Skip to content

[refactor-opportunist] Consolidate request-tracer filename sanitization into shared httplog helperΒ #51151

Description

@github-actions

πŸ—οΈ Refactor Proposal

Summary: Centralize duplicated request-tracer filename sanitization logic used across multiple Filebeat HTTP inputs into x-pack/filebeat/input/internal/httplog and migrate inputs incrementally.

Problem

The same sanitization routine is duplicated in multiple input implementations, increasing maintenance cost and making behavior changes error-prone.

Concrete duplication evidence:

  • x-pack/filebeat/input/httpjson/input.go:293
  • x-pack/filebeat/input/cel/input.go:170
  • x-pack/filebeat/input/http_endpoint/input.go:152
  • x-pack/filebeat/input/entityanalytics/provider/jamf/jamf.go:265
  • x-pack/filebeat/input/entityanalytics/provider/okta/okta.go:280
  • x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher/graph/graph.go:598

These files also co-change in recent work touching request-tracer handling:

  • ec6e82f86c β€” x-pack/filebeat/input/{cel,httpjson,http_endpoint,entityanalytics},internal/httplog: fix request tracer path validation under OTel receiver runtime (#50581)

This pattern indicates shared behavior is still fragmented after the prior path-validation extraction.

Proposed Approach

Add/expand shared helpers in x-pack/filebeat/input/internal/httplog for request-tracer path concerns, then migrate call sites incrementally. Keep input-specific behavior at call sites while consolidating common primitives.

What changes:

  • Shared utility functions move to internal/httplog.
  • Inputs call shared helpers instead of local copies.

What stays the same:

  • Per-input config, logging, and tracer enablement flow.
  • Existing runtime semantics.

Why better:

  • One implementation for cross-cutting sanitization logic.
  • Lower risk of divergence across inputs.
  • Future tracer-path behavior changes become single-point updates.

Proof of Concept

I partially implemented this refactor on one representative slice to verify viability.

Files changed:

  • x-pack/filebeat/input/internal/httplog/roundtripper.go
  • x-pack/filebeat/input/http_endpoint/input.go

Before β†’ After:

Before (x-pack/filebeat/input/http_endpoint/input.go):

id := sanitizeFileName(ctx.IDWithoutName)
...
func sanitizeFileName(name string) string {
    name = strings.ReplaceAll(name, ":", string(filepath.Separator))
    name = filepath.Clean(name)
    return strings.ReplaceAll(name, string(filepath.Separator), "_")
}

After:

id := httplog.SanitizeFileName(ctx.IDWithoutName)

and shared helper added in x-pack/filebeat/input/internal/httplog/roundtripper.go:46-52.

Verification:

  • go test ./x-pack/filebeat/input/http_endpoint ./x-pack/filebeat/input/internal/httplog βœ…

Incremental Rollout Plan

This refactor can be completed incrementally:

  1. Migrate one slice (done): http_endpoint now uses httplog.SanitizeFileName.
  2. Migrate httpjson and cel to the shared helper.
  3. Migrate entityanalytics providers (jamf, okta, azuread) and remove remaining duplicated helpers.

Risks and Mitigations

  • Risk: Subtle behavior drift during migration.
    Mitigation: Keep helper behavior byte-for-byte equivalent and migrate one package at a time with package-scoped tests.
  • Risk: Scope creep into unrelated tracer concerns.
    Mitigation: Limit this refactor to helper consolidation first; defer behavioral changes to follow-up PRs.

Evidence

  • Duplication references listed above (path:line).
  • Co-change signal from git log --since="60 days ago" includes shared commit ec6e82f86c across the same set of input areas.
  • Existing shared tracer path helper already present at x-pack/filebeat/input/internal/httplog/roundtripper.go:37-44, making this a low-risk continuation of consolidation.

Note

πŸ”’ Integrity filter blocked 57 items

The following items were blocked because they don't meet the GitHub integrity level.

  • #50867 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #50758 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #50774 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #49159 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #48464 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #49163 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #49162 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #51138 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #51137 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #51139 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #51058 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #51057 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #51056 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #49800 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #48359 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • #45589 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
  • ... and 41 more items

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

What is this? | From workflow: Refactor Opportunist

Give us feedback! React with πŸš€ if perfect, πŸ‘ if helpful, πŸ‘Ž if not.

Metadata

Metadata

Assignees

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions