From d7790540db5d09e1759dbce36cf6781096110cf9 Mon Sep 17 00:00:00 2001
From: Panos Koutsovasilis <panos.koutsovasilis@elastic.co>
Date: Wed, 31 Jan 2024 06:29:32 +0200
Subject: [PATCH] fix: address compilation issues for non-linux oses

---
 .../file_integrity/eventreader_fsnotify.go    | 32 +++-----------
 .../file_integrity/eventreader_linux.go       | 44 +++++++++++++++++++
 .../file_integrity/eventreader_other.go       | 33 ++++++++++++++
 3 files changed, 82 insertions(+), 27 deletions(-)
 create mode 100644 auditbeat/module/file_integrity/eventreader_linux.go
 create mode 100644 auditbeat/module/file_integrity/eventreader_other.go

diff --git a/auditbeat/module/file_integrity/eventreader_fsnotify.go b/auditbeat/module/file_integrity/eventreader_fsnotify.go
index fa3015f76e10..6d10ebbd08ff 100644
--- a/auditbeat/module/file_integrity/eventreader_fsnotify.go
+++ b/auditbeat/module/file_integrity/eventreader_fsnotify.go
@@ -23,7 +23,6 @@ import (
 	"errors"
 	"fmt"
 	"path/filepath"
-	"runtime"
 	"syscall"
 	"time"
 
@@ -33,7 +32,7 @@ import (
 	"github.com/elastic/elastic-agent-libs/logp"
 )
 
-type reader struct {
+type fsNotifyReader struct {
 	watcher monitor.Watcher
 	config  Config
 	eventC  chan Event
@@ -42,28 +41,7 @@ type reader struct {
 	parsers []FileParser
 }
 
-// NewEventReader creates a new EventProducer backed by fsnotify.
-func NewEventReader(c Config) (EventProducer, error) {
-
-	if runtime.GOOS == "linux" {
-		switch c.ForceBackend {
-		case BackendKProbes:
-			return &kProbesReader{
-				config:  c,
-				log:     logp.NewLogger(moduleName),
-				parsers: FileParsers(c),
-			}, nil
-		}
-	}
-
-	return &reader{
-		config:  c,
-		log:     logp.NewLogger(moduleName),
-		parsers: FileParsers(c),
-	}, nil
-}
-
-func (r *reader) Start(done <-chan struct{}) (<-chan Event, error) {
+func (r *fsNotifyReader) Start(done <-chan struct{}) (<-chan Event, error) {
 	watcher, err := monitor.New(r.config.Recursive, r.config.IsExcludedPath)
 	if err != nil {
 		return nil, err
@@ -118,7 +96,7 @@ func (r *reader) Start(done <-chan struct{}) (<-chan Event, error) {
 	return r.eventC, nil
 }
 
-func (r *reader) enqueueEvents(done <-chan struct{}) (events []*Event) {
+func (r *fsNotifyReader) enqueueEvents(done <-chan struct{}) (events []*Event) {
 	for {
 		ev := r.nextEvent(done)
 		if ev == nil {
@@ -128,7 +106,7 @@ func (r *reader) enqueueEvents(done <-chan struct{}) (events []*Event) {
 	}
 }
 
-func (r *reader) consumeEvents(done <-chan struct{}) {
+func (r *fsNotifyReader) consumeEvents(done <-chan struct{}) {
 	defer close(r.eventC)
 	defer r.watcher.Close()
 
@@ -142,7 +120,7 @@ func (r *reader) consumeEvents(done <-chan struct{}) {
 	}
 }
 
-func (r *reader) nextEvent(done <-chan struct{}) *Event {
+func (r *fsNotifyReader) nextEvent(done <-chan struct{}) *Event {
 	for {
 		select {
 		case <-done:
diff --git a/auditbeat/module/file_integrity/eventreader_linux.go b/auditbeat/module/file_integrity/eventreader_linux.go
new file mode 100644
index 000000000000..d56aafe2a72e
--- /dev/null
+++ b/auditbeat/module/file_integrity/eventreader_linux.go
@@ -0,0 +1,44 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+//go:build linux
+
+package file_integrity
+
+import (
+	"github.com/elastic/elastic-agent-libs/logp"
+)
+
+// NewEventReader creates a new EventProducer backed by fsnotify.
+func NewEventReader(c Config) (EventProducer, error) {
+	switch c.ForceBackend {
+	case BackendKProbes:
+		return &kProbesReader{
+			config:  c,
+			log:     logp.NewLogger(moduleName),
+			parsers: FileParsers(c),
+		}, nil
+	case BackendFSNotify:
+		fallthrough
+	default:
+		return &fsNotifyReader{
+			config:  c,
+			log:     logp.NewLogger(moduleName),
+			parsers: FileParsers(c),
+		}, nil
+	}
+}
diff --git a/auditbeat/module/file_integrity/eventreader_other.go b/auditbeat/module/file_integrity/eventreader_other.go
new file mode 100644
index 000000000000..577e38955c1f
--- /dev/null
+++ b/auditbeat/module/file_integrity/eventreader_other.go
@@ -0,0 +1,33 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+//go:build freebsd || openbsd || netbsd || windows
+
+package file_integrity
+
+import (
+	"github.com/elastic/elastic-agent-libs/logp"
+)
+
+// NewEventReader creates a new EventProducer backed by fsnotify.
+func NewEventReader(c Config) (EventProducer, error) {
+	return &fsNotifyReader{
+		config:  c,
+		log:     logp.NewLogger(moduleName),
+		parsers: FileParsers(c),
+	}, nil
+}