logstash-input-okta_enterprise 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +8 -0
- data/lib/logstash/inputs/okta_enterprise.rb +31 -19
- data/logstash-input-okta_enterprise.gemspec +8 -6
- metadata +13 -13
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b34210b7e44a465d7076fd2e3992f0c0f456edec
|
4
|
+
data.tar.gz: c64c72d6963933eec6eb214eab4228e2d2bd6138
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bfa6a760c4583967263d019432138727b3d9c58c4b30195330d0a15fb5687d48032278f09c77f79627720418a5b6e77b45310de161c0aa03f64bd58c4c075af1
|
7
|
+
data.tar.gz: 27ef0db080a75a1a08d02a804d9359a1a112f4ca6b70123cf38e9fe1437a1fbb4ef3cc3df0efa6e38dc3c0c1e6115387f7eed86e07fc6742c94a2590ae2bbb1a
|
data/Gemfile
CHANGED
@@ -1,3 +1,11 @@
|
|
1
1
|
source 'https://rubygems.org'
|
2
|
+
|
2
3
|
gemspec
|
3
4
|
|
5
|
+
logstash_path = ENV["LOGSTASH_PATH"] || "../../logstash"
|
6
|
+
use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "1"
|
7
|
+
|
8
|
+
if Dir.exist?(logstash_path) && use_logstash_source
|
9
|
+
gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
|
10
|
+
gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
|
11
|
+
end
|
@@ -209,9 +209,9 @@ class LogStash::Inputs::OktaEnterprise < LogStash::Inputs::Base
|
|
209
209
|
@auth_token = @auth_token_env
|
210
210
|
end
|
211
211
|
|
212
|
-
unless (@auth_token.index(/[^A-Za-z0-9
|
212
|
+
unless (@auth_token.index(/[^A-Za-z0-9\-_~]/).nil?)
|
213
213
|
raise LogStash::ConfigurationError, "The auth_token should be" +
|
214
|
-
"
|
214
|
+
"unreserved characters only, please check the token to ensure it is correct."
|
215
215
|
end
|
216
216
|
|
217
217
|
if (@start_date and @filter)
|
@@ -437,15 +437,26 @@ class LogStash::Inputs::OktaEnterprise < LogStash::Inputs::Base
|
|
437
437
|
end
|
438
438
|
end
|
439
439
|
|
440
|
-
|
441
|
-
|
442
|
-
|
443
|
-
|
444
|
-
|
440
|
+
if (response.body.length > 0)
|
441
|
+
@codec.decode(response.body) do |decoded|
|
442
|
+
event = @target ? LogStash::Event.new(@target => decoded.to_hash) : decoded
|
443
|
+
apply_metadata(event, requested_url, response, exec_time)
|
444
|
+
decorate(event)
|
445
|
+
queue << event
|
446
|
+
end
|
447
|
+
else
|
448
|
+
@codec.decode("{}") do |decoded|
|
449
|
+
event = @target ? LogStash::Event.new(@target => decoded.to_hash) : decoded
|
450
|
+
apply_metadata(event, requested_url, response, exec_time)
|
451
|
+
decorate(event)
|
452
|
+
queue << event
|
453
|
+
end
|
445
454
|
end
|
455
|
+
|
446
456
|
|
447
457
|
if (Array(response.headers["link"]).count > 1)
|
448
458
|
@continue = true
|
459
|
+
@logger.debug("Continue status", :continue => @continue )
|
449
460
|
end
|
450
461
|
|
451
462
|
@logger.info("Successful response returned", :code => response.code, :headers => response.headers)
|
@@ -455,9 +466,9 @@ class LogStash::Inputs::OktaEnterprise < LogStash::Inputs::Base
|
|
455
466
|
@codec.decode(response.body) do |decoded|
|
456
467
|
event = @target ? LogStash::Event.new(@target => decoded.to_hash) : decoded
|
457
468
|
apply_metadata(event, requested_url, response, exec_time)
|
458
|
-
event
|
459
|
-
"validate the auth_token and update the plugin config."
|
460
|
-
event
|
469
|
+
event.set("Okta-Plugin-Status","Auth_token supplied is not valid, " +
|
470
|
+
"validate the auth_token and update the plugin config.")
