Merge branch 'master' into systemtest-elasticagent

elastic · Feb 2, 2021 · 07512e3 · 07512e3
2 parents 9df5dea + 62f3ed6
commit 07512e3
Show file tree

Hide file tree

Showing 1,087 changed files with 153,821 additions and 1,487 deletions.
diff --git a/.ci/docker/Makefile b/.ci/docker/Makefile
@@ -45,6 +45,7 @@ test-golang-mage: prepare-test ## Run the tests for the specific app
 	cp -f ../../go.* golang-mage
 	mkdir -p golang-mage/approvaltest && cp -f ../../approvaltest/go.* golang-mage/approvaltest
 	mkdir -p golang-mage/systemtest && cp -f ../../systemtest/go.* golang-mage/systemtest
+	mkdir -p golang-mage/internal/otel_collector && cp -f ../../internal/otel_collector/go.* golang-mage/internal/otel_collector
 	@DOCKERFILE=golang-mage bats-core/bin/bats --tap tests | tee target/results.tap
 	@$(MAKE) -s convert-tests-results
 

diff --git a/.ci/docker/golang-mage/Dockerfile b/.ci/docker/golang-mage/Dockerfile
@@ -7,10 +7,12 @@ WORKDIR $TOOLS
 COPY go.mod go.sum ./
 COPY approvaltest/go.mod approvaltest/go.sum ./approvaltest/
 COPY systemtest/go.mod systemtest/go.sum ./systemtest/
+COPY internal/otel_collector/go.mod internal/otel_collector/go.sum ./internal/otel_collector/
 
 RUN go mod download
 RUN cd approvaltest && go mod download
 RUN cd systemtest && go mod download
+RUN cd internal/otel_collector && go mod download
 
 RUN apt-get update -y -qq \
   && apt-get install -y -qq  python3 python3-pip python3-venv \

diff --git a/.gitignore b/.gitignore
@@ -4,6 +4,7 @@
 /.ci/docker/golang-mage/go.*
 /.ci/docker/golang-mage/approvaltest/
 /.ci/docker/golang-mage/systemtest/
+/.ci/docker/golang-mage/internal/otel_collector/
 **/*.idea
 /build
 /data

diff --git a/.go-version b/.go-version
@@ -1 +1 @@
-1.14.12
+1.15.7
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.14.12
+FROM golang:1.15.7
 MAINTAINER Nicolas Ruflin <[email protected]>
 
 RUN set -x && \

diff --git a/Makefile b/Makefile
@@ -136,7 +136,7 @@ NOTICE.txt: $(PYTHON) go.mod
 .PHONY: add-headers
 add-headers: $(GOLICENSER)
 ifndef CHECK_HEADERS_DISABLED
-	@$(GOLICENSER) -exclude x-pack
+	@$(GOLICENSER) -exclude x-pack -exclude internal/otel_collector
 	@$(GOLICENSER) -license Elastic x-pack
 endif
 
@@ -222,7 +222,7 @@ check-changelogs: $(PYTHON)
 .PHONY: check-headers
 check-headers: $(GOLICENSER)
 ifndef CHECK_HEADERS_DISABLED
-	@$(GOLICENSER) -d -exclude build -exclude x-pack
+	@$(GOLICENSER) -d -exclude build -exclude x-pack -exclude internal/otel_collector
 	@$(GOLICENSER) -d -exclude build -license Elastic x-pack
 endif
 

diff --git a/NOTICE.txt b/NOTICE.txt
diff --git a/README.md b/README.md
@@ -16,7 +16,7 @@ To get started with APM, see our [Quick start guide](https://www.elastic.co/guid
 
 ### Requirements
 
-* [Golang](https://golang.org/dl/) 1.14.12
+* [Golang](https://golang.org/dl/) 1.15.7
 
 ### Install
 

diff --git a/_meta/beat.yml b/_meta/beat.yml
@@ -137,10 +137,22 @@ apm-server:
       #ssl.enabled: true
 
