From 484dbfd6d1245fc4e707cae22e79526ee9f5cc94 Mon Sep 17 00:00:00 2001
From: Dan Kortschak <dan.kortschak@elastic.co>
Date: Tue, 13 Aug 2024 13:45:06 +0930
Subject: [PATCH] x-pack/filebeat/input/entityanalytics/provider/azuread: fix
 configuration ordering (#40487)

Previously, the configuration was eager, this caused a panic when the request
trace logging option was turned on since it was started without a context.

Move the construction of components to when we have all the parts we need.

(cherry picked from commit dd73639b1a3c0dd96e568bbb50c98cc26d4732c9)
---
 CHANGELOG.next.asciidoc                       |  2 ++
 .../entityanalytics/provider/azuread/azure.go | 26 +++++++++++--------
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index 68c4e5f203d..7b12deef95e 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -104,6 +104,8 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
 - Updated Websocket input title to align with existing inputs {pull}39006[39006]
 - Relax requirements in Okta entity analytics provider user and device profile data shape. {pull}40359[40359]
 - Fix bug in Okta entity analytics rate limit logic. {issue}40106[40106] {pull}40267[40267]
+- Fix crashes in the journald input. {pull}40061[40061]
+- Fix order of configuration for EntraID entity analytics provider. {pull}40487[40487]
 
 *Heartbeat*
 
diff --git a/x-pack/filebeat/input/entityanalytics/provider/azuread/azure.go b/x-pack/filebeat/input/entityanalytics/provider/azuread/azure.go
index d67031753fd..42104ebd8e9 100644
--- a/x-pack/filebeat/input/entityanalytics/provider/azuread/azure.go
+++ b/x-pack/filebeat/input/entityanalytics/provider/azuread/azure.go
@@ -42,6 +42,7 @@ var _ provider.Provider = &azure{}
 type azure struct {
 	*kvstore.Manager
 
+	cfg  *config.C
 	conf conf
 
 	metrics *inputMetrics
@@ -74,8 +75,20 @@ func (p *azure) Test(testCtx v2.TestContext) error {
 func (p *azure) Run(inputCtx v2.Context, store *kvstore.Store, client beat.Client) error {
 	p.logger = inputCtx.Logger.With("tenant_id", p.conf.TenantID, "provider", Name)
 	p.ctx = inputCtx
+
+	var err error
+	p.auth, err = oauth2.New(p.cfg, p.Manager.Logger)
+	if err != nil {
+		return fmt.Errorf("unable to create authenticator: %w", err)
+	}
 	p.auth.SetLogger(p.logger)
+
+	p.fetcher, err = graph.New(ctxtool.FromCanceller(p.ctx.Cancelation), p.ctx.ID, p.cfg, p.Manager.Logger, p.auth)
+	if err != nil {
+		return fmt.Errorf("unable to create fetcher: %w", err)
+	}
 	p.fetcher.SetLogger(p.logger)
+
 	p.metrics = newMetrics(inputCtx.ID, nil)
 	defer p.metrics.Close()
 
@@ -569,19 +582,10 @@ func (p *azure) publishDevice(d *fetcher.Device, state *stateStore, inputID stri
 
 // configure configures this provider using the given configuration.
 func (p *azure) configure(cfg *config.C) (kvstore.Input, error) {
-	var err error
-
-	if err = cfg.Unpack(&p.conf); err != nil {
+	if err := cfg.Unpack(&p.conf); err != nil {
 		return nil, fmt.Errorf("unable to unpack %s input config: %w", Name, err)
 	}
-
-	if p.auth, err = oauth2.New(cfg, p.Manager.Logger); err != nil {
-		return nil, fmt.Errorf("unable to create authenticator: %w", err)
-	}
-	if p.fetcher, err = graph.New(ctxtool.FromCanceller(p.ctx.Cancelation), p.ctx.ID, cfg, p.Manager.Logger, p.auth); err != nil {
-		return nil, fmt.Errorf("unable to create fetcher: %w", err)
-	}
-
+	p.cfg = cfg
 	return p, nil
 }