Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Proxy settings to AWS Common #26832

Merged
merged 5 commits into from
Jul 27, 2021
Merged

Add Proxy settings to AWS Common #26832

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
15cb512
Add Proxy settings to AWS Common
legoguy1000 Jul 10, 2021
985e78d
update changelog and docs
legoguy1000 Jul 10, 2021
8be0cb6
Update Docs
legoguy1000 Jul 15, 2021
abe5eaa
Fix docs
legoguy1000 Jul 20, 2021
a0a5bcb
Consolidate function
legoguy1000 Jul 20, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -617,6 +617,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Libbeat: report beat version to monitoring. {pull}26214[26214]
- Ensure common proxy settings support in HTTP clients: proxy_disabled, proxy_url, proxy_headers and typical environment variables HTTP_PROXY, HTTPS_PROXY, NOPROXY. {pull}25219[25219]
- `add_process_metadata` processor enrich process information with owner name and id. {issue}21068[21068] {pull}21111[21111]
- Add proxy support for AWS functions. {pull}26832[26832]

*Auditbeat*

Expand Down
6 changes: 6 additions & 0 deletions filebeat/docs/modules/aws.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ Example config:
#var.api_timeout: 120s
#var.endpoint: amazonaws.com
#var.role_arn: arn:aws:iam::123456789012:role/test-mb
#var.proxy_url: http://proxy:8080

cloudwatch:
enabled: false
Expand All @@ -66,6 +67,7 @@ Example config:
#var.api_timeout: 120s
#var.endpoint: amazonaws.com
#var.role_arn: arn:aws:iam::123456789012:role/test-mb
#var.proxy_url: http://proxy:8080

ec2:
enabled: false
Expand All @@ -79,6 +81,7 @@ Example config:
#var.api_timeout: 120s
#var.endpoint: amazonaws.com
#var.role_arn: arn:aws:iam::123456789012:role/test-mb
#var.proxy_url: http://proxy:8080

elb:
enabled: false
Expand All @@ -92,6 +95,7 @@ Example config:
#var.api_timeout: 120s
#var.endpoint: amazonaws.com
#var.role_arn: arn:aws:iam::123456789012:role/test-mb
#var.proxy_url: http://proxy:8080

s3access:
enabled: false
Expand All @@ -105,6 +109,7 @@ Example config:
#var.api_timeout: 120s
#var.endpoint: amazonaws.com
#var.role_arn: arn:aws:iam::123456789012:role/test-mb
#var.proxy_url: http://proxy:8080

vpcflow:
enabled: false
Expand All @@ -118,6 +123,7 @@ Example config:
#var.api_timeout: 120s
#var.endpoint: amazonaws.com
#var.role_arn: arn:aws:iam::123456789012:role/test-mb
#var.proxy_url: http://proxy:8080
----

*`var.queue_url`*::
Expand Down
2 changes: 1 addition & 1 deletion libbeat/common/transport/httpcommon/proxy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ import (
//
// Proxy usage will be disabled in general if Disable is set.
// If URL is not set, the proxy configuration will default
// to HTTP_PROXY, HTTPS_PPROXY, and NO_PROXY.
// to HTTP_PROXY, HTTPS_PROXY, and NO_PROXY.
//
// The default (and zero) value of HTTPClientProxySettings has Proxy support
// enabled, and will select the proxy per URL based on the environment variables.
Expand Down
4 changes: 2 additions & 2 deletions x-pack/filebeat/input/awscloudwatch/input.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,9 +103,9 @@ func NewInput(cfg *common.Config, connector channel.Connector, context input.Con
config.RegionName = regionName
}

awsConfig, err := awscommon.GetAWSCredentials(config.AwsConfig)
awsConfig, err := awscommon.InitializeAWSConfig(config.AwsConfig)
if err != nil {
return nil, errors.Wrap(err, "getAWSCredentials failed")
return nil, errors.Wrap(err, "InitializeAWSConfig failed")
}
awsConfig.Region = config.RegionName

