From 1cf23661026d4998087acd6ebc5122ba5372cd2e Mon Sep 17 00:00:00 2001
From: Chris Mark <chrismarkou92@gmail.com>
Date: Wed, 7 Apr 2021 16:01:51 +0300
Subject: [PATCH 1/6] Kubernetes_secrets provider improvements (#24912)

Signed-off-by: chrismark <chrismarkou92@gmail.com>
---
 deploy/kubernetes/elastic-agent-standalone-kubernetes.yml    | 5 +++++
 .../elastic-agent-standalone-role.yaml                       | 5 +++++
 .../providers/kubernetessecrets/kubernetes_secrets.go        | 3 +++
 3 files changed, 13 insertions(+)

diff --git a/deploy/kubernetes/elastic-agent-standalone-kubernetes.yml b/deploy/kubernetes/elastic-agent-standalone-kubernetes.yml
index cf867d43ad3c..5d83516f686c 100644
--- a/deploy/kubernetes/elastic-agent-standalone-kubernetes.yml
+++ b/deploy/kubernetes/elastic-agent-standalone-kubernetes.yml
@@ -623,6 +623,11 @@ rules:
       - events
       - pods
     verbs: ["get", "list", "watch"]
+  # Enable this rule only if planing to use kubernetes_secrets provider
+  #- apiGroups: [""]
+  #  resources:
+  #  - secrets
+  #  verbs: ["get"]
   - apiGroups: ["extensions"]
     resources:
       - replicasets
diff --git a/deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-role.yaml b/deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-role.yaml
index dcf2b4a5ff29..13b3554b83cc 100644
--- a/deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-role.yaml
+++ b/deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-role.yaml
@@ -12,6 +12,11 @@ rules:
       - events
       - pods
     verbs: ["get", "list", "watch"]
+  # Enable this rule only if planing to use kubernetes_secrets provider
+  #- apiGroups: [""]
+  #  resources:
+  #  - secrets
+  #  verbs: ["get"]
   - apiGroups: ["extensions"]
     resources:
       - replicasets
diff --git a/x-pack/elastic-agent/pkg/composable/providers/kubernetessecrets/kubernetes_secrets.go b/x-pack/elastic-agent/pkg/composable/providers/kubernetessecrets/kubernetes_secrets.go
index 4af00bc766e5..5588a546a295 100644
--- a/x-pack/elastic-agent/pkg/composable/providers/kubernetessecrets/kubernetes_secrets.go
+++ b/x-pack/elastic-agent/pkg/composable/providers/kubernetessecrets/kubernetes_secrets.go
@@ -47,6 +47,9 @@ func ContextProviderBuilder(logger *logger.Logger, c *config.Config) (corecomp.C
 
 func (p *contextProviderK8sSecrets) Fetch(key string) (string, bool) {
 	// key = "kubernetes_secrets.somenamespace.somesecret.value"
+	if p.client == nil {
+		return "", false
+	}
 	tokens := strings.Split(key, ".")
 	if len(tokens) > 0 && tokens[0] != "kubernetes_secrets" {
 		return "", false

From ead29fce3e70cdde225f7fe7ab68ac93d561c3b6 Mon Sep 17 00:00:00 2001
From: Marc Guasch <marc-gr@users.noreply.github.com>
Date: Wed, 7 Apr 2021 15:49:18 +0200
Subject: [PATCH 2/6] Debug empty root field instead of error (#24966)

---
 .../input/httpjson/internal/v2/response.go         | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/x-pack/filebeat/input/httpjson/internal/v2/response.go b/x-pack/filebeat/input/httpjson/internal/v2/response.go
index cc5f6605bc5d..31e13cf579b1 100644
--- a/x-pack/filebeat/input/httpjson/internal/v2/response.go
+++ b/x-pack/filebeat/input/httpjson/internal/v2/response.go
@@ -118,14 +118,20 @@ func (rp *responseProcessor) startProcessing(stdCtx context.Context, trCtx *tran
 				}
 
 				if err := rp.split.run(trCtx, tr, ch); err != nil {
-					if err == errEmptyField {
+					switch err {
+					case errEmptyField:
 						// nothing else to send for this page
 						rp.log.Debug("split operation finished")
 						continue
+					case errEmptyRootField:
+						// root field not found, most likely the response is empty
+						rp.log.Debug(err)
+						return
+					default:
+						rp.log.Debug("split operation failed")
+						ch <- maybeMsg{err: err}
+						return
 					}
-					rp.log.Debug("split operation failed")
-					ch <- maybeMsg{err: err}
-					return
 				}
 			}
 		}

From 9ccbce6a59a53cac99f297036d701a30e0428ffd Mon Sep 17 00:00:00 2001
From: Victor Martinez <victormartinezrubio@gmail.com>
Date: Wed, 7 Apr 2021 15:48:40 +0100
Subject: [PATCH 3/6] CI: use ubuntu-20 (#24963)

