Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x-pack/filebeat/input/entityanalytics/provider/okta: add user group membership support #39815

Merged
merged 3 commits into from
Jun 6, 2024
Merged

x-pack/filebeat/input/entityanalytics/provider/okta: add user group membership support #39815

merged 3 commits into from
Jun 6, 2024

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Jun 6, 2024

Proposed commit message

See title.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Disruptive User Impact

Author's Checklist

  • [ ]

How to test this PR locally

To test the internal package, you will need to obtain an okta account and then run the following in that package's directory:

$ OKTA_HOST=dev-<REDACTED>-admin.okta.com OKTA_TOKEN=<REDACTED> go test -log_response -v -run Test$

Replacing the redacted parts with the appropriate values.

This should result in output similar to the following. In particular, the output for Test/none/my_groups.

=== RUN   Test
=== RUN   Test/none
=== RUN   Test/none/me
    okta_test.go:83: user: {"id":"<REDACTED>","status":"ACTIVE","created":"1066-10-13T20:57:12Z","activated":"0001-01-01T00:00:00Z","statusChanged":"1066-10-13T04:37:39Z","lastLogin":"1066-10-13T02:50:06Z","lastUpdated":"1066-10-13T04:37:39Z","passwordChanged":"1066-10-13T04:37:39Z","type":{"id":"<REDACTED>"},"profile":{"login":"[email protected]","email":"[email protected]","firstName":"Harold","lastName":"Godwinson"},"credentials":{"password":{},"recovery_question":{},"provider":{"type":"OKTA","name":"OKTA"}},"_links":{"changePassword":{"href":"https://dev-<REDACTED>.okta.com/api/v1/users/<REDACTED>/credentials/change_password","method":"POST"},"changeRecoveryQuestion":{"href":"https://dev-<REDACTED>.okta.com/api/v1/users/<REDACTED>/credentials/change_recovery_question","method":"POST"},"deactivate":{"href":"https://dev-<REDACTED>.okta.com/api/v1/users/<REDACTED>/lifecycle/deactivate","method":"POST"},"expirePassword":{"href":"https://dev-<REDACTED>.okta.com/api/v1/users/<REDACTED>/lifecycle/expire_password","method":"POST"},"forgotPassword":{"href":"https://dev-<REDACTED>.okta.com/api/v1/users/<REDACTED>/credentials/forgot_password","method":"POST"},"resetPassword":{"href":"https://dev-<REDACTED>.okta.com/api/v1/users/<REDACTED>/lifecycle/reset_password","method":"POST"},"schema":{"href":"https://dev-<REDACTED>.okta.com/api/v1/meta/schemas/user/<REDACTED>"},"self":{"href":"https://dev-<REDACTED>.okta.com/api/v1/users/<REDACTED>"},"suspend":{"href":"https://dev-<REDACTED>.okta.com/api/v1/users/<REDACTED>/lifecycle/suspend","method":"POST"},"type":{"href":"https://dev-<REDACTED>.okta.com/api/v1/meta/types/user/<REDACTED>"}}}
=== RUN   Test/none/my_groups
    okta_test.go:111: groups: [{"id":"<REDACTED>","profile":{"description":"All users in your organization","name":"Everyone"}}]
<more>

Related issues

Use cases

Screenshots

Logs

@efd6 efd6 added enhancement Filebeat Filebeat backport-skip Skip notification from the automated backport with mergify Team:Security-Service Integrations Security Service Integrations Team labels Jun 6, 2024
@efd6 efd6 self-assigned this Jun 6, 2024
@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jun 6, 2024
@efd6 efd6 marked this pull request as ready for review June 6, 2024 06:02
@efd6 efd6 requested a review from a team as a code owner June 6, 2024 06:02
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@ShourieG
Copy link
Contributor

ShourieG commented Jun 6, 2024

Worth resolving the linting errors here or do you think it's mostly noise ?

andrewkroh
andrewkroh approved these changes Jun 6, 2024
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. 🐎

So the implication of adding group enrichment with their API design is that we need to make an additional API call for each user, right?

@efd6
Copy link
Contributor Author

efd6 commented Jun 6, 2024

That's correct. I did consider adding a config flag for that, but figured that it would be almost always wanted. If you think we should make this configurable, I'm happy to add that.

@efd6
Copy link
Contributor Author

efd6 commented Jun 6, 2024

The linter noise is noise.

@andrewkroh
Copy link
Member

I don't think it's necessary. I'd rather wait and add address this if it becomes a problem.

@efd6 efd6 merged commit 68371a0 into elastic:main Jun 6, 2024
17 of 19 checks passed
@andrewkroh
Copy link
Member

@efd6 I just thought of one more thing this needs, and that is to mention that the input interacts with the groups API in https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-entity-analytics.html#_api_interactions_2.

@andrewkroh andrewkroh mentioned this pull request Jun 6, 2024
Closed
@efd6
Copy link
Contributor Author

efd6 commented Jun 6, 2024

That documentation is still strictly correct. We are going through /api/v1/users.

beats/x-pack/filebeat/input/entityanalytics/provider/okta/internal/okta/okta.go

Line 242 in 68371a0

const endpoint = "/api/v1/users"

@andrewkroh
Copy link
Member

Perfect. 😆

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees

@efd6 efd6

Labels
backport-skip Skip notification from the automated backport with mergify enhancement Filebeat Filebeat Team:Security-Service Integrations Security Service Integrations Team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Filebeat] Okta Entity Analytics - Enrich users with group info
4 participants
@efd6 @elasticmachine @ShourieG @andrewkroh