aws: re-enable system tests for securityhub data streams and silence expected template error

[efd6]

Proposed commit message

aws: re-enable system tests for securityhub data streams and silence expected template error

For cert updates, in _dev/deploy/docker/files run

(for securityhub_findings and securityhub_findings_full_posture)

openssl req -x509 -newkey rsa:2048 -keyout private.key -out certificate.crt -sha256 -days 3650 -nodes -subj "/C=XX/L=Default City/O=Default Company Ltd/CN=securityhub.xxxx.amazonaws.cn"

(for securityhub_insights)

openssl req -x509 -newkey rsa:2048 -keyout private.key -out certificate.crt -sha256 -days 3650 -nodes -subj "/C=XX/L=Default City/O=Default Company Ltd/CN=securityhub.xxxx.amazonaws.com"

and then distribute the certificate to the system test configs.

Also fix incorrect use of 'with' in guardduty agent template. 

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.
• I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

• [ ]

How to test this PR locally

Related issues

Screenshots

[elastic-vault-github-plugin-prod]

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: bd3c5be

cc @efd6

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[andrewkroh]

/test stack 9.1.2

[andrewkroh]

LGTM.

[andrewkroh]

With the 9.1.2 test there are a few failures due to the status reporting, I assume some of this relates back to elastic/beats#45664, but the last one looks like a different problem?

system test: (elastic-agent logs - default) in aws.securityhub_insights

test case failed: one or more errors found while examining elastic-agent.logs1489050619: [0] found error "Unit state changed httpjson-default-httpjson-securityhub-83af48fd-90ff-4557-8595-ca941bfeed04 (HEALTHY->DEGRADED): failed to execute template NextToken: template: :1:16: executing \"\" at <.last_response.body.NextToken>: map has no entry for key \"NextToken\""

system test: (elastic-agent logs - default) in aws.securityhub_findings_full_posture

test case failed: one or more errors found while examining elastic-agent.logs1530129037: [0] found error "Unit state changed httpjson-default-httpjson-securityhub-ecd30790-bc41-46d0-a8d0-3dd87eabfa63 (HEALTHY->DEGRADED): failed to execute template NextToken: the template result is empty"

system test: (elastic-agent logs - default) in aws.guardduty

test case failed: one or more errors found while examining elastic-agent.logs4244851378: [0] found error "Unit state changed httpjson-default-httpjson-guardduty-8c55f2b2-d6f6-4e4e-80f6-d66fc91ffb61 (HEALTHY->DEGRADED): failed to execute template last_execution_datetime: template: :1:89: executing \"\" at <.last_event.updatedAt>: can't evaluate field last_event in type []interface {}"

[efd6]

The first two tests are both flaky, but I can improve the situation with the first one so that it and the second can be addressed with elastic/beats#45664.

The last one is due to the incorrect use of a with. I'll fix that here.

[efd6]

/test stack 9.1.2

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: feb4929

cc @efd6

[elastic-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

[elasticmachine]

💔 Build Failed

• Buildkite Build
• Commit: feb4929

Failed CI Steps

• Check integrations aws

History

cc @efd6

[elastic-vault-github-plugin-prod]

Package aws - 3.14.0 containing this change is available at https://epr.elastic.co/package/aws/3.14.0/