elastic · MichaelKatsoulis · Mar 11, 2024 · Jan 22, 2024 · Jan 24, 2024 · Jan 24, 2024
diff --git a/auditbeat/docs/fields.asciidoc b/auditbeat/docs/fields.asciidoc
@@ -2559,17 +2559,6 @@ alias to: cloud.region
 
 --
 
-
-*`azure.resourcegroup.name`*::
-+
---
-Name of resourceGroup the azure cloud instance belongs to.
-
-
-type: keyword
-
---
-
 [[exported-fields-common]]
 == Common fields
 

diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc
@@ -27762,17 +27762,6 @@ alias to: cloud.region
 
 --
 
-
-*`azure.resourcegroup.name`*::
-+
---
-Name of resourceGroup the azure cloud instance belongs to.
-
-
-type: keyword
-
---
-
 [[exported-fields-coredns]]
 == Coredns fields
 

diff --git a/heartbeat/docs/fields.asciidoc b/heartbeat/docs/fields.asciidoc
@@ -321,17 +321,6 @@ alias to: cloud.region
 
 --
 
-
-*`azure.resourcegroup.name`*::
-+
---
-Name of resourceGroup the azure cloud instance belongs to.
-
-
-type: keyword
-
---
-
 [[exported-fields-common]]
 == Common heartbeat monitor fields
 

@@ -51,13 +51,3 @@
       type: alias
       path: cloud.region
       migration: true
-
-    - name: azure.resourcegroup
-      default_field: true
-      type: group
-      fields:
-        - name: name
-          type: keyword
-          description: >
-            Name of resourceGroup the azure cloud instance belongs to.
-
@@ -55,11 +55,11 @@ List of names the `providers` setting supports:
 
 - "alibaba", or "ecs" for the Alibaba Cloud provider (disabled by default).
 - "azure" for Azure Virtual Machine (enabled by default).
-   If the Virtual Machine is part of an AKS managed cluster, the fields
+   If the virtual machine is part of an AKS managed cluster, the fields
    `orchestrator.cluster.name` and `orchestrator.cluster.id` can also be
    retrieved. "TENANT_ID", "CLIENT_ID" and "CLIENT_SECRET" environment
    variables need to be set for authentication purposes. If not set we
-   fallback to https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication?tabs=bash#2-authenticate-with-azure[DefaultAzureCredential] and user can choose different authentication methods(e.g. workload identity).
+   fallback to https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication?tabs=bash#2-authenticate-with-azure[DefaultAzureCredential] and user can choose different authentication methods (e.g. workload identity).
 - "digitalocean" for Digital Ocean (enabled by default).
 - "aws", or "ec2" for Amazon Web Services (enabled by default).
 - "gcp" for Google Copmute Enging (enabled by default).
@@ -159,9 +159,6 @@ _Azure Virtual Machine_
 [source,json]
 -------------------------------------------------------------------------------
 {
-  "azure": {
-    "resourcegroup.name": "/subscriptions/641ebacb-7743-41e7-b4fa-af1167351a61/resourcegroups/testgroup/providers/Microsoft.ContainerService/managedClusters/testcluster"
-  },
   "cloud": {
     "provider": "azure",
     "instance.id": "04ab04c3-63de-4709-a9f9-9ab8c0411d5e",

@@ -53,7 +53,7 @@ func newAzureMetadataFetcher(
 	return azFetcher, nil
 }
 
-// NewClusterClient returns a NewManagedClustersClient
+// NewClusterClient variable is assigned an anonymous function that returns a NewManagedClustersClient
 var NewClusterClient func(clientFactory *armcontainerservice.ClientFactory) *armcontainerservice.ManagedClustersClient = func(clientFactory *armcontainerservice.ClientFactory) *armcontainerservice.ManagedClustersClient {
 	return clientFactory.NewManagedClustersClient()
 }
@@ -83,15 +83,11 @@ var azureVMMetadataFetcher = provider{
 				"service": s.Object{
 					"name": c.Str("serviceName"),
 				},
-				"region": c.Str("location"),
+				"region":        c.Str("location"),
+				"resourcegroup": c.Str("resourceGroupName"),
 			}.Apply(m)
 
