Skip to content

[8.19](backport #44885) Disable Metricbeat azure module in FIPS builds #44905

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ycombinator merged 4 commits into from
Jun 19, 2025
Merged

[8.19](backport #44885) Disable Metricbeat azure module in FIPS builds #44905

ycombinator merged 4 commits into from
Jun 19, 2025

Conversation

@mergify
Copy link
Contributor

@mergify mergify bot commented Jun 18, 2025

Proposed commit message

This PR (similar to #43480) ensures that the Metricbeat azure module code is only compiled in non-FIPS builds of Metricbeat and is, therefore, unavailable in FIPS-capable Metricbeat artifacts.

The module depends on the Azure Go SDK. The SDK's code uses the golang.org/x/crypto/pkcs12 package, which is not FIPS-compliant, and the SDK doesn't plan to offer a way to disable the use of this package at compile time (see Azure/azure-sdk-for-go#24336).

As such, we have little choice but to exclude the azure module from FIPS-capable Metricbeat builds.

The doc.go files added to every metricset in the azure module are to prevent compile-time errors like so:

build constraints exclude all Go files in x-pack/metricbeat/module/azure/app_insights

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Disruptive User Impact

FIPS-capable artifacts of Metricbeat will not contain the azure module.

This is an automatic backport of pull request #44885 done by [Mergify](https://mergify.com).

@mergify mergify bot added the backport label Jun 18, 2025
@mergify mergify bot requested review from a team as code owners June 18, 2025 19:20
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jun 18, 2025
@botelastic
Copy link

botelastic bot commented Jun 18, 2025

This pull request doesn't have a Team:<team> label.

@ycombinator ycombinator enabled auto-merge (squash) June 18, 2025 19:31
shmsr
shmsr approved these changes Jun 18, 2025
View reviewed changes
Copy link
Member

@shmsr shmsr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving; but yes make update is required.

@ycombinator ycombinator requested a review from a team as a code owner June 18, 2025 19:56
@ycombinator ycombinator requested review from AndersonQ and belimawr and removed request for a team June 18, 2025 19:56
@ycombinator
Disable Metricbeat azure module in FIPS builds (#44885)
70b53a0 
* Add doc about module availability

* Exclude non-generated Go code from FIPS build

* Adding CHANGELOG entry

* Adding doc.go files to workaround excluding all Go files in build

* Run make check

* Remove CHANGELOG entry

(cherry picked from commit 0425c03)
@ycombinator
Running make update
c643325
@ycombinator
Generating doc
40cada8
@ycombinator ycombinator force-pushed the mergify/bp/8.19/pr-44885 branch from 5d1f05f to 9adae6a Compare June 19, 2025 01:28
@ycombinator ycombinator force-pushed the mergify/bp/8.19/pr-44885 branch from 9adae6a to 104d3ec Compare June 19, 2025 01:30
@ycombinator ycombinator merged commit c0b1dc2 into 8.19 Jun 19, 2025
43 of 46 checks passed
@ycombinator ycombinator deleted the mergify/bp/8.19/pr-44885 branch June 19, 2025 02:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ycombinator ycombinator ycombinator approved these changes

@shmsr shmsr shmsr approved these changes

@AndersonQ AndersonQ Awaiting requested review from AndersonQ AndersonQ was automatically assigned from elastic/elastic-agent-data-plane

@belimawr belimawr Awaiting requested review from belimawr belimawr was automatically assigned from elastic/elastic-agent-data-plane

Assignees

@ycombinator ycombinator

Labels

backport needs_team Indicates that the issue/PR needs a Team:* label

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ycombinator @shmsr