---
 .ci/beats-tester.groovy        | 2 +-
 .ci/build-docker-images.groovy | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.ci/beats-tester.groovy b/.ci/beats-tester.groovy
index 3650246e9663..8d96fb1efeaa 100644
--- a/.ci/beats-tester.groovy
+++ b/.ci/beats-tester.groovy
@@ -24,7 +24,7 @@ pipeline {
   }
   stages {
     stage('Filter build') {
-      agent { label 'ubuntu && immutable' }
+      agent { label 'ubuntu-20' }
       when {
         beforeAgent true
         anyOf {
diff --git a/.ci/build-docker-images.groovy b/.ci/build-docker-images.groovy
index 417e2fefae4a..a59aeb8da8f8 100644
--- a/.ci/build-docker-images.groovy
+++ b/.ci/build-docker-images.groovy
@@ -3,7 +3,7 @@
 @Library('apm@current') _
 
 pipeline {
-  agent { label 'ubuntu-16 && immutable' }
+  agent { label 'ubuntu-20' }
   environment {
     REPO = 'beats'
     BASE_DIR = "src/github.com/elastic/${env.REPO}"

From 3b99e4275a787191623ea5d136e5a0b695e0e4ba Mon Sep 17 00:00:00 2001
From: Andrew Stucki <andrew.stucki@elastic.co>
Date: Wed, 7 Apr 2021 11:29:24 -0400
Subject: [PATCH 4/6] Only show deprecation warnings for CN-based verification
 once (#24948)

---
 libbeat/common/transport/tlscommon/config.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/libbeat/common/transport/tlscommon/config.go b/libbeat/common/transport/tlscommon/config.go
index 30009c2b13be..cebc251fd49f 100644
--- a/libbeat/common/transport/tlscommon/config.go
+++ b/libbeat/common/transport/tlscommon/config.go
@@ -19,12 +19,15 @@ package tlscommon
 
 import (
 	"crypto/tls"
+	"sync"
 
 	"github.com/joeshaw/multierror"
 
 	"github.com/elastic/beats/v7/libbeat/common/cfgwarn"
 )
 
+var warnOnce sync.Once
+
 // Config defines the user configurable options in the yaml file.
 type Config struct {
 	Enabled          *bool                   `config:"enabled" yaml:"enabled,omitempty"`
@@ -98,7 +101,9 @@ func LoadTLSConfig(config *Config) (*TLSConfig, error) {
 // Validate values the TLSConfig struct making sure certificate sure we have both a certificate and
 // a key.
 func (c *Config) Validate() error {
-	cfgwarn.Deprecate("8.0.0", "Treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present is going to be removed. Please update your certificates if needed.")
+	warnOnce.Do(func() {
+		cfgwarn.Deprecate("8.0.0", "Treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present is going to be removed. Please update your certificates if needed.")
+	})
 
 	return c.Certificate.Validate()
 }

From a2440a662e5550c53f97bfaf69faef4824cdc986 Mon Sep 17 00:00:00 2001
From: Victor Martinez <victormartinezrubio@gmail.com>
Date: Wed, 7 Apr 2021 17:26:03 +0100
Subject: [PATCH 5/6] [mergify] backport automation to 7.x, 7.12 and 7.11
 (#24608)

---
 .mergify.yml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 .mergify.yml

diff --git a/.mergify.yml b/.mergify.yml
new file mode 100644
index 000000000000..d3793facbbad
--- /dev/null
+++ b/.mergify.yml
@@ -0,0 +1,42 @@
+pull_request_rules:
+  - name: backport patches to 7.x branch
+    conditions:
+      - merged
+      - base=master
+      - label=backport-v7.13.0
+    actions:
+      backport:
+        branches:
+          - "7.x"
+  - name: backport patches to 7.12 branch
+    conditions:
+      - merged
+      - base=master
+      - label=backport-v7.12.0
+    actions:
+      backport:
+        branches:
+          - "7.12"
+  - name: backport patches to 7.11 branch
+    conditions:
+      - merged
+      - base=master
+      - label=backport-v7.11.0
+    actions:
+      backport:
+        branches:
+          - "7.11"
+  - name: ask to resolve conflict
+    conditions:
+      - conflict
+    actions:
+        comment:
+          message: |
+            This pull request is now in conflicts. Could you fix it? 🙏
+            To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/
+            ```
+            git fetch upstream
+            git checkout -b {{head}} upstream/{{head}}
+            git merge upstream/{{base}}
+            git push upstream {{head}}
+            ```

From 156ec34ab6af0fe98321d932a5eaf8eb49193ac0 Mon Sep 17 00:00:00 2001
From: Victor Martinez <victormartinezrubio@gmail.com>
Date: Wed, 7 Apr 2021 17:46:05 +0100
Subject: [PATCH 6/6] CI: curl seems to be available but where cannot find it
 (#24965)

---
 .ci/scripts/install-tools.bat | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.ci/scripts/install-tools.bat b/.ci/scripts/install-tools.bat
index 6131997a9c0e..438d2dec6491 100644
--- a/.ci/scripts/install-tools.bat
+++ b/.ci/scripts/install-tools.bat
@@ -8,10 +8,12 @@ IF NOT EXIST "%PROGRAMFILES(X86)%" (
 )
 set PATH=%WORKSPACE%\bin;C:\ProgramData\chocolatey\bin;C:\tools\mingw%MINGW_ARCH%\bin;%PATH%
 
-where /q curl
-IF ERRORLEVEL 1 (
+curl --version >nul 2>&1 && (
+    echo found curl
+) || (
     choco install curl -y --no-progress --skipdownloadcache
 )
+
 mkdir %WORKSPACE%\bin
 
 IF EXIST "%PROGRAMFILES(X86)%" (