-			azure, _ := s.Schema{
-				"resourcegroup": s.Object{
-					"name": c.Str("resourceGroupName"),
-				},
-			}.Apply(m)
-			return mapstr.M{"cloud": cloud, "azure": azure}
+			return mapstr.M{"cloud": cloud}
 		}
 
 		azGenSchema := func(m map[string]interface{}) mapstr.M {
@@ -108,7 +104,7 @@ var azureVMMetadataFetcher = provider{
 		if err != nil {
 			return hfetcher, fmt.Errorf("failed to create new http metadata fetcher: %w", err)
 		}
-		// fetcher represents an azure metadata fetcher. The struct includes two type of fetchers.
+		// fetcher represents an azure metadata fetcher. The struct includes two types of fetchers.
 		// 1. An http fetcher(hfetcher) which retrieves metadata from azure metadata endpoint and
 		// 2. A generic fetcher(gfetcher) which uses azure sdk to retrieve metadata of azure managed clusters.
 		fetcher, err := newAzureMetadataFetcher("azure", hfetcher)
@@ -129,8 +125,8 @@ var azureVMMetadataFetcher = provider{
 }
 
 // fetchMetadata fetches azure vm metadata from
-// 1. Azure metadata endpoint with httpMetadataFetcher
-// 2. Azure Managed Clusters using azure sdk  with genericMetadataFetcher
+//  1. Azure metadata endpoint with httpMetadataFetcher
+//  2. Azure Managed Clusters using azure sdk  with genericMetadataFetcher
 func (az *azureMetadataFetcher) fetchMetadata(ctx context.Context, client http.Client) result {
 	res := result{provider: az.provider, metadata: mapstr.M{}, err: nil}
 	logger := logp.NewLogger("add_cloud_metadata")
@@ -163,8 +159,8 @@ func getAzureCredentials(logger *logp.Logger) (azcore.TokenCredential, error) {
 	}
 }
 
-// getAKSClusterNameId returns the AKS cluster name and Id for a given resourceGroup
-func getAKSClusterNameId(ctx context.Context, logger *logp.Logger, clusterClient *armcontainerservice.ManagedClustersClient, resourceGroupName string) (string, string, error) {
+// getAKSClusterNameID returns the AKS cluster name and ID for a given resourceGroup
+func getAKSClusterNameID(ctx context.Context, clusterClient *armcontainerservice.ManagedClustersClient, resourceGroupName string) (string, string, error) {
 	pager := clusterClient.NewListPager(nil)
 	for pager.More() {
 		page, err := pager.NextPage(ctx)
@@ -188,44 +184,47 @@ func (az *azureMetadataFetcher) fetchAzureClusterMeta(
 	result *result,
 ) {
 	logger := logp.NewLogger("add_cloud_metadata")
-	subscriptionId, _ := az.httpMeta.GetValue("cloud.account.id")
-	resourceGroupName, _ := az.httpMeta.GetValue("azure.resourcegroup.name")
+	subscriptionID, _ := az.httpMeta.GetValue("cloud.account.id")
+	resourceGroupName, _ := az.httpMeta.GetValue("cloud.resourcegroup")
 	strResourceGroupName := ""
 	if val, ok := resourceGroupName.(string); ok {
 		strResourceGroupName = val
 	}
-	strSubscriptionId := ""
-	if val, ok := subscriptionId.(string); ok {
-		strSubscriptionId = val
+	// Drop cloud.resourcegroup field as we do not want the cloud provider to populate this field
+	az.httpMeta.Delete("cloud.resourcegroup")
+
+	strSubscriptionID := ""
+	if val, ok := subscriptionID.(string); ok {
+		strSubscriptionID = val
 	}
-	// if subscriptionId cannot be retrieved from metadata endpoint return an error
-	if strSubscriptionId == "" {
-		logger.Debugf("subscriptionId cannot be retrieved from metadata endpoint")
-		result.err = fmt.Errorf("subscriptionId is required to create a new azure client")
+	// if subscriptionID cannot be retrieved from metadata endpoint return an error
+	if strSubscriptionID == "" {
+		logger.Debugf("subscriptionID cannot be retrieved from metadata endpoint")
+		result.err = fmt.Errorf("subscriptionID is required to create a new azure client")
 		return
 	}
 
 	if strResourceGroupName == "" {
-		result.err = fmt.Errorf("resourceGroupName is required to fetch AKS cluster name and cluster Id")
+		result.err = fmt.Errorf("resourceGroupName is required to fetch AKS cluster name and cluster ID")
 		return
 	}
 	cred, err := getAzureCredentials(logger)
 	if err != nil {
 		result.err = fmt.Errorf("failed to obtain azure credentials: %w", err)
 		return
 	}
-	clientFactory, err := armcontainerservice.NewClientFactory(strSubscriptionId, cred, nil)
+	clientFactory, err := armcontainerservice.NewClientFactory(strSubscriptionID, cred, nil)
 	if err != nil {
 		result.err = fmt.Errorf("failed to create new armcontainerservice client factory: %w", err)
 		return
 	}
 
