Switch to different UUID lib due to non-random generated UUIDs (#8458)

The previously used `github.com/satori/go-uuid` lib has a critical bug and it is no longer maintained. The community moved to an active fork of this existing lib named `github.com/gofrs/uuid`. I haven't seen other UUID libs worth mentioning apart from this.

Changes compared to the previous dependency:
* `uuid.NewV4` returns an error if the function call failed
* `uuid.Equal` is deprecated and removed. The Way is to use `==` instead.

Closes #8077

Author: kvch

CHANGELOG.asciidoc

@@ -47,6 +47,7 @@ https://github.com/elastic/beats/compare/v6.4.0...master[Check the HEAD diff]
 - Add backoff support to x-pack monitoring outputs. {issue}7966[7966]
 - Fix a race condition with the `add_host_metadata` and the event serialization. {pull}8223[8223]
 - Enforce that data used by k8s or docker doesn't use any reference. {pull}8240[8240]
+- Switch to different UUID lib due to to non-random generated UUIDs. {pull}8485[8485]
 
 *Auditbeat*
 

NOTICE.txt

@@ -1112,6 +1112,34 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
+--------------------------------------------------------------------
+Dependency: github.com/gofrs/uuid
+Version: 3.1.1
+Revision: 47cd1dca1a6e7f807d5a492bd7e7f41d0855b5a1
+License type (autodetected): MIT
+./vendor/github.com/gofrs/uuid/LICENSE:
+--------------------------------------------------------------------
+Copyright (C) 2013-2018 by Maxim Bublis <[email protected]>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
 --------------------------------------------------------------------
 Dependency: github.com/gogo/protobuf
 Revision: 636bf0302bc95575d69441b25a2603156ffdddf1
@@ -2078,33 +2106,6 @@ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
---------------------------------------------------------------------
-Dependency: github.com/satori/go.uuid
-Revision: 5bf94b69c6b68ee1b541973bb8e1144db23a194b
-License type (autodetected): MIT
-./vendor/github.com/satori/go.uuid/LICENSE:
---------------------------------------------------------------------
-Copyright (C) 2013-2016 by Maxim Bublis <[email protected]>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
 --------------------------------------------------------------------
 Dependency: github.com/shirou/gopsutil
 Version: v2.18.06

filebeat/beater/filebeat.go

@@ -191,9 +191,9 @@ func (fb *Filebeat) loadModulesPipelines(b *beat.Beat) error {
 	callback := func(esClient *elasticsearch.Client) error {
 		return fb.moduleRegistry.LoadPipelines(esClient, overwritePipelines)
 	}
-	elasticsearch.RegisterConnectCallback(callback)
+	_, err := elasticsearch.RegisterConnectCallback(callback)
 
-	return nil
+	return err
 }
 
 func (fb *Filebeat) loadModulesML(b *beat.Beat, kibanaConfig *common.Config) error {

filebeat/fileset/factory.go

@@ -18,7 +18,7 @@
 package fileset
 
 import (
-	uuid "github.com/satori/go.uuid"
+	"github.com/gofrs/uuid"
 
 	"github.com/elastic/beats/filebeat/channel"
 	input "github.com/elastic/beats/filebeat/prospector"
@@ -147,7 +147,10 @@ func (p *inputsRunner) Start() {
 		callback := func(esClient *elasticsearch.Client) error {
 			return p.moduleRegistry.LoadPipelines(esClient, p.overwritePipelines)
 		}
-		p.pipelineCallbackID = elasticsearch.RegisterConnectCallback(callback)
+		p.pipelineCallbackID, err = elasticsearch.RegisterConnectCallback(callback)
+		if err != nil {
+			logp.Err("Error registering connect callback for Elasticsearch to load pipelines: %v", err)
+		}
 	}
 
 	for _, input := range p.inputs {

filebeat/harvester/harvester.go

@@ -18,7 +18,7 @@
 package harvester
 
 import (
-	uuid "github.com/satori/go.uuid"
+	"github.com/gofrs/uuid"
 )
 
 // Harvester contains all methods which must be supported by each harvester

filebeat/harvester/registry.go

@@ -21,7 +21,7 @@ import (
 	"errors"
 	"sync"
 
-	uuid "github.com/satori/go.uuid"
+	"github.com/gofrs/uuid"
 
 	"github.com/elastic/beats/libbeat/logp"
 )

filebeat/input/log/harvester.go

@@ -37,7 +37,7 @@ import (
 	"sync"
 	"time"
 
