Merge branch '8.x' into mergify/bp/8.x/pr-3008

.golangci.yaml

@@ -148,9 +148,9 @@ linters-settings:
     exported-fields-are-used: false
     # Mark all local variables as used.
     local-variables-are-used: false
-  tenv:
-    all: true
-
+  usetesting:
+    os-setenv: true
+    os-temp-dir: true
   prealloc:
     simple: true
     range-loops: true

bin/golangci-lint

@@ -1 +1 @@
-.golangci-lint-1.63.4.pkg
+.golangci-lint-1.64.2.pkg

cmd/root.go

@@ -18,6 +18,7 @@
 package cmd
 
 import (
+	"errors"
 	"fmt"
 
 	"github.com/elastic/beats/v7/libbeat/cmd"
@@ -57,12 +58,12 @@ func cloudbeatCfg(rawIn *proto.UnitExpectedConfig, agentInfo *client.AgentInfo)
 	config := rawIn.Source.AsMap()
 	packagePolicyID, ok := config["package_policy_id"]
 	if !ok {
-		return nil, fmt.Errorf("'package_policy_id' element does not exist")
+		return nil, errors.New("'package_policy_id' element does not exist")
 	}
 
 	packagePolicyRevision, ok := config["revision"]
 	if !ok {
-		return nil, fmt.Errorf("'revision' element does not exist")
+		return nil, errors.New("'revision' element does not exist")
 	}
 
 	for i := range modules {

deploy/asset-inventory-cloudformation/config.go

@@ -21,6 +21,7 @@
 package main
 
 import (
+	"errors"
 	"fmt"
 	"reflect"
 	"strings"
@@ -95,19 +96,19 @@ func bindEnvs(iface any, parts ...string) error {
 
 func validateConfig(cfg *config) error {
 	if cfg.StackName == "" {
-		return fmt.Errorf("missing required flag: STACK_NAME")
+		return errors.New("missing required flag: STACK_NAME")
 	}
 
 	if cfg.FleetURL == "" {
-		return fmt.Errorf("missing required flag: FLEET_URL")
+		return errors.New("missing required flag: FLEET_URL")
 	}
 
 	if cfg.EnrollmentToken == "" {
-		return fmt.Errorf("missing required flag: ENROLLMENT_TOKEN")
+		return errors.New("missing required flag: ENROLLMENT_TOKEN")
 	}
 
 	if cfg.ElasticAgentVersion == "" {
-		return fmt.Errorf("missing required flag: ELASTIC_AGENT_VERSION")
+		return errors.New("missing required flag: ELASTIC_AGENT_VERSION")
 	}
 
 	if cfg.Dev != nil {
@@ -119,7 +120,7 @@ func validateConfig(cfg *config) error {
 
 func validateDevConfig(cfg *devConfig) error {
 	if cfg.AllowSSH && cfg.KeyName == "" {
-		return fmt.Errorf("missing required flag for SSH enablement mode: DEV.KEY_NAME")
+		return errors.New("missing required flag for SSH enablement mode: DEV.KEY_NAME")
 	}
 
 	return nil

deploy/cloudformation/config.go

@@ -21,6 +21,7 @@
 package main
 
 import (
+	"errors"
 	"fmt"
 	"reflect"
 	"slices"
@@ -104,19 +105,19 @@ func bindEnvs(iface any, parts ...string) error {
 
 func validateConfig(cfg *config) error {
 	if cfg.StackName == "" {
-		return fmt.Errorf("missing required flag: STACK_NAME")
+		return errors.New("missing required flag: STACK_NAME")
 	}
 
 	if cfg.FleetURL == "" {
-		return fmt.Errorf("missing required flag: FLEET_URL")
+		return errors.New("missing required flag: FLEET_URL")
 	}
 
 	if cfg.EnrollmentToken == "" {
-		return fmt.Errorf("missing required flag: ENROLLMENT_TOKEN")
+		return errors.New("missing required flag: ENROLLMENT_TOKEN")
 	}
 
