From 3dae71d2d10afa3de3d7e7bdc05778dcc7b83527 Mon Sep 17 00:00:00 2001
From: Jaime Soriano Pastor <jaime.soriano@elastic.co>
Date: Thu, 7 Oct 2021 11:23:15 +0200
Subject: [PATCH 1/2] Explicitly pass http config to doppler consumer (#28277)

Explicitly pass the TLS and proxy settings to doppler consumer, don't
rely on the type of the underlying transport.
Fixes issue initializing the client.

(cherry picked from commit 6a841cf9818453f1de2d99a6f9c7df45e06eff19)
---
 CHANGELOG.next.asciidoc                            | 14 ++++++++++++++
 .../libbeat/common/cloudfoundry/dopplerconsumer.go | 12 ++++--------
 x-pack/libbeat/common/cloudfoundry/hub.go          |  7 ++++---
 3 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index cbf5f06a89f..107a2891503 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -43,6 +43,20 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Disable the option of running --machine-learning on its own. {pull}20241[20241]
 - Fix PANW field spelling "veredict" to "verdict" on event.action {pull}18808[18808]
 - Add support for GMT timezone offsets in `decode_cef`. {pull}20993[20993]
+- Fix parsing of Elasticsearch node name by `elasticsearch/slowlog` fileset. {pull}14547[14547]
+- threatintel module: Changed the type of `threatintel.indicator.first_seen` from `keyword` to `date`. {pull}26765[26765]
+- Remove all alias fields pointing to ECS fields from modules. This affects the Suricata and Traefik modules. {issue}10535[10535] {pull}26627[26627]
+- Add option for S3 input to work without SQS notification {issue}18205[18205] {pull}27332[27332]
+- Fix Crowdstrike ingest pipeline that was creating flattened `process` fields. {issue}27622[27622] {pull}27623[27623]
+- Rename `log.path` to `log.file.path` in filestream to be consistent with `log` input and ECS. {pull}27761[27761]
+- Removes old module aliases for `googlecloud` (moved to gcp) and `apache2` (moved to apache). {pull}27919[27919]
+- Removes old module name aliases (gsuite) and removing old cyberark module in favor of the new cyberarkpas{pull}27915[27915]
+- Only filesets that are explicitly configured will be enabled. {issue}17256[17256] {pull}27526[27526]
+- All filesets are disabled in the default configuration. {issue}17256[17256] {pull}27762[27762]
+- Remove deprecated fields in Kafka module. {pull}27938[27938]
+- Remove deprecated fields in coredns module. {pull}28196[28196]
+- Remove old `httpjson` config implementation. {pull}28054[28054]
+- Fix initialization of http client in Cloudfoundry input. {issue}28271[28271] {pull}28277[28277]
 
 *Heartbeat*
 
diff --git a/x-pack/libbeat/common/cloudfoundry/dopplerconsumer.go b/x-pack/libbeat/common/cloudfoundry/dopplerconsumer.go
index 96349eeb7ea..bd00d424953 100644
--- a/x-pack/libbeat/common/cloudfoundry/dopplerconsumer.go
+++ b/x-pack/libbeat/common/cloudfoundry/dopplerconsumer.go
@@ -5,8 +5,9 @@
 package cloudfoundry
 
 import (
-	"fmt"
+	"crypto/tls"
 	"net/http"
+	"net/url"
 	"regexp"
 	"sync"
 
@@ -37,13 +38,8 @@ type DopplerConsumer struct {
 	started bool
 }
 
-func newDopplerConsumer(address string, id string, log *logp.Logger, client *http.Client, tr *TokenRefresher, callbacks DopplerCallbacks) (*DopplerConsumer, error) {
-	transport, ok := client.Transport.(*http.Transport)
-	if !ok {
-		return nil, fmt.Errorf("expected http transport on client")
-	}
-
-	c := consumer.New(address, transport.TLSClientConfig, transport.Proxy)
+func newDopplerConsumer(address string, id string, log *logp.Logger, tlsConfig *tls.Config, proxy func(*http.Request) (*url.URL, error), tr *TokenRefresher, callbacks DopplerCallbacks) (*DopplerConsumer, error) {
+	c := consumer.New(address, tlsConfig, proxy)
 	c.RefreshTokenFrom(tr)
 	c.SetDebugPrinter(newLogpDebugPrinter(log))
 
