Cherry-pick #19719 to 7.x: Move O365audit input to v2 input API

[urso]

Cherry-pick of PR #19719 to 7.x branch. Original message:

• Refactoring

What does this PR do?

Move o365audit input to use the v2 input API.

The change treats the tuple 'tenantID' and 'contentType' as the stream identifier. The cursor input package starts one go-routine per stream, ensuring that no two inputs can collect events for the same stream.

Not yet documented (not sure if we should): the cursor input manager adds a id setting to each input it manages. The ID settings can be configured manualy and will become part of the stream ID in the statestore. This allows users to configure 2 inputs collecting from the same streams.

(Needs docs): The cursor input manager runs a go-routine in the background deleting old states no input or pending event (to be ACKed by outputs) is active for. Each entry in the store has a TTL. And entry is to be removed if there is no active input, all events for the stream have been acked, and lastUpdateTimestamp + TTL < now. The TTL is configured via clean_timeout. The default clean_timeout is 30 minutes.

The default clean_timeout can be configured by setting 'DefaultCleanTimeout' in the InputManager in the Plugin function.
When the beat is restarted the cleanup will not delete entries yet. Instead the reference time for old entries is set to 'beatStartTimestamp'. After restart old entries that don't get picked up are deleted after beatStartTimestamp + TTL < now.

Why is it important?

This enables the input to store the read positions in the statestore between restarts.

Checklist

• My code follows the style guidelines of this project
  - [ ] I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
  - [ ] I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

• [ ]

How to test this PR locally

@adriansr can you add details about required manual testing please?

Related issues

• Relates Filebeat input v2 API #15324

[elasticmachine]

Pinging @elastic/integrations-services (Team:Services)

[elasticmachine]

❕ Build Aborted

Either there was a build timeout or someone aborted the build.'}

Expand to view the summary

Build stats

• Build Cause: [Pull request #19775 updated]

