Update Golang to 1.15.7

[kvch]

What does this PR do?

This PR updates the Go version in the repository to 1.15.7.

Why is it important?

Numerous improvements are coming with the new version of Golang. The most noteworthy is the binary sizes are reduced by 5-8%. You can check out the release notes of Golang 1.15 for more information.

Another change is that the deprecated, legacy behaviour of treating the CommonName field on X.509 certificates as a hostname when no Subject Alternative Names are present is now disabled by default. We do not expect users to update their certificates immediately. Thus, the default behaviour is kept for all existing verification modes. Furthermore, a new verification mode is added named strict. If this mode is selected Beats expects to have a SAN in the certificate.

verification_mode	behaviour
""	CommonName is checked if no DNSName is available, then full check (previous behaviour)
"strict"	full check with new strict SAN requirements
"full"	CommonName is checked if no DNSName is available, then full check (previous behaviour, default value)
"certificate"	certificate check without hostname (previous behaviour)
"none"	no check (previous behaviour)

The legacy behaviour is going to be removed in the next major version 8.0. We expect users to update their certificates so it does not depend on CommonName.

Checklist

• My code follows the style guidelines of this project
  - [ ] I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
  - [ ] I have made corresponding change to the default configuration files
  - [ ] I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

A new crossbuilder image is required: elastic/golang-crossbuild#68

[elasticmachine]

Pinging @elastic/ingest-management (Team:Ingest Management)

[elasticmachine]

Pinging @elastic/integrations-services (Team:Services)

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Build Cause: Pull request #22495 updated

• • Start Time: 2021-01-21T16:21:09.270+0000

• Duration: 101 min 48 sec

• Commit: 6b9e908ec37a1b96fc4bebd7394b76b3420ba151

Test stats 🧪

Test	Results
Failed	0
Passed	37954
Skipped	3483
Total	41437

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test	Results
Failed	0
Passed	37954
Skipped	3483
Total	41437

[elasticmachine]

🐛 Flaky test report

❕ There are test failures but not known flaky tests.

Expand to view the summary

Test stats 🧪

Test	Results
Failed	5
Passed	15734
Skipped	1218
Total	16957

Genuine test errors

💔 There are test failures but not known flaky tests, most likely a genuine test failure.

    * **Name**: `Build&Test / winlogbeat-windows-windows-2019 / test_invalid_ignore_older – winlogbeat.tests.system.test_config.Test`
    * **Name**: `Build&Test / libbeat-build / TestPublishListTLS – redis`
    * **Name**: `Build&Test / libbeat-build / TestWithSchema – redis`
    * **Name**: `Build&Test / libbeat-build / TestWithSchema/sredis_schema_sends_via_tls – redis`
    * **Name**: `Build&Test / libbeat-build / TestPublishChannelTLS – redis`

[urso]

Another change is that the deprecated, legacy behaviour of treating the CommonName field on X.509 certificates as a hostname when no Subject Alternative Names are present is now disabled by default. This required a follow up in the tests of tlscomon and the Agent.

This could be a breaking change and hit users by surprise (setting up CA pipeline can be a pain). We either have to point this out in the release notes, or reenable SAN for the time being (maybe disable with 8.0).

[kvch]

Yes, it is a breaking change. I wanted to discuss it before merging. What I had in mind is basically disable this change in 7.x and notify users about the upcoming breaking change in 8.x.

[urso]

1.15.5 is out already :)

Yes, it is a breaking change. I wanted to discuss it before merging. What I had in mind is basically disable this change in 7.x

Can we disable it in 7.x, but already warn if we see certificates that can cause problems in the future?

[v1v]

/test

I've just added macOS, arm and windows-7-32 labels to validate it works as expected also in the CI

[kvch]

jenkins run tests

[kvch]

jenkins run tests

[urso]

with the updates to certificate creation, do we still need to set this flag? Using "GODEBUG" here might break in the future right? Will we have to update tests again then?

