[9.2](backport #47956) [azure-eventhub] Support for AMQP-over-WebSocket transport in the processor v2

[mergify]

Proposed commit message

Support for AMQP-over-WebSocket transport in the azure-eventhub processor v2.

Enterprise users often need to comply with network restrictions, which means using AMQP may not be an option.

In addition to AMQP-over-WebSocket support, this change allows users to run the azure-eventhub input behind an HTTPS proxy.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works. Where relevant, I have used the stresstest.sh script to run them under stress conditions and race detector to verify their stability.
• I have added an entry in ./changelog/fragments using the changelog tool.

Disruptive User Impact

No disruptive user impact. The input still defaults to AMQP transport, and unless users switch to WS transport, the behavior is unchanged.

Author's Checklist

• Test with an actual proxy
• Update the documentation for AMQP-over-WebSocket
• Update the documentation HTTPS proxy

How to test this PR locally

I used the following Filebeat config:

# x-pack/filebeat/filebeat.yml
filebeat.inputs:
- type: azure-eventhub
  enabled: true

  # Event Hub configuration
  eventhub: "${EVENTHUB_NAME}"
  connection_string: "${EVENTHUB_CONNECTION_STRING}"
  consumer_group: "${EVENTHUB_CONSUMER_GROUP}"

  # Azure Storage configuration for checkpointing
  storage_account: "${STORAGE_ACCOUNT}"
  storage_account_connection_string: "${STORAGE_ACCOUNT_CONNECTION_STRING}"

  # Optional settings
  processor_version: ${PROCESSOR_VERSION}
  migrate_checkpoint: ${MIGRATE_CHECKPOINT}
  transport: "${TRANSPORT}"

Here are a couple of vscode configuration to test the WebSocket-only and WebSocket with HTTPS proxy scenarios (make sure to replace the placeholders YOUR * GOES HERE with actual values).

WebSocket only

{
    "version": "0.2.0",
    "configurations": [
        {
            "name": "Launch Filebeat",
            "type": "go",
            "request": "launch",
            "mode": "auto",
            "program": "${workspaceFolder}/x-pack/filebeat/main.go",
            "args": [
                "-e",
                "-v",
                "-d",
                "*",
                "--strict.perms=false",
                "--path.home",
                "${workspaceFolder}/x-pack/filebeat",
                "-E",
                "cloud.id=<YOUR CLOUD ID GOES HERE>",
                "-E",
                "cloud.auth=<YOUR USERNAME GOES HERE>:<YOUR PASSWORD GOES HERE>",
                "-E",
                "gc_percent=100",
                "-E",
                "setup.ilm.enabled=false",
                "-E",
                "setup.template.enabled=false",
                "-E",
                "output.elasticsearch.allow_older_versions=true"
            ],
            "env": {
                "EVENTHUB_NAME": "logs",
                "EVENTHUB_CONNECTION_STRING": "<YOUR EVENT HUB CONNECTION STRING GOES HERE>",
                "EVENTHUB_CONSUMER_GROUP": "$Default",
                "STORAGE_ACCOUNT": "<YOUR STORAGE ACCOUNT NAME GOES HERE>",
                "STORAGE_ACCOUNT_KEY": "<YOUR STORAGE ACCOUNT KEY GOES HERE>",
                "STORAGE_ACCOUNT_CONNECTION_STRING": "<YOUR STORAGE ACCOUNT CONNECTION STRING GOES HERE>",
                "PROCESSOR_VERSION": "v2",
                "MIGRATE_CHECKPOINT": "true",
                "TRANSPORT": "websocket"
            }
        }
    ]
}

WebSocket with HTTPS proxy

{
    "version": "0.2.0",
    "configurations": [
        {
            "name": "Launch Filebeat",
            "type": "go",
            "request": "launch",
            "mode": "auto",
            "program": "${workspaceFolder}/x-pack/filebeat/main.go",
            "args": [
                "-e",
                "-v",
                "-d",
                "*",
                "--strict.perms=false",
                "--path.home",
                "${workspaceFolder}/x-pack/filebeat",
                "-E",
                "cloud.id=<YOUR CLOUD ID GOES HERE>",
                "-E",
                "cloud.auth=<YOUR USERNAME GOES HERE>:<YOUR PASSWORD GOES HERE>",
                "-E",
                "gc_percent=100",
                "-E",
                "setup.ilm.enabled=false",
                "-E",
                "setup.template.enabled=false",
                "-E",
                "output.elasticsearch.allow_older_versions=true"
            ],
            "env": {
                "EVENTHUB_NAME": "logs",
                "EVENTHUB_CONNECTION_STRING": "<YOUR EVENT HUB CONNECTION STRING GOES HERE>",
                "EVENTHUB_CONSUMER_GROUP": "$Default",
                "STORAGE_ACCOUNT": "<YOUR STORAGE ACCOUNT NAME GOES HERE>",
                "STORAGE_ACCOUNT_KEY": "<YOUR STORAGE ACCOUNT KEY GOES HERE>",
                "STORAGE_ACCOUNT_CONNECTION_STRING": "<YOUR STORAGE ACCOUNT CONNECTION STRING GOES HERE>",
                "PROCESSOR_VERSION": "v2",
                "MIGRATE_CHECKPOINT": "true",
                "TRANSPORT": "websocket",
                "HTTP_PROXY": "http://127.0.0.1:9090",
                "HTTPS_PROXY": "http://127.0.0.1:9090"
            }
        }
    ]
}