       # Optional SSL configuration options. SSL is off by default, change the `protocol` option if you want to enable `https`.
-      # Configure SSL verification mode. If `none` is configured, all server hosts
-      # and certificates will be accepted. In this mode, SSL based connections are
-      # susceptible to man-in-the-middle attacks. Use only for testing. Default is
-      # `full`.
+      #
+      # Control the verification of Elasticsearch certificates. Valid values are:
+      # * full, which verifies that the provided certificate is signed by a trusted
+      # authority (CA) and also verifies that the server's hostname (or IP address)
+      # matches the names identified within the certificate.
+      # * strict, which verifies that the provided certificate is signed by a trusted
+      # authority (CA) and also verifies that the server's hostname (or IP address)
+      # matches the names identified within the certificate. If the Subject Alternative
+      # Name is empty, it returns an error.
+      # * certificate, which verifies that the provided certificate is signed by a
+      # trusted authority (CA), but does not perform any hostname verification.
+      #  * none, which performs no verification of the server's certificate. This
+      # mode disables many of the security benefits of SSL/TLS and should only be used
+      # after very careful consideration. It is primarily intended as a temporary
+      # diagnostic mechanism when attempting to resolve TLS errors; its use in
+      # production environments is strongly discouraged.
       #ssl.verification_mode: full
 
       # List of supported/valid TLS versions. By default all TLS versions 1.0 up to
@@ -278,10 +290,22 @@ apm-server:
     #ssl.enabled: true
 
     # Optional SSL configuration options. SSL is off by default, change the `protocol` option if you want to enable `https`.
-    # Configure SSL verification mode. If `none` is configured, all server hosts
-    # and certificates will be accepted. In this mode, SSL based connections are
-    # susceptible to man-in-the-middle attacks. Use only for testing. Default is
-    # `full`.
+    #
+    # Control the verification of Kibana certificates. Valid values are:
+    # * full, which verifies that the provided certificate is signed by a trusted
+    # authority (CA) and also verifies that the server's hostname (or IP address)
+    # matches the names identified within the certificate.
+    # * strict, which verifies that the provided certificate is signed by a trusted
+    # authority (CA) and also verifies that the server's hostname (or IP address)
+    # matches the names identified within the certificate. If the Subject Alternative
+    # Name is empty, it returns an error.
+    # * certificate, which verifies that the provided certificate is signed by a
+    # trusted authority (CA), but does not perform any hostname verification.
+    #  * none, which performs no verification of the server's certificate. This
+    # mode disables many of the security benefits of SSL/TLS and should only be used
+    # after very careful consideration. It is primarily intended as a temporary
+    # diagnostic mechanism when attempting to resolve TLS errors; its use in
+    # production environments is strongly discouraged.
     #ssl.verification_mode: full
 
     # List of supported/valid TLS versions. By default all TLS versions 1.0 up to
@@ -617,10 +641,22 @@ output.elasticsearch:
   #ssl.enabled: true
 
   # Optional SSL configuration options. SSL is off by default, change the `protocol` option if you want to enable `https`.
-  # Configure SSL verification mode. If `none` is configured, all server hosts
-  # and certificates will be accepted. In this mode, SSL based connections are
-  # susceptible to man-in-the-middle attacks. Use only for testing. Default is
-  # `full`.
+  #
+  # Control the verification of Elasticsearch certificates. Valid values are:
+  # * full, which verifies that the provided certificate is signed by a trusted
+  # authority (CA) and also verifies that the server's hostname (or IP address)
+  # matches the names identified within the certificate.
+  # * strict, which verifies that the provided certificate is signed by a trusted
+  # authority (CA) and also verifies that the server's hostname (or IP address)
+  # matches the names identified within the certificate. If the Subject Alternative
+  # Name is empty, it returns an error.
+  # * certificate, which verifies that the provided certificate is signed by a
+  # trusted authority (CA), but does not perform any hostname verification.
+  #  * none, which performs no verification of the server's certificate. This
+  # mode disables many of the security benefits of SSL/TLS and should only be used
+  # after very careful consideration. It is primarily intended as a temporary
+  # diagnostic mechanism when attempting to resolve TLS errors; its use in
+  # production environments is strongly discouraged.
   #ssl.verification_mode: full
 
   # List of supported/valid TLS versions. By default all TLS versions 1.0 up to
@@ -746,10 +782,22 @@ output.elasticsearch:
   #ssl.enabled: false
 