Expand Down
8 changes: 4 additions & 4 deletions x-pack/filebeat/input/awss3/input.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,9 +54,9 @@ func newInput(config config) (*s3Input, error) {
func (in *s3Input) Name() string { return inputName }

func (in *s3Input) Test(ctx v2.TestContext) error {
_, err := awscommon.GetAWSCredentials(in.config.AWSConfig)
_, err := awscommon.InitializeAWSConfig(in.config.AWSConfig)
if err != nil {
return fmt.Errorf("getAWSCredentials failed: %w", err)
return fmt.Errorf("InitializeAWSConfig failed: %w", err)
}
return nil
}
Expand Down Expand Up @@ -98,9 +98,9 @@ func (in *s3Input) createCollector(ctx v2.Context, pipeline beat.Pipeline) (*s3C
log = log.With("region", regionName)
}

awsConfig, err := awscommon.GetAWSCredentials(in.config.AWSConfig)
awsConfig, err := awscommon.InitializeAWSConfig(in.config.AWSConfig)
if err != nil {
return nil, fmt.Errorf("getAWSCredentials failed: %w", err)
return nil, fmt.Errorf("InitializeAWSConfig failed: %w", err)
}
awsConfig.Region = regionName

Expand Down
4 changes: 2 additions & 2 deletions x-pack/filebeat/input/awss3/s3_integration_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,9 +138,9 @@ func setupCollector(t *testing.T, cfg *common.Config, mock bool) (*s3Collector,
}

config := getConfigForTest(t)
awsConfig, err := awscommon.GetAWSCredentials(config.AWSConfig)
awsConfig, err := awscommon.InitializeAWSConfig(config.AWSConfig)
if err != nil {
t.Fatal("failed GetAWSCredentials with AWS Config: ", err)
t.Fatal("failed InitializeAWSConfig with AWS Config: ", err)
}

s3BucketRegion := os.Getenv("S3_BUCKET_REGION")
Expand Down
6 changes: 6 additions & 0 deletions x-pack/filebeat/module/aws/_meta/docs.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ Example config:
#var.api_timeout: 120s
#var.endpoint: amazonaws.com
#var.role_arn: arn:aws:iam::123456789012:role/test-mb
#var.proxy_url: http://proxy:8080

cloudwatch:
enabled: false
Expand All @@ -61,6 +62,7 @@ Example config:
#var.api_timeout: 120s
#var.endpoint: amazonaws.com
#var.role_arn: arn:aws:iam::123456789012:role/test-mb
#var.proxy_url: http://proxy:8080

ec2:
enabled: false
Expand All @@ -74,6 +76,7 @@ Example config:
#var.api_timeout: 120s
#var.endpoint: amazonaws.com
#var.role_arn: arn:aws:iam::123456789012:role/test-mb
#var.proxy_url: http://proxy:8080

elb:
enabled: false
Expand All @@ -87,6 +90,7 @@ Example config:
#var.api_timeout: 120s
#var.endpoint: amazonaws.com
#var.role_arn: arn:aws:iam::123456789012:role/test-mb
#var.proxy_url: http://proxy:8080

s3access:
enabled: false
Expand All @@ -100,6 +104,7 @@ Example config:
#var.api_timeout: 120s
#var.endpoint: amazonaws.com
#var.role_arn: arn:aws:iam::123456789012:role/test-mb
#var.proxy_url: http://proxy:8080

vpcflow:
enabled: false
Expand All @@ -113,6 +118,7 @@ Example config:
#var.api_timeout: 120s
#var.endpoint: amazonaws.com
#var.role_arn: arn:aws:iam::123456789012:role/test-mb
#var.proxy_url: http://proxy:8080
----

*`var.queue_url`*::
Expand Down
4 changes: 4 additions & 0 deletions x-pack/filebeat/module/aws/cloudtrail/config/aws-s3.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,10 @@ fips_enabled: {{ .fips_enabled }}
max_number_of_messages: {{ .max_number_of_messages }}
{{ end }}

{{ if .proxy_url }}
proxy_url: {{ .proxy_url }}
{{ end }}

tags: {{.tags | tojson}}
publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}

Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/cloudtrail/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ var:
- name: process_insight_logs
default: true
- name: fips_enabled
- name: proxy_url
- name: max_number_of_messages

ingest_pipeline: ingest/pipeline.yml
Expand Down
4 changes: 4 additions & 0 deletions x-pack/filebeat/module/aws/cloudwatch/config/aws-s3.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,10 @@ fips_enabled: {{ .fips_enabled }}
max_number_of_messages: {{ .max_number_of_messages }}
{{ end }}

{{ if .proxy_url }}
proxy_url: {{ .proxy_url }}
{{ end }}

tags: {{.tags | tojson}}
publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}

Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/cloudwatch/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ var:
- name: tags
default: [forwarded]
- name: fips_enabled
- name: proxy_url
- name: max_number_of_messages

ingest_pipeline: ingest/pipeline.yml
Expand Down
4 changes: 4 additions & 0 deletions x-pack/filebeat/module/aws/ec2/config/aws-s3.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,10 @@ fips_enabled: {{ .fips_enabled }}
max_number_of_messages: {{ .max_number_of_messages }}
{{ end }}

{{ if .proxy_url }}
proxy_url: {{ .proxy_url }}
{{ end }}

tags: {{.tags | tojson}}
publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}

Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/ec2/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ var:
- name: tags
default: [forwarded]
- name: fips_enabled
- name: proxy_url
- name: max_number_of_messages

ingest_pipeline: ingest/pipeline.yml
Expand Down
4 changes: 4 additions & 0 deletions x-pack/filebeat/module/aws/elb/config/aws-s3.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,10 @@ fips_enabled: {{ .fips_enabled }}
max_number_of_messages: {{ .max_number_of_messages }}
{{ end }}

{{ if .proxy_url }}
proxy_url: {{ .proxy_url }}
{{ end }}

tags: {{.tags | tojson}}
publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}

Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/elb/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ var:
- name: tags
default: [forwarded]
- name: fips_enabled
- name: proxy_url
- name: max_number_of_messages

ingest_pipeline: ingest/pipeline.yml
Expand Down
4 changes: 4 additions & 0 deletions x-pack/filebeat/module/aws/s3access/config/aws-s3.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,10 @@ fips_enabled: {{ .fips_enabled }}
max_number_of_messages: {{ .max_number_of_messages }}
{{ end }}

{{ if .proxy_url }}
proxy_url: {{ .proxy_url }}
{{ end }}

tags: {{.tags | tojson}}
publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}

Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/s3access/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ var:
- name: tags
default: [forwarded]
- name: fips_enabled
- name: proxy_url
- name: max_number_of_messages

ingest_pipeline: ingest/pipeline.yml
Expand Down
4 changes: 4 additions & 0 deletions x-pack/filebeat/module/aws/vpcflow/config/input.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,10 @@ fips_enabled: {{ .fips_enabled }}
max_number_of_messages: {{ .max_number_of_messages }}
{{ end }}

{{ if .proxy_url }}
proxy_url: {{ .proxy_url }}
{{ end }}

{{ else if eq .input "file" }}

type: log
Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/vpcflow/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ var:
- name: tags
default: [forwarded]
- name: fips_enabled
- name: proxy_url
- name: max_number_of_messages

ingest_pipeline: ingest/pipeline.yml
Expand Down
2 changes: 1 addition & 1 deletion x-pack/functionbeat/manager/aws/cli_manager.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,7 @@ func NewCLI(
if err := cfg.Unpack(config); err != nil {
return nil, err
}
awsCfg, err := awscommon.GetAWSCredentials(config.Credentials)
awsCfg, err := awscommon.InitializeAWSConfig(config.Credentials)
if err != nil {
return nil, fmt.Errorf("failed to get aws credentials, please check AWS credential in config: %+v", err)
}
Expand Down
2 changes: 1 addition & 1 deletion x-pack/libbeat/autodiscover/providers/aws/ec2/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ func AutodiscoverBuilder(
return nil, err
}

