Skip to content

fix integrations with failing parsing hbs templates #16230

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
teresaromero merged 15 commits into from
Dec 30, 2025
Merged

fix integrations with failing parsing hbs templates #16230

Show file tree
Hide file tree
Changes from 11 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
4405d64
fix hbs for auditd.yml.hbs
teresaromero Dec 3, 2025
702ddef
fix hbs closing tag in gcs.yml.hbs
teresaromero Dec 3, 2025
2e9b0f3
Revert "fix hbs for auditd.yml.hbs"
teresaromero Dec 5, 2025
3d4c236
Refactor audit_rules formatting in auditd.yml.hbs for hbs compliance
teresaromero Dec 5, 2025
4a09c3b
Revert "Refactor audit_rules formatting in auditd.yml.hbs for hbs com…
teresaromero Dec 5, 2025
3b3faa6
fix hbs formatting for audit_rules in auditd.yml.hbs
teresaromero Dec 10, 2025
50a3c79
Merge branch 'main' of github.com:elastic/integrations into fix-hbs-f…
teresaromero Dec 10, 2025
a92b6a5
update audit_rules formatting in auditd.yml.hbs
teresaromero Dec 11, 2025
5e22ece
Merge branch 'main' of github.com:elastic/integrations into fix-hbs-f…
teresaromero Dec 11, 2025
bb93595
Update changelog and manifest for version 3.1.2: fix typo in ingest p…
teresaromero Dec 11, 2025
6764b12
add bugfix at changelog for hbs format in ingest pipeline; bump versi…
teresaromero Dec 11, 2025
b17d38d
Add GCS test policies and update GCS stream template for Netskope int…
teresaromero Dec 11, 2025
0d0dd2a
Merge branch 'main' into fix-hbs-files
teresaromero Dec 15, 2025
802e947
Merge branch 'main' into fix-hbs-files
teresaromero Dec 17, 2025
90556e7
Merge branch 'main' into fix-hbs-files
teresaromero Dec 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions packages/auditd_manager/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.19.1"
changes:
- description: Fix hbs format in the ingest pipeline for auditd data stream.
type: bugfix
link: https://github.com/elastic/integrations/pull/16230
- version: "1.19.0"
changes:
- description: Update Kibana constraint to 9.0
Expand Down
6 changes: 1 addition & 5 deletions packages/auditd_manager/data_stream/auditd/agent/stream/auditd.yml.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,7 @@ immutable: {{immutable}}
resolve_ids: {{resolve_ids}}
failure_mode: {{failure_mode}}
{{#if session_data}}
audit_rules: "{{escape_multiline_string "# Session data audit rules
-a always,exit -F arch=b64 -S execve,execveat -k exec
-a always,exit -F arch=b64 -S exit_group
-a always,exit -F arch=b64 -S setsid
"}}{{escape_multiline_string audit_rules}}"
audit_rules: "# Session data audit rules\n-a always,exit -F arch=b64 -S execve,execveat -k exec\n-a always,exit -F arch=b64 -S exit_group\n-a always,exit -F arch=b64 -S setsid\n{{escape_multiline_string audit_rules}}"
{{else}}
{{#if audit_rules}}
audit_rules: {{escape_string audit_rules}}
Expand Down
2 changes: 1 addition & 1 deletion packages/auditd_manager/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
format_version: "3.0.0"
name: auditd_manager
title: "Auditd Manager"
version: "1.19.0"
version: "1.19.1"
description: "The Auditd Manager Integration receives audit events from the Linux Audit Framework that is a part of the Linux kernel."
type: integration
categories:
Expand Down
8 changes: 6 additions & 2 deletions packages/netskope/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "3.1.2"
changes:
- description: Fix typo in the ingest pipeline for alerts_events_v2 data stream.
type: bugfix
link: https://github.com/elastic/integrations/pull/16230
- version: "3.1.1"
changes:
- description: Added advanced configuration options for setting and overriding content-type of log files.
Expand All @@ -12,8 +17,7 @@
- version: "3.0.0"
changes:
- description: >-
Add alerts_events_v2 data stream to support fetching alert v2 and event v2 data from a single queue.
Users using SQS input should consider disabling alerts_v2 and events_v2 to avoid conflicts, and use the combined data stream instead.
Add alerts_events_v2 data stream to support fetching alert v2 and event v2 data from a single queue. Users using SQS input should consider disabling alerts_v2 and events_v2 to avoid conflicts, and use the combined data stream instead.
type: breaking-change
link: https://github.com/elastic/integrations/pull/15697
- version: "2.3.0"
Expand Down
1 change: 1 addition & 0 deletions packages/netskope/data_stream/alerts_events_v2/agent/stream/gcs.yml.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,3 +46,4 @@ publisher_pipeline.disable_host: true
processors:
{{processors}}
{{/if}}
{{/if}}
Copy link
Collaborator

@mrodm mrodm Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this closing "if" be moved between line 41 and 42 (after setting all tags)?

--- packages/netskope/data_stream/alerts_events_v2/agent/stream/gcs.yml.hbs
+++ packages/netskope/data_stream/alerts_events_v2/agent/stream/gcs.yml.hbs
@@ -39,6 +39,7 @@ tags:
 {{#each tags as |tag|}}
   - {{tag}}
 {{/each}}
+{{/if}}
 {{#contains "forwarded" tags}}
 publisher_pipeline.disable_host: true
 {{/contains}}
@@ -46,4 +47,3 @@ publisher_pipeline.disable_host: true
 processors:
 {{processors}}
 {{/if}}
-{{/if}}

Copy link
Collaborator

@mrodm mrodm Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or should it be after checking the forwarded tag ?

--- packages/netskope/data_stream/alerts_events_v2/agent/stream/gcs.yml.hbs
+++ packages/netskope/data_stream/alerts_events_v2/agent/stream/gcs.yml.hbs
@@ -42,8 +42,8 @@ tags:
 {{#contains "forwarded" tags}}
 publisher_pipeline.disable_host: true
 {{/contains}}
+{{/if}}
 {{#if processors}}
 processors:
 {{processors}}
 {{/if}}
-{{/if}}

Copy link
Contributor Author

@teresaromero teresaromero Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, you are right, i've changed into before forwarded, as this condition is based on tags but does not modify the tag list, it adds a bool variable to the policy.
I've checked this changed adding two policy test to the package 🧪

2 changes: 1 addition & 1 deletion packages/netskope/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
format_version: "3.0.3"
name: netskope
title: "Netskope"
version: "3.1.1"
version: "3.1.2"
description: Collect logs from Netskope with Elastic Agent.
type: integration
categories:
Expand Down