Skip to content

aws: re-enable system tests for securityhub data streams and silence expected template error #14947

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 18, 2025
Merged

aws: re-enable system tests for securityhub data streams and silence expected template error #14947

merged 2 commits into from
Aug 18, 2025

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Aug 15, 2025
edited
Loading

Proposed commit message

aws: re-enable system tests for securityhub data streams and silence expected template error

For cert updates, in _dev/deploy/docker/files run

(for securityhub_findings and securityhub_findings_full_posture)

openssl req -x509 -newkey rsa:2048 -keyout private.key -out certificate.crt -sha256 -days 3650 -nodes -subj "/C=XX/L=Default City/O=Default Company Ltd/CN=securityhub.xxxx.amazonaws.cn"

(for securityhub_insights)

openssl req -x509 -newkey rsa:2048 -keyout private.key -out certificate.crt -sha256 -days 3650 -nodes -subj "/C=XX/L=Default City/O=Default Company Ltd/CN=securityhub.xxxx.amazonaws.com"

and then distribute the certificate to the system test configs.

Also fix incorrect use of 'with' in guardduty agent template.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 self-assigned this Aug 15, 2025
@efd6 efd6 added enhancement New feature or request Integration:aws AWS Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:obs-ds-hosted-services Observability Hosted Services team [elastic/obs-ds-hosted-services] labels Aug 15, 2025
@efd6
aws: re-enable system tests for securityhub data streams and silence …
bd3c5be 
…expected template error

For cert updates, in _dev/deploy/docker/files run

(for securityhub_findings and securityhub_findings_full_posture)

openssl req -x509 -newkey rsa:2048 -keyout private.key -out certificate.crt -sha256 -days 3650 -nodes -subj "/C=XX/L=Default City/O=Default Company Ltd/CN=securityhub.xxxx.amazonaws.cn"

(for securityhub_insights)

openssl req -x509 -newkey rsa:2048 -keyout private.key -out certificate.crt -sha256 -days 3650 -nodes -subj "/C=XX/L=Default City/O=Default Company Ltd/CN=securityhub.xxxx.amazonaws.com"

and then distribute the certificate to the system test configs.
@efd6 efd6 force-pushed the aws_securityhub_system_tests branch from 4c2f069 to bd3c5be Compare August 15, 2025 05:36
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 15, 2025
edited
Loading

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

💚 Build Succeeded

cc @efd6

@efd6 efd6 marked this pull request as ready for review August 15, 2025 07:40
@efd6 efd6 requested review from a team as code owners August 15, 2025 07:40
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@andrewkroh
Copy link
Member

/test stack 9.1.2

andrewkroh
andrewkroh approved these changes Aug 15, 2025
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@andrewkroh
Copy link
Member

With the 9.1.2 test there are a few failures due to the status reporting, I assume some of this relates back to elastic/beats#45664, but the last one looks like a different problem?

system test: (elastic-agent logs - default) in aws.securityhub_insights

test case failed: one or more errors found while examining elastic-agent.logs1489050619: [0] found error "Unit state changed httpjson-default-httpjson-securityhub-83af48fd-90ff-4557-8595-ca941bfeed04 (HEALTHY->DEGRADED): failed to execute template NextToken: template: :1:16: executing \"\" at <.last_response.body.NextToken>: map has no entry for key \"NextToken\""

system test: (elastic-agent logs - default) in aws.securityhub_findings_full_posture

test case failed: one or more errors found while examining elastic-agent.logs1530129037: [0] found error "Unit state changed httpjson-default-httpjson-securityhub-ecd30790-bc41-46d0-a8d0-3dd87eabfa63 (HEALTHY->DEGRADED): failed to execute template NextToken: the template result is empty"

system test: (elastic-agent logs - default) in aws.guardduty

test case failed: one or more errors found while examining elastic-agent.logs4244851378: [0] found error "Unit state changed httpjson-default-httpjson-guardduty-8c55f2b2-d6f6-4e4e-80f6-d66fc91ffb61 (HEALTHY->DEGRADED): failed to execute template last_execution_datetime: template: :1:89: executing \"\" at <.last_event.updatedAt>: can't evaluate field last_event in type []interface {}"

@efd6
Copy link
Contributor Author

efd6 commented Aug 17, 2025

The first two tests are both flaky, but I can improve the situation with the first one so that it and the second can be addressed with elastic/beats#45664.

The last one is due to the incorrect use of a with. I'll fix that here.

@efd6
Copy link
Contributor Author

efd6 commented Aug 17, 2025

/test stack 9.1.2

@elasticmachine
Copy link

💚 Build Succeeded

cc @efd6

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

elasticmachine commented Aug 17, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

History

cc @efd6

@efd6 efd6 merged commit 7115de8 into elastic:main Aug 18, 2025
9 of 10 checks passed
@elastic-vault-github-plugin-prod
Copy link

Package aws - 3.14.0 containing this change is available at https://epr.elastic.co/package/aws/3.14.0/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

@kaiyan-sheng kaiyan-sheng kaiyan-sheng approved these changes

Assignees

@efd6 efd6

Labels

enhancement New feature or request Integration:aws AWS Team:obs-ds-hosted-services Observability Hosted Services team [elastic/obs-ds-hosted-services] Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@efd6 @elasticmachine @andrewkroh @kaiyan-sheng