logstash-input-okta_system_log 0.9.1 → 0.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG.md +2 -0
- data/lib/logstash/inputs/okta_system_log.rb +95 -9
- data/logstash-input-okta_system_log.gemspec +1 -3
- data/spec/inputs/okta_system_log_spec.rb +49 -15
- metadata +13 -28
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: ac642acfaa84ac1de1ea468f54a8569e1707ba799e70f311cc05800108b96a20
|
4
|
+
data.tar.gz: 0e40ff8755bc942a86246c36a412db806d794bca56174a9c3bb7e36829994fb3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3fc3c400b5e20f86f2de968c8fcc996af4924017f8c9dbcf33d611249444cfba8fc7f5a038be57f3c10b8bf94c7c1baa54ef8b39bb1ffa6f30ded61df1ec975e
|
7
|
+
data.tar.gz: 6d3c67ccf03cf06f81f6057e324e757fecbb583918cf74f4f41bb0f92fd31ead55b9214803eb546c19378feb627c9aca8d54f68e8de296cf6a9dd6f8a71398d6
|
data/CHANGELOG.md
CHANGED
@@ -18,6 +18,7 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
|
|
18
18
|
HTTP_OK_200 = 200
|
19
19
|
HTTP_BAD_REQUEST_400 = 400
|
20
20
|
HTTP_UNAUTHORIZED_401 = 401
|
21
|
+
HTTP_TOO_MANY_REQUESTS_429 = 429
|
21
22
|
|
22
23
|
# Sleep Timers
|
23
24
|
SLEEP_API_RATE_LIMIT = 1
|
@@ -86,6 +87,24 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
|
|
86
87
|
# Ex. ["new", "york"]
|
87
88
|
config :q, :validate => :string, :list => true
|
88
89
|
|
90
|
+
# rate_limit will set the pace of collection to the desired limit
|
91
|
+
# Based on: https://developer.okta.com/docs/reference/api/system-log/#system-events
|
92
|
+
# It supports three convenience parameters of RATE_SLOW, RATE_MEDIUM and RATE_FAST
|
93
|
+
# A user can also set a value of 0.1 -> 1.0, the plugin will automatically _floor_
|
94
|
+
# the value to the tenths place
|
95
|
+
# This value represents the percentage of the allocated rate limit to consume
|
96
|
+
# Defaults to RATE_MEDIUM
|
97
|
+
# The default and slower (e.g. lower) parameters will not generate errors
|
98
|
+
# RATE_FAST and faster (e.g. higher) parameters _may_ generate warnings and errors
|
99
|
+
# RATE_SLOW: 0.4
|
100
|
+
# RATE_MEDIUM: 0.5
|
101
|
+
# RATE_FAST: 0.6
|
102
|
+
#
|
103
|
+
# Format: Either the convenience or a string with the decimal of 0.1 -> 1.0
|
104
|
+
# Ex. "RATE_MEDIUM"
|
105
|
+
# Ex. "0.3"
|
106
|
+
config :rate_limit, :validate => :string, :default => "RATE_MEDIUM"
|
107
|
+
|
89
108
|
# The file in which the auth_token for Okta will be contained.
|
90
109
|
# This will contain the auth_token which can have a lot access to your Okta instance.
|
91
110
|
# It cannot be stressed enough how important it is to protect this file.
|
@@ -117,7 +136,7 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
|
|
117
136
|
# This option will reverse that paradigm and exit if a failure occurs
|
118
137
|
#
|
119
138
|
# Format: Boolean
|
120
|
-
config :