|
471
|
+
event.set("HTTP-Code",401)
|
461
472
|
event.tag("_okta_response_error")
|
462
473
|
decorate(event)
|
463
474
|
queue << event
|
@@ -473,8 +484,8 @@ class LogStash::Inputs::OktaEnterprise < LogStash::Inputs::Base
|
|
473
484
|
@codec.decode(response.body) do |decoded|
|
474
485
|
event = @target ? LogStash::Event.new(@target => decoded.to_hash) : decoded
|
475
486
|
apply_metadata(event, requested_url, response, exec_time)
|
476
|
-
event
|
477
|
-
event
|
487
|
+
event.set("Okta-Plugin-Status","Filter string was not valid.")
|
488
|
+
event.set("HTTP-Code",400)
|
478
489
|
event.tag("_okta_response_error")
|
479
490
|
decorate(event)
|
480
491
|
queue << event
|
@@ -494,8 +505,8 @@ class LogStash::Inputs::OktaEnterprise < LogStash::Inputs::Base
|
|
494
505
|
@codec.decode(response.body) do |decoded|
|
495
506
|
event = @target ? LogStash::Event.new(@target => decoded.to_hash) : decoded
|
496
507
|
apply_metadata(event, requested_url, response, exec_time)
|
497
|
-
event
|
498
|
-
event
|
508
|
+
event.set("Okta-Plugin-Status","Date was not formatted correctly.")
|
509
|
+
event.set("HTTP-Code",400)
|
499
510
|
event.tag("_okta_response_error")
|
500
511
|
decorate(event)
|
501
512
|
queue << event
|
@@ -526,8 +537,8 @@ class LogStash::Inputs::OktaEnterprise < LogStash::Inputs::Base
|
|
526
537
|
@codec.decode(response.body) do |decoded|
|
527
538
|
event = @target ? LogStash::Event.new(@target => decoded.to_hash) : decoded
|
528
539
|
apply_metadata(event, requested_url, response, exec_time)
|
529
|
-
event
|
530
|
-
event
|
540
|
+
event.set("Okta-Plugin-Status","Unknown error, see Okta error")
|
541
|
+
event.set("HTTP-Code",response.code)
|
531
542
|
event.tag("_okta_response_error")
|
532
543
|
decorate(event)
|
533
544
|
queue << event
|
@@ -548,11 +559,11 @@ class LogStash::Inputs::OktaEnterprise < LogStash::Inputs::Base
|
|
548
559
|
|
549
560
|
event = LogStash::Event.new
|
550
561
|
apply_metadata(event, requested_url, nil, exec_time)
|
551
|
-
event
|
562
|
+
event.set("http_request_failure", {
|
552
563
|
"Okta-Plugin-Status" => "Client Connection Error",
|
553
564
|
"Connection-Error" => exception.message,
|
554
565
|
"backtrace" => exception.backtrace
|
555
|
-
}
|
566
|
+
})
|
556
567
|
event.tag("_http_request_failure")
|
557
568
|
decorate(event)
|
558
569
|
queue << event
|
@@ -563,6 +574,7 @@ class LogStash::Inputs::OktaEnterprise < LogStash::Inputs::Base
|
|
563
574
|
def apply_metadata(event, requested_url, response=nil, exec_time=nil)
|
564
575
|
return unless @metadata_target
|
565
576
|
|
577
|
+
m = {}
|
566
578
|
m = {
|
567
579
|
"host" => @host,
|
568
580
|
"url" => requested_url,
|
@@ -576,7 +588,7 @@ class LogStash::Inputs::OktaEnterprise < LogStash::Inputs::Base
|
|
576
588
|
m["retry_count"] = response.times_retried
|
577
589
|
end
|
578
590
|
|
579
|
-
event
|
591
|
+
event.set(@metadata_target,m)
|
580
592
|
|
581
593
|
end
|
582
594
|
|
@@ -1,6 +1,6 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = 'logstash-input-okta_enterprise'
|
3
|
-
s.version = '0.