-	"github.com/satori/go.uuid"
+	"github.com/gofrs/uuid"
 	"golang.org/x/text/transform"
 
 	"github.com/elastic/beats/libbeat/beat"
@@ -113,14 +113,19 @@ func NewHarvester(
 	outletFactory OutletFactory,
 ) (*Harvester, error) {
 
+	id, err := uuid.NewV4()
+	if err != nil {
+		return nil, err
+	}
+
 	h := &Harvester{
 		config:        defaultConfig,
 		state:         state,
 		states:        states,
 		publishState:  publishState,
 		done:          make(chan struct{}),
 		stopWg:        &sync.WaitGroup{},
-		id:            uuid.NewV4(),
+		id:            id,
 		outletFactory: outletFactory,
 	}
 

filebeat/input/redis/harvester.go

@@ -23,7 +23,7 @@ import (
 	"time"
 
 	rd "github.com/garyburd/redigo/redis"
-	"github.com/satori/go.uuid"
+	"github.com/gofrs/uuid"
 
 	"github.com/elastic/beats/libbeat/beat"
 	"github.com/elastic/beats/libbeat/common"
@@ -61,12 +61,17 @@ type log struct {
 }
 
 // NewHarvester creates a new harvester with the given connection
-func NewHarvester(conn rd.Conn) *Harvester {
+func NewHarvester(conn rd.Conn) (*Harvester, error) {
+	id, err := uuid.NewV4()
+	if err != nil {
+		return nil, err
+	}
+
 	return &Harvester{
-		id:   uuid.NewV4(),
+		id:   id,
 		done: make(chan struct{}),
 		conn: conn,
-	}
+	}, nil
 }
 
 // Run starts a new redis harvester

filebeat/input/redis/input.go

@@ -93,7 +93,11 @@ func (p *Input) Run() {
 		pool := CreatePool(host, p.config.Password, p.config.Network,
 			p.config.MaxConn, p.config.IdleTimeout, p.config.IdleTimeout)
 
-		h := NewHarvester(pool.Get())
+		h, err := NewHarvester(pool.Get())
+		if err != nil {
+			logp.Err("Failed to create harvester: %v", err)
+			continue
+		}
 		h.forwarder = forwarder
 
 		if err := p.registry.Start(h); err != nil {

libbeat/beat/info.go

@@ -17,7 +17,7 @@
 
 package beat
 
-import "github.com/satori/go.uuid"
+import "github.com/gofrs/uuid"
 
 // Info stores a beats instance meta data.
 type Info struct {

libbeat/cmd/instance/beat.go

@@ -32,7 +32,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/satori/go.uuid"
+	"github.com/gofrs/uuid"
 	"go.uber.org/zap"
 
 	"github.com/elastic/go-sysinfo"
@@ -217,14 +217,19 @@ func NewBeat(name, indexPrefix, v string) (*Beat, error) {
 		return nil, err
 	}
 
+	id, err := uuid.NewV4()
+	if err != nil {
+		return nil, err
+	}
+
 	b := beat.Beat{
 		Info: beat.Info{
 			Beat:        name,
 			IndexPrefix: indexPrefix,
 			Version:     v,
 			Name:        hostname,
 			Hostname:    hostname,
-			UUID:        uuid.NewV4(),
+			UUID:        id,
 		},
 		Fields: fields,
 	}
@@ -625,7 +630,7 @@ func (b *Beat) loadMeta() error {
 		}
 
 		f.Close()
-		valid := !uuid.Equal(m.UUID, uuid.Nil)
+		valid := m.UUID != uuid.Nil
 		if valid {
 			b.Info.UUID = m.UUID
 			return nil

libbeat/cmd/instance/beat_test.go

@@ -22,7 +22,7 @@ package instance
 import (
 	"testing"
 
-	"github.com/satori/go.uuid"
+	"github.com/gofrs/uuid"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -57,5 +57,9 @@ func TestNewInstanceUUID(t *testing.T) {
 	}
 
 	// Make sure the UUID's are different
-	assert.NotEqual(t, b.Info.UUID, uuid.NewV4())
+	differentUUID, err := uuid.NewV4()
+	if err != nil {
+		t.Fatalf("error while generating UUID: %v", err)
+	}
+	assert.NotEqual(t, b.Info.UUID, differentUUID)
 }

libbeat/cmd/instance/metrics_common.go

@@ -20,8 +20,9 @@ package instance
 import (
 	"time"
 