|
139
|
+
config :state_file_fatal_failure, :validate => :boolean, :default => false
|
121
140
|
|
122
141
|
# If you'd like to work with the request/response metadata.
|
123
142
|
# Set this value to the name of the field you'd like to store a nested
|
@@ -201,6 +220,11 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
|
|
201
220
|
config :state_file_base, :validate => :string,
|
202
221
|
:obsolete => "state_file_base is obsolete, use state_file_path instead"
|
203
222
|
|
223
|
+
# Based on data from here: https://developer.okta.com/docs/reference/api/system-log/#system-events
|
224
|
+
# -- For One App and Enterprise orgs, the warning is sent when the org is at 60% of its limit.
|
225
|
+
RATE_OPTIONS = {"RATE_SLOW" => 0.4, "RATE_MEDIUM" => 0.5, "RATE_FAST" => 0.6}
|
226
|
+
RATE_OPTIONS.default = false
|
227
|
+
|
204
228
|
public
|
205
229
|
Schedule_types = %w(cron every at in)
|
206
230
|
def register
|
@@ -239,6 +263,12 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
|
|
239
263
|
# Cast to string helps with that
|
240
264
|
# Really only happens during tests and not during normal operations
|
241
265
|
url_obj = URI.parse(@custom_url.to_s)
|
266
|
+
unless (url_obj.kind_of? URI::HTTP or url_obj.kind_of? URI::HTTPS)
|
267
|
+
raise LogStash::ConfigurationError, "Invalid custom_url, " +
|
268
|
+
"please verify the URL. custom_url = #{@custom_url}"
|
269
|
+
@logger.fatal("Invalid custom_url, " +
|
270
|
+
"please verify the URL. custom_url = #{@custom_url}")
|
271
|
+
end
|
242
272
|
rescue URI::InvalidURIError
|
243
273
|
@logger.fatal("Invalid custom_url, " +
|
244
274
|
"please verify the URL. custom_url = #{@custom_url}")
|
@@ -358,6 +388,19 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
|
|
358
388
|
end
|
359
389
|
end
|
360
390
|
|
391
|
+
if (RATE_OPTIONS[@rate_limit] != false)
|
392
|
+
@rate_limit = RATE_OPTIONS[@rate_limit]
|
393
|
+
else
|
394
|
+
@rate_limit = @rate_limit.to_f.floor 1
|
395
|
+
end
|
396
|
+
|
397
|
+
if (@rate_limit < 0.1 or @rate_limit > 1.0)
|
398
|
+
raise LogStash::ConfigurationError, "rate_limit should be between " +
|
399
|
+
"'0.1' and '1.0' or 'RATE_SLOW', 'RATE_MEDIUM' or 'RATE_FAST'"
|
400
|
+
end
|
401
|
+
|
402
|
+
@rate_limit_factor = 1.0 - @rate_limit
|
403
|
+
|
361
404
|
params_event = Hash.new
|
362
405
|
params_event[:limit] = @limit if @limit > 0
|
363
406
|
params_event[:since] = @since if @since
|
@@ -488,7 +531,7 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
|
|
488
531
|
@metadata_function = method(:noop)
|
489
532
|
end
|
490
533
|
|
491
|
-
if (@
|
534
|
+
if (@state_file_fatal_failure)
|
492
535
|
@state_file_failure_function = method(:fatal_state_file)
|
493
536
|
else
|
494
537
|
@state_file_failure_function = method(:error_state_file)
|
@@ -633,7 +676,11 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
|
|
633
676
|
# x.report { n.times { str.match(/<([^>]+)>/).captures[0] } } # (2) 262.166085sec @50000000 times
|
634
677
|
# x.report { n.times { str.split(';')[0][1...-1] } } # (1) 31.673270sec @50000000 times
|
635
678
|
#end
|
636
|
-
|
679
|
+
|
680
|
+
|
681
|
+
@logger.debug("Response headers", :headers => response.headers)
|
682
|
+
@trace_log_method.call("Response body", :body => response.body)
|
683
|
+
|
637
684
|
# Store the next URL to call from the header
|
638
685
|
next_url = nil
|
639
686
|
Array(response.headers["link"]).each do |link_header|
|
