[chore] Consolidate event code in WEL receiver

open-telemetry · Sep 5, 2024 · 9036a1d · 9036a1d
1 parent fa75b6e
commit 9036a1d
Show file tree

Hide file tree

Showing 6 changed files with 14 additions and 213 deletions.
diff --git a/pkg/stanza/operator/input/windows/event.go b/pkg/stanza/operator/input/windows/event.go
@@ -139,29 +139,6 @@ func (e *Event) Close() error {
 	return nil
 }
 
-func (e *Event) RenderRaw(buffer Buffer) (EventRaw, error) {
-	if e.handle == 0 {
-		return EventRaw{}, fmt.Errorf("event handle does not exist")
-	}
-
-	bufferUsed, err := evtRender(0, e.handle, EvtRenderEventXML, buffer.SizeBytes(), buffer.FirstByte())
-	if errors.Is(err, ErrorInsufficientBuffer) {
-		// If the bufferUsed is 0 return an error as we don't want to make a recursive call with no buffer
-		if *bufferUsed == 0 {
-			return EventRaw{}, errUnknownNextFrame
-		}
-
-		buffer.UpdateSizeBytes(*bufferUsed)
-		return e.RenderRaw(buffer)
-	}
-	bytes, err := buffer.ReadBytes(*bufferUsed)
-	if err != nil {
-		return EventRaw{}, fmt.Errorf("failed to read bytes from buffer: %w", err)
-	}
-
-	return unmarshalEventRaw(bytes)
-}
-
 // NewEvent will create a new event from an event handle.
 func NewEvent(handle uintptr) Event {
 	return Event{

diff --git a/pkg/stanza/operator/input/windows/input.go b/pkg/stanza/operator/input/windows/input.go
@@ -232,8 +232,6 @@ func (i *Input) read(ctx context.Context) int {
 
 // processEvent will process and send an event retrieved from windows event log.
 func (i *Input) processEvent(ctx context.Context, event Event) {
-	remoteServer := i.remote.Server
-
 	var providerName string // The provider name is only retrieved if needed.
 	if !i.raw || len(i.excludeProviders) > 0 {
 		var err error
@@ -253,13 +251,12 @@ func (i *Input) processEvent(ctx context.Context, event Event) {
 	}
 
 	if i.raw {
-		rawEvent, err := event.RenderRaw(i.buffer)
+		rawEvent, err := event.RenderSimple(i.buffer)
 		if err != nil {
 			i.Logger().Error("Failed to render raw event", zap.Error(err))
 			return
 		}
 
-		rawEvent.RemoteServer = remoteServer
 		i.sendEventRaw(ctx, rawEvent)
 		return
 	}
@@ -275,7 +272,6 @@ func (i *Input) processEvent(ctx context.Context, event Event) {
 	if publisher.Valid() {
 		formattedEvent, err := event.RenderFormatted(i.buffer, publisher)
 		if err == nil {
-			formattedEvent.RemoteServer = remoteServer
 			i.sendEvent(ctx, formattedEvent)
 			return
 		}
@@ -290,7 +286,6 @@ func (i *Input) processEvent(ctx context.Context, event Event) {
 		return
 	}
 
-	simpleEvent.RemoteServer = remoteServer
 	i.sendEvent(ctx, simpleEvent)
 }
 
@@ -309,9 +304,8 @@ func (i *Input) sendEvent(ctx context.Context, eventXML EventXML) {
 }
 
 // sendEventRaw will send EventRaw as an entry to the operator's output.
-func (i *Input) sendEventRaw(ctx context.Context, eventRaw EventRaw) {
-	body := eventRaw.parseBody()
-	entry, err := i.NewEntry(body)
+func (i *Input) sendEventRaw(ctx context.Context, eventRaw EventXML) {
+	entry, err := i.NewEntry(eventRaw.Original)
 	if err != nil {
 		i.Logger().Error("Failed to create entry", zap.Error(err))
 		return

diff --git a/pkg/stanza/operator/input/windows/raw.go b/pkg/stanza/operator/input/windows/raw.go
diff --git a/pkg/stanza/operator/input/windows/raw_test.go b/pkg/stanza/operator/input/windows/raw_test.go
diff --git a/pkg/stanza/operator/input/windows/xml.go b/pkg/stanza/operator/input/windows/xml.go
@@ -13,6 +13,7 @@ import (
 
 // EventXML is the rendered xml of an event.
 type EventXML struct {
+	Original         string      `xml:"-"`
 	EventID          EventID     `xml:"System>EventID"`
 	Provider         Provider    `xml:"System>Provider"`
 	Computer         string      `xml:"System>Computer"`
@@ -180,15 +181,6 @@ func parseEventData(eventData EventData) map[string]any {
 	return outputMap
 }
 
-// unmarshalEventXML will unmarshal EventXML from xml bytes.
-func unmarshalEventXML(bytes []byte) (EventXML, error) {
-	var eventXML EventXML
-	if err := xml.Unmarshal(bytes, &eventXML); err != nil {
-		return EventXML{}, fmt.Errorf("failed to unmarshal xml bytes into event: %w (%s)", err, string(bytes))
-	}
-	return eventXML, nil
-}
-
 // EventID is the identifier of the event.
 type EventID struct {
 	Qualifiers uint16 `xml:"Qualifiers,attr"`
@@ -267,3 +259,12 @@ func (e Execution) asMap() map[string]any {
 
 	return result
 }
+
+// unmarshalEventXML will unmarshal EventXML from xml bytes.
+func unmarshalEventXML(bytes []byte) (EventXML, error) {
+	var eventXML EventXML
+	if err := xml.Unmarshal(bytes, &eventXML); err != nil {
+		return EventXML{}, fmt.Errorf("failed to unmarshal xml bytes into event: %w (%s)", err, string(bytes))
+	}
+	return eventXML, nil
+}
diff --git a/receiver/windowseventlogreceiver/receiver_windows_test.go b/receiver/windowseventlogreceiver/receiver_windows_test.go
@@ -322,7 +322,7 @@ func requireExpectedLogRecords(t *testing.T, sink *consumertest.LogsSink, expect
 	// logs sometimes take a while to be written, so a substantial wait buffer is needed
 	require.EventuallyWithT(t, func(c *assert.CollectT) {
 		actualLogRecords = filterAllLogRecordsBySource(t, sink, expectedEventSrc)
-		assert.Len(c, actualLogRecords, expectedEventCount)
+		require.Len(c, actualLogRecords, expectedEventCount)
 	}, 10*time.Second, 250*time.Millisecond)
 
 	return actualLogRecords