Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x-pack/filebeat/input/entityanalytics/provider/okta/internal/okta: add device handling #35980

Merged
merged 1 commit into from
Aug 10, 2023

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Jul 3, 2023

What does this PR do?

This adds support for device entities to the Okta API entity analytics provider.

Why is it important?

Milestone task.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

  • [ ]

How to test this PR locally

  1. Sign up for an Okta developer account at https://developer.okta.com/signup/
  2. Add Fastpass for Okta Verify in the Authenticators section of the admin dashboard, selecting appropriate verification options (I selected all three).
  3. Sign in the the Okta domain with another device (I used phone).
  4. In the Security > API section of the Okta admin dashboard, create a new API token.
  5. In x-pack/filebeat/input/entityanalytics/provider/okta/internal/okta, run OKTA_HOST=dev-<nnnnnnn>-admin.okta.com OKTA_TOKEN=<token> go test -log_response -v -run Test/device using your Okta domain and API token.

You should see something like this (details sanitised here):

=== RUN   Test
=== RUN   Test/device
    okta_test.go:164: devices: [{"created":"2023-08-07T21:48:27Z","id":"REDACTED","lastUpdated":"2023-08-07T21:48:27Z","profile":{"diskEncryptionType":"FULL","displayName":"MODEL","manufacturer":"MANUFACTURER","model":"MODEL","osVersion":"VERSION","platform":"ANDROID","registered":true,"secureHardwarePresent":true},"resourceAlternateID":"","resourceDisplayName":{"sensitive":false,"value":"MODEL"},"resourceID":"REDACTED","resourceType":"UDDevice","status":"ACTIVE","_links":{"deactivate":{"hints":{"allow":["POST"]},"href":"https://dev-<nnnnnnn>.okta.com/api/v1/devices/REDACTED/lifecycle/deactivate"},"self":{"hints":{"allow":["GET","PATCH","PUT"]},"href":"https://dev-<nnnnnnn>.okta.com/api/v1/devices/REDACTED"},"suspend":{"hints":{"allow":["POST"]},"href":"https://dev-<nnnnnnn>.okta.com/api/v1/devices/REDACTED/lifecycle/suspend"},"users":{"hints":{"allow":["GET"]},"href":"https://dev-<nnnnnnn>.okta.com/api/v1/devices/REDACTED/users"}}}]
    okta_test.go:175: users: [{"id":"REDACTED","status":"ACTIVE","created":"2023-08-06T12:42:10Z","activated":"0001-01-01T00:00:00Z","statusChanged":"2023-08-06T22:13:43Z","lastLogin":"2023-08-08T00:09:07Z","lastUpdated":"2023-08-06T22:13:43Z","passwordChanged":"2023-08-06T22:13:43Z","type":{"id":"REDACTED"},"profile":{"login":"user.name@company.com","email":"user.name@company.com","firstName":"REDACTED","lastName":"REDACTED"},"credentials":{"password":{},"provider":{"type":"OKTA","name":"OKTA"}},"_links":{"changePassword":{"href":"https://dev-<nnnnnnn>.okta.com/api/v1/users/REDACTED/credentials/change_password","method":"POST"},"changeRecoveryQuestion":{"href":"https://dev-<nnnnnnn>.okta.com/api/v1/users/REDACTED/credentials/change_recovery_question","method":"POST"},"deactivate":{"href":"https://dev-<nnnnnnn>.okta.com/api/v1/users/REDACTED/lifecycle/deactivate","method":"POST"},"expirePassword":{"href":"https://dev-<nnnnnnn>.okta.com/api/v1/users/REDACTED/lifecycle/expire_password","method":"POST"},"forgotPassword":{"href":"https://dev-<nnnnnnn>.okta.com/api/v1/users/REDACTED/credentials/forgot_password","method":"POST"},"resetFactors":{"href":"https://dev-<nnnnnnn>.okta.com/api/v1/users/REDACTED/lifecycle/reset_factors","method":"POST"},"resetPassword":{"href":"https://dev-<nnnnnnn>.okta.com/api/v1/users/REDACTED/lifecycle/reset_password","method":"POST"},"schema":{"href":"https://dev-<nnnnnnn>.okta.com/api/v1/meta/schemas/user/REDACTED"},"self":{"href":"https://dev-<nnnnnnn>.okta.com/api/v1/users/REDACTED"},"suspend":{"href":"https://dev-<nnnnnnn>.okta.com/api/v1/users/REDACTED/lifecycle/suspend","method":"POST"},"type":{"href":"https://dev-<nnnnnnn>.okta.com/api/v1/meta/types/user/REDACTED"}}}]
--- PASS: Test (0.79s)
    --- PASS: Test/device (0.79s)
=== RUN   TestLocal
=== RUN   TestLocal/devices
--- PASS: TestLocal (0.00s)
    --- PASS: TestLocal/devices (0.00s)
=== RUN   TestNext
--- PASS: TestNext (0.00s)
PASS
ok  	github.com/elastic/beats/v7/x-pack/filebeat/input/entityanalytics/provider/okta/internal/okta	1.448s

Related issues

Use cases

Screenshots

Logs

@efd6 efd6 added Filebeat Filebeat Team:Security-External Integrations backport-skip Skip notification from the automated backport with mergify 8.10-candidate labels Jul 3, 2023
@efd6 efd6 self-assigned this Jul 3, 2023
@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jul 3, 2023
@efd6 efd6 force-pushed the st6908-okta-device branch 3 times, most recently from a2d55e3 to 04ed269 Compare July 3, 2023 02:45
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jul 3, 2023

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-08-08T04:00:02.600+0000

  • Duration: 79 min 59 sec

Test stats 🧪

Test Results
Failed 0
Passed 3122
Skipped 176
Total 3298

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@efd6 efd6 force-pushed the st6908-okta-device branch 2 times, most recently from 8d64c9b to 7004ea2 Compare July 14, 2023 01:42
@mergify

This comment was marked as outdated.

@efd6 efd6 force-pushed the st6908-okta-device branch 2 times, most recently from e208394 to 5423243 Compare July 23, 2023 22:13
@efd6 efd6 force-pushed the st6908-okta-device branch from 5423243 to 8f05b8f Compare July 27, 2023 02:07
@mergify

This comment was marked as outdated.

@efd6 efd6 force-pushed the st6908-okta-device branch from 8f05b8f to b27f4f9 Compare August 7, 2023 22:11
@efd6 efd6 marked this pull request as ready for review August 7, 2023 22:12
@efd6 efd6 requested a review from a team as a code owner August 7, 2023 22:12
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@efd6 efd6 force-pushed the st6908-okta-device branch from b27f4f9 to e05d847 Compare August 8, 2023 00:24
…d device handling

WIP: needs validation against real API.
@efd6 efd6 force-pushed the st6908-okta-device branch from e05d847 to b60c9c6 Compare August 8, 2023 03:59
@ShourieG
Copy link
Contributor

I know the lint errors are being caused by existing code, but would be nice to clean them up if possible.

@efd6
Copy link
Contributor Author

efd6 commented Aug 10, 2023

I'd rather not degrade the legibility of the code to make a linter happy.

Copy link
Contributor

@ShourieG ShourieG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@efd6 efd6 merged commit 942cd60 into elastic:main Aug 10, 2023
Scholar-Li pushed a commit to Scholar-Li/beats that referenced this pull request Feb 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
8.10-candidate backport-skip Skip notification from the automated backport with mergify Filebeat Filebeat
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants