logstash-input-okta_enterprise 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +8 -0
- data/lib/logstash/inputs/okta_enterprise.rb +31 -19
- data/logstash-input-okta_enterprise.gemspec +8 -6
- metadata +13 -13
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b34210b7e44a465d7076fd2e3992f0c0f456edec
|
|
4
|
+
data.tar.gz: c64c72d6963933eec6eb214eab4228e2d2bd6138
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bfa6a760c4583967263d019432138727b3d9c58c4b30195330d0a15fb5687d48032278f09c77f79627720418a5b6e77b45310de161c0aa03f64bd58c4c075af1
|
|
7
|
+
data.tar.gz: 27ef0db080a75a1a08d02a804d9359a1a112f4ca6b70123cf38e9fe1437a1fbb4ef3cc3df0efa6e38dc3c0c1e6115387f7eed86e07fc6742c94a2590ae2bbb1a
|
data/Gemfile
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
1
|
source 'https://rubygems.org'
|
|
2
|
+
|
|
2
3
|
gemspec
|
|
3
4
|
|
|
5
|
+
logstash_path = ENV["LOGSTASH_PATH"] || "../../logstash"
|
|
6
|
+
use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "1"
|
|
7
|
+
|
|
8
|
+
if Dir.exist?(logstash_path) && use_logstash_source
|
|
9
|
+
gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
|
|
10
|
+
gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
|
|
11
|
+
end
|
|
@@ -209,9 +209,9 @@ class LogStash::Inputs::OktaEnterprise < LogStash::Inputs::Base
|
|
|
209
209
|
@auth_token = @auth_token_env
|
|
210
210
|
end
|
|
211
211
|
|
|
212
|
-
unless (@auth_token.index(/[^A-Za-z0-9
|
|
212
|
+
unless (@auth_token.index(/[^A-Za-z0-9\-_~]/).nil?)
|
|
213
213
|
raise LogStash::ConfigurationError, "The auth_token should be" +
|
|
214
|
-
"
|
|
214
|
+
"unreserved characters only, please check the token to ensure it is correct."
|
|
215
215
|
end
|
|
216
216
|
|
|
217
217
|
if (@start_date and @filter)
|
|
@@ -437,15 +437,26 @@ class LogStash::Inputs::OktaEnterprise < LogStash::Inputs::Base
|
|
|
437
437
|
end
|
|
438
438
|
end
|
|
439
439
|
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
440
|
+
if (response.body.length > 0)
|
|
441
|
+
@codec.decode(response.body) do |decoded|
|
|
442
|
+
event = @target ? LogStash::Event.new(@target => decoded.to_hash) : decoded
|
|
443
|
+
apply_metadata(event, requested_url, response, exec_time)
|
|
444
|
+
decorate(event)
|
|
445
|
+
queue << event
|
|
446
|
+
end
|
|
447
|
+
else
|
|
448
|
+
@codec.decode("{}") do |decoded|
|
|
449
|
+
event = @target ? LogStash::Event.new(@target => decoded.to_hash) : decoded
|
|
450
|
+
apply_metadata(event, requested_url, response, exec_time)
|
|
451
|
+
decorate(event)
|
|
452
|
+
queue << event
|
|
453
|
+
end
|
|
445
454
|
end
|
|
455
|
+
|
|
446
456
|
|
|
447
457
|
if (Array(response.headers["link"]).count > 1)
|
|
448
458
|
@continue = true
|
|
459
|
+
@logger.debug("Continue status", :continue => @continue )
|
|
449
460
|
end
|
|
450
461
|
|
|
451
462
|
@logger.info("Successful response returned", :code => response.code, :headers => response.headers)
|
|
@@ -455,9 +466,9 @@ class LogStash::Inputs::OktaEnterprise < LogStash::Inputs::Base
|
|
|
455
466
|
@codec.decode(response.body) do |decoded|
|
|
456
467
|
event = @target ? LogStash::Event.new(@target => decoded.to_hash) : decoded
|
|
457
468
|
apply_metadata(event, requested_url, response, exec_time)
|
|
458
|
-
event
|
|
459
|
-
"validate the auth_token and update the plugin config."
|
|
460
|
-
event
|
|
469
|
+
event.set("Okta-Plugin-Status","Auth_token supplied is not valid, " +
|
|
470
|
+
"validate the auth_token and update the plugin config.")