 	if cfg.ElasticAgentVersion == "" {
-		return fmt.Errorf("missing required flag: ELASTIC_AGENT_VERSION")
+		return errors.New("missing required flag: ELASTIC_AGENT_VERSION")
 	}
 
 	if cfg.Dev != nil {
@@ -133,7 +134,7 @@ func validateConfig(cfg *config) error {
 
 func validateDevConfig(cfg *devConfig) error {
 	if cfg.AllowSSH && cfg.KeyName == "" {
-		return fmt.Errorf("missing required flag for SSH enablement mode: DEV.KEY_NAME")
+		return errors.New("missing required flag for SSH enablement mode: DEV.KEY_NAME")
 	}
 
 	return nil

internal/flavors/assetinventory/strategy.go

@@ -19,6 +19,7 @@ package assetinventory
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"strings"
 	"time"
@@ -63,7 +64,7 @@ func (s *strategy) NewAssetInventory(ctx context.Context, client beat.Client) (i
 	case config.ProviderGCP:
 		fetchers, err = s.initGcpFetchers(ctx)
 	case "":
-		err = fmt.Errorf("missing config.v1.asset_inventory_provider setting")
+		err = errors.New("missing config.v1.asset_inventory_provider setting")
 	default:
 		err = fmt.Errorf("unsupported Asset Inventory provider %q", s.cfg.AssetInventoryProvider)
 	}

internal/flavors/benchmark/eks.go

@@ -19,6 +19,7 @@ package benchmark
 
 import (
 	"context"
+	"errors"
 	"fmt"
 
 	awssdk "github.com/aws/aws-sdk-go-v2/aws"
@@ -127,16 +128,16 @@ func (k *EKS) getEksAwsConfig(ctx context.Context, cfg *config.Config) (awssdk.C
 
 func (k *EKS) checkDependencies() error {
 	if k.AWSIdentityProvider == nil {
-		return fmt.Errorf("aws identity provider is uninitialized")
+		return errors.New("aws identity provider is uninitialized")
 	}
 	if k.ClientProvider == nil {
-		return fmt.Errorf("kubernetes client provider is uninitialized")
+		return errors.New("kubernetes client provider is uninitialized")
 	}
 	if k.EKSClusterNameProvider == nil {
-		return fmt.Errorf("eks cluster name provider is uninitialized")
+		return errors.New("eks cluster name provider is uninitialized")
 	}
 	if k.AWSMetadataProvider == nil {
-		return fmt.Errorf("aws metadata provider is uninitialized")
+		return errors.New("aws metadata provider is uninitialized")
 	}
 	return nil
 }

internal/inventory/azurefetcher/fetcher_activedirectory_test.go

@@ -20,7 +20,7 @@ package azurefetcher
 import (
 	"bytes"
 	"context"
-	"fmt"
+	"errors"
 	"testing"
 	"time"
 
@@ -100,7 +100,7 @@ func TestActiveDirectoryFetcher_FetchError(t *testing.T) {
 
 	provider := newMockActivedirectoryProvider(t)
 	provider.EXPECT().ListServicePrincipals(mock.Anything).Return(
-		[]*models.ServicePrincipal{}, fmt.Errorf("! error listing service principals"),
+		[]*models.ServicePrincipal{}, errors.New("! error listing service principals"),
 	)
 
 	fetcher := newActiveDirectoryFetcher(log, provider)

internal/launcher/launcher.go

@@ -248,7 +248,7 @@ func (l *launcher) waitForUpdates() (*config.C, error) {
 
 	case update, ok := <-l.reloader.Channel():
 		if !ok {
-			return nil, fmt.Errorf("reloader channel unexpectedly closed")
+			return nil, errors.New("reloader channel unexpectedly closed")
 		}
 