[kvch]

It is not needed. However, I kept these environment variables to make sure we are running go with the same env variables as our users.

[urso]

👍

[elasticmachine]

💔 Tests Failed

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Build Cause: Pull request #22495 updated

• • Start Time: 2021-01-21T19:26:02.081+0000

• Duration: 52 min 58 sec

• Commit: b437395

Test stats 🧪

Test	Results
Failed	1
Passed	37966
Skipped	3482
Total	41449

Test errors

Expand to view the tests failures

Build&Test / metricbeat-goIntegTest / TestData – github.com/elastic/beats/v7/metricbeat/module/kafka/consumergroup

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestData
Found orphan containers (metricbeat_8_0_0_b4373950a5-snapshot_http_1, metricbeat_8_0_0_b4373950a5-snapshot_haproxy_1, metricbeat_8_0_0_b4373950a5-snapshot_golang_1, metricbeat_8_0_0_b4373950a5-snapshot_etcd_1, metricbeat_8_0_0_b4373950a5-snapshot_envoyproxy_1, metricbeat_8_0_0_b4373950a5-snapshot_dropwizard_1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Creating metricbeat_8_0_0_b4373950a5-snapshot_kafka_1 ... 
Creating metricbeat_8_0_0_b4373950a5-snapshot_kafka_1 ... error

ERROR: for metricbeat_8_0_0_b4373950a5-snapshot_kafka_1  Cannot create container for service kafka: Conflict. The container name "/metricbeat_8_0_0_b4373950a5-snapshot_kafka_1" is already in use by container "08e157b8507144da14f600b114ce1d14d5cd57c35c726870107d1f09ebb5aae7". You have to remove (or rename) that container to be able to reuse that name.

ERROR: for kafka  Cannot create container for service kafka: Conflict. The container name "/metricbeat_8_0_0_b4373950a5-snapshot_kafka_1" is already in use by container "08e157b8507144da14f600b114ce1d14d5cd57c35c726870107d1f09ebb5aae7". You have to remove (or rename) that container to be able to reuse that name.
Encountered errors while bringing up the project.
    consumergroup_integration_test.go:43: failed to start service 'kafka: exit status 1
Found orphan containers (metricbeat_8_0_0_b4373950a5-snapshot_http_1, metricbeat_8_0_0_b4373950a5-snapshot_haproxy_1, metricbeat_8_0_0_b4373950a5-snapshot_golang_1, metricbeat_8_0_0_b4373950a5-snapshot_etcd_1, metricbeat_8_0_0_b4373950a5-snapshot_envoyproxy_1, metricbeat_8_0_0_b4373950a5-snapshot_dropwizard_1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Recreating metricbeat_8_0_0_b4373950a5-snapshot_kafka_1 ... 
Recreating metricbeat_8_0_0_b4373950a5-snapshot_kafka_1 ... error

ERROR: for metricbeat_8_0_0_b4373950a5-snapshot_kafka_1  Renaming a container with the same name as its current name

ERROR: for kafka  Renaming a container with the same name as its current name
Encountered errors while bringing up the project.
    consumergroup_integration_test.go:43: failed to start service 'kafka: exit status 1
Found orphan containers (metricbeat_8_0_0_b4373950a5-snapshot_http_1, metricbeat_8_0_0_b4373950a5-snapshot_haproxy_1, metricbeat_8_0_0_b4373950a5-snapshot_golang_1, metricbeat_8_0_0_b4373950a5-snapshot_etcd_1, metricbeat_8_0_0_b4373950a5-snapshot_envoyproxy_1, metricbeat_8_0_0_b4373950a5-snapshot_dropwizard_1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Recreating metricbeat_8_0_0_b4373950a5-snapshot_kafka_1 ... 
Recreating metricbeat_8_0_0_b4373950a5-snapshot_kafka_1 ... error

ERROR: for metricbeat_8_0_0_b4373950a5-snapshot_kafka_1  Renaming a container with the same name as its current name