   # Optional SSL configuration options. SSL is off by default.
-  # Configure SSL verification mode. If `none` is configured, all server hosts
-  # and certificates will be accepted. In this mode, SSL based connections are
-  # susceptible to man-in-the-middle attacks. Use only for testing. Default is
-  # `full`.
+  #
+  # Control the verification of Logstash certificates. Valid values are:
+  # * full, which verifies that the provided certificate is signed by a trusted
+  # authority (CA) and also verifies that the server's hostname (or IP address)
+  # matches the names identified within the certificate.
+  # * strict, which verifies that the provided certificate is signed by a trusted
+  # authority (CA) and also verifies that the server's hostname (or IP address)
+  # matches the names identified within the certificate. If the Subject Alternative
+  # Name is empty, it returns an error.
+  # * certificate, which verifies that the provided certificate is signed by a
+  # trusted authority (CA), but does not perform any hostname verification.
+  #  * none, which performs no verification of the server's certificate. This
+  # mode disables many of the security benefits of SSL/TLS and should only be used
+  # after very careful consideration. It is primarily intended as a temporary
+  # diagnostic mechanism when attempting to resolve TLS errors; its use in
+  # production environments is strongly discouraged.
   #ssl.verification_mode: full
 
   # List of supported/valid TLS versions. By default all TLS versions 1.0 up to
@@ -893,10 +941,22 @@ output.elasticsearch:
   #ssl.enabled: false
 
   # Optional SSL configuration options. SSL is off by default.
-  # Configure SSL verification mode. If `none` is configured, all server hosts
-  # and certificates will be accepted. In this mode, SSL based connections are
-  # susceptible to man-in-the-middle attacks. Use only for testing. Default is
-  # `full`.
+  #
+  # Control the verification of Kafka certificates. Valid values are:
+  # * full, which verifies that the provided certificate is signed by a trusted
+  # authority (CA) and also verifies that the server's hostname (or IP address)
+  # matches the names identified within the certificate.
+  # * strict, which verifies that the provided certificate is signed by a trusted
+  # authority (CA) and also verifies that the server's hostname (or IP address)
+  # matches the names identified within the certificate. If the Subject Alternative
+  # Name is empty, it returns an error.
+  # * certificate, which verifies that the provided certificate is signed by a
+  # trusted authority (CA), but does not perform any hostname verification.
+  #  * none, which performs no verification of the server's certificate. This
+  # mode disables many of the security benefits of SSL/TLS and should only be used
+  # after very careful consideration. It is primarily intended as a temporary
+  # diagnostic mechanism when attempting to resolve TLS errors; its use in
+  # production environments is strongly discouraged.
   #ssl.verification_mode: full
 
   # List of supported/valid TLS versions. By default all TLS versions 1.0 up to
@@ -1159,10 +1219,22 @@ output.elasticsearch:
   #ssl.enabled: true
 
   # Optional SSL configuration options. SSL is off by default, change the `protocol` option if you want to enable `https`.
-  # Configure SSL verification mode. If `none` is configured, all server hosts
-  # and certificates will be accepted. In this mode, SSL based connections are
-  # susceptible to man-in-the-middle attacks. Use only for testing. Default is
-  # `full`.
+  #
+  # Control the verification of Elasticsearch certificates. Valid values are:
+  # * full, which verifies that the provided certificate is signed by a trusted
+  # authority (CA) and also verifies that the server's hostname (or IP address)
+  # matches the names identified within the certificate.
+  # * strict, which verifies that the provided certificate is signed by a trusted
+  # authority (CA) and also verifies that the server's hostname (or IP address)
+  # matches the names identified within the certificate. If the Subject Alternative
+  # Name is empty, it returns an error.
+  # * certificate, which verifies that the provided certificate is signed by a
+  # trusted authority (CA), but does not perform any hostname verification.
+  #  * none, which performs no verification of the server's certificate. This
+  # mode disables many of the security benefits of SSL/TLS and should only be used
+  # after very careful consideration. It is primarily intended as a temporary
+  # diagnostic mechanism when attempting to resolve TLS errors; its use in
+  # production environments is strongly discouraged.
   #ssl.verification_mode: full
 
   # List of supported/valid TLS versions. By default all TLS versions 1.0 up to