diff --git a/libbeat/processors/add_cloud_metadata/docs/add_cloud_metadata.asciidoc b/libbeat/processors/add_cloud_metadata/docs/add_cloud_metadata.asciidoc index 852b3b187d1e..a37c06fa5d4d 100644 --- a/libbeat/processors/add_cloud_metadata/docs/add_cloud_metadata.asciidoc +++ b/libbeat/processors/add_cloud_metadata/docs/add_cloud_metadata.asciidoc @@ -17,7 +17,7 @@ The following cloud providers are supported: - https://www.qcloud.com/?lang=en[Tencent Cloud] (QCloud) - Alibaba Cloud (ECS) - Huawei Cloud (ECS) -- Azure Virtual Machine +- Azure Virtual Machine (*not supported in FIPS-capable artifacts*) - Openstack Nova - Hetzner Cloud diff --git a/libbeat/processors/add_cloud_metadata/provider_azure_vm.go b/libbeat/processors/add_cloud_metadata/provider_azure_vm.go index a4716a02f528..6157d3bcf188 100644 --- a/libbeat/processors/add_cloud_metadata/provider_azure_vm.go +++ b/libbeat/processors/add_cloud_metadata/provider_azure_vm.go @@ -15,6 +15,8 @@ // specific language governing permissions and limitations // under the License. +//go:build !requirefips + package add_cloud_metadata import ( diff --git a/libbeat/processors/add_cloud_metadata/provider_azure_vm_test.go b/libbeat/processors/add_cloud_metadata/provider_azure_vm_test.go index 2d35d7c09f33..a6724065180e 100644 --- a/libbeat/processors/add_cloud_metadata/provider_azure_vm_test.go +++ b/libbeat/processors/add_cloud_metadata/provider_azure_vm_test.go @@ -15,6 +15,8 @@ // specific language governing permissions and limitations // under the License. +//go:build !requirefips + package add_cloud_metadata import ( diff --git a/libbeat/processors/add_cloud_metadata/providers.go b/libbeat/processors/add_cloud_metadata/providers.go index 5d6d64047c44..28d302c2136b 100644 --- a/libbeat/processors/add_cloud_metadata/providers.go +++ b/libbeat/processors/add_cloud_metadata/providers.go @@ -58,7 +58,6 @@ type result struct { var cloudMetaProviders = map[string]provider{ "alibaba": alibabaCloudMetadataFetcher, "ecs": alibabaCloudMetadataFetcher, - "azure": azureVMMetadataFetcher, "digitalocean": doMetadataFetcher, "aws": ec2MetadataFetcher, "ec2": ec2MetadataFetcher, @@ -78,7 +77,7 @@ var cloudMetaProviders = map[string]provider{ // or other common endpoints. For example, Openstack supports EC2 compliant metadata endpoint. Thus adding possibility to // conflict metadata between EC2/AWS and Openstack. var priorityProviders = []string{ - "aws", "ec2", "azure", + "aws", "ec2", } func selectProviders(configList providerList, providers map[string]provider) map[string]provider { diff --git a/libbeat/processors/add_cloud_metadata/providers_nofips.go b/libbeat/processors/add_cloud_metadata/providers_nofips.go new file mode 100644 index 000000000000..2230314d88af --- /dev/null +++ b/libbeat/processors/add_cloud_metadata/providers_nofips.go @@ -0,0 +1,29 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +//go:build !requirefips + +package add_cloud_metadata + +func init() { + // Include the Azure provider ONLY in non-FIPS builds, as the Azure provider depends on + // the Azure SDK which, in turn, depends on the golang.org/x/crypto/pkcs12 package, which + // is not FIPS-compliant, and the SDK doesn't plan to offer a way to disable the use of + // this package at compile time (see https://github.com/Azure/azure-sdk-for-go/issues/24336). + cloudMetaProviders["azure"] = azureVMMetadataFetcher + priorityProviders = append(priorityProviders, "azure") +}