Resolve fips specific metricbeat and filebeat libs for ES fips image (#126312)

Also updated DRA handling to reflect resolving fips specific artifacts
2025-04-19 04:45:07 -04:00 · 2025-04-04 21:47:30 +02:00 · 2025-04-04 21:47:30 +02:00 · 6cfb2e9d4a
commit 6cfb2e9d4a
parent 4c174a891f
3 changed files with 29 additions and 2 deletions
--- a/build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/dra/DraResolvePlugin.java
+++ b/build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/dra/DraResolvePlugin.java
@ -73,6 +73,16 @@ public class DraResolvePlugin implements Plugin<Project> {
                patternLayout.artifact(
                    String.format("/%s/%s/downloads/%s/[module]/[module]-[revision]-[classifier].[ext]", draKey, buildId, draKey)
                );
+
+                if ("beats".equals(draKey)) {
+                    // we don't have a good pattern here for beats fips specific images
+                    patternLayout.artifact(
+                        String.format("/%s/%s/downloads/%s/metricbeat/[module]-[revision]-[classifier].[ext]", draKey, buildId, draKey)
+                    );
+                    patternLayout.artifact(
+                        String.format("/%s/%s/downloads/%s/filebeat/[module]-[revision]-[classifier].[ext]", draKey, buildId, draKey)
+                    );
+                }
            });
            repo.metadataSources(metadataSources -> metadataSources.artifact());
            repo.content(repositoryContentDescriptor -> repositoryContentDescriptor.includeVersionByRegex(".*", ".*", includeVersionRegex));
--- a/distribution/docker/build.gradle
+++ b/distribution/docker/build.gradle
@ -57,10 +57,14 @@ if (useDra == false) {
            patternLayout {
              if (VersionProperties.isElasticsearchSnapshot()) {
                artifact '/[organization]/[revision]/downloads/[organization]/[module]/[module]-[revision]-[classifier].[ext]'
+                artifact '/[organization]/[revision]/downloads/[organization]/filebeat/[module]-[revision]-[classifier].[ext]'
+                artifact '/[organization]/[revision]/downloads/[organization]/metricbeat/[module]-[revision]-[classifier].[ext]'
              } else {
                // When building locally we always use snapshot artifacts even if passing `-Dbuild.snapshot=false`.
                // Release builds are always done with a local repo.
                artifact '/[organization]/[revision]-SNAPSHOT/downloads/[organization]/[module]/[module]-[revision]-SNAPSHOT-[classifier].[ext]'
+                artifact '/[organization]/[revision]-SNAPSHOT/downloads/[organization]/filebeat/[module]-[revision]-SNAPSHOT-[classifier].[ext]'
+                artifact '/[organization]/[revision]-SNAPSHOT/downloads/[organization]/metricbeat/[module]-[revision]-SNAPSHOT-[classifier].[ext]'
              }
            }
          }
@ -93,9 +97,13 @@ configurations {
  tini
  allPlugins
  filebeat_aarch64
+  filebeat_fips_aarch64
  filebeat_x86_64
+  filebeat_fips_x86_64
  metricbeat_aarch64
+  metricbeat_fips_aarch64
  metricbeat_x86_64
+  metricbeat_fips_x86_64
  fips
 }

@ -111,8 +119,15 @@ dependencies {
  allPlugins project(path: ':plugins', configuration: 'allPlugins')
  filebeat_aarch64 "beats:filebeat:${VersionProperties.elasticsearch}:linux-arm64@tar.gz"
  filebeat_x86_64 "beats:filebeat:${VersionProperties.elasticsearch}:linux-x86_64@tar.gz"
+  filebeat_fips_aarch64 "beats:filebeat-fips:${VersionProperties.elasticsearch}:linux-arm64@tar.gz"
+  filebeat_fips_x86_64 "beats:filebeat-fips:${VersionProperties.elasticsearch}:linux-x86_64@tar.gz"
+
  metricbeat_aarch64 "beats:metricbeat:${VersionProperties.elasticsearch}:linux-arm64@tar.gz"
  metricbeat_x86_64 "beats:metricbeat:${VersionProperties.elasticsearch}:linux-x86_64@tar.gz"
+
+  metricbeat_fips_aarch64 "beats:metricbeat-fips:${VersionProperties.elasticsearch}:linux-arm64@tar.gz"
+  metricbeat_fips_x86_64 "beats:metricbeat-fips:${VersionProperties.elasticsearch}:linux-x86_64@tar.gz"
+
  fips "org.bouncycastle:bc-fips:1.0.2.5"
  fips "org.bouncycastle:bctls-fips:1.0.19"
 }
@ -301,8 +316,8 @@ void addBuildDockerContextTask(Architecture architecture, DockerBase base) {
        boolean includeBeats = VersionProperties.isElasticsearchSnapshot() == true || buildId != null || useDra

        if (includeBeats) {
-          from configurations.getByName("filebeat_${architecture.classifier}")
-          from configurations.getByName("metricbeat_${architecture.classifier}")
+          from configurations.getByName("filebeat_fips_${architecture.classifier}")
+          from configurations.getByName("metricbeat_fips_${architecture.classifier}")
          // For some reason, the artifact name can differ depending on what repository we used.
          rename ~/((?:file|metric)beat)-.*\.tar\.gz$/, "\$1-${VersionProperties.elasticsearch}.tar.gz"
        }
--- a/gradle/verification-metadata.xml
+++ b/gradle/verification-metadata.xml
@ -5,7 +5,9 @@
      <verify-signatures>false</verify-signatures>
      <trusted-artifacts>
         <trust group="beats" name="filebeat"/>
+         <trust group="beats" name="filebeat-fips"/>
         <trust group="beats" name="metricbeat"/>
+         <trust group="beats" name="metricbeat-fips"/>
         <trust group="elasticsearch-distribution" name="elasticsearch"/>
         <trust group="org.elasticsearch"/>
         <trust group="org.elasticsearch.distribution.zip" name="elasticsearch"/>