 		l.log.Infof("Launcher will restart %s to apply the configuration update", l.name)
@@ -285,14 +285,14 @@ func (l *launcher) reconfigureWait(timeout time.Duration) (*config.C, error) {
 	for {
 		select {
 		case <-l.beaterErr:
-			return nil, fmt.Errorf("error channel closed")
+			return nil, errors.New("error channel closed")
 
 		case <-timer:
 			return nil, fmt.Errorf("timed out waiting for reconfiguration after %s", time.Since(start))
 
 		case update, ok := <-l.reloader.Channel():
 			if !ok {
-				return nil, fmt.Errorf("reconfiguration channel is closed")
+				return nil, errors.New("reconfiguration channel is closed")
 			}
 
 			if l.validator != nil {

internal/launcher/launcher_test.go

@@ -22,7 +22,6 @@ package launcher
 
 import (
 	"errors"
-	"fmt"
 	"reflect"
 	"testing"
 	"time"
@@ -120,7 +119,7 @@ type validatorMock struct {
 func (v *validatorMock) Validate(cfg *config.C) error {
 	var err error
 	if !reflect.DeepEqual(cfg, v.expected) {
-		err = fmt.Errorf("mock validation failed")
+		err = errors.New("mock validation failed")
 	}
 
 	return err

internal/resources/fetching/fetchers/aws/ecr_fetcher_test.go

@@ -19,6 +19,7 @@ package fetchers
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"regexp"
 	"sort"
@@ -292,7 +293,7 @@ func (s *EcrFetcherTestSuite) TestCreateFetcherErrorCases() {
 					Name:  "cloudbeat",
 				},
 			},
-			fmt.Errorf("ecr error"),
+			errors.New("ecr error"),
 		},
 	}
 	for _, test := range tests {

internal/resources/fetching/fetchers/aws/elb_fetcher_test.go

@@ -19,6 +19,7 @@ package fetchers
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"regexp"
 	"testing"
@@ -169,7 +170,7 @@ func (s *ElbFetcherTestSuite) TestCreateFetcherErrorCases() {
 					Hostname: "adda9cdc89b13452e92d48be46858d37-1423035038.us-east-2.elb.amazonaws.com",
 				},
 			},
-			fmt.Errorf("elb error")},
+			errors.New("elb error")},
 	}
 	for _, test := range tests {
 		kubeclient := k8sfake.NewSimpleClientset()

internal/resources/fetching/fetchers/aws/monitoring_fetcher_test.go

@@ -19,7 +19,7 @@ package fetchers
 
 import (
 	"context"
-	"fmt"
+	"errors"
 	"testing"
 	"time"
 
@@ -77,13 +77,13 @@ func TestMonitoringFetcher_Fetch(t *testing.T) {
 			monitoring: clientMocks{
 				"AggregateResources": [2]mocks{
 					{mock.Anything},
-					{nil, fmt.Errorf("failed to run provider")},
+					{nil, errors.New("failed to run provider")},
 				},
 			},
 			securityhub: clientMocks{
 				"Describe": [2]mocks{
 					{mock.Anything},
-					{[]securityhub.SecurityHub{{}}, fmt.Errorf("failed to run provider")},
+					{[]securityhub.SecurityHub{{}}, errors.New("failed to run provider")},
 				},
 			},
 		},
@@ -92,7 +92,7 @@ func TestMonitoringFetcher_Fetch(t *testing.T) {
 			monitoring: clientMocks{
 				"AggregateResources": [2]mocks{
 					{mock.Anything},
-					{nil, fmt.Errorf("failed to run provider")},
+					{nil, errors.New("failed to run provider")},
 				},
 			},
 			securityhub: clientMocks{

