From e85c522c96f7b00a3bc6969e7c7b11d0e339e02e Mon Sep 17 00:00:00 2001 From: Anderson Queiroz Date: Tue, 14 Jul 2026 17:40:02 +0200 Subject: [PATCH] update elastic-agent-libs to v0.46.1 (#51921) Improve logging when TLS certificates and keys fail to load preventing it from logging a malformed key when it fails to load. full changelog: https://github.com/elastic/elastic-agent-libs/compare/v0.45.0...v0.46.1= (cherry picked from commit 8674b2f08772e7f4e786c9bd79a2cfd99868132a) --- NOTICE.txt | 4 +-- ...-update-elastic-agent-libs-to-v0.46.1.yaml | 32 +++++++++++++++++++ go.mod | 2 +- go.sum | 4 +-- x-pack/filebeat/input/o365audit/auth/cert.go | 9 +++--- x-pack/filebeat/input/o365audit/config.go | 4 ++- x-pack/filebeat/input/o365audit/input.go | 4 +-- 7 files changed, 47 insertions(+), 12 deletions(-) create mode 100644 changelog/fragments/1784030419-update-elastic-agent-libs-to-v0.46.1.yaml diff --git a/NOTICE.txt b/NOTICE.txt index d7348e6e936b..926020001f20 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -10798,11 +10798,11 @@ SOFTWARE -------------------------------------------------------------------------------- Dependency : github.com/elastic/elastic-agent-libs -Version: v0.45.0 +Version: v0.46.1 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/elastic-agent-libs@v0.45.0/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/elastic/elastic-agent-libs@v0.46.1/LICENSE: Apache License Version 2.0, January 2004 diff --git a/changelog/fragments/1784030419-update-elastic-agent-libs-to-v0.46.1.yaml b/changelog/fragments/1784030419-update-elastic-agent-libs-to-v0.46.1.yaml new file mode 100644 index 000000000000..6f3443511690 --- /dev/null +++ b/changelog/fragments/1784030419-update-elastic-agent-libs-to-v0.46.1.yaml @@ -0,0 +1,32 @@ +# Kind can be one of: +# - breaking-change: a change to previously-documented behavior +# - deprecation: functionality that is being removed in a later release +# - bug-fix: fixes a problem in a previous version +# - enhancement: extends functionality but does not break or fix existing behavior +# - feature: new functionality +# - known-issue: problems that we are aware of in a given version +# - security: impacts on the security of a product or a user’s deployment. +# - upgrade: important information for someone upgrading from a prior version +# - other: does not fit into any of the other categories +kind: bug-fix + +# Change summary; a 80ish characters long description of the change. +summary: update elastic-agent-libs to v0.46.1 + +# Long description; in case the summary is not enough to describe the change +# this field accommodate a description without length limits. +# NOTE: This field will be rendered only for breaking-change and known-issue kinds at the moment. +description: Fixed an issue where malformed TLS keys could be printed in the error logs during loading failures. + +# Affected component; a word indicating the component this changeset affects. +component: all + +# PR URL; optional; the PR number that added the changeset. +# If not present is automatically filled by the tooling finding the PR where this changelog fragment has been added. +# NOTE: the tooling supports backports, so it's able to fill the original PR number instead of the backport PR number. +# Please provide it if you are adding a fragment for a different PR. +pr: https://github.com/elastic/beats/pull/51921 + +# Issue URL; optional; the GitHub issue related to this changeset (either closes or is part of). +# If not present is automatically filled by the tooling with the issue linked to the PR number. +#issue: https://github.com/owner/repo/1234 diff --git a/go.mod b/go.mod index 86080ca55368..5b1f32b0abf2 100644 --- a/go.mod +++ b/go.mod @@ -171,7 +171,7 @@ require ( github.com/elastic/bayeux v1.0.5 github.com/elastic/ebpfevents v0.9.0 github.com/elastic/elastic-agent-autodiscover v0.10.3-0.20260423154939-e990715f9426 - github.com/elastic/elastic-agent-libs v0.45.0 + github.com/elastic/elastic-agent-libs v0.46.1 github.com/elastic/elastic-agent-system-metrics v0.14.4 github.com/elastic/go-elasticsearch/v8 v8.19.0 github.com/elastic/go-freelru v0.16.0 diff --git a/go.sum b/go.sum index 40f3d9f4d88b..864c315ca245 100644 --- a/go.sum +++ b/go.sum @@ -381,8 +381,8 @@ github.com/elastic/elastic-agent-autodiscover v0.10.3-0.20260423154939-e990715f9 github.com/elastic/elastic-agent-autodiscover v0.10.3-0.20260423154939-e990715f9426/go.mod h1:HyjdiEVP/A7iMN0jeac2EoUohpHKAZIFRDQsvPDg2Dw= github.com/elastic/elastic-agent-client/v7 