Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

entityanalytics_okta: map group fields and add test infrastructure #10973

Merged
merged 1 commit into from
Sep 13, 2024
Merged

entityanalytics_okta: map group fields and add test infrastructure #10973

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
192 changes: 189 additions & 3 deletions packages/entityanalytics_okta/_dev/deploy/docker/files/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,202 @@ rules:
responses:
- status_code: 200
body: |
[{"id":"00ub0oNGTSWTBKOLGLNR","status":"ACTIVE","created":"2013-06-24T16:39:18.000Z","activated":"2013-06-24T16:39:19.000Z","statusChanged":"2013-06-24T16:39:19.000Z","lastLogin":"2013-06-24T17:39:19.000Z","lastUpdated":"2013-07-02T21:36:25.344Z","passwordChanged":"2013-07-02T21:36:25.344Z","profile":{"firstName":"Isaac","lastName":"Brock","email":"isaac.brock@example.com","login":"isaac.brock@example.com","mobilePhone":"555-415-1337"},"credentials":{"password":{"value":"tlpWENT2m"},"recovery_question":{"question":"Who's a major player in the cowboy scene?","answer":"Annie Oakley"},"provider":{"type":"OKTA","name":"OKTA"}}}]
{{ minify_json `
[
{
"id": "00ub0oNGTSWTBKOLGLNR",
"status": "ACTIVE",
"created": "2013-06-24T16:39:18.000Z",
"activated": "2013-06-24T16:39:19.000Z",
"statusChanged": "2013-06-24T16:39:19.000Z",
"lastLogin": "2013-06-24T17:39:19.000Z",
"lastUpdated": "2013-07-02T21:36:25.344Z",
"passwordChanged": "2013-07-02T21:36:25.344Z",
"profile": {
"firstName": "Isaac",
"lastName": "Brock",
"email": "isaac.brock@example.com",
"login": "isaac.brock@example.com",
"mobilePhone": "555-415-1337"
},
"credentials": {
"password": {
"value": "tlpWENT2m"
},
"recovery_question": {
"question": "Who's a major player in the cowboy scene?",
"answer": "Annie Oakley"
},
"provider": {
"type": "OKTA",
"name": "OKTA"
}
}
}
]
`}}
- path: /api/v1/users/00ub0oNGTSWTBKOLGLNR/groups
methods: ["GET"]
responses:
- status_code: 200
body: |
{{ minify_json `
[
{
"id": "ODc3ZTBjNGZjY2Y4YmRi",
"profile": {
"description": "All users in your organization",
"name": "Everyone"
}
}
]
`}}
- path: /api/v1/devices
methods: ["GET"]
responses:
- status_code: 200
body: |
[{"id":"guo4a5u7YAHhjXrMK0g5","status":"CREATED","created":"2019-10-02T18:03:07.000Z","lastUpdated":"2019-10-02T18:03:07.000Z","profile":{"displayName":"Example Device name 1","platform":"WINDOWS","serialNumber":"XXDDRFCFRGF3M8MD6D","sid":"S-1-11-111","registered":true,"secureHardwarePresent":false,"diskEncryptionType":"ALL_INTERNAL_VOLUMES"},"resourceType":"UDDevice","resourceDisplayName":{"value":"Example Device name 1","sensitive":false},"resourceAlternateId":null,"resourceId":"guo4a5u7YAHhjXrMK0g4","_links":{"activate":{"href":"https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/lifecycle/activate","hints":{"allow":["POST"]}},"self":{"href":"https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4","hints":{"allow":["GET","PATCH","PUT"]}},"users":{"href":"https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/users","hints":{"allow":["GET"]}}}},{"id":"guo4a5u7YAHhjXrMK0g5","status":"ACTIVE","created":"2023-06-21T23:24:02.000Z","lastUpdated":"2023-06-21T23:24:02.000Z","profile":{"displayName":"Example Device name 2","platform":"ANDROID","manufacturer":"Google","model":"Pixel 6","osVersion":"13:2023-05-05","registered":true,"secureHardwarePresent":true,"diskEncryptionType":"USER"},"resourceType":"UDDevice","resourceDisplayName":{"value":"Example Device name 2","sensitive":false},"resourceAlternateId":null,"resourceId":"guo4a5u7YAHhjXrMK0g5","_links":{"activate":{"href":"https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/lifecycle/activate","hints":{"allow":["POST"]}},"self":{"href":"https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5","hints":{"allow":["GET","PATCH","PUT"]}},"users":{"href":"https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/users","hints":{"allow":["GET"]}}}}]
{{ minify_json `
[
{
"id": "guo4a5u7YAHhjXrMK0g5",
"status": "CREATED",
"created": "2019-10-02T18:03:07.000Z",
"lastUpdated": "2019-10-02T18:03:07.000Z",
"profile": {
"displayName": "Example Device name 1",
"platform": "WINDOWS",
"serialNumber": "XXDDRFCFRGF3M8MD6D",
"sid": "S-1-11-111",
"registered": true,
"secureHardwarePresent": false,
"diskEncryptionType": "ALL_INTERNAL_VOLUMES"
},
"resourceType": "UDDevice",
"resourceDisplayName": {
"value": "Example Device name 1",
"sensitive": false
},
"resourceAlternateId": null,
"resourceId": "guo4a5u7YAHhjXrMK0g4",
"_links": {