To test the proxy support, I used mitmproxy, an interactive HTTPS proxy with request inspection:

# Install
brew install mitmproxy  # macOS
# or
pip install mitmproxy

# Run the proxy
mitmproxy -p 9090

Since the Azure services require using an HTTPS proxy, you also need to set up a certificate for mitmproxy. See https://docs.mitmproxy.org/stable/concepts/certificates/ fore more details.

The mitmproxy main view:

Upgrade to AMQP-over-WebSocket:

WebSocket details:

Event hub messages received using AMQP-over-websocket through the proxy:

Related issues

• Closes [azure-eventhub] Add support for AMQP-over-WebSocket #47823
• Relates [Filebeat] HTTP(S) proxy support within module azureeventhub #26328

Use cases

---

This is an automatic backport of pull request #47956 done by [Mergify](https://mergify.com).

[mergify]

Cherry-pick of af5d23e has failed:

On branch mergify/bp/9.2/pr-47956
Your branch is up to date with 'origin/9.2'.

You are currently cherry-picking commit af5d23e75.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	new file:   changelog/fragments/1765280088-azure-eventhub-v2-add-support-for-amqp-over-websocket-and-https-proxy.yaml

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   go.mod
	both modified:   x-pack/filebeat/input/azureeventhub/auth.go

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

[github-actions]

🤖 GitHub comments

Just comment with:

• run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

Pinging @elastic/obs-ds-hosted-services (Team:obs-ds-hosted-services)

[github-actions]

TL;DR

All 34 Buildkite failures are caused by unresolved merge-conflict markers that were committed into go.mod and x-pack/filebeat/input/azureeventhub/auth.go in the tested commit (fe18b125fd2bffcc2bfc66d7b460d8ec33eead33). Resolve those conflicts and rerun CI.

Remediation

• Remove conflict markers (<<<<<<<, =======, >>>>>>>) and keep the intended final content in:
  • go.mod
  • x-pack/filebeat/input/azureeventhub/auth.go
• Run:
  • pre-commit run --all-files
  • make -C filebeat check update && make check-no-changes

Investigation details

Root Cause

The failing jobs are not independent regressions; they all fan out from the same source issue in the checked-out PR commit: unresolved merge artifacts. pre-commit fails check-merge-conflict, and make ... check update fails because go cannot parse go.mod containing conflict tokens.

Evidence

• Build: https://buildkite.com/elastic/beats/builds/43879
• Representative failing steps:
  • Filebeat: Run pre-commit
  • Filebeat: Run check/update
  • x-pack/otel: Run check
• Key log excerpts:

x-pack/filebeat/input/azureeventhub/auth.go:72: Merge conflict string '<<<<<<<' found
x-pack/filebeat/input/azureeventhub/auth.go:74: Merge conflict string '=======' found
x-pack/filebeat/input/azureeventhub/auth.go:77: Merge conflict string '>>>>>>>' found
go.mod:236: Merge conflict string '<<<<<<<' found
go.mod:238: Merge conflict string '=======' found
go.mod:240: Merge conflict string '>>>>>>>' found

go: errors parsing ../go.mod:
../go.mod:236: malformed module path "<<<<<<<": invalid char '<'
../go.mod:238: usage: require module/path v1.2.3
../go.mod:240: usage: require module/path v1.2.3

This matches the widespread fan-out pattern: every pipeline variant running either pre-commit or check/update fails for the same underlying reason.

Verification

Not run locally for this exact failing SHA because the commit object from Buildkite (fe18b125fd2bffcc2bfc66d7b460d8ec33eead33) is not available in the local checkout context.

Follow-up

After resolving conflicts, rerun a single pre-commit and one check/update job first; if those pass, the remaining matrix should recover without additional code changes.

Note

🔒 Integrity filtering filtered 1 item

Integrity filtering activated and filtered the following item during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.

• pr:[9.2](backport #47956) [azure-eventhub] Support for AMQP-over-WebSocket transport in the processor v2 #50027 (pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)

---

What is this? | From workflow: PR Buildkite Detective

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.