@@ -644,7 +691,7 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
|
|
644
691
|
|
645
692
|
if (response.body.length > 0)
|
646
693
|
@codec.decode(response.body) do |decoded|
|
647
|
-
@
|
694
|
+
@trace_log_method.call("Pushing event to queue")
|
648
695
|
event = @target ? LogStash::Event.new(@target => decoded.to_hash) : decoded
|
649
696
|
@metadata_function.call(event, requested_url, response, exec_time)
|
650
697
|
decorate(event)
|
@@ -659,15 +706,16 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
|
|
659
706
|
end
|
660
707
|
end
|
661
708
|
|
709
|
+
|
662
710
|
if (!next_url.nil? and next_url != @url)
|
663
711
|
@url = next_url
|
664
|
-
@
|
665
|
-
|
666
|
-
|
667
|
-
|
712
|
+
if (response.headers['x-rate-limit-remaining'].to_i > response.headers['x-rate-limit-limit'].to_i * @rate_limit_factor and response.headers['x-rate-limit-remaining'].to_i > 0)
|
713
|
+
@continue = true
|
714
|
+
@trace_log_method.call("Rate Limit Status", :remaining => response.headers['x-rate-limit-remaining'].to_i, :limit => response.headers['x-rate-limit-limit'].to_i)
|
715
|
+
end
|
668
716
|
end
|
717
|
+
@logger.debug("Continue status", :continue => @continue )
|
669
718
|
|
670
|
-
@trace_log_method.call("Response body", :body => response.body)
|
671
719
|
|
672
720
|
when HTTP_UNAUTHORIZED_401
|
673
721
|
@codec.decode(response.body) do |decoded|
|
@@ -739,12 +787,50 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
|
|
739
787
|
else
|
740
788
|
handle_unknown_okta_code(queue,response,requested_url,exec_time)
|
741
789
|
end
|
790
|
+
when HTTP_TOO_MANY_REQUESTS_429
|
791
|
+
@codec.decode(response.body) do |decoded|
|
792
|
+
event = @target ? LogStash::Event.new(@target => decoded.to_hash) : decoded
|
793
|
+
@metadata_function.call(event, requested_url, response, exec_time)
|
794
|
+
event.set("okta_response_error", {
|
795
|
+
"okta_plugin_status" => "rate limit exceeded; sleeping.",
|
796
|
+
"http_code" => 429,
|
797
|
+
"okta_error" => "E0000047",
|
798
|
+
"reset_time" => response.headers['x-rate-limit-reset']
|
799
|
+
})
|
800
|
+
event.tag("_okta_response_error")
|
801
|
+
decorate(event)
|
802
|
+
queue << event
|
803
|
+
end
|
804
|
+
|
805
|
+
now = get_epoch
|
806
|
+
sleep_time = (now - response.headers['x-rate-limit-reset'].to_i > 60) ? 60 : now - response.headers['x-rate-limit-reset'].to_i
|
807
|
+
@logger.error("Rate limited exceeded",
|
808
|
+
:response_code => response.code,
|
809
|
+
:okta_error => "E0000047",
|
810
|
+
:sleep_time => sleep_time,
|
811
|
+
:reset_time => response.headers['x-rate-limit-reset'])
|
812
|
+
|
813
|
+
@logger.debug("rate limit error response",
|
814
|
+
:response_body => response.body,
|
815
|
+
:response_headers => response.headers)
|
816
|
+
|
817
|
+
# Use a local function so the test can override it
|
818
|
+
local_sleep sleep_time
|
742
819
|
else
|
743
820
|
handle_unknown_http_code(queue,response,requested_url,exec_time)
|
744
821
|
end
|
745
822
|
|
746
823
|
end # def handle_success
|
747
824
|
|
825
|
+
private
|
826
|
+
def get_epoch()
|
827
|
+
return Time.now.to_i
|
828
|
+
end
|
829
|
+
|
830
|
+
private
|
831
|
+
def local_sleep(time)
|
832
|
+
sleep time
|
833
|
+
end
|
748
834
|
private
|
749
835
|
def handle_unknown_okta_code(queue,response,requested_url,exec_time)
|
750
836
|
@codec.decode(response.body) do |decoded|
|
@@ -1,6 +1,6 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = 'logstash-input-okta_system_log'
|
3
|
-
s.version = '0.