"activate": {
"href": "https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/lifecycle/activate",
"hints": {
"allow": [
"POST"
]
}
},
"self": {
"href": "https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4",
"hints": {
"allow": [
"GET",
"PATCH",
"PUT"
]
}
},
"users": {
"href": "https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/users",
"hints": {
"allow": [
"GET"
]
}
}
}
},
{
"id": "guo4a5u7YAHhjXrMK0g5",
"status": "ACTIVE",
"created": "2023-06-21T23:24:02.000Z",
"lastUpdated": "2023-06-21T23:24:02.000Z",
"profile": {
"displayName": "Example Device name 2",
"platform": "ANDROID",
"manufacturer": "Google",
"model": "Pixel 6",
"osVersion": "13:2023-05-05",
"registered": true,
"secureHardwarePresent": true,
"diskEncryptionType": "USER"
},
"resourceType": "UDDevice",
"resourceDisplayName": {
"value": "Example Device name 2",
"sensitive": false
},
"resourceAlternateId": null,
"resourceId": "guo4a5u7YAHhjXrMK0g5",
"_links": {
"activate": {
"href": "https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/lifecycle/activate",
"hints": {
"allow": [
"POST"
]
}
},
"self": {
"href": "https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5",
"hints": {
"allow": [
"GET",
"PATCH",
"PUT"
]
}
},
"users": {
"href": "https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/users",
"hints": {
"allow": [
"GET"
]
}
}
}
}
]
`}}
- path: /api/v1/devices/guo4a5u7YAHhjXrMK0g5/users
methods: ["GET"]
responses:
- status_code: 200
body: |-
[{"id":"00ub0oNGTSWTBKOLGLNR","status":"ACTIVE","created":"2013-06-24T16:39:18.000Z","activated":"2013-06-24T16:39:19.000Z","statusChanged":"2013-06-24T16:39:19.000Z","lastLogin":"2013-06-24T17:39:19.000Z","lastUpdated":"2013-07-02T21:36:25.344Z","passwordChanged":"2013-07-02T21:36:25.344Z","profile":{"firstName":"Isaac","lastName":"Brock","email":"isaac.brock@example.com","login":"isaac.brock@example.com","mobilePhone":"555-415-1337"},"credentials":{"password":{"value":"tlpWENT2m"},"recovery_question":{"question":"Who's a major player in the cowboy scene?","answer":"Annie Oakley"},"provider":{"type":"OKTA","name":"OKTA"}}}]
{{ minify_json `
[
{
"id": "00ub0oNGTSWTBKOLGLNR",
"status": "ACTIVE",
"created": "2013-06-24T16:39:18.000Z",
"activated": "2013-06-24T16:39:19.000Z",
"statusChanged": "2013-06-24T16:39:19.000Z",
"lastLogin": "2013-06-24T17:39:19.000Z",
"lastUpdated": "2013-07-02T21:36:25.344Z",
"passwordChanged": "2013-07-02T21:36:25.344Z",
"profile": {
"firstName": "Isaac",
"lastName": "Brock",
"email": "isaac.brock@example.com",
"login": "isaac.brock@example.com",
"mobilePhone": "555-415-1337"
},
"credentials": {
"password": {
"value": "tlpWENT2m"
},
"recovery_question": {
"question": "Who's a major player in the cowboy scene?",
"answer": "Annie Oakley"
},
"provider": {
"type": "OKTA",
"name": "OKTA"
}
}
}
]
`}}
8 changes: 8 additions & 0 deletions packages/entityanalytics_okta/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,12 @@
# newer versions go on top
- version: "1.5.0"
changes:
- description: Add support for group membership mapping.
type: enhancement
link: https://github.com/elastic/integrations/pull/10973
- description: Add system testing support for group membership.
type: enhancement
link: https://github.com/elastic/integrations/pull/10973
- version: "1.4.0"
changes:
- description: Add support for request trace logging.
Expand Down
9 changes: 9 additions & 0 deletions packages/entityanalytics_okta/data_stream/user/_dev/test/pipeline/test-user.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,15 @@
"recovery_question": {}
}
},
"groups": [
{
"id": "OGYzMDMwYjFmODBiNjli",
"profile": {
"description": "All users in your organization",
"name": "Everyone"
}
}
],
"user": {
"id": "00u5tvodynDjUCNKn697"
},
Expand Down
17 changes: 17 additions & 0 deletions ...ges/entityanalytics_okta/data_stream/user/_dev/test/pipeline/test-user.json-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,15 @@
"version": "8.11.0"
},
"entityanalytics_okta": {
"groups": [
{
"id": "OGYzMDMwYjFmODBiNjli",
"profile": {
"description": "All users in your organization",
"name": "Everyone"
}
}
],
"user": {
"activated": "2013-06-24T16:39:19.000Z",
"created": "2013-06-24T16:39:18.000Z",
Expand Down Expand Up @@ -117,6 +126,14 @@
"postal_code": "94107",
"region_name": "CA"
},
"group": {
"id": [
"OGYzMDMwYjFmODBiNjli"
],
"name": [
"Everyone"
]
},
Comment on lines +129 to +136
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note also that the group fields may be used directly at the root of the events.