ERROR: for kafka  Renaming a container with the same name as its current name
Encountered errors while bringing up the project.
    consumergroup_integration_test.go:43: failed to start service 'kafka: exit status 1
    consumergroup_integration_test.go:50: starting kafka consumer: kafka: client has run out of available brokers to talk to (Is your cluster reachable?)
--- FAIL: TestData (36.19s)
 

Steps errors

Expand to view the steps failures

metricbeat-goIntegTest - mage goIntegTest

• Took 26 min 11 sec . View more details on here
• Description: mage goIntegTest

Error signal

• Took 0 min 0 sec . View more details on here
• Description: Error 'hudson.AbortException: script returned exit code 1'

Log output

Expand to view the last 100 lines of log output

[2021-01-21T20:17:38.413Z] ok  	github.com/elastic/beats/v7/metricbeat/module/kubernetes/state_container	0.169s	coverage: 69.4% of statements
[2021-01-21T20:17:38.413Z] ok  	github.com/elastic/beats/v7/metricbeat/module/kubernetes/state_deployment	0.175s	coverage: 63.0% of statements
[2021-01-21T20:17:38.413Z] ok  	github.com/elastic/beats/v7/metricbeat/module/kubernetes/container	0.509s	coverage: 80.4% of statements
[2021-01-21T20:17:38.413Z] ok  	github.com/elastic/beats/v7/metricbeat/module/kubernetes/pod	0.456s	coverage: 78.0% of statements
[2021-01-21T20:17:38.413Z] ok  	github.com/elastic/beats/v7/metricbeat/module/kubernetes/node	0.458s	coverage: 76.9% of statements
[2021-01-21T20:17:40.326Z] ok  	github.com/elastic/beats/v7/metricbeat/module/kubernetes/state_node	0.151s	coverage: 68.4% of statements
[2021-01-21T20:17:41.713Z] ok  	github.com/elastic/beats/v7/metricbeat/module/kubernetes/util	0.033s	coverage: 26.8% of statements
[2021-01-21T20:17:42.280Z] ok  	github.com/elastic/beats/v7/metricbeat/module/kubernetes/state_replicaset	0.144s	coverage: 63.0% of statements
[2021-01-21T20:17:42.280Z] ok  	github.com/elastic/beats/v7/metricbeat/module/kubernetes/state_pod	0.145s	coverage: 63.0% of statements
[2021-01-21T20:17:42.280Z] ok  	github.com/elastic/beats/v7/metricbeat/module/kubernetes/state_statefulset	0.136s	coverage: 63.0% of statements
[2021-01-21T20:17:42.280Z] ?   	github.com/elastic/beats/v7/metricbeat/module/kubernetes/test	[no test files]
[2021-01-21T20:17:42.540Z] 
[2021-01-21T20:17:42.540Z] DONE 31 tests in 38.599s
[2021-01-21T20:17:43.107Z] >> go test: Integration-kubernetes Test Passed
[2021-01-21T20:17:48.383Z] make: Leaving directory '/var/lib/jenkins/workspace/Beats_beats_PR-22495/src/github.com/elastic/beats/metricbeat'
[2021-01-21T20:17:48.766Z] + make -C deploy/kubernetes test
[2021-01-21T20:17:48.766Z] make: Entering directory '/var/lib/jenkins/workspace/Beats_beats_PR-22495/src/github.com/elastic/beats/deploy/kubernetes'
[2021-01-21T20:17:48.766Z] Generating filebeat-kubernetes.yaml
[2021-01-21T20:17:48.766Z] Generating metricbeat-kubernetes.yaml
[2021-01-21T20:17:48.766Z] Generating auditbeat-kubernetes.yaml
[2021-01-21T20:17:48.766Z] Generating heartbeat-kubernetes.yaml
[2021-01-21T20:17:48.766Z] for FILE in auditbeat-kubernetes.yaml elastic-agent-kubernetes.yaml filebeat-kubernetes.yaml heartbeat-kubernetes.yaml metricbeat-kubernetes.yaml; do \
