Skip to content

okta: add extended okta.debug_context.debug_data handling#3362

Merged
efd6 merged 3 commits intoelastic:mainfrom
efd6:beats-30961-okta
Jun 15, 2022
Merged

okta: add extended okta.debug_context.debug_data handling#3362
efd6 merged 3 commits intoelastic:mainfrom
efd6:beats-30961-okta

Conversation

@efd6
Copy link
Contributor

@efd6 efd6 commented May 17, 2022
edited
Loading

What does this PR do?

This adds additional handling of the debug_context.debug_data object and particularly the risk level field that is in that object.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • Consider whether to move fields in okta.debug_context.debug_data.flattened.logOnlySecurityData to okta.debug_context.debug_data.flattened to make the structure of okta.debug_context.debug_data agnostic to the original event's structure.

How to test this PR locally

Run elastic-package test in the okta package.

Related issues

Screenshots

@efd6 efd6 added bug Something isn't working, use only for issues enhancement New feature or request Team:Security-External Integrations Integration:okta Okta labels May 17, 2022
@efd6 efd6 self-assigned this May 17, 2022
@efd6 efd6 mentioned this pull request May 17, 2022
Closed
@elasticmachine
Copy link

elasticmachine commented May 17, 2022
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-05-19T04:00:05.256+0000

  • Duration: 14 min 3 sec

Test stats 🧪

Test Results
Failed 0
Passed 12
Skipped 0
Total 12

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

elasticmachine commented May 17, 2022
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (1/1) 💚
Files 100.0% (1/1) 💚 3.731
Classes 100.0% (1/1) 💚 3.731
Methods 100.0% (17/17) 💚 11.9
Lines 86.69% (495/571) 👎 -2.801
Conditionals 100.0% (0/0) 💚

@efd6 efd6 force-pushed the beats-30961-okta branch from 3c0ecfb to 7bcb057 Compare May 17, 2022 05:23
@efd6
Copy link
Contributor Author

efd6 commented May 18, 2022

@ynirk PTAL

@efd6 efd6 requested a review from ynirk May 18, 2022 08:59
@efd6 efd6 marked this pull request as ready for review May 18, 2022 09:07
@efd6 efd6 requested a review from a team as a code owner May 18, 2022 09:07
@elasticmachine
Copy link

elasticmachine commented May 18, 2022

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

ynirk
ynirk approved these changes May 18, 2022
View reviewed changes
Copy link

@ynirk ynirk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@efd6 efd6 mentioned this pull request May 19, 2022
Merged
7 tasks
@efd6
Copy link
Contributor Author

efd6 commented May 19, 2022

@ynirk I was wondering if you think it would be worth moving the okta.debug_context.debug_data.flattened.logOnlySecurityData object to okta.debug_context.debug_data.flattened if it exists. This would make the document the same for both cases in that set of fields independent of the original. We could mark that there was originally a logOnlySecurityData if that is informative.

@v1v v1v mentioned this pull request May 19, 2022
Merged
r00tu53r
r00tu53r approved these changes Jun 15, 2022
View reviewed changes
Copy link
Contributor

@r00tu53r r00tu53r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@efd6 efd6 merged commit 8569646 into elastic:main Jun 15, 2022
@efd6 efd6 deleted the beats-30961-okta branch June 15, 2022 07:36
@ynirk
Copy link

ynirk commented Jun 15, 2022

I was wondering if you think it would be worth moving the okta.debug_context.debug_data.flattened.logOnlySecurityData object to okta.debug_context.debug_data.flattened

sorry @efd6 I missed your last ping. It could have been a good idea but I suppose it's too late now

@efd6
Copy link
Contributor Author

efd6 commented Jun 15, 2022

The change here reflects the situation in the filebeat module and that was merged three weeks ago, so we are sort of stuck with this.

@andrewkroh andrewkroh mentioned this pull request Jun 22, 2022
Merged
@ynirk ynirk mentioned this pull request Nov 15, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ynirk ynirk ynirk approved these changes

+1 more reviewer

@r00tu53r r00tu53r r00tu53r approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@efd6 efd6

Labels

bug Something isn't working, use only for issues enhancement New feature or request Integration:okta Okta

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@efd6 @elasticmachine @ynirk @r00tu53r