-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
[AWS] Add common variables to all SQS-based AWS inputs #9865
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems like this file just got changed by the linter 馃し
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Haiku:
Code repository,
Today, not the time to lint,
Tomorrow, perhaps.
馃殌 Benchmarks reportTo see the full report comment with |
Building on elastic/beats#38189 |
packages/aws/manifest.yml
Outdated
required: false | ||
show_user: false | ||
default: "" | ||
description: URL of the entry point for an AWS web service |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
perhaps we use this as an opportunity to make this say that endpoint can also be a domain?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you propose for the new description value, in that case?
URL/domain of the entry point for an AWS web service
Is this sufficient?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm actually pretty sure I lied and it can't be a domain. I'll verify on Monday
@elastic/obs-ds-hosted-services @elastic/security-service-integrations @elastic/obs-infraobs-integrations - Would you be able to take a look this soon? I'd also appreciate some help testing this change as I don't have an environment setup where I can test the endpoint behavior for these data streams. Are there instructions to do this anywhere that I could reference? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for adding this parameter! I didn't realize we are missing this one for the whole time...
FYI I opted to just bump to 2.15.3 rather than doing a prerelease build |
edit: everything i typed below is irrelevant, see next post Looking at this, the endpoint field is required but it's not enough. It looks like default_region isn't wired up everywhere and that we have inputs that require In the SQS input the region pulling logic is
But endpoint always has a scheme and queueHostSplit[2] will never have a scheme so this cannot match. I believe we will have to expose a "region" field or a "custom_settings" for the SQS inputs in the integration. it also looks like the getRegionFromQueue expects the defaultRegion param but we actually just pass the region param
So based on this we have 4 options as I see it:
My order of preference is 1,4,2,3 but I think all would solve the customer's problem |
I chatted with @faec for a bit and I think endpoint isn't even used for this flow and all we actually need is to either:
as an aside: It's unclear to me why setting defaultregion doesn't work in this situation. If it works as a default then having defaultregion and region at the integration level seems odd but having defaultregion at the integration level and region at the component level makes some sense.
|
Ok so we found a bunch of beats issues we're going to fix separately. Kyle and I agreed that we will expose Due to bugs in beats elastic/beats#39709 these will work for s3 polling but not for the sqs queue part until 8.14 |
@kaiyan-sheng , are there specific instructions that can be followed to test this feature? |
@@ -107,6 +123,13 @@ streams: | |||
type: bool | |||
multi: false | |||
default: false | |||
- name: custom_configurations |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't appear to be being used in this data stream.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep this was a WIP commit. I'm still actively working on finalizing this PR. Thanks for taking a look!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@efd6 - These should all be updated and accurate now. Thanks again for reviewing 馃檹
@@ -73,3 +89,10 @@ streams: | |||
default: 5 | |||
required: false | |||
show_user: false | |||
- name: custom_configurations |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here and below with exception noted.
@@ -69,6 +85,13 @@ streams: | |||
default: 5 | |||
required: false | |||
show_user: false | |||
- name: custom_configurations |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one is used.
{{#if endpoint}} | ||
endpoint: {{endpoint}} | ||
{{/if}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see endpoint
in the manifest. Also, is region
intentionally not added here?
{{#if endpoint}} | ||
endpoint: {{endpoint}} | ||
{{/if}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see endpoint
in the manifest, and missing region
?
In an effort to not balloon the scope of this PR to almost the entire AWS integration, I'm taking the following stretch goals from the description and moving them into a separate issue to put on the backlog:
I've created #10002 to capture this work. The ingest team is okay with shipping these changes only for S3 inputs in an effort to resolve the ongoing escalation more quickly. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just noting that the custom configuration field is the sharpest user-facing tool that I've seen.
@@ -359,3 +382,4 @@ streams: | |||
type: bool | |||
multi: false | |||
default: false | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Blank line needed? Ah, I see elastic-package check
is adding it. Why?
show_user: false | ||
description: > | ||
Additional settings to be added to the configuration. Be careful using this as it might break the input as those settings are not validated and can override the settings specified above. See [`aws-s3` input settings docs](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-aws-s3.html) for details. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Blank line.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was able to remove the blank line in the cloudtrail manifest, which I think was just erroneous, but elastic-package check
always seems to add a newline after multiline YAML values like we're using in description
here.
I also tried forcing the string onto multiple lines with line breaks, and the linter rewrites it to a single line with a blank line afterwards. I'm not sure why this happens. Maybe @jsoriano would know.
show_user: false | ||
description: > | ||
Additional settings to be added to the configuration. Be careful using this as it might break the input as those settings are not validated and can override the settings specified above. See [`aws-s3` input settings docs](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-aws-s3.html) for details. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Blank line.
show_user: false | ||
description: > | ||
Additional settings to be added to the configuration. Be careful using this as it might break the input as those settings are not validated and can override the settings specified above. See [`aws-s3` input settings docs](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-aws-s3.html) for details. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Blank line.
Looking forward to getting this out the door, let me know if it looks like we can't merge by the end of the week! |
Sorry we don't have any documented instructions for it. Maybe the AWS documentation will help? |
This needs a final codeowner review from @elastic/obs-infraobs-integrations. @strawgate - You mentioned you have an environment where this could be tested. Is that something you can help with before this gets merged? |
One way or another I'll get this tested today! |
馃挌 Build Succeeded
History
cc @kpollich |
Quality Gate passedIssues Measures |
I performed the testing as described in the above issue. Is there any additional testing anyone wants before this gets merged? |
I'm satisfied with the level of testing here now. I just need codeowner review from @elastic/obs-infraobs-integrations. @lalit-satapathy can you help with landing this? |
Summary
endpoint
+region
variables to S3 inputs for the following policy templatesapigateway_logs
cloudfront_logs
cloudtrail
ec2_logs
elb_logs
emr_logs
firewall_logs
guardduty
route53_resolver_logs
s3access
vpcflow
waf
custom
field on all S3 inputs for the following policy templatesapigateway_logs
cloudfront_logs
cloudtrail
ec2_logs
elb_logs
emr_logs
firewall_logs
guardduty
route53_resolver_logs
s3access
vpcflow
waf
(Stretch goal) Expose a- [AWS] Addcustom
field for all Cloudwatch inputs on all policy templatescustom
variable to all Cloudwatch inputs and at the package level聽#10002(Stretch goal) Expose a- [AWS] Addcustom
field at the package levelcustom
variable to all Cloudwatch inputs and at the package level聽#10002Proposed commit message
Add
endpoint
,region
, andcustom
common variables to allaws-s3
inputsChecklist
changelog.yml
file.Author's Checklist
How to test this PR locally
馃槄
Related issues
FYI this is related to an ongoing escalation related to pulling logs out of an SQS queue.