diff --git a/x-pack/libbeat/common/cloudfoundry/hub.go b/x-pack/libbeat/common/cloudfoundry/hub.go
index 9bcf929ded2..42bc786f550 100644
--- a/x-pack/libbeat/common/cloudfoundry/hub.go
+++ b/x-pack/libbeat/common/cloudfoundry/hub.go
@@ -129,13 +129,14 @@ func (h *Hub) DopplerConsumerFromClient(client *cfclient.Client, callbacks Doppl
 	if dopplerAddress == "" {
 		dopplerAddress = client.Endpoint.DopplerEndpoint
 	}
-	httpClient, _, err := h.httpClient()
+	tlsConfig, err := tlscommon.LoadTLSConfig(h.cfg.Transport.TLS)
 	if err != nil {
-		return nil, errors.Wrap(err, "getting http client")
+		return nil, errors.Wrap(err, "loading tls config")
 	}
+	proxy := h.cfg.Transport.Proxy.ProxyFunc()
 
 	tr := TokenRefresherFromCfClient(client)
-	return newDopplerConsumer(dopplerAddress, h.cfg.ShardID, h.log, httpClient, tr, callbacks)
+	return newDopplerConsumer(dopplerAddress, h.cfg.ShardID, h.log, tlsConfig.ToConfig(), proxy, tr, callbacks)
 }
 
 // doerFromClient returns an auth token doer using uaa.

From 0ed0cadcc2b93c17b234453a5a4359162c31a166 Mon Sep 17 00:00:00 2001
From: Jaime Soriano Pastor <jaime.soriano@elastic.co>
Date: Thu, 7 Oct 2021 17:42:35 +0200
Subject: [PATCH 2/2] Update CHANGELOG.next.asciidoc

---
 CHANGELOG.next.asciidoc | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index 107a2891503..05e6c50c4fd 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -43,19 +43,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Disable the option of running --machine-learning on its own. {pull}20241[20241]
 - Fix PANW field spelling "veredict" to "verdict" on event.action {pull}18808[18808]
 - Add support for GMT timezone offsets in `decode_cef`. {pull}20993[20993]
-- Fix parsing of Elasticsearch node name by `elasticsearch/slowlog` fileset. {pull}14547[14547]
-- threatintel module: Changed the type of `threatintel.indicator.first_seen` from `keyword` to `date`. {pull}26765[26765]
-- Remove all alias fields pointing to ECS fields from modules. This affects the Suricata and Traefik modules. {issue}10535[10535] {pull}26627[26627]
-- Add option for S3 input to work without SQS notification {issue}18205[18205] {pull}27332[27332]
-- Fix Crowdstrike ingest pipeline that was creating flattened `process` fields. {issue}27622[27622] {pull}27623[27623]
-- Rename `log.path` to `log.file.path` in filestream to be consistent with `log` input and ECS. {pull}27761[27761]
-- Removes old module aliases for `googlecloud` (moved to gcp) and `apache2` (moved to apache). {pull}27919[27919]
-- Removes old module name aliases (gsuite) and removing old cyberark module in favor of the new cyberarkpas{pull}27915[27915]
-- Only filesets that are explicitly configured will be enabled. {issue}17256[17256] {pull}27526[27526]
-- All filesets are disabled in the default configuration. {issue}17256[17256] {pull}27762[27762]
-- Remove deprecated fields in Kafka module. {pull}27938[27938]
-- Remove deprecated fields in coredns module. {pull}28196[28196]
-- Remove old `httpjson` config implementation. {pull}28054[28054]
 - Fix initialization of http client in Cloudfoundry input. {issue}28271[28271] {pull}28277[28277]
 
 *Heartbeat*