[8.19](backport #47956) [azure-eventhub] Support for AMQP-over-WebSocket transport in the processor v2

[mergify]

Proposed commit message

Support for AMQP-over-WebSocket transport in the azure-eventhub processor v2.

Enterprise users often need to comply with network restrictions, which means using AMQP may not be an option.

In addition to AMQP-over-WebSocket support, this change allows users to run the azure-eventhub input behind an HTTPS proxy.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works. Where relevant, I have used the stresstest.sh script to run them under stress conditions and race detector to verify their stability.
• I have added an entry in ./changelog/fragments using the changelog tool.

Disruptive User Impact

No disruptive user impact. The input still defaults to AMQP transport, and unless users switch to WS transport, the behavior is unchanged.

Author's Checklist

• Test with an actual proxy
• Update the documentation for AMQP-over-WebSocket
• Update the documentation HTTPS proxy

How to test this PR locally

I used the following Filebeat config:

# x-pack/filebeat/filebeat.yml
filebeat.inputs:
- type: azure-eventhub
  enabled: true

  # Event Hub configuration
  eventhub: "${EVENTHUB_NAME}"
  connection_string: "${EVENTHUB_CONNECTION_STRING}"
  consumer_group: "${EVENTHUB_CONSUMER_GROUP}"

  # Azure Storage configuration for checkpointing
  storage_account: "${STORAGE_ACCOUNT}"
  storage_account_connection_string: "${STORAGE_ACCOUNT_CONNECTION_STRING}"

  # Optional settings
  processor_version: ${PROCESSOR_VERSION}
  migrate_checkpoint: ${MIGRATE_CHECKPOINT}
  transport: "${TRANSPORT}"

Here are a couple of vscode configuration to test the WebSocket-only and WebSocket with HTTPS proxy scenarios (make sure to replace the placeholders YOUR * GOES HERE with actual values).

WebSocket only

{
    "version": "0.2.0",
    "configurations": [
        {
            "name": "Launch Filebeat",
            "type": "go",
            "request": "launch",
            "mode": "auto",
            "program": "${workspaceFolder}/x-pack/filebeat/main.go",
            "args": [
                "-e",
                "-v",
                "-d",
                "*",
                "--strict.perms=false",
                "--path.home",
                "${workspaceFolder}/x-pack/filebeat",
                "-E",
                "cloud.id=<YOUR CLOUD ID GOES HERE>",
                "-E",
                "cloud.auth=<YOUR USERNAME GOES HERE>:<YOUR PASSWORD GOES HERE>",
                "-E",
                "gc_percent=100",
                "-E",
                "setup.ilm.enabled=false",
                "-E",
                "setup.template.enabled=false",
                "-E",
                "output.elasticsearch.allow_older_versions=true"
            ],
            "env": {
                "EVENTHUB_NAME": "logs",
                "EVENTHUB_CONNECTION_STRING": "<YOUR EVENT HUB CONNECTION STRING GOES HERE>",
                "EVENTHUB_CONSUMER_GROUP": "$Default",
                "STORAGE_ACCOUNT": "<YOUR STORAGE ACCOUNT NAME GOES HERE>",
                "STORAGE_ACCOUNT_KEY": "<YOUR STORAGE ACCOUNT KEY GOES HERE>",
                "STORAGE_ACCOUNT_CONNECTION_STRING": "<YOUR STORAGE ACCOUNT CONNECTION STRING GOES HERE>",
                "PROCESSOR_VERSION": "v2",
                "MIGRATE_CHECKPOINT": "true",
                "TRANSPORT": "websocket"
            }
        }
    ]
}

WebSocket with HTTPS proxy

{
    "version": "0.2.0",
    "configurations": [
        {
            "name": "Launch Filebeat",
            "type": "go",
            "request": "launch",
            "mode": "auto",
            "program": "${workspaceFolder}/x-pack/filebeat/main.go",
            "args": [
                "-e",
                "-v",
                "-d",
                "*",
                "--strict.perms=false",
                "--path.home",
                "${workspaceFolder}/x-pack/filebeat",
                "-E",
                "cloud.id=<YOUR CLOUD ID GOES HERE>",
                "-E",
                "cloud.auth=<YOUR USERNAME GOES HERE>:<YOUR PASSWORD GOES HERE>",
                "-E",
                "gc_percent=100",
                "-E",
                "setup.ilm.enabled=false",
                "-E",
                "setup.template.enabled=false",
                "-E",
                "output.elasticsearch.allow_older_versions=true"
            ],
            "env": {
                "EVENTHUB_NAME": "logs",
                "EVENTHUB_CONNECTION_STRING": "<YOUR EVENT HUB CONNECTION STRING GOES HERE>",
                "EVENTHUB_CONSUMER_GROUP": "$Default",
                "STORAGE_ACCOUNT": "<YOUR STORAGE ACCOUNT NAME GOES HERE>",
                "STORAGE_ACCOUNT_KEY": "<YOUR STORAGE ACCOUNT KEY GOES HERE>",
                "STORAGE_ACCOUNT_CONNECTION_STRING": "<YOUR STORAGE ACCOUNT CONNECTION STRING GOES HERE>",
                "PROCESSOR_VERSION": "v2",
                "MIGRATE_CHECKPOINT": "true",
                "TRANSPORT": "websocket",
                "HTTP_PROXY": "http://127.0.0.1:9090",
                "HTTPS_PROXY": "http://127.0.0.1:9090"
            }
        }
    ]
}