 	clusterClient := NewClusterClient(clientFactory)
-	clusterName, clusterId, err := getAKSClusterNameId(ctx, logger, clusterClient, strResourceGroupName)
+	clusterName, clusterID, err := getAKSClusterNameID(ctx, clusterClient, strResourceGroupName)
 	if err == nil {
-		_, _ = result.metadata.Put("orchestrator.cluster.id", clusterId)
+		_, _ = result.metadata.Put("orchestrator.cluster.id", clusterID)
 		_, _ = result.metadata.Put("orchestrator.cluster.name", clusterName)
 	} else {
-		result.err = fmt.Errorf("failed to get AKS cluster name and Id: %w", err)
+		result.err = fmt.Errorf("failed to get AKS cluster name and ID: %w", err)
 	}
 }
@@ -42,10 +42,10 @@ import (
 )
 
 var cluster1Name = "testcluster1Name"
-var cluster1Id = "testcluster1Id"
+var cluster1ID = "testcluster1ID"
 
 var cluster1 = armcontainerservice.ManagedCluster{
-	ID:         to.Ptr(cluster1Id),
+	ID:         to.Ptr(cluster1ID),
 	Name:       to.Ptr(cluster1Name),
 	Properties: &armcontainerservice.ManagedClusterProperties{NodeResourceGroup: to.Ptr("MC_myname_group_myname_eastus")},
 }
@@ -186,11 +186,6 @@ func TestRetrieveAzureMetadata(t *testing.T) {
 	}
 
 	expected := mapstr.M{
-		"azure": mapstr.M{
-			"resourcegroup": mapstr.M{
-				"name": "MC_myname_group_myname_eastus",
-			},
-		},
 		"cloud": mapstr.M{
 			"provider": "azure",
 			"instance": mapstr.M{
@@ -210,7 +205,7 @@ func TestRetrieveAzureMetadata(t *testing.T) {
 		},
 		"orchestrator": mapstr.M{
 			"cluster": mapstr.M{
-				"id":   "testcluster1Id",
+				"id":   "testcluster1ID",
 				"name": "testcluster1Name",
 			},
 		},

diff --git a/metricbeat/docs/fields.asciidoc b/metricbeat/docs/fields.asciidoc
@@ -10158,17 +10158,6 @@ alias to: cloud.region
 
 --
 
-
-*`azure.resourcegroup.name`*::
-+
---
-Name of resourceGroup the azure cloud instance belongs to.
-
-
-type: keyword
-
---
-
 [[exported-fields-cloudfoundry]]
 == Cloudfoundry fields
 

diff --git a/packetbeat/docs/fields.asciidoc b/packetbeat/docs/fields.asciidoc
@@ -1347,17 +1347,6 @@ alias to: cloud.region
 
 --
 
-
-*`azure.resourcegroup.name`*::
-+
---
-Name of resourceGroup the azure cloud instance belongs to.
-
-
-type: keyword
-
---
-
 [[exported-fields-common]]
 == Common fields
 

diff --git a/winlogbeat/docs/fields.asciidoc b/winlogbeat/docs/fields.asciidoc
@@ -174,17 +174,6 @@ alias to: cloud.region
 
 --
 
-
-*`azure.resourcegroup.name`*::
-+
---
-Name of resourceGroup the azure cloud instance belongs to.
-
-
-type: keyword
-
---
-
 [[exported-fields-docker-processor]]
 == Docker fields
 

diff --git a/x-pack/functionbeat/docs/fields.asciidoc b/x-pack/functionbeat/docs/fields.asciidoc
@@ -170,17 +170,6 @@ alias to: cloud.region
 
 --
 
-
-*`azure.resourcegroup.name`*::
-+
---
-Name of resourceGroup the azure cloud instance belongs to.
-
-
-type: keyword
-
---
-
 [[exported-fields-docker-processor]]
 == Docker fields
 

diff --git a/x-pack/osquerybeat/docs/fields.asciidoc b/x-pack/osquerybeat/docs/fields.asciidoc
@@ -170,17 +170,6 @@ alias to: cloud.region
 
 --
 
-
-*`azure.resourcegroup.name`*::
-+
---
-Name of resourceGroup the azure cloud instance belongs to.
-
-
-type: keyword
-
---
-
 [[exported-fields-docker-processor]]
 == Docker fields