-	"github.com/satori/go.uuid"
+	"github.com/gofrs/uuid"
 
+	"github.com/elastic/beats/libbeat/logp"
 	"github.com/elastic/beats/libbeat/monitoring"
 	"github.com/elastic/beats/libbeat/monitoring/report/log"
 )
@@ -35,7 +36,11 @@ func init() {
 	beatMetrics = monitoring.Default.NewRegistry("beat")
 	monitoring.NewFunc(beatMetrics, "info", reportInfo, monitoring.Report)
 
-	ephemeralID = uuid.NewV4()
+	var err error
+	ephemeralID, err = uuid.NewV4()
+	if err != nil {
+		logp.Err("Error while generating ephemeral ID for Beat")
+	}
 }
 
 func reportInfo(_ monitoring.Mode, V monitoring.Visitor) {

libbeat/common/event_test.go

@@ -22,7 +22,7 @@ import (
 	"testing"
 	"time"
 
-	uuid "github.com/satori/go.uuid"
+	"github.com/gofrs/uuid"
 	"github.com/stretchr/testify/assert"
 
 	"github.com/elastic/beats/libbeat/logp"
@@ -201,7 +201,10 @@ func TestNormalizeValue(t *testing.T) {
 	var nilStringPtr *string
 	var nilTimePtr *time.Time
 	someString := "foo"
-	uuidValue := uuid.NewV1()
+	uuidValue, err := uuid.NewV1()
+	if err != nil {
+		t.Fatalf("error while generating uuid: %v", err)
+	}
 
 	type mybool bool
 	type myint int32

libbeat/management/management.go

@@ -18,7 +18,7 @@
 package management
 
 import (
-	"github.com/satori/go.uuid"
+	"github.com/gofrs/uuid"
 
 	"github.com/elastic/beats/libbeat/common"
 	"github.com/elastic/beats/libbeat/common/reload"

libbeat/outputs/elasticsearch/elasticsearch.go

@@ -22,7 +22,7 @@ import (
 	"fmt"
 	"sync"
 
-	uuid "github.com/satori/go.uuid"
+	"github.com/gofrs/uuid"
 
 	"github.com/elastic/beats/libbeat/beat"
 	"github.com/elastic/beats/libbeat/common"
@@ -70,20 +70,24 @@ func newCallbacksRegistry() callbacksRegistry {
 // RegisterConnectCallback registers a callback for the elasticsearch output
 // The callback is called each time the client connects to elasticsearch.
 // It returns the key of the newly added callback, so it can be deregistered later.
-func RegisterConnectCallback(callback connectCallback) uuid.UUID {
+func RegisterConnectCallback(callback connectCallback) (uuid.UUID, error) {
 	connectCallbackRegistry.mutex.Lock()
 	defer connectCallbackRegistry.mutex.Unlock()
 
 	// find the next unique key
 	var key uuid.UUID
+	var err error
 	exists := true
 	for exists {
-		key = uuid.NewV4()
+		key, err = uuid.NewV4()
+		if err != nil {
+			return uuid.Nil, err
+		}
 		_, exists = connectCallbackRegistry.callbacks[key]
 	}
 
 	connectCallbackRegistry.callbacks[key] = callback
-	return key
+	return key, nil
 }
 
 // DeregisterConnectCallback deregisters a callback for the elasticsearch output

libbeat/outputs/elasticsearch/elasticsearch_test.go

@@ -27,9 +27,18 @@ func TestConnectCallbacksManagement(t *testing.T) {
 	f1 := func(client *Client) error { fmt.Println("i am function #1"); return nil }
 	f2 := func(client *Client) error { fmt.Println("i am function #2"); return nil }
 
-	_ = RegisterConnectCallback(f0)
-	id1 := RegisterConnectCallback(f1)
-	id2 := RegisterConnectCallback(f2)
+	_, err := RegisterConnectCallback(f0)
+	if err != nil {
+		t.Fatalf("error while registering callback: %v", err)
+	}
+	id1, err := RegisterConnectCallback(f1)
+	if err != nil {
+		t.Fatalf("error while registering callback: %v", err)
+	}
+	id2, err := RegisterConnectCallback(f2)
+	if err != nil {
+		t.Fatalf("error while registering callback: %v", err)
+	}
 
 	t.Logf("removing second callback")
 	DeregisterConnectCallback(id1)