- Notifications
You must be signed in to change notification settings - Fork545
[beyondinsight_password_safe] Handle null password ion authentication#17411
Conversation
elasticmachine commentedFeb 13, 2026
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
…n when password is null
751fd99 to49b09d2Compare🚀 Benchmarks reportTo see the full report comment with |
efd6 left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Suggest the following commit message
beyondinsight_password_safe: handle optional password in authenticationThe BeyondInsight API does not always require a password forauthentication. Whether one is needed depends on the "User PasswordRequired" setting on the API registration in BeyondInsight. When nopassword was configured, the integration failed because it assumedthe password field was always present in state.ref: https://docs.beyondtrust.com/bips/docs/bi-cloud-configure-api| url: http://{{Hostname}}:{{Port}}/BeyondTrust/api/public/v3 | ||
| apikey: test_api_key | ||
| username: testuser2 | ||
| password: null |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This has no default in the manifest, so it can be omitted here.
| password: null |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
The test is specifically for when the password is null. Should we ever add a default in the manifest then this test will no longer test the condition for which it is written.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
In thestate construction I think the password field should be conditionally included
{{#if password}} password: {{escape_string password}}{{/if}}There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
The password always exists. Sometimes it is null.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I discussed this with@andrewkroh before I did the fix as I was also confused about the password existing and being null. This fix will allow users to not have to update their policies when the integration is updated.
| "Authorization": [ | ||
| sprintf("PS-Auth key=%s; runas=%s;", [state.apikey, state.username]) + | ||
| ((state.password != "") ? (sprintf(" pwd=[%s];", [state.password])) : ""), | ||
| ((state.?password.orValue("") != "") ? (sprintf(" pwd=[%s];", [state.password])) : ""), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
With conditional rendering into the config, this becomeshas(state.password) ? …
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
The password always exists. sometimes it is null.
elasticmachine commentedFeb 18, 2026
💚 Build Succeeded
History
|
Uh oh!
There was an error while loading.Please reload this page.
Proposed commit message
beyondinsight_password_safe: handle optional password in authentication
The BeyondInsight API does not always require a password for
authentication. The password will be null when it is not supplied.
Whether one is needed depends on the "User Password
Required" setting on the API registration in BeyondInsight. When no
password was configured, the integration failed because it assumed
the password field was always present in state.
ref:https://docs.beyondtrust.com/bips/docs/bi-cloud-configure-api
Checklist
changelog.ymlfile.