• Start Time: 2020-07-09T18:36:45.784+0000

• Duration: 122 min 27 sec

Test stats 🧪

Test	Results
Failed	0
Passed	2197
Skipped	385
Total	2582

Log output

Expand to view the last 100 lines of log output

[2020-07-09T19:28:09.873Z] + for i in auditbeat filebeat heartbeat libbeat metricbeat packetbeat winlogbeat journalbeat
[2020-07-09T19:28:09.873Z] + FILE=packetbeat/build/coverage/full.cov
[2020-07-09T19:28:09.873Z] + '[' -f packetbeat/build/coverage/full.cov ']'
[2020-07-09T19:28:09.873Z] + for i in auditbeat filebeat heartbeat libbeat metricbeat packetbeat winlogbeat journalbeat
[2020-07-09T19:28:09.873Z] + FILE=winlogbeat/build/coverage/full.cov
[2020-07-09T19:28:09.873Z] + '[' -f winlogbeat/build/coverage/full.cov ']'
[2020-07-09T19:28:09.873Z] + for i in auditbeat filebeat heartbeat libbeat metricbeat packetbeat winlogbeat journalbeat
[2020-07-09T19:28:09.873Z] + FILE=journalbeat/build/coverage/full.cov
[2020-07-09T19:28:09.873Z] + '[' -f journalbeat/build/coverage/full.cov ']'
[2020-07-09T19:28:11.474Z] Post stage
[2020-07-09T19:28:11.482Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19775/src/github.com/elastic/beats
[2020-07-09T19:28:13.477Z] Starting "default"...
[2020-07-09T19:28:17.160Z] Machine "default" is already running.
[2020-07-09T19:28:17.610Z] Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.99.100:2376": dial tcp 192.168.99.100:2376: getsockopt: connection refused
[2020-07-09T19:28:17.610Z] You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
[2020-07-09T19:28:17.610Z] Be advised that this will trigger a Docker daemon restart which might stop running containers.
[2020-07-09T19:28:17.611Z] 
[2020-07-09T19:28:18.599Z] Client:
[2020-07-09T19:28:18.599Z]  Version:      18.03.1-ce
[2020-07-09T19:28:18.599Z]  API version:  1.37
[2020-07-09T19:28:18.599Z]  Go version:   go1.9.5
[2020-07-09T19:28:18.599Z]  Git commit:   9ee9f40
[2020-07-09T19:28:18.599Z]  Built:        Thu Apr 26 07:13:02 2018
[2020-07-09T19:28:18.599Z]  OS/Arch:      darwin/amd64
[2020-07-09T19:28:18.599Z]  Experimental: false
[2020-07-09T19:28:18.599Z]  Orchestrator: swarm
[2020-07-09T19:28:18.599Z] Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
[2020-07-09T19:28:18.599Z] It requires Docker daemon to be installed and running
[2020-07-09T20:38:42.962Z] Cancelling nested steps due to timeout
[2020-07-09T20:38:42.966Z] ...........Sending interrupt signal to process
[2020-07-09T20:38:45.553Z] Sending interrupt signal to process
[2020-07-09T20:38:48.153Z] failed to run compiled magefile: signal: terminated
[2020-07-09T20:38:48.162Z] script returned exit code 255
[2020-07-09T20:38:48.232Z] Recording test results
[2020-07-09T20:38:49.737Z] Stashed 3 file(s)
[2020-07-09T20:38:49.745Z] Archiving artifacts
[2020-07-09T20:38:50.592Z] + curl -sSLo codecov https://codecov.io/bash
[2020-07-09T20:38:50.853Z] + FILE=auditbeat/build/coverage/full.cov
[2020-07-09T20:38:50.853Z] + [ -f auditbeat/build/coverage/full.cov ]
[2020-07-09T20:38:50.853Z] + FILE=filebeat/build/coverage/full.cov
[2020-07-09T20:38:50.853Z] + [ -f filebeat/build/coverage/full.cov ]
[2020-07-09T20:38:50.853Z] + FILE=heartbeat/build/coverage/full.cov
[2020-07-09T20:38:50.853Z] + [ -f heartbeat/build/coverage/full.cov ]
[2020-07-09T20:38:50.853Z] + FILE=libbeat/build/coverage/full.cov
[2020-07-09T20:38:50.853Z] + [ -f libbeat/build/coverage/full.cov ]
[2020-07-09T20:38:50.853Z] + FILE=metricbeat/build/coverage/full.cov
[2020-07-09T20:38:50.853Z] + [ -f metricbeat/build/coverage/full.cov ]
[2020-07-09T20:38:50.853Z] + FILE=packetbeat/build/coverage/full.cov
[2020-07-09T20:38:50.853Z] + [ -f packetbeat/build/coverage/full.cov ]
[2020-07-09T20:38:50.853Z] + FILE=winlogbeat/build/coverage/full.cov
[2020-07-09T20:38:50.853Z] + [ -f winlogbeat/build/coverage/full.cov ]
[2020-07-09T20:38:50.853Z] + FILE=journalbeat/build/coverage/full.cov
[2020-07-09T20:38:50.853Z] + [ -f journalbeat/build/coverage/full.cov ]
[2020-07-09T20:38:52.112Z] Failed in branch Filebeat x-pack
[2020-07-09T20:38:52.234Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19775/src/github.com/elastic/beats
[2020-07-09T20:38:52.546Z] + find . -type f -name TEST*.xml -path */build/* -delete
[2020-07-09T20:38:52.558Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19775/src/github.com/elastic/beats/Lint
[2020-07-09T20:38:52.653Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19775/src/github.com/elastic/beats/Filebeat-x-pack-Windows
[2020-07-09T20:38:52.758Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19775/src/github.com/elastic/beats/Filebeat-x-pack-Mac-OS-X
[2020-07-09T20:38:52.848Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19775/src/github.com/elastic/beats/Filebeat-x-pack
[2020-07-09T20:38:53.213Z] + cat
[2020-07-09T20:38:53.213Z] + /usr/local/bin/runbld ./runbld-script
[2020-07-09T20:38:53.213Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-07-09T20:38:59.792Z] runbld>>> runbld started
[2020-07-09T20:38:59.792Z] runbld>>> 1.6.12/f45d832f2ba0aa2722ab4ec1fda8ad140f027f8b
[2020-07-09T20:39:00.729Z] runbld>>> The following profiles matched the job 'Beats/beats-beats-mbp/PR-19775' in order of occurrence in the config (last value wins).
[2020-07-09T20:39:01.665Z] runbld>>> Debug logging enabled.
[2020-07-09T20:39:01.665Z] runbld>>> Storing result
[2020-07-09T20:39:01.929Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-07-09T20:39:01.929Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200709203901-194B2C31
[2020-07-09T20:39:01.929Z] runbld>>> Adding system facts.
[2020-07-09T20:39:02.867Z] runbld>>> Adding vcs info for the latest commit:  8dbabae916db6c6c69e194b669ca9d821dd7bb37
[2020-07-09T20:39:02.867Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-07-09T20:39:02.867Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-07-09T20:39:02.867Z] Processing JUnit reports with runbld...
[2020-07-09T20:39:02.867Z] + echo 'Processing JUnit reports with runbld...'
[2020-07-09T20:39:03.126Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-07-09T20:39:03.126Z] runbld>>> DURATION: 24ms
[2020-07-09T20:39:03.126Z] runbld>>> STDOUT: 40 bytes
[2020-07-09T20:39:03.126Z] runbld>>> STDERR: 49 bytes
[2020-07-09T20:39:03.126Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-07-09T20:39:03.126Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19775/src/github.com/elastic/beats
[2020-07-09T20:39:04.509Z] runbld>>> Storing build metadata: 
[2020-07-09T20:39:04.509Z] runbld>>> Adding test report.
[2020-07-09T20:39:04.510Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19775/src/github.com/elastic/beats
[2020-07-09T20:39:05.077Z] runbld>>> Found 7 test output files
[2020-07-09T20:39:05.644Z] runbld>>> Test output logs contained: Errors: 0 Failures: 0 Tests: 2582 Skipped: 363
[2020-07-09T20:39:05.902Z] runbld>>> Storing result
[2020-07-09T20:39:05.902Z] runbld>>> FAILURES: 0
[2020-07-09T20:39:06.162Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-07-09T20:39:06.162Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200709203901-194B2C31
[2020-07-09T20:39:06.162Z] runbld>>> Email notification disabled by environment variable.
[2020-07-09T20:39:06.162Z] runbld>>> Slack notification disabled by environment variable.
[2020-07-09T20:39:11.673Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19775
[2020-07-09T20:39:11.776Z] [INFO] getVaultSecret: Getting secrets
[2020-07-09T20:39:11.842Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-07-09T20:39:12.564Z] + chmod 755 generate-build-data.sh
[2020-07-09T20:39:12.564Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-19775/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-19775/runs/2 ABORTED 7346519
[2020-07-09T20:39:12.564Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-19775/runs/2/steps/?limit=10000 -o steps-info.json
[2020-07-09T20:39:12.814Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-19775/runs/2/tests/?status=FAILED -o tests-errors.json