internal/resources/fetching/fetchers/azure/assets_fetcher.go

@@ -51,31 +51,23 @@ type typePair struct {
 	Type    string
 }
 
-func newPair(subType string, tpe string) typePair {
-	return typePair{
-		SubType: subType,
-		Type:    tpe,
-	}
-}
-
 var AzureAssetTypeToTypePair = map[string]typePair{
-	inventory.ClassicStorageAccountAssetType:     newPair(fetching.AzureClassicStorageAccountType, fetching.CloudStorage),
-	inventory.DiskAssetType:                      newPair(fetching.AzureDiskType, fetching.CloudCompute),
-	inventory.DocumentDBDatabaseAccountAssetType: newPair(fetching.AzureDocumentDBDatabaseAccountType, fetching.CloudDatabase),
-	inventory.MySQLDBAssetType:                   newPair(fetching.AzureMySQLDBType, fetching.CloudDatabase),
-	inventory.FlexibleMySQLDBAssetType:           newPair(fetching.AzureFlexibleMySQLDBType, fetching.CloudDatabase),
-	inventory.NetworkWatchersFlowLogAssetType:    newPair(fetching.AzureNetworkWatchersFlowLogType, fetching.MonitoringIdentity),
-	inventory.FlexiblePostgreSQLDBAssetType:      newPair(fetching.AzureFlexiblePostgreSQLDBType, fetching.CloudDatabase),
-	inventory.PostgreSQLDBAssetType:              newPair(fetching.AzurePostgreSQLDBType, fetching.CloudDatabase),
-	inventory.SQLServersAssetType:                newPair(fetching.AzureSQLServerType, fetching.CloudDatabase),
-	inventory.StorageAccountAssetType:            newPair(fetching.AzureStorageAccountType, fetching.CloudStorage),
-	inventory.VirtualMachineAssetType:            newPair(fetching.AzureVMType, fetching.CloudCompute),
-	inventory.WebsitesAssetType:                  newPair(fetching.AzureWebSiteType, fetching.CloudCompute),
-	inventory.VaultAssetType:                     newPair(fetching.AzureVaultType, fetching.KeyManagement),
-	inventory.RoleDefinitionsType:                newPair(fetching.AzureRoleDefinitionType, fetching.CloudIdentity),
-
+	inventory.ClassicStorageAccountAssetType:     {fetching.AzureClassicStorageAccountType, fetching.CloudStorage},
+	inventory.DiskAssetType:                      {fetching.AzureDiskType, fetching.CloudCompute},
+	inventory.DocumentDBDatabaseAccountAssetType: {fetching.AzureDocumentDBDatabaseAccountType, fetching.CloudDatabase},
+	inventory.MySQLDBAssetType:                   {fetching.AzureMySQLDBType, fetching.CloudDatabase},
+	inventory.FlexibleMySQLDBAssetType:           {fetching.AzureFlexibleMySQLDBType, fetching.CloudDatabase},
+	inventory.NetworkWatchersFlowLogAssetType:    {fetching.AzureNetworkWatchersFlowLogType, fetching.MonitoringIdentity},
+	inventory.FlexiblePostgreSQLDBAssetType:      {fetching.AzureFlexiblePostgreSQLDBType, fetching.CloudDatabase},
+	inventory.PostgreSQLDBAssetType:              {fetching.AzurePostgreSQLDBType, fetching.CloudDatabase},
+	inventory.SQLServersAssetType:                {fetching.AzureSQLServerType, fetching.CloudDatabase},
+	inventory.StorageAccountAssetType:            {fetching.AzureStorageAccountType, fetching.CloudStorage},
+	inventory.VirtualMachineAssetType:            {fetching.AzureVMType, fetching.CloudCompute},
+	inventory.WebsitesAssetType:                  {fetching.AzureWebSiteType, fetching.CloudCompute},
+	inventory.VaultAssetType:                     {fetching.AzureVaultType, fetching.KeyManagement},
+	inventory.RoleDefinitionsType:                {fetching.AzureRoleDefinitionType, fetching.CloudIdentity},
 	// This asset type is used only for enrichment purposes, but is sent to OPA layer, producing no findings.
-	inventory.NetworkSecurityGroupAssetType: newPair(fetching.AzureNetworkSecurityGroupType, fetching.MonitoringIdentity),
+	inventory.NetworkSecurityGroupAssetType: {fetching.AzureNetworkSecurityGroupType, fetching.MonitoringIdentity},
 }
 
