ func (in *eventHubInputV1) Name() string { return inputName } +// IsFIPSCapable returns false because the azure-eventhub input indirectly does +// not use FIPS-compliant algorithms. Specifically, the input depends on +// the github.com/Azure/azure-sdk-for-go/sdk/azidentity package which, in +// turn, depends on the golang.org/x/crypto/pkcs12 package, which is not +// FIPS-compliant +func (in *eventHubInputV1) IsFIPSCapable() bool { + return false +} + func (in *eventHubInputV1) Test(v2.TestContext) error { return nil } diff --git a/x-pack/filebeat/input/azureeventhub/v2_input.go b/x-pack/filebeat/input/azureeventhub/v2_input.go index 84755ff38843..d57a71d07295 100644 --- a/x-pack/filebeat/input/azureeventhub/v2_input.go +++ b/x-pack/filebeat/input/azureeventhub/v2_input.go @@ -70,6 +70,15 @@ func (in *eventHubInputV2) Name() string { return inputName } +// IsFIPSCapable returns false because the azure-eventhub input indirectly does +// not use FIPS-compliant algorithms. Specifically, the input depends on +// the github.com/Azure/azure-sdk-for-go/sdk/azidentity package which, in +// turn, depends on the golang.org/x/crypto/pkcs12 package, which is not +// FIPS-compliant +func (in *eventHubInputV2) IsFIPSCapable() bool { + return false +} + func (in *eventHubInputV2) Test(v2.TestContext) error { return nil } From b23f60e7032b05d20ceae14ad1837647a6633458 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Wed, 25 Jun 2025 14:16:15 -0700 Subject: [PATCH 3/4] Reimplement --- x-pack/filebeat/input/azureeventhub/input.go | 8 ++++++++ x-pack/filebeat/input/azureeventhub/v1_input.go | 9 --------- x-pack/filebeat/input/azureeventhub/v2_input.go | 9 --------- 3 files changed, 8 insertions(+), 18 deletions(-) diff --git a/x-pack/filebeat/input/azureeventhub/input.go b/x-pack/filebeat/input/azureeventhub/input.go index c2ad4f9c7adb..a84d204f15b3 100644 --- a/x-pack/filebeat/input/azureeventhub/input.go +++ b/x-pack/filebeat/input/azureeventhub/input.go @@ -46,6 +46,14 @@ func Plugin(log *logp.Logger) v2.Plugin { Manager: &eventHubInputManager{ log: log, }, + + // ExcludeFromFIPS = true to prevent this input from being used in FIPS-capable + // Filebeat distributions. This input indirectly uses algorithms that are + // FIPS-compliant. Specifically, the input depends on the + // github.com/Azure/azure-sdk-for-go/sdk/azidentity package which, in turn, + // depends on the golang.org/x/crypto/pkcs12 package, which is not + // FIPS-compliant. + ExcludeFromFIPS: true, } } diff --git a/x-pack/filebeat/input/azureeventhub/v1_input.go b/x-pack/filebeat/input/azureeventhub/v1_input.go index 230c1f1ba7bc..c7d97d8603fa 100644 --- a/x-pack/filebeat/input/azureeventhub/v1_input.go +++ b/x-pack/filebeat/input/azureeventhub/v1_input.go @@ -59,15 +59,6 @@ func (in *eventHubInputV1) Name() string { return inputName } -// IsFIPSCapable returns false because the azure-eventhub input indirectly does -// not use FIPS-compliant algorithms. Specifically, the input depends on -// the github.com/Azure/azure-sdk-for-go/sdk/azidentity package which, in -// turn, depends on the golang.org/x/crypto/pkcs12 package, which is not -// FIPS-compliant -func (in *eventHubInputV1) IsFIPSCapable() bool { - return false -} - func (in *eventHubInputV1) Test(v2.TestContext) error { return nil } diff --git a/x-pack/filebeat/input/azureeventhub/v2_input.go b/x-pack/filebeat/input/azureeventhub/v2_input.go index d57a71d07295..84755ff38843 100644 --- a/x-pack/filebeat/input/azureeventhub/v2_input.go +++ b/x-pack/filebeat/input/azureeventhub/v2_input.go @@ -70,15 +70,6 @@ func (in *eventHubInputV2) Name() string { return inputName } -// IsFIPSCapable returns false because the azure-eventhub input indirectly does -// not use FIPS-compliant algorithms. Specifically, the input depends on -// the github.com/Azure/azure-sdk-for-go/sdk/azidentity package which, in -// turn, depends on the golang.org/x/crypto/pkcs12 package, which is not -// FIPS-compliant -func (in *eventHubInputV2) IsFIPSCapable() bool { - return false -} - func (in *eventHubInputV2) Test(v2.TestContext) error { return nil } From 1a12a3024fac1d6aafd1b4ef3208723672d9d824 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Wed, 25 Jun 2025 14:26:18 -0700 Subject: [PATCH 4/4] Fix typo --- x-pack/filebeat/input/azureeventhub/input.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/x-pack/filebeat/input/azureeventhub/input.go b/x-pack/filebeat/input/azureeventhub/input.go index a84d204f15b3..4bc26a235bde 100644 --- a/x-pack/filebeat/input/azureeventhub/input.go +++ b/x-pack/filebeat/input/azureeventhub/input.go @@ -48,11 +48,10 @@ func Plugin(log *logp.Logger) v2.Plugin { }, // ExcludeFromFIPS = true to prevent this input from being used in FIPS-capable - // Filebeat distributions. This input indirectly uses algorithms that are + // Filebeat distributions. This input indirectly uses algorithms that are not // FIPS-compliant. Specifically, the input depends on the // github.com/Azure/azure-sdk-for-go/sdk/azidentity package which, in turn, - // depends on the golang.org/x/crypto/pkcs12 package, which is not - // FIPS-compliant. + // depends on the golang.org/x/crypto/pkcs12 package, which is not FIPS-compliant. ExcludeFromFIPS: true, } }