[2021-01-21T20:17:48.766Z] 	BEAT=$(echo $FILE | cut -d \- -f 1); \
[2021-01-21T20:17:48.766Z] 	kubectl create -f $FILE; \
[2021-01-21T20:17:48.766Z] done
[2021-01-21T20:17:48.766Z] configmap/auditbeat-config created
[2021-01-21T20:17:48.766Z] configmap/auditbeat-daemonset-modules created
[2021-01-21T20:17:48.766Z] daemonset.apps/auditbeat created
[2021-01-21T20:17:48.766Z] clusterrolebinding.rbac.authorization.k8s.io/auditbeat created
[2021-01-21T20:17:48.766Z] clusterrole.rbac.authorization.k8s.io/auditbeat created
[2021-01-21T20:17:49.025Z] serviceaccount/auditbeat created
[2021-01-21T20:17:49.025Z] daemonset.apps/agent-ingest-management-nodescope created
[2021-01-21T20:17:49.025Z] deployment.apps/agent-ingest-management-clusterscope created
[2021-01-21T20:17:49.025Z] clusterrolebinding.rbac.authorization.k8s.io/agent-ingest-management created
[2021-01-21T20:17:49.025Z] clusterrole.rbac.authorization.k8s.io/agent-ingest-management created
[2021-01-21T20:17:49.025Z] serviceaccount/agent-ingest-management created
[2021-01-21T20:17:49.283Z] configmap/filebeat-config created
[2021-01-21T20:17:49.283Z] daemonset.apps/filebeat created
[2021-01-21T20:17:49.283Z] clusterrolebinding.rbac.authorization.k8s.io/filebeat created
[2021-01-21T20:17:49.283Z] clusterrole.rbac.authorization.k8s.io/filebeat created
[2021-01-21T20:17:49.283Z] serviceaccount/filebeat created
[2021-01-21T20:17:49.542Z] configmap/heartbeat-deployment-config created
[2021-01-21T20:17:49.542Z] deployment.apps/heartbeat created
[2021-01-21T20:17:49.542Z] clusterrolebinding.rbac.authorization.k8s.io/heartbeat created
[2021-01-21T20:17:49.542Z] clusterrole.rbac.authorization.k8s.io/heartbeat created
[2021-01-21T20:17:49.543Z] serviceaccount/heartbeat created
[2021-01-21T20:17:49.543Z] configmap/metricbeat-daemonset-config created
[2021-01-21T20:17:49.543Z] configmap/metricbeat-daemonset-modules created
[2021-01-21T20:17:49.543Z] daemonset.apps/metricbeat created
[2021-01-21T20:17:49.543Z] clusterrolebinding.rbac.authorization.k8s.io/metricbeat created
[2021-01-21T20:17:49.543Z] clusterrole.rbac.authorization.k8s.io/metricbeat created
[2021-01-21T20:17:49.815Z] serviceaccount/metricbeat created
[2021-01-21T20:17:49.815Z] make: Leaving directory '/var/lib/jenkins/workspace/Beats_beats_PR-22495/src/github.com/elastic/beats/deploy/kubernetes'
[2021-01-21T20:17:50.116Z] + kind delete cluster
[2021-01-21T20:17:50.116Z] Deleting cluster "kind" ...
[2021-01-21T20:17:52.406Z] Client: Docker Engine - Community
[2021-01-21T20:17:52.406Z]  Version:           20.10.2
[2021-01-21T20:17:52.406Z]  API version:       1.41
[2021-01-21T20:17:52.406Z]  Go version:        go1.13.15
[2021-01-21T20:17:52.406Z]  Git commit:        2291f61
[2021-01-21T20:17:52.406Z]  Built:             Mon Dec 28 16:17:32 2020
[2021-01-21T20:17:52.406Z]  OS/Arch:           linux/amd64
[2021-01-21T20:17:52.406Z]  Context:           default
[2021-01-21T20:17:52.406Z]  Experimental:      true
[2021-01-21T20:17:52.406Z] 