 // In order to simplify the mappings, we are trying to query all AzureAssetTypeToTypePair on every asset group

internal/resources/fetching/fetchers/azure/batch_fetcher.go

@@ -41,9 +41,9 @@ type AzureBatchAssetFetcher struct {
 }
 
 var AzureBatchAssets = map[string]typePair{
-	inventory.ActivityLogAlertAssetType: newPair(fetching.AzureActivityLogAlertType, fetching.MonitoringIdentity),
-	inventory.ApplicationInsights:       newPair(fetching.AzureInsightsComponentType, fetching.MonitoringIdentity),
-	inventory.BastionAssetType:          newPair(fetching.AzureBastionType, fetching.CloudDns),
+	inventory.ActivityLogAlertAssetType: {fetching.AzureActivityLogAlertType, fetching.MonitoringIdentity},
+	inventory.ApplicationInsights:       {fetching.AzureInsightsComponentType, fetching.MonitoringIdentity},
+	inventory.BastionAssetType:          {fetching.AzureBastionType, fetching.CloudDns},
 }
 
 // In order to simplify the mappings, we are trying to query all AzureBatchAssets on every asset group

internal/resources/fetching/fetchers/azure/locations_network_watcher_batch_fetcher.go

@@ -92,7 +92,10 @@ func (f *AzureLocationsNetworkWatcherAssetBatchFetcher) fetchNetworkWatchersPerL
 		case f.resourceCh <- fetching.ResourceInfo{
 			CycleMetadata: metadata,
 			Resource: &NetworkWatchersBatchedByLocationResource{
-				typePair:        newPair(fetching.AzureNetworkWatchersType, fetching.MonitoringIdentity),
+				typePair: typePair{
+					SubType: fetching.AzureNetworkWatchersType,
+					Type:    fetching.MonitoringIdentity,
+				},
 				Subscription:    subscription,
 				Location:        location,
 				NetworkWatchers: groupedWatchers[location.Name],

internal/resources/fetching/fetchers/azure/locations_network_watcher_batch_fetcher_test.go

@@ -330,7 +330,10 @@ func batchedNetworkWatcherByLocationResourceInfo(cycle cycle.Metadata, subscript
 	return fetching.ResourceInfo{
 		CycleMetadata: cycle,
 		Resource: &NetworkWatchersBatchedByLocationResource{
-			typePair:        newPair(fetching.AzureNetworkWatchersType, fetching.MonitoringIdentity),
+			typePair: typePair{
+				SubType: fetching.AzureNetworkWatchersType,
+				Type:    fetching.MonitoringIdentity,
+			},
 			Subscription:    subscription,
 			Location:        azAssetLocation(subscription.ShortID, location),
 			NetworkWatchers: networkWatchers,

internal/resources/fetching/fetchers/azure/security_fetcher.go

@@ -44,8 +44,8 @@ func NewAzureSecurityAssetFetcher(log *clog.Logger, ch chan fetching.ResourceInf
 }
 
 var AzureSecurityAssetTypeToTypePair = map[string]typePair{
-	inventory.SecurityContactsAssetType:            newPair(fetching.AzureSecurityContactsType, fetching.MonitoringIdentity),
-	inventory.SecurityAutoProvisioningSettingsType: newPair(fetching.AzureAutoProvisioningSettingsType, fetching.MonitoringIdentity),
+	inventory.SecurityContactsAssetType:            {fetching.AzureSecurityContactsType, fetching.MonitoringIdentity},
+	inventory.SecurityAutoProvisioningSettingsType: {fetching.AzureAutoProvisioningSettingsType, fetching.MonitoringIdentity},
 }
 
 func (f *AzureSecurityAssetFetcher) Fetch(ctx context.Context, cycleMetadata cycle.Metadata) error {