|
3
|
+
s.version = '0.10.0'
|
4
4
|
s.licenses = ['Apache-2.0']
|
5
5
|
s.summary = 'This plugin fetches log events from Okta using the System Log API'
|
6
6
|
s.homepage = 'https://github.com/SecurityRiskAdvisors/logstash-input-okta_system_log'
|
@@ -31,7 +31,5 @@ Gem::Specification.new do |s|
|
|
31
31
|
s.add_development_dependency 'logstash-devutils', '>= 0.0.16'
|
32
32
|
s.add_development_dependency 'flores'
|
33
33
|
s.add_development_dependency 'timecop'
|
34
|
-
s.add_development_dependency 'rake', "~> 12.1.0"
|
35
|
-
|
36
34
|
|
37
35
|
end
|
@@ -15,6 +15,8 @@ describe LogStash::Inputs::OktaSystemLog do
|
|
15
15
|
let(:default_host) { "localhost" }
|
16
16
|
let(:metadata_target) { "_http_poller_metadata" }
|
17
17
|
let(:default_state_file_path) { "/dev/null" }
|
18
|
+
let(:default_header) { {"x-rate-limit-remaining" => 3, "x-rate-limit-limit" => 4} }
|
19
|
+
let(:default_rate_limit) { "RATE_MEDIUM" }
|
18
20
|
|
19
21
|
let(:default_opts) {
|
20
22
|
{
|
@@ -24,6 +26,7 @@ describe LogStash::Inputs::OktaSystemLog do
|
|
24
26
|
"auth_token_key" => default_auth_token_key,
|
25
27
|
"metadata_target" => metadata_target,
|
26
28
|
"state_file_path" => default_state_file_path,
|
29
|
+
"rate_limit" => default_rate_limit,
|
27
30
|
"codec" => "json"
|
28
31
|
}
|
29
32
|
}
|
@@ -68,7 +71,7 @@ describe LogStash::Inputs::OktaSystemLog do
|
|
68
71
|
|
69
72
|
context "custom_url is in an incorrect format" do
|
70
73
|
let(:opts) {
|
71
|
-
opts = default_opts.merge({"custom_url" => "
|
74
|
+
opts = default_opts.merge({"custom_url" => "htp://___/foo/bar"}).clone
|
72
75
|
opts.delete("hostname")
|
73
76
|
opts
|
74
77
|
}
|
@@ -105,6 +108,21 @@ describe LogStash::Inputs::OktaSystemLog do
|
|
105
108
|
include_examples("configuration errors")
|
106
109
|
end
|
107
110
|
|
111
|
+
context "the rate_limit parameter is too large" do
|
112
|
+
let(:opts) { default_opts.merge({"rate_limit" => "1.5"}) }
|
113
|
+
include_examples("configuration errors")
|
114
|
+
end
|
115
|
+
|
116
|
+
context "the rate_limit parameter is too small" do
|
117
|
+
let(:opts) { default_opts.merge({"rate_limit" => "-0.5"}) }
|
118
|
+
include_examples("configuration errors")
|
119
|
+
end
|
120
|
+
|
121
|
+
context "the rate_limit parameter uses a non-standard stand-in" do
|
122
|
+
let(:opts) { default_opts.merge({"rate_limit" => "RATE_CRAWL"}) }
|
123
|
+
include_examples("configuration errors")
|
124
|
+
end
|
125
|
+
|
108
126
|
context "the metadata target is not set" do
|
109
127
|
let(:opts) {
|
110
128
|
opts = default_opts.clone
|
@@ -184,7 +202,8 @@ describe LogStash::Inputs::OktaSystemLog do
|
|
184
202
|
before do
|
185
203
|