[2021-01-21T20:17:52.406Z] Server: Docker Engine - Community
[2021-01-21T20:17:52.406Z]  Engine:
[2021-01-21T20:17:52.406Z]   Version:          20.10.2
[2021-01-21T20:17:52.406Z]   API version:      1.41 (minimum version 1.12)
[2021-01-21T20:17:52.406Z]   Go version:       go1.13.15
[2021-01-21T20:17:52.406Z]   Git commit:       8891c58
[2021-01-21T20:17:52.406Z]   Built:            Mon Dec 28 16:15:09 2020
[2021-01-21T20:17:52.406Z]   OS/Arch:          linux/amd64
[2021-01-21T20:17:52.406Z]   Experimental:     false
[2021-01-21T20:17:52.406Z]  containerd:
[2021-01-21T20:17:52.406Z]   Version:          1.4.3
[2021-01-21T20:17:52.406Z]   GitCommit:        269548fa27e0089a8b8278fc4fc781d7f65a939b
[2021-01-21T20:17:52.406Z]  runc:
[2021-01-21T20:17:52.406Z]   Version:          1.0.0-rc92
[2021-01-21T20:17:52.406Z]   GitCommit:        ff819c7e9184c13b7c2607fe6c30ae19403a7aff
[2021-01-21T20:17:52.406Z]  docker-init:
[2021-01-21T20:17:52.406Z]   Version:          0.19.0
[2021-01-21T20:17:52.406Z]   GitCommit:        de40ad0
[2021-01-21T20:17:52.406Z] Unable to find image 'alpine:3.4' locally
[2021-01-21T20:17:53.342Z] 3.4: Pulling from library/alpine
[2021-01-21T20:17:53.601Z] c1e54eec4b57: Pulling fs layer
[2021-01-21T20:17:53.861Z] c1e54eec4b57: Verifying Checksum
[2021-01-21T20:17:53.861Z] c1e54eec4b57: Download complete
[2021-01-21T20:17:54.120Z] c1e54eec4b57: Pull complete
[2021-01-21T20:17:54.120Z] Digest: sha256:b733d4a32c4da6a00a84df2ca32791bb03df95400243648d8c539e7b4cce329c
[2021-01-21T20:17:54.120Z] Status: Downloaded newer image for alpine:3.4
[2021-01-21T20:17:59.036Z] Stage "Packaging" skipped due to earlier failure(s)
[2021-01-21T20:17:59.099Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-22495/src/github.com/elastic/beats
[2021-01-21T20:17:59.311Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats_PR-22495
[2021-01-21T20:17:59.387Z] [INFO] getVaultSecret: Getting secrets
[2021-01-21T20:17:59.477Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2021-01-21T20:18:00.208Z] + chmod 755 generate-build-data.sh
[2021-01-21T20:18:00.208Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-22495/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-22495/runs/53 FAILURE 3117867
[2021-01-21T20:18:00.458Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-22495/runs/53/steps/?limit=10000 -o steps-info.json
[2021-01-21T20:18:04.580Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-22495/runs/53/tests/?status=FAILED -o tests-errors.json

🐛 Flaky test report

❕ There are test failures but not known flaky tests.

Expand to view the summary

Test stats 🧪

Test	Results
Failed	1
Passed	37966
Skipped	3482
Total	41449

Genuine test errors

💔 There are test failures but not known flaky tests, most likely a genuine test failure.

• Name: Build&Test / metricbeat-goIntegTest / TestData – github.com/elastic/beats/v7/metricbeat/module/kafka/consumergroup

[chipzzz]

Was this ever released?? the runtime golang version in 7.12.0 still 1.13 I also checked 7.15.0 - same thing

functionbeat-7.12.0-darwin-x86_64 % ./functionbeat export function pubsub |grep runtime
    runtime: go113