[cloudflare_logpush] Fix logic on http_request rename processors

[taylor-swanson]

Proposed commit message

• Fixed incorrect if statements on rename processors for fields that were renamed by Cloudflare.
• If both fields were present, then the second rename processor would try to run when it should've been skipped. Rename processors cannot rename a field to one that already exists.
• Fixed mismatch of field names for firewall.matches between the pipeline and the field definitions
• Updated pipeline tests to cover these cases

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Related issues

• Closes [Cloudflare Logpush] Pipeline bug with http_request security fields #8616

[elasticmachine]

🚀 Benchmarks report

Package cloudflare_logpush 👍(9) 💚(8) 💔(1)

Expand to view

Data stream	Previous EPS	New EPS	Diff (%)	Result
nel_report	25641.03	16666.67	-8974.36 (-35%)	💔

To see the full report comment with /test benchmark fullreport

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Duration: 29 min 1 sec

Test stats 🧪

Test	Results
Failed	0
Passed	115
Skipped	0
Total	115

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (18/18)	💚
Files	100.0% (18/18)	💚
Classes	100.0% (18/18)	💚
Methods	100.0% (215/215)	💚 75.0
Lines	91.723% (4898/5340)	👎 -8.277
Conditionals	100.0% (0/0)	💚

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[efd6]

I think this needs a test case to demonstrate the issue.

[taylor-swanson]

@efd6, I was thinking about that. We don't have a test case that tests any of these fields right now. I could make one up, but I'd rather it come from a real log. I had manually tested with log created by the user who filed the related issue, but I'm not sure how much of that log was real and what was added artificially to trigger the issue.

@jamiehynds, do you know if we have more sample data for this integration (Cloudflare Logpush)?

In the event that we don't, I may just copy one of our existing logs and add the fields that way.

Edit: Never mind, I must've been looking at the wrong file by mistake, we do test these fields. I had originally renamed the old fields to the new. I'll re-add the old fields alongside the new, which will test this case.

[efd6]

I'm curious why the names are being changed as well. This is not explained in the commit messages or issue AFAICS. Can this detail be added?

[taylor-swanson]

I can add this to the commit message. This was a bug with the original implementation. The field definitions did not match those in the pipeline. This was never caught before because we didn't have those fields in the test data (which I've added now).

[elasticmachine]

Package cloudflare_logpush - 1.17.3 containing this change is available at https://epr.elastic.co/search?package=cloudflare_logpush