[Auditbeat] Process metricset: Skip permission errors on Windows (ela…

…stic#9863) Changes the process metricset to skip the System Process (PID: 0) as well as any process access has been denied to on Windows. Adds Windows to the documentation. Fixes elastic#9748.
leweafan · Jan 4, 2019 · e42ffec · e42ffec
1 parent 1443646
commit e42ffec
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 10 deletions.
diff --git a/x-pack/auditbeat/docs/modules/system.asciidoc b/x-pack/auditbeat/docs/modules/system.asciidoc
@@ -14,8 +14,8 @@ a system. All metricsets send both periodic state information (e.g. all currentl
 running processes) and real-time changes (e.g. when a new process starts
 or stops).
 
-The module is fully implemented for Linux, and partially implemented
-for macOS (Darwin).
+The module is fully implemented for Linux. Some metricsets are also available
+for macOS (Darwin) and Windows.
 
 [float]
 === How it works

diff --git a/x-pack/auditbeat/module/system/_meta/docs.asciidoc b/x-pack/auditbeat/module/system/_meta/docs.asciidoc
@@ -9,8 +9,8 @@ a system. All metricsets send both periodic state information (e.g. all currentl
 running processes) and real-time changes (e.g. when a new process starts
 or stops).
 
-The module is fully implemented for Linux, and partially implemented
-for macOS (Darwin).
+The module is fully implemented for Linux. Some metricsets are also available
+for macOS (Darwin) and Windows.
 
 [float]
 === How it works

diff --git a/x-pack/auditbeat/module/system/process/_meta/docs.asciidoc b/x-pack/auditbeat/module/system/process/_meta/docs.asciidoc
@@ -4,4 +4,4 @@ experimental[]
 
 This is the `process` metricset of the system module.
 
-It is implemented for Linux and macOS (Darwin).
+It is implemented for Linux, macOS (Darwin), and Windows.
diff --git a/x-pack/auditbeat/module/system/process/process.go b/x-pack/auditbeat/module/system/process/process.go
@@ -329,6 +329,13 @@ func (ms *MetricSet) getProcesses() ([]*Process, error) {
 				continue
 			}
 
+			if runtime.GOOS == "windows" && (pid == 0 || os.IsPermission(err)) {
+				// On Windows, the call to Process() can fail if Auditbeat does not have
+				// the necessary access rights, while trying to open the System Process (PID: 0)
+				// will always fail.
+				continue
+			}
+
 			// Record what we can and continue
 			process = &Process{
 				Info: types.ProcessInfo{

diff --git a/x-pack/auditbeat/module/system/process/process_test.go b/x-pack/auditbeat/module/system/process/process_test.go
@@ -5,17 +5,13 @@
 package process
 
 import (
-	"runtime"
 	"testing"
 
 	"github.com/elastic/beats/auditbeat/core"
 	mbtest "github.com/elastic/beats/metricbeat/mb/testing"
 )
 
 func TestData(t *testing.T) {
-	if runtime.GOOS == "windows" {
-		t.Skip("Fails on Windows - https://github.com/elastic/beats/issues/9748")
-	}
 	f := mbtest.NewReportingMetricSetV2(t, getConfig())
 	events, errs := mbtest.ReportingFetchV2(f)
 	if len(errs) > 0 {

diff --git a/x-pack/auditbeat/tests/system/test_metricsets.py b/x-pack/auditbeat/tests/system/test_metricsets.py
@@ -33,7 +33,6 @@ def test_metricset_packages(self):
         self.check_metricset("system", "packages", COMMON_FIELDS + fields, warnings_allowed=True)
 
     @unittest.skipIf(sys.platform == "darwin" and os.geteuid != 0, "Requires root on macOS")
-    @unittest.skipIf(sys.platform == "win32", "Fails on Windows - https://github.com/elastic/beats/issues/9748")
     def test_metricset_process(self):
         """
         process metricset collects information about processes running on a system.
Original file line number	Diff line number	Diff line change
Expand Up		@@ -4,4 +4,4 @@ experimental[]

		This is the `process` metricset of the system module.

		It is implemented for Linux and macOS (Darwin).
		It is implemented for Linux, macOS (Darwin), and Windows.