v7.18.1 h1:WnM53JjaukeysrAuiTyrhDPmFxJG07ZAByc2TrkcKcs= github.com/elastic/elastic-agent-client/v7 v7.18.1/go.mod h1:uDpSGZ+YCKgqgtkwCA0qjwX0gU/wmixDsVbPjY3GkPs= -github.com/elastic/elastic-agent-libs v0.45.0 h1:ioCrNcd03tJVxrnAdZ19MCmea1SgOO+QeFtt+KvcJC0= -github.com/elastic/elastic-agent-libs v0.45.0/go.mod h1:axkpqDCCzAky6G4D/cklgtZQa3jTNGAMVHVkU0u6YbU= +github.com/elastic/elastic-agent-libs v0.46.1 h1:1dVRKOaGWBxqDQPb/NCtoJHI8Nx3QbJOmr4v6y+UdKQ= +github.com/elastic/elastic-agent-libs v0.46.1/go.mod h1:axkpqDCCzAky6G4D/cklgtZQa3jTNGAMVHVkU0u6YbU= github.com/elastic/elastic-agent-system-metrics v0.14.4 h1:XGGepNVOxhtfJmanQsgqCAZESIJtyDIFOKErOaVzFEw= github.com/elastic/elastic-agent-system-metrics v0.14.4/go.mod h1:NyNMrdqMfznb/Zy8EmIAHlJpX6HuRlNW+bBL9UN7WQY= github.com/elastic/elastic-transport-go/v8 v8.8.0 h1:7k1Ua+qluFr6p1jfJjGDl97ssJS/P7cHNInzfxgBQAo= diff --git a/x-pack/filebeat/input/o365audit/auth/cert.go b/x-pack/filebeat/input/o365audit/auth/cert.go index 186bbfea947d..aaf3ee78af4a 100644 --- a/x-pack/filebeat/input/o365audit/auth/cert.go +++ b/x-pack/filebeat/input/o365audit/auth/cert.go @@ -11,13 +11,14 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/elastic/elastic-agent-libs/logp" "github.com/elastic/elastic-agent-libs/transport/tlscommon" ) // NewProviderFromCertificate returns a TokenProvider that uses certificate-based // authentication. -func NewProviderFromCertificate(resource, applicationID, tenantID string, conf tlscommon.CertificateConfig) (sptp TokenProvider, err error) { - cert, privKey, err := loadConfigCerts(conf) +func NewProviderFromCertificate(resource, applicationID, tenantID string, conf tlscommon.CertificateConfig, logger *logp.Logger) (sptp TokenProvider, err error) { + cert, privKey, err := loadConfigCerts(conf, logger) if err != nil { return nil, fmt.Errorf("failed loading certificates: %w", err) } @@ -30,8 +31,8 @@ func NewProviderFromCertificate(resource, applicationID, tenantID string, conf t return (*credentialTokenProvider)(cred), nil } -func loadConfigCerts(cfg tlscommon.CertificateConfig) (cert *x509.Certificate, key *rsa.PrivateKey, err error) { - tlsCert, err := tlscommon.LoadCertificate(&cfg) +func loadConfigCerts(cfg tlscommon.CertificateConfig, logger *logp.Logger) (cert *x509.Certificate, key *rsa.PrivateKey, err error) { + tlsCert, err := tlscommon.LoadCertificate(&cfg, logger) if err != nil { return nil, nil, fmt.Errorf("error loading X509 certificate from '%s': %w", cfg.Certificate, err) } diff --git a/x-pack/filebeat/input/o365audit/config.go b/x-pack/filebeat/input/o365audit/config.go index 312c1b7823ee..d4d9b640b293 100644 --- a/x-pack/filebeat/input/o365audit/config.go +++ b/x-pack/filebeat/input/o365audit/config.go @@ -11,6 +11,7 @@ import ( "time" "github.com/elastic/beats/v7/x-pack/filebeat/input/o365audit/auth" + "github.com/elastic/elastic-agent-libs/logp" "github.com/elastic/elastic-agent-libs/transport/tlscommon" ) @@ -186,7 +187,7 @@ func (s *stringList) Unpack(value interface{}) error { } // NewTokenProvider returns an auth.TokenProvider for the given tenantID. -func (c *Config) NewTokenProvider(tenantID string) (auth.TokenProvider, error) { +func (c *Config) NewTokenProvider(tenantID string, logger *logp.Logger) (auth.TokenProvider, error) { if c.ClientSecret != "" { return auth.NewProviderFromClientSecret( c.API.AuthenticationEndpoint, @@ -201,6 +202,7 @@ func (c *Config) NewTokenProvider(tenantID string) (auth.TokenProvider, error) { c.ApplicationID, tenantID, c.CertificateConfig, + logger, ) } diff --git a/x-pack/filebeat/input/o365audit/input.go b/x-pack/filebeat/input/o365audit/input.go index d81bae5e33a7..f395d26656a2 100644 --- a/x-pack/filebeat/input/o365audit/input.go +++ b/x-pack/filebeat/input/o365audit/input.go @@ -94,7 +94,7 @@ func (inp *o365input) Name() string { return pluginName } func (inp *o365input) Test(src cursor.Source, ctx v2.TestContext) error { tenantID := src.(*stream).tenantID - auth, err := inp.config.NewTokenProvider(tenantID) + auth, err := inp.config.NewTokenProvider(tenantID, ctx.Logger) if err != nil { return err } @@ -148,7 +148,7 @@ func (inp *o365input) run(v2ctx v2.Context, stream *stream, cursor cursor.Cursor log := v2ctx.Logger.With("tenantID", tenantID, "contentType", contentType) ctx := ctxtool.FromCanceller(v2ctx.Cancelation) - tokenProvider, err := inp.config.NewTokenProvider(stream.tenantID) + tokenProvider, err := inp.config.NewTokenProvider(stream.tenantID, log) if err != nil { return err }