Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

cisco_duo: fix 400 and 401 errors in Auth and Activity#11670

Merged
chemamartinez merged 8 commits intoelastic:mainfrom
chemamartinez:cisco_duo-auth-activity-fixes
Nov 13, 2024
Merged

cisco_duo: fix 400 and 401 errors in Auth and Activity#11670
chemamartinez merged 8 commits intoelastic:mainfrom
chemamartinez:cisco_duo-auth-activity-fixes

Conversation

@chemamartinez
Copy link
Contributor

Proposed commit message

Cisco API documentation mentions that theDate header should be equal to the current timestamp. In the current CEL program, the previous execution'sstate.date is being captured and used in pagination and subsequent requests leading to possible40103 errors. In a related issue users also observed the error400:mintime must be within the past 180 days.

This PR:

  • For Auth and Activity, fixes40103 by creatingDate header during each CEL request.
  • For Auth and Activity, preemptively fixes the400 error by checkingduration betweenmintime andmaxtime doesn't cross
    180d.
  • For Auth, enable it by default to avoid it getting disabled during upgrades.

Checklist

  • I have reviewedtips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package'schangelog.yml file.
  • I have verified that Kibana version constraints are current according toguidelines.
  • I have verified that any added dashboard complies with Kibana'sDashboard good practices

Related issues

@chemamartinezchemamartinez added Integration:cisco_duoCisco Duo bugfixPull request that fixes a bug issue Team:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations] labelsNov 8, 2024
@chemamartinezchemamartinez self-assigned thisNov 8, 2024
@chemamartinezchemamartinez marked this pull request as ready for reviewNovember 8, 2024 09:25
@chemamartinezchemamartinez requested a review froma team as acode ownerNovember 8, 2024 09:25
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elastic-vault-github-plugin-prod

🚀 Benchmarks report

To see the full report comment with/test benchmark fullreport

Copy link
Contributor

@chrisberkhoutchrisberkhout left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

after merge of#11640

Comment on lines +38 to +41
string(int([
int(timestamp(int(state.mintime)/1000) + duration("4320h")),
int(now - duration("2m"))
].min()) * 1000)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

This allocates an ephemeral array. Ideally we would not need to do this, but the expansion of code that would be required to not do this I think, on balance, would be worse. Maybe we need amin(a, b)/max(a, b) as well as the overloads that we currently have.

chemamartinez reacted with thumbs up emojikcreddy reacted with heart emoji
@elasticmachine
Copy link

💚 Build Succeeded

History

cc@chemamartinez

@elastic-sonarqube
Copy link

@chemamartinezchemamartinez merged commit3f7fbd6 intoelastic:mainNov 13, 2024
@elastic-vault-github-plugin-prod

Package cisco_duo - 2.2.3 containing this change is available athttps://epr.elastic.co/package/cisco_duo/2.2.3/

harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull requestFeb 4, 2025
- For Auth and Activity, fixes 40103 by creating Date header during each CEL request.- For Auth and Activity, preemptively fixes the 400 error by checking duration between mintime and maxtime doesn't cross180d.- For Auth, enable it by default to avoid it getting disabled during upgrades.
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull requestFeb 4, 2025
…stic#12492)In an earlier version of the CEL code for `activity`[1] and`telephony_v2`[2], `cursor.last_published` was set to a UNIX timestampvalue. This was changed to use RFC3339 formatted times in laterPRs[3][4] (with the corresponding read-time parsing added in [5]).Users who didn't create a new policy may have the current parsing logicfail when it encounters an old UNIX timestamp value in`cursor.last_published`.This PR addresses that issue by renaming `cursor.last_published` to `cursor.last_response_ts`. That effectively clears the cursor so thatobsolete values will not be seen.[1]:https://github.com/elastic/integrations/blob/2ea993/packages/cisco_duo/data_stream/activity/agent/stream/cel.yml.hbs#L111-L114[2]:https://github.com/elastic/integrations/blob/2ea993/packages/cisco_duo/data_stream/telephony_v2/agent/stream/cel.yml.hbs#L112-L115[3]:elastic#11640[4]:elastic#11670[5]:elastic#11772
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull requestFeb 5, 2025
- For Auth and Activity, fixes 40103 by creating Date header during each CEL request.- For Auth and Activity, preemptively fixes the 400 error by checking duration between mintime and maxtime doesn't cross180d.- For Auth, enable it by default to avoid it getting disabled during upgrades.
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull requestFeb 5, 2025
…stic#12492)In an earlier version of the CEL code for `activity`[1] and`telephony_v2`[2], `cursor.last_published` was set to a UNIX timestampvalue. This was changed to use RFC3339 formatted times in laterPRs[3][4] (with the corresponding read-time parsing added in [5]).Users who didn't create a new policy may have the current parsing logicfail when it encounters an old UNIX timestamp value in`cursor.last_published`.This PR addresses that issue by renaming `cursor.last_published` to `cursor.last_response_ts`. That effectively clears the cursor so thatobsolete values will not be seen.[1]:https://github.com/elastic/integrations/blob/2ea993/packages/cisco_duo/data_stream/activity/agent/stream/cel.yml.hbs#L111-L114[2]:https://github.com/elastic/integrations/blob/2ea993/packages/cisco_duo/data_stream/telephony_v2/agent/stream/cel.yml.hbs#L112-L115[3]:elastic#11640[4]:elastic#11670[5]:elastic#11772
@chemamartinezchemamartinez deleted the cisco_duo-auth-activity-fixes branchFebruary 6, 2025 10:29
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@chrisberkhoutchrisberkhoutchrisberkhout approved these changes

@efd6efd6efd6 approved these changes

Assignees

@chemamartinezchemamartinez

Labels

bugfixPull request that fixes a bug issueIntegration:cisco_duoCisco DuoTeam:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@chemamartinez@elasticmachine@chrisberkhout@efd6

Comments


[8]ページ先頭

©2009-2026 Movatter.jp