[Filebeat] http_endpoint input instances should be able to "share" port

[andrewkroh]

trafficstars

Describe the enhancement:

When you want to receive multiple different webhook callbacks you must operate each input on a separate listen address. So for two different callbacks (e.g. /callback1 and /callback2) you must expose two unique ports. It would be much less of a burden to operate this if you could expose a single port and use it to accept multiple callbacks (on separate paths).

The enhancement proposal is to allow http_endpoint instances to share a pool of HTTP servers. If separate http_endpoint instances are configured with the same server settings (listen_address, listen_port, ssl) then they should share the same server. If their configured URL paths are the same then this would result in an error for the instance attempting to start last. When all inputs using the HTTP server are done then the HTTP server is stopped.

Describe a specific use case for the enhancement or feature:

In some Fleet integrations we ask users to expose multiple ports to receive different callbacks (like 7 different ports in the Cloudflare integration https://github.com/elastic/integrations/pull/3643). I want to be able to bind a single port and expose that to the Internet.

This is a config example that would work under the proposal, but fails today.

filebeat.inputs:
- type: http_endpoint
  listen_port: 7001
  url: /webhook/7EF8C7C5-B002-453E-9E9E-38897F3077E9
  tags: [audit]
- type: http_endpoint
  listen_port: 7001
  url: /webhook/08D5E185-89DE-4377-A5D1-308CDC0C5832
  tags: [dns]
- type: http_endpoint
  listen_port: 7001
  url: /webhook/F9839007-57B9-4F10-AFCF-DA5303EF5390
  tags: [firewall]

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)