awsCfg, err := awscommon.GetAWSCredentials(
awsCfg, err := awscommon.InitializeAWSConfig(
awscommon.ConfigAWS{
AccessKeyID: config.AWSConfig.AccessKeyID,
SecretAccessKey: config.AWSConfig.SecretAccessKey,
Expand Down
4 changes: 2 additions & 2 deletions x-pack/libbeat/autodiscover/providers/aws/elb/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ func AutodiscoverBuilder(
return nil, err
}

awsCfg, err := awscommon.GetAWSCredentials(awscommon.ConfigAWS{
awsCfg, err := awscommon.InitializeAWSConfig(awscommon.ConfigAWS{
AccessKeyID: config.AWSConfig.AccessKeyID,
SecretAccessKey: config.AWSConfig.SecretAccessKey,
SessionToken: config.AWSConfig.SessionToken,
Expand All @@ -76,7 +76,7 @@ func AutodiscoverBuilder(

var clients []elasticloadbalancingv2iface.ClientAPI
for _, region := range config.Regions {
awsCfg, err := awscommon.GetAWSCredentials(awscommon.ConfigAWS{
awsCfg, err := awscommon.InitializeAWSConfig(awscommon.ConfigAWS{
AccessKeyID: config.AWSConfig.AccessKeyID,
SecretAccessKey: config.AWSConfig.SecretAccessKey,
SessionToken: config.AWSConfig.SessionToken,
Expand Down
34 changes: 26 additions & 8 deletions x-pack/libbeat/common/aws/credentials.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@
package aws

import (
"net/http"
"net/url"

awssdk "github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/aws/defaults"
"github.com/aws/aws-sdk-go-v2/aws/external"
Expand All @@ -18,14 +21,29 @@ import (

// ConfigAWS is a structure defined for AWS credentials
type ConfigAWS struct {
AccessKeyID string `config:"access_key_id"`
SecretAccessKey string `config:"secret_access_key"`
SessionToken string `config:"session_token"`
ProfileName string `config:"credential_profile_name"`
SharedCredentialFile string `config:"shared_credential_file"`
Endpoint string `config:"endpoint"`
RoleArn string `config:"role_arn"`
AWSPartition string `config:"aws_partition"` // Deprecated.
AccessKeyID string `config:"access_key_id"`
SecretAccessKey string `config:"secret_access_key"`
SessionToken string `config:"session_token"`
ProfileName string `config:"credential_profile_name"`
SharedCredentialFile string `config:"shared_credential_file"`
Endpoint string `config:"endpoint"`
RoleArn string `config:"role_arn"`
AWSPartition string `config:"aws_partition"` // Deprecated.
ProxyUrl *url.URL `config:"proxy_url"`
}

// InitializeAWSConfig function creates the awssdk.Config object from the provided config
func InitializeAWSConfig(config ConfigAWS) (awssdk.Config, error) {
AWSConfig, _ := GetAWSCredentials(config)
if config.ProxyUrl != nil {
httpClient := &http.Client{
Transport: &http.Transport{
Proxy: http.ProxyURL(config.ProxyUrl),
},
}
AWSConfig.HTTPClient = httpClient
}
return AWSConfig, nil
}

// GetAWSCredentials function gets aws credentials from the config.
Expand Down
1 change: 1 addition & 0 deletions x-pack/libbeat/docs/aws-credentials-config.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ Some services, such as IAM, do not support regions. The endpoints for these
services do not include a region. In `aws` module, `endpoint` config is to set
the `endpoint-code` part, such as `amazonaws.com`, `amazonaws.com.cn`, `c2s.ic.gov`,
`sc2s.sgov.gov`.
* *proxy_url*: URL of the proxy to use to connect to AWS web services. The syntax is http(s)://<IP/Hostname>:<port>

[float]
==== Supported Formats
Expand Down
2 changes: 1 addition & 1 deletion x-pack/metricbeat/module/aws/aws.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ func NewMetricSet(base mb.BaseMetricSet) (*MetricSet, error) {
return nil, err
}

awsConfig, err := awscommon.GetAWSCredentials(config.AWSConfig)
awsConfig, err := awscommon.InitializeAWSConfig(config.AWSConfig)
if err != nil {
return nil, fmt.Errorf("failed to get aws credentials, please check AWS credential in config: %w", err)
}
Expand Down