Skip to content

fix integrations with failing parsing hbs templates #16230

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
teresaromero wants to merge 14 commits into
base: main
Choose a base branch
from
Open

fix integrations with failing parsing hbs templates #16230

teresaromero wants to merge 14 commits into from
+113 −9

Conversation

@teresaromero
Copy link
Contributor

@teresaromero teresaromero commented Dec 3, 2025
edited
Loading

Proposed commit message

netskope and auditd_manager fixed on hbs syntax

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

This PR fixes errors on the integrations that do not have valid handlebars format. This is a new validation rule that would be available at package-spec. Integrations affected are:

netskope error when using gcs

  • install netskope
  • choose Collect logs from Netskope using Log Streaming via GCS so the data stream with the fault is used
Screenshot 2025-12-05 at 12 22 38

With this change this error does not appear.

auditd_manager default audit rules format

The use of multiline string inside the helper is not compliant with handlebars. The file has been changed so the default values are a single line. The helper still formats the variable input from the user.

Related issues

Related elastic/package-spec#1030

@teresaromero teresaromero added the bugfix Pull request that fixes a bug issue label Dec 3, 2025
@teresaromero teresaromero mentioned this pull request Dec 3, 2025
Merged
2 tasks
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Dec 3, 2025
edited
Loading

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@teresaromero
Revert "fix hbs for auditd.yml.hbs"
2e9b0f3 
This reverts commit 4405d64.
@teresaromero
Refactor audit_rules formatting in auditd.yml.hbs for hbs compliance
3d4c236
@teresaromero
Revert "Refactor audit_rules formatting in auditd.yml.hbs for hbs com…
4a09c3b 
…pliance"

This reverts commit 3d4c236.
@teresaromero
fix hbs formatting for audit_rules in auditd.yml.hbs
3b3faa6
@teresaromero
Merge branch 'main' of github.com:elastic/integrations into fix-hbs-f…
50a3c79 
…iles
@teresaromero
update audit_rules formatting in auditd.yml.hbs
a92b6a5
@teresaromero
Merge branch 'main' of github.com:elastic/integrations into fix-hbs-f…
5e22ece 
…iles
@teresaromero
Update changelog and manifest for version 3.1.2: fix typo in ingest p…
bb93595 
…ipeline and bump version netskope
@teresaromero
add bugfix at changelog for hbs format in ingest pipeline; bump versi…
6764b12 
…on to 1.19.1 auditd_manager
@teresaromero teresaromero marked this pull request as ready for review December 11, 2025 09:15
@teresaromero teresaromero requested review from a team as code owners December 11, 2025 09:15
mrodm
mrodm reviewed Dec 11, 2025
View reviewed changes
packages/netskope/data_stream/alerts_events_v2/agent/stream/gcs.yml.hbs Outdated
processors:
{{processors}}
{{/if}}
{{/if}}
Copy link
Collaborator

@mrodm mrodm Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this closing "if" be moved between line 41 and 42 (after setting all tags)?

--- packages/netskope/data_stream/alerts_events_v2/agent/stream/gcs.yml.hbs
+++ packages/netskope/data_stream/alerts_events_v2/agent/stream/gcs.yml.hbs
@@ -39,6 +39,7 @@ tags:
 {{#each tags as |tag|}}
   - {{tag}}
 {{/each}}
+{{/if}}
 {{#contains "forwarded" tags}}
 publisher_pipeline.disable_host: true
 {{/contains}}
@@ -46,4 +47,3 @@ publisher_pipeline.disable_host: true
 processors:
 {{processors}}
 {{/if}}
-{{/if}}

Copy link
Collaborator

@mrodm mrodm Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or should it be after checking the forwarded tag ?

--- packages/netskope/data_stream/alerts_events_v2/agent/stream/gcs.yml.hbs
+++ packages/netskope/data_stream/alerts_events_v2/agent/stream/gcs.yml.hbs
@@ -42,8 +42,8 @@ tags:
 {{#contains "forwarded" tags}}
 publisher_pipeline.disable_host: true
 {{/contains}}
+{{/if}}
 {{#if processors}}
 processors:
 {{processors}}
 {{/if}}
-{{/if}}

Copy link
Contributor Author

@teresaromero teresaromero Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, you are right, i've changed into before forwarded, as this condition is based on tags but does not modify the tag list, it adds a bool variable to the policy.
I've checked this changed adding two policy test to the package 🧪

@andrewkroh andrewkroh added Team:Security-Linux Platform Linux Platform Security team [elastic/sec-linux-platform] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Dec 11, 2025
@elasticmachine
Copy link

elasticmachine commented Dec 11, 2025

Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)

@elasticmachine
Copy link

elasticmachine commented Dec 11, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

kcreddy
kcreddy approved these changes Dec 16, 2025
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

netskope changes LGTM ✅

@elasticmachine
Copy link

elasticmachine commented Dec 17, 2025
edited
Loading

💛 Build succeeded, but was flaky

Failed CI Steps

History

@teresaromero
Copy link
Contributor Author

teresaromero commented Dec 19, 2025

@elastic/sec-linux-platform hi! could you take a look to this change? thanks!

@teresaromero teresaromero mentioned this pull request Dec 19, 2025
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrodm mrodm mrodm left review comments

@kcreddy kcreddy kcreddy approved these changes

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

bugfix Pull request that fixes a bug issue Integration:auditd_manager Auditd Manager Integration:netskope Netskope Team:Security-Linux Platform Linux Platform Security team [elastic/sec-linux-platform] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@teresaromero @elasticmachine @mrodm @kcreddy @andrewkroh