|
|
471
|
+
event.set("HTTP-Code",401)
|
|
461
472
|
event.tag("_okta_response_error")
|
|
462
473
|
decorate(event)
|
|
463
474
|
queue << event
|
|
@@ -473,8 +484,8 @@ class LogStash::Inputs::OktaEnterprise < LogStash::Inputs::Base
|
|
|
473
484
|
@codec.decode(response.body) do |decoded|
|
|
474
485
|
event = @target ? LogStash::Event.new(@target => decoded.to_hash) : decoded
|
|
475
486
|
apply_metadata(event, requested_url, response, exec_time)
|
|
476
|
-
event
|
|
477
|
-
event
|
|
487
|
+
event.set("Okta-Plugin-Status","Filter string was not valid.")
|
|
488
|
+
event.set("HTTP-Code",400)
|
|
478
489
|
event.tag("_okta_response_error")
|
|
479
490
|
decorate(event)
|
|
480
491
|
queue << event
|
|
@@ -494,8 +505,8 @@ class LogStash::Inputs::OktaEnterprise < LogStash::Inputs::Base
|
|
|
494
505
|
@codec.decode(response.body) do |decoded|
|
|
495
506
|
event = @target ? LogStash::Event.new(@target => decoded.to_hash) : decoded
|
|
496
507
|
apply_metadata(event, requested_url, response, exec_time)
|
|
497
|
-
event
|
|
498
|
-
event
|
|
508
|
+
event.set("Okta-Plugin-Status","Date was not formatted correctly.")
|
|
509
|
+
event.set("HTTP-Code",400)
|
|
499
510
|
event.tag("_okta_response_error")
|
|
500
511
|
decorate(event)
|
|
501
512
|
queue << event
|
|
@@ -526,8 +537,8 @@ class LogStash::Inputs::OktaEnterprise < LogStash::Inputs::Base
|
|
|
526
537
|
@codec.decode(response.body) do |decoded|
|
|
527
538
|
event = @target ? LogStash::Event.new(@target => decoded.to_hash) : decoded
|
|
528
539
|
apply_metadata(event, requested_url, response, exec_time)
|
|
529
|
-
event
|
|
530
|
-
event
|
|
540
|
+
event.set("Okta-Plugin-Status","Unknown error, see Okta error")
|
|
541
|
+
event.set("HTTP-Code",response.code)
|
|
531
542
|
event.tag("_okta_response_error")
|
|
532
543
|
decorate(event)
|
|
533
544
|
queue << event
|
|
@@ -548,11 +559,11 @@ class LogStash::Inputs::OktaEnterprise < LogStash::Inputs::Base
|
|
|
548
559
|
|
|
549
560
|
event = LogStash::Event.new
|
|
550
561
|
apply_metadata(event, requested_url, nil, exec_time)
|
|
551
|
-
event
|
|
562
|
+
event.set("http_request_failure", {
|
|
552
563
|
"Okta-Plugin-Status" => "Client Connection Error",
|
|
553
564
|
"Connection-Error" => exception.message,
|
|
554
565
|
"backtrace" => exception.backtrace
|
|
555
|
-
}
|
|
566
|
+
})
|
|
556
567
|
event.tag("_http_request_failure")
|
|
557
568
|
decorate(event)
|
|
558
569
|
queue << event
|
|
@@ -563,6 +574,7 @@ class LogStash::Inputs::OktaEnterprise < LogStash::Inputs::Base
|
|
|
563
574
|
def apply_metadata(event, requested_url, response=nil, exec_time=nil)
|
|
564
575
|
return unless @metadata_target
|
|
565
576
|
|
|
577
|
+
m = {}
|
|
566
578
|
m = {
|
|
567
579
|
"host" => @host,
|
|
568
580
|
"url" => requested_url,
|
|
@@ -576,7 +588,7 @@ class LogStash::Inputs::OktaEnterprise < LogStash::Inputs::Base
|
|
|
576
588
|
m["retry_count"] = response.times_retried
|
|
577
589
|
end
|
|
578
590
|
|
|
579
|
-
event
|
|
591
|
+
event.set(@metadata_target,m)
|
|
580
592
|
|
|
581
593
|
end
|
|
582
594
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'logstash-input-okta_enterprise'
|
|
3
|
-
s.version = '0.