|
3
|
+
s.version = '0.2.0'
|
4
4
|
s.licenses = ['Apache License (2.0)']
|
5
5
|
s.summary = 'This plugin fetches log events from Okta'
|
6
6
|
s.description = 'This plugin fetches log events from Okta'
|
@@ -10,7 +10,8 @@ Gem::Specification.new do |s|
|
|
10
10
|
s.require_paths = ['lib']
|
11
11
|
|
12
12
|
# Files
|
13
|
-
s.files = Dir[
|
13
|
+
s.files = Dir["lib/**/*","spec/**/*","*.gemspec","*.md","CONTRIBUTORS","Gemfile","LICENSE","NOTICE.TXT", "vendor/jar-dependencies/**/*.jar", "vendor/jar-dependencies/**/*.rb", "VERSION", "docs/**/*"]
|
14
|
+
|
14
15
|
# Tests
|
15
16
|
s.test_files = s.files.grep(%r{^(test|spec|features)/})
|
16
17
|
|
@@ -18,11 +19,12 @@ Gem::Specification.new do |s|
|
|
18
19
|
s.metadata = { "logstash_plugin" => "true", "logstash_group" => "input" }
|
19
20
|
|
20
21
|
# Gem dependencies
|
21
|
-
|
22
|
-
s.add_runtime_dependency "logstash-core", ">= 2.0.0", "< 3.0.0"
|
22
|
+
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
23
23
|
s.add_runtime_dependency 'logstash-codec-plain'
|
24
|
-
s.add_runtime_dependency 'stud', '
|
25
|
-
|
24
|
+
s.add_runtime_dependency 'stud', '~> 0.0.22'
|
25
|
+
# Retaining logstash 2.4 compat
|
26
|
+
s.add_runtime_dependency 'logstash-mixin-http_client', ">= 2.2.4", "< 7.0.0"
|
27
|
+
#s.add_runtime_dependency 'logstash-mixin-http_client', ">= 5.2.0", "< 7.0.0"
|
26
28
|
s.add_runtime_dependency 'manticore', ">=0.6.1"
|
27
29
|
s.add_runtime_dependency 'rufus-scheduler', "~>3.0.9"
|
28
30
|
|
metadata
CHANGED
@@ -1,35 +1,35 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-input-okta_enterprise
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Security Risk Advisors
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-09-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
15
15
|
requirements:
|
16
16
|
- - ">="
|
17
17
|
- !ruby/object:Gem::Version
|
18
|
-
version:
|
19
|
-
- - "
|
18
|
+
version: '1.60'
|
19
|
+
- - "<="
|
20
20
|
- !ruby/object:Gem::Version
|
21
|
-
version:
|
22
|
-
name: logstash-core
|
21
|
+
version: '2.99'
|
22
|
+
name: logstash-core-plugin-api
|
23
23
|
prerelease: false
|
24
24
|
type: :runtime
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
26
26
|
requirements:
|
27
27
|
- - ">="
|
28
28
|
- !ruby/object:Gem::Version
|
29
|
-
version:
|
30
|
-
- - "
|
29
|
+
version: '1.60'
|
30
|
+
- - "<="
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version:
|
32
|
+
version: '2.99'
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
requirement: !ruby/object:Gem::Requirement
|
35
35
|
requirements:
|
@@ -47,7 +47,7 @@ dependencies:
|
|
47
47
|
- !ruby/object:Gem::Dependency
|
48
48
|
requirement: !ruby/object:Gem::Requirement
|
49
49
|
requirements:
|
50
|
-
- - "
|
50
|
+
- - "~>"
|
51
51
|
- !ruby/object:Gem::Version
|
52
52
|
version: 0.0.22
|
53
53
|
name: stud
|
@@ -55,7 +55,7 @@ dependencies:
|
|
55
55
|
type: :runtime
|
56
56
|
version_requirements: !ruby/object:Gem::Requirement
|
57
57
|
requirements:
|
58
|
-
- - "
|
58
|
+
- - "~>"
|
59
59
|
- !ruby/object:Gem::Version
|
60
60
|
version: 0.0.22
|
61
61
|
- !ruby/object:Gem::Dependency
|
@@ -66,7 +66,7 @@ dependencies:
|
|
66
66
|
version: 2.2.4
|
67
67
|
- - "<"
|
68
68
|
- !ruby/object:Gem::Version
|
69
|
-
version:
|
69
|
+
version: 7.0.0
|
70
70
|
name: logstash-mixin-http_client
|
71
71
|
prerelease: false
|
72
72
|
type: :runtime
|
@@ -77,7 +77,7 @@ dependencies:
|
|
77
77
|
version: 2.2.4
|
78
78
|
- - "<"
|
79
79
|
- !ruby/object:Gem::Version
|
80
|
-
version:
|
80
|
+
version: 7.0.0
|
81
81
|
- !ruby/object:Gem::Dependency
|
82
82
|
requirement: !ruby/object:Gem::Requirement
|
83
83
|
requirements:
|