The ECS documentation suggests using group fields also at the root of the event: https://www.elastic.co/guide/en/ecs/current/ecs-group.html. We could possibly copy them to root as well.

Copy link
Contributor Author

@efd6 efd6 Sep 13, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah. I think just moving this there, and adding the user fields would be better. I'll revise this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hang on. No, I was getting confused by the github fold. I think this is the right place; the group is specifically for the user. We could also have it at the root, but I think it would be best to wait to see if a user has a good reason to do this before we add that. So I'll merge as is.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alright!

"id": "00u5tvodynDjUCNKn697",
"name": "isaac.brock@example.com",
"organization": {
Expand Down
21 changes: 21 additions & 0 deletions packages/entityanalytics_okta/data_stream/user/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,27 @@ processors:
target_field: entityanalytics_okta.user.type
tag: rename_user_type
ignore_missing: true
- rename:
field: groups
target_field: entityanalytics_okta.groups
tag: rename_user_groups
ignore_missing: true
- foreach:
field: entityanalytics_okta.groups
if: ctx.entityanalytics_okta?.groups != null
processor:
append:
field: user.group.id
value: '{{{_ingest._value.id}}}'
allow_duplicates: false
- foreach:
field: entityanalytics_okta.groups
if: ctx.entityanalytics_okta?.groups != null
processor:
append:
field: user.group.name
value: '{{{_ingest._value.profile.name}}}'
allow_duplicates: false
- rename:
field: okta.transitioningToStatus
target_field: entityanalytics_okta.user.transitioning_to_status
Expand Down
11 changes: 11 additions & 0 deletions packages/entityanalytics_okta/data_stream/user/fields/fields.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,3 +154,14 @@
- name: type
type: flattened
description: user type that determines the schema for the user's profile.
- name: groups
type: group
fields:
- name: id
type: keyword
description: The ID for the group.
- name: profile.*
type: object
description: Group profile details.
object_type: keyword
object_type_mapping_type: '*'
2 changes: 2 additions & 0 deletions packages/entityanalytics_okta/docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -274,6 +274,8 @@ An example event for `user` looks as following:
| data_stream.dataset | Data stream dataset. | constant_keyword |
| data_stream.namespace | Data stream namespace. | constant_keyword |
| data_stream.type | Data stream type. | constant_keyword |
| entityanalytics_okta.groups.id | The ID for the group. | keyword |
| entityanalytics_okta.groups.profile.\* | Group profile details. | object |
| entityanalytics_okta.user._embedded | embedded resources related to the user. | flattened |
| entityanalytics_okta.user._links | link relations for the user's current status. | flattened |
| entityanalytics_okta.user.activated | timestamp when transition to ACTIVE status completed. | date |
Expand Down
2 changes: 1 addition & 1 deletion packages/entityanalytics_okta/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
format_version: "3.0.2"
name: entityanalytics_okta
title: Okta Entity Analytics
version: "1.4.0"
version: "1.5.0"
description: "Collect User Identities from Okta with Elastic Agent."
type: integration
categories:
Expand Down