Skip to content

Add fips_compatible flag to Azure * packages #14769

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
shmsr merged 4 commits into from
Aug 7, 2025
Merged

Add fips_compatible flag to Azure * packages #14769

shmsr merged 4 commits into from
Aug 7, 2025

Conversation

@shmsr
Copy link
Member

@shmsr shmsr commented Aug 1, 2025
edited
Loading

Proposed commit message

The fips_compatible flag is added to all policy templates (Azure *) that use either azure/metrics or azure-eventhub inputs.

These inputs are explicitly disabled in FIPS-enabled environments within Beats (elastic/beats#44885, elastic/beats#44902). By marking the relevant policy templates with fips_compatible: false, we ensure consistency and proper behavior of these integrations when deployed in FIPS environments.

Related Context:

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

@shmsr shmsr requested review from a team as code owners August 1, 2025 09:30
shmsr
shmsr commented Aug 1, 2025
View reviewed changes
packages/apache/manifest.yml
multi: false
required: false
show_user: false
default: |
Copy link
Member Author

@shmsr shmsr Aug 1, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please note that these changes are due to running elastic-package-changelog. I think as it runs elastic-package format internally, hence the change. I also validated the same by using the format command, it is because of that only.

Copy link
Member Author

@shmsr shmsr Aug 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is applicable to all unrelated formatting changes.

Copy link
Contributor

@gizas gizas Aug 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you

@shmsr shmsr self-assigned this Aug 1, 2025
@shmsr shmsr requested review from a team, muthu-mps and mykola-elastic August 1, 2025 09:36
muthu-mps
muthu-mps reviewed Aug 1, 2025
View reviewed changes
@shmsr shmsr added the enhancement New feature or request label Aug 1, 2025
@shmsr shmsr requested a review from muthu-mps August 1, 2025 09:50
muthu-mps
muthu-mps approved these changes Aug 1, 2025
View reviewed changes
Copy link
Contributor

@muthu-mps muthu-mps left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@shmsr shmsr requested a review from a team August 1, 2025 10:04
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 1, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@shmsr
Copy link
Member Author

shmsr commented Aug 1, 2025

@elastic/security-service-integrations You own some packages that use azure-eventhub as well. I did not touch them, as I am specifically raising this PR for azure*

But I'd request you to take a look at these — elastic/beats#44885, elastic/beats#44902 and elastic/beats#44909; as you might be using them in your packages.

@andrewkroh andrewkroh added Integration:azure_app_service Azure App Service Integration:azure_application_insights Azure Application Insights Metrics Overview Integration:azure_billing Azure Billing Metrics Integration:azure_functions Azure Functions Integration:azure_logs Custom Azure Logs Integration:azure_ai_foundry Azure AI Foundry Integration:azure_metrics Azure Resource Metrics Integration:azure_openai Azure OpenAI Team:obs-ds-hosted-services Observability Hosted Services team [elastic/obs-ds-hosted-services] Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] labels Aug 1, 2025
@karenzone karenzone mentioned this pull request Aug 1, 2025
Closed
@shmsr
Copy link
Member Author

shmsr commented Aug 4, 2025

@elastic/obs-ds-hosted-services and @elastic/security-service-integrations Can someone please take a look at this PR?

@efd6
Copy link
Contributor

efd6 commented Aug 5, 2025

security-service-integrations is not a codeowner here.

@shmsr
Copy link
Member Author

shmsr commented Aug 6, 2025

Can someone from @elastic/obs-ds-hosted-services please take a look?

@gizas
Copy link
Contributor

gizas commented Aug 6, 2025

@shmsr there are some more azure related integrations that are not listed in your pr. Is there a reason not to include them?

@shmsr
Copy link
Member Author

shmsr commented Aug 6, 2025
edited
Loading

@shmsr there are some more azure related integrations that are not listed in your pr. Is there a reason not to include them?

#14068

In this you will find more. And apart from that, only packages left are:

  • azure_blob_storage (uses azure-blob-storage input)
  • azure_frontdoor (uses azure-eventhub input but owned by security. I did not see anyone else putting the flag so I wasn't sure if I should make the change but ideally we should. That's why I asked them to review, because some of their other packages like o365 and all are likely affected as well; see: Add fips_compatible flag to Azure * packages #14769 (comment))
  • azure_network_watcher_{nsg,vnet} (uses azure-blob-storage input)

As you can see as azure-blob-storage is not disabled, we haven't touched the packages that uses that.

cc: @gizas

gizas
gizas approved these changes Aug 6, 2025
View reviewed changes
Copy link
Contributor

@gizas gizas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the comment above. Good to have it here to make clear for future review (as the title might be a little misleading)

@elasticmachine
Copy link

elasticmachine commented Aug 7, 2025

💚 Build Succeeded

History

cc @shmsr

@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Aug 7, 2025

Quality Gate failed Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

@shmsr shmsr merged commit 0505647 into elastic:main Aug 7, 2025
8 of 9 checks passed
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 7, 2025

Package azure_ai_foundry - 0.6.0 containing this change is available at https://epr.elastic.co/package/azure_ai_foundry/0.6.0/

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 7, 2025

Package azure_app_service - 0.7.0 containing this change is available at https://epr.elastic.co/package/azure_app_service/0.7.0/

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 7, 2025

Package azure_application_insights - 1.9.0 containing this change is available at https://epr.elastic.co/package/azure_application_insights/1.9.0/

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 7, 2025

Package azure_billing - 1.9.0 containing this change is available at https://epr.elastic.co/package/azure_billing/1.9.0/

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 7, 2025

Package azure_functions - 0.10.0 containing this change is available at https://epr.elastic.co/package/azure_functions/0.10.0/

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 7, 2025

Package azure_logs - 0.4.0 containing this change is available at https://epr.elastic.co/package/azure_logs/0.4.0/

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 7, 2025

Package azure_metrics - 1.10.0 containing this change is available at https://epr.elastic.co/package/azure_metrics/1.10.0/

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 7, 2025

Package azure_openai - 1.9.0 containing this change is available at https://epr.elastic.co/package/azure_openai/1.9.0/

robester0403 pushed a commit to robester0403/integrations that referenced this pull request Aug 14, 2025
@shmsr @robester0403
Add fips_compatible flag to Azure * packages (elastic#14769)
9e21b35
This was referenced Aug 18, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gizas gizas gizas approved these changes

@muthu-mps muthu-mps muthu-mps approved these changes

@mykola-elastic mykola-elastic mykola-elastic approved these changes

Assignees

@shmsr shmsr

Labels

enhancement New feature or request Integration:azure_ai_foundry Azure AI Foundry Integration:azure_app_service Azure App Service Integration:azure_application_insights Azure Application Insights Metrics Overview Integration:azure_billing Azure Billing Metrics Integration:azure_functions Azure Functions Integration:azure_logs Custom Azure Logs Integration:azure_metrics Azure Resource Metrics Integration:azure_openai Azure OpenAI Team:obs-ds-hosted-services Observability Hosted Services team [elastic/obs-ds-hosted-services] Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@shmsr @efd6 @gizas @elasticmachine @muthu-mps @mykola-elastic @andrewkroh