To test the proxy support, I used mitmproxy, an interactive HTTPS proxy with request inspection:

# Install
brew install mitmproxy  # macOS
# or
pip install mitmproxy

# Run the proxy
mitmproxy -p 9090

Since the Azure services require using an HTTPS proxy, you also need to set up a certificate for mitmproxy. See https://docs.mitmproxy.org/stable/concepts/certificates/ fore more details.

The mitmproxy main view:

Upgrade to AMQP-over-WebSocket:

WebSocket details:

Event hub messages received using AMQP-over-websocket through the proxy:

Related issues

• Closes [azure-eventhub] Add support for AMQP-over-WebSocket #47823
• Relates [Filebeat] HTTP(S) proxy support within module azureeventhub #26328

Use cases

---

This is an automatic backport of pull request #47956 done by [Mergify](https://mergify.com).

[mergify]

Cherry-pick of af5d23e has failed:

On branch mergify/bp/8.19/pr-47956
Your branch is up to date with 'origin/8.19'.

You are currently cherry-picking commit af5d23e75.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	new file:   changelog/fragments/1765280088-azure-eventhub-v2-add-support-for-amqp-over-websocket-and-https-proxy.yaml

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   go.mod
	both modified:   go.sum
	both modified:   x-pack/filebeat/input/azureeventhub/auth.go

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

[github-actions]

🤖 GitHub comments

Just comment with:

• run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

Pinging @elastic/obs-ds-hosted-services (Team:obs-ds-hosted-services)

[github-actions]

TL;DR

All 34 Buildkite failures are caused by unresolved Git merge-conflict markers committed in this backport (fd4d832b43c9abfa670ab31bd88458e4ddb9ea46). Resolve conflicts in go.mod, go.sum, and x-pack/filebeat/input/azureeventhub/auth.go, then regenerate deps (go mod tidy) and rerun CI.

Remediation

• Remove conflict blocks (<<<<<<<, =======, >>>>>>>) and keep the intended combined logic in:
  • go.mod:235
  • go.sum:95
  • x-pack/filebeat/input/azureeventhub/auth.go:72, :117 (per pre-commit log)
• Run dependency normalization and checks after conflict resolution:
  • go mod tidy
  • targeted checks used by CI (for example make -C libbeat check update and pre-commit run --all-files)

Investigation details

Root Cause

Classification: Configuration/source-control error (unresolved merge conflict), not an infrastructure failure.

The commit message itself declares unresolved cherry-pick conflicts (# Conflicts: go.mod, go.sum, x-pack/filebeat/input/azureeventhub/auth.go), and the failing jobs show parsers/hooks tripping on conflict markers.

Evidence

• Build: https://buildkite.com/elastic/beats/builds/43877

• Representative failing steps:

  • Libbeat: Run check/update
  • Libbeat: Run pre-commit

• Key log excerpts:

  • /tmp/gh-aw/buildkite-logs/beats-libbeat-libbeat-run-checkupdate.txt:107

    ../go.mod:235: malformed module path "<<<<<<<": invalid char '<'
    

  • /tmp/gh-aw/buildkite-logs/beats-libbeat-libbeat-run-pre-commit.txt:121

    x-pack/filebeat/input/azureeventhub/auth.go:72: Merge conflict string '<<<<<<<' found
    

  • /tmp/gh-aw/buildkite-logs/beats-libbeat-libbeat-run-pre-commit.txt:133

    go.mod:235: Merge conflict string '<<<<<<<' found
    

  • /tmp/gh-aw/buildkite-logs/beats-libbeat-libbeat-run-pre-commit.txt:139

    go.sum:95: Merge conflict string '<<<<<<<' found
    

• Commit contents at the failing SHA confirm marker locations:

  • go.mod:235, go.mod:238, go.mod:240
  • go.sum:95, go.sum:98, go.sum:101

Verification

Not run locally against the PR head SHA because the workflow environment does not have that commit checked out; diagnosis is based on Buildkite logs plus direct file-content lookup at SHA fd4d832b43c9abfa670ab31bd88458e4ddb9ea46.

Follow-up

After conflict resolution, all current failures should clear together because they are downstream effects of the same parse/hook failure.

Note

🔒 Integrity filtering filtered 2 items

Integrity filtering activated and filtered the following items during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.

• pr:[8.19](backport #47956) [azure-eventhub] Support for AMQP-over-WebSocket transport in the processor v2 #50025 (pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)
• issue:[8.19](backport #47956) [azure-eventhub] Support for AMQP-over-WebSocket transport in the processor v2 #50025 (issue_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)

---

What is this? | From workflow: PR Buildkite Detective

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.