Disable Filebeat's o365audit input and o365 module in FIPS builds

[ycombinator]

Proposed commit message

This PR ensures that the Filebeat o365 module is only included in non-FIPS builds of Filebeat. It also ensures that the Filebeat o365audit input, which is used by the the o365 module, is only included in non-FIPS builds of Filebeat. In other words, neither the o365 module nor the o365audit input will be available in FIPS-capable Filebeat artifacts.

The o365audit input depends on the Azure Go SDK, specifically the github.com/Azure/azure-sdk-for-go/sdk/azidentity package. This package uses the golang.org/x/crypto/pkcs12 package, which is not FIPS-compliant, and the SDK doesn't plan to offer a way to disable the use of this package at compile time (see Azure/azure-sdk-for-go#24336).

As such, we have little choice but to exclude the o365audit input and the only module that uses it, o365, from FIPS-capable Filebeat builds.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Disruptive User Impact

FIPS-capable artifacts of Filebeat will not contain the o365 module or the o365audit input.

[github-actions]

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

• run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

[mergify]

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @ycombinator? 🙏.
For such, you'll need to label your PR with:

• The upcoming major version of the Elastic Stack
• The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-8./d is the label to automatically backport to the 8./d branch. /d is the digit
• backport-active-all is the label that automatically backports to all active branches.
• backport-active-8 is the label that automatically backports to all active minor branches for the 8 major.
• backport-active-9 is the label that automatically backports to all active minor branches for the 9 major.

[efd6]

This looks like two PRs, one enabling and one that is what's described on the tin. Could we separate them? Also, please include the import path that leads to the concerning import.

[ycombinator]

This looks like two PRs, one enabling and one that is what's described on the tin. Could we separate them?

Created #44920 to enable the module exclusion. Will rework this PR here to only be about what's on the tin once the enabling PR is merged.

[ycombinator]

Also, please include the import path that leads to the concerning import.

Update the PR description. Let me know if that looks good to you.

[efd6]

Let me know if that looks good to you.

Thanks. Crystal clear now.

[elasticmachine]

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)