X-pack/winlogbeat/module: ignore opcode field on Windows 2022

Also prohibit generating golden files for PowerShell on Windows 2022 to prevent unnecessary work in discovering that this will fail on other versions.
elastic · May 2, 2022 · 24da692 · 24da692
1 parent 8039eaa
commit 24da692
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 1 deletion.
diff --git a/x-pack/winlogbeat/module/powershell/test/powershell_windows_test.go b/x-pack/winlogbeat/module/powershell/test/powershell_windows_test.go
@@ -5,9 +5,11 @@
 package test
 
 import (
+	"strings"
 	"testing"
 
 	"github.com/elastic/beats/v7/x-pack/winlogbeat/module"
+	"github.com/elastic/go-sysinfo/providers/windows"
 
 	// Register required processors.
 	_ "github.com/elastic/beats/v7/libbeat/cmd/instance"
@@ -21,5 +23,20 @@ var ignoreFields = []string{
 }
 
 func TestPowerShell(t *testing.T) {
+	// FIXME: We do not get opcode strings in the XML on Windows 2022, so ignore that
+	// field there. Only apply this to that platform to avoid regressions elsewhere.
+	// This means that golden values should be generated on a non-2022 version of
+	// Windows to ensure that this field is properly rendered. This is checked in
+	// the module.TestPipeline function.
+	os, err := windows.OperatingSystem()
+	if err != nil {
+		t.Fatalf("failed to get operating system info: %v", err)
+	}
+	t.Logf("running tests on %s", os.Name)
+	if strings.Contains(os.Name, "2022") {
+		ignoreFields = append(ignoreFields, "winlog.opcode")
+		t.Log("ignoring winlog.opcode")
+	}
+
 	module.TestPipeline(t, "testdata/*.evtx", module.WithFieldFilter(ignoreFields))
 }
diff --git a/x-pack/winlogbeat/module/testing_windows.go b/x-pack/winlogbeat/module/testing_windows.go
@@ -25,6 +25,7 @@ import (
 	"github.com/elastic/beats/v7/winlogbeat/eventlog"
 	"github.com/elastic/elastic-agent-libs/config"
 	"github.com/elastic/elastic-agent-libs/mapstr"
+	"github.com/elastic/go-sysinfo/providers/windows"
 )
 
 var update = flag.Bool("update", false, "update golden files")
@@ -48,6 +49,17 @@ func WithFieldFilter(filter []string) Option {
 // and processing them with a basic enrichment. Then it compares the results against
 // a saved golden file. Use -update to regenerate the golden files.
 func TestPipeline(t *testing.T, evtx string, opts ...Option) {
+	// FIXME: We cannot generate golden files on Windows 2022.
+	if *update {
+		os, err := windows.OperatingSystem()
+		if err != nil {
+			t.Fatalf("failed to get operating system info: %v", err)
+		}
+		if strings.Contains(os.Name, "2022") {
+			t.Fatal("cannot generate golden files on Windows 2022: see note in powershell/test/powershell_windows_test.go")
+		}
+	}
+
 	files, err := filepath.Glob(evtx)
 	if err != nil {
 		t.Fatal(err)
@@ -141,7 +153,7 @@ func testPipeline(t testing.TB, evtx string, p *params) {
 		return
 	}
 	for i, e := range events {
-		assertEqual(t, expected[i], normalize(t, e))
+		assertEqual(t, filterEvent(expected[i], p.ignoreFields), normalize(t, e))
 	}
 }