|
|
3
|
+
s.version = '0.2.0'
|
|
4
4
|
s.licenses = ['Apache License (2.0)']
|
|
5
5
|
s.summary = 'This plugin fetches log events from Okta'
|
|
6
6
|
s.description = 'This plugin fetches log events from Okta'
|
|
@@ -10,7 +10,8 @@ Gem::Specification.new do |s|
|
|
|
10
10
|
s.require_paths = ['lib']
|
|
11
11
|
|
|
12
12
|
# Files
|
|
13
|
-
s.files = Dir[
|
|
13
|
+
s.files = Dir["lib/**/*","spec/**/*","*.gemspec","*.md","CONTRIBUTORS","Gemfile","LICENSE","NOTICE.TXT", "vendor/jar-dependencies/**/*.jar", "vendor/jar-dependencies/**/*.rb", "VERSION", "docs/**/*"]
|
|
14
|
+
|
|
14
15
|
# Tests
|
|
15
16
|
s.test_files = s.files.grep(%r{^(test|spec|features)/})
|
|
16
17
|
|
|
@@ -18,11 +19,12 @@ Gem::Specification.new do |s|
|
|
|
18
19
|
s.metadata = { "logstash_plugin" => "true", "logstash_group" => "input" }
|
|
19
20
|
|
|
20
21
|
# Gem dependencies
|
|
21
|
-
|
|
22
|
-
s.add_runtime_dependency "logstash-core", ">= 2.0.0", "< 3.0.0"
|
|
22
|
+
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
|
23
23
|
s.add_runtime_dependency 'logstash-codec-plain'
|
|
24
|
-
s.add_runtime_dependency 'stud', '
|
|
25
|
-
|
|
24
|
+
s.add_runtime_dependency 'stud', '~> 0.0.22'
|
|
25
|
+
# Retaining logstash 2.4 compat
|
|
26
|
+
s.add_runtime_dependency 'logstash-mixin-http_client', ">= 2.2.4", "< 7.0.0"
|
|
27
|
+
#s.add_runtime_dependency 'logstash-mixin-http_client', ">= 5.2.0", "< 7.0.0"
|
|
26
28
|
s.add_runtime_dependency 'manticore', ">=0.6.1"
|
|
27
29
|
s.add_runtime_dependency 'rufus-scheduler', "~>3.0.9"
|
|
28
30
|
|
metadata
CHANGED
|
@@ -1,35 +1,35 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-input-okta_enterprise
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Security Risk Advisors
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-09-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
15
15
|
requirements:
|
|
16
16
|
- - ">="
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version:
|
|
19
|
-
- - "
|
|
18
|
+
version: '1.60'
|
|
19
|
+
- - "<="
|
|
20
20
|
- !ruby/object:Gem::Version
|
|
21
|
-
version:
|
|
22
|
-
name: logstash-core
|
|
21
|
+
version: '2.99'
|
|
22
|
+
name: logstash-core-plugin-api
|
|
23
23
|
prerelease: false
|
|
24
24
|
type: :runtime
|
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
26
26
|
requirements:
|
|
27
27
|
- - ">="
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
|
-
version:
|
|
30
|
-
- - "
|
|
29
|
+
version: '1.60'
|
|
30
|
+
- - "<="
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version:
|
|
32
|
+
version: '2.99'
|
|
33
33
|
- !ruby/object:Gem::Dependency
|
|
34
34
|
requirement: !ruby/object:Gem::Requirement
|
|
35
35
|
requirements:
|
|
@@ -47,7 +47,7 @@ dependencies:
|
|
|
47
47
|
- !ruby/object:Gem::Dependency
|
|
48
48
|
requirement: !ruby/object:Gem::Requirement
|
|
49
49
|
requirements:
|
|
50
|
-
- - "
|
|
50
|
+
- - "~>"
|
|
51
51
|
- !ruby/object:Gem::Version
|
|
52
52
|
version: 0.0.22
|
|
53
53
|
name: stud
|
|
@@ -55,7 +55,7 @@ dependencies:
|
|
|
55
55
|
type: :runtime
|
|
56
56
|
version_requirements: !ruby/object:Gem::Requirement
|
|
57
57
|
requirements:
|
|
58
|
-
- - "
|
|
58
|
+
- - "~>"
|
|
59
59
|
- !ruby/object:Gem::Version
|
|
60
60
|
version: 0.0.22
|
|
61
61
|
- !ruby/object:Gem::Dependency
|
|
@@ -66,7 +66,7 @@ dependencies:
|
|
|
66
66
|
version: 2.2.4
|
|
67
67
|
- - "<"
|
|
68
68
|
- !ruby/object:Gem::Version
|
|
69
|
-
version:
|
|
69
|
+
version: 7.0.0
|
|
70
70
|
name: logstash-mixin-http_client
|
|
71
71
|
prerelease: false
|
|
72
72
|
type: :runtime
|
|
@@ -77,7 +77,7 @@ dependencies:
|
|
|
77
77
|
version: 2.2.4
|
|
78
78
|
- - "<"
|
|
79
79
|
- !ruby/object:Gem::Version
|
|
80
|
-
version:
|
|
80
|
+
version: 7.0.0
|
|
81
81
|
- !ruby/object:Gem::Dependency
|
|
82
82
|
requirement: !ruby/object:Gem::Requirement
|
|
83
83
|
requirements:
|