subject.client.stub("https://#{default_opts["hostname"]+klass::OKTA_EVENT_LOG_PATH+klass::AUTH_TEST_URL}",
|
186
204
|
:body => "{}",
|
187
|
-
:code => klass::HTTP_OK_200
|
205
|
+
:code => klass::HTTP_OK_200,
|
206
|
+
:headers => default_header
|
188
207
|
)
|
189
208
|
allow(File).to receive(:directory?).with(default_state_file_path) { false }
|
190
209
|
allow(File).to receive(:exist?).with(default_state_file_path) { true }
|
@@ -220,7 +239,8 @@ describe LogStash::Inputs::OktaSystemLog do
|
|
220
239
|
before do
|
221
240
|
instance.client.stub("https://#{default_opts["hostname"]+klass::OKTA_EVENT_LOG_PATH+klass::AUTH_TEST_URL}",
|
222
241
|
:body => "{}",
|
223
|
-
:code => klass::HTTP_OK_200
|
242
|
+
:code => klass::HTTP_OK_200,
|
243
|
+
:headers => default_header
|
224
244
|
)
|
225
245
|
allow(File).to receive(:directory?).and_call_original
|
226
246
|
allow(File).to receive(:directory?).with(default_state_file_path) { false }
|
@@ -341,7 +361,8 @@ describe LogStash::Inputs::OktaSystemLog do
|
|
341
361
|
unless (custom_settings)
|
342
362
|
poller.client.stub("https://#{settings["hostname"]+klass::OKTA_EVENT_LOG_PATH+klass::AUTH_TEST_URL}",
|
343
363
|
:body => "{}",
|
344
|
-
:code => klass::HTTP_OK_200
|
364
|
+
:code => klass::HTTP_OK_200,
|
365
|
+
:headers => default_header
|
345
366
|
)
|
346
367
|
end
|
347
368
|
allow(File).to receive(:directory?).with(default_state_file_path) { false }
|
@@ -429,6 +450,7 @@ describe LogStash::Inputs::OktaSystemLog do
|
|
429
450
|
let(:code) { klass::HTTP_OK_200 }
|
430
451
|
let(:hostname) { default_host }
|
431
452
|
let(:custom_settings) { false }
|
453
|
+
let(:headers) { default_header }
|
432
454
|
|
433
455
|
let(:opts) { default_opts }
|
434
456
|
let(:instance) {
|
@@ -442,7 +464,8 @@ describe LogStash::Inputs::OktaSystemLog do
|
|
442
464
|
before do
|
443
465
|
instance.client.stub("https://#{opts["hostname"]+klass::OKTA_EVENT_LOG_PATH+klass::AUTH_TEST_URL}",
|
444
466
|
:body => "{}",
|
445
|
-
:code => klass::HTTP_OK_200
|
467
|
+
:code => klass::HTTP_OK_200,
|
468
|
+
:headers => headers
|
446
469
|
)
|
447
470
|
allow(File).to receive(:directory?).with(default_state_file_path) { false }
|
448
471
|
allow(File).to receive(:exist?).with(default_state_file_path) { true }
|
@@ -456,9 +479,12 @@ describe LogStash::Inputs::OktaSystemLog do
|
|
456
479
|
allow(instance).to receive(:decorate)
|
457
480
|
instance.client.stub(%r{#{opts["hostname"]}.*},
|
458
481
|
:body => response_body,
|
459
|
-
:code => code
|
482
|
+
:code => code,
|
483
|
+
:headers => headers
|
460
484
|
)
|
461
485
|
|
486
|
+
allow(instance).to receive(:get_epoch) { 1 }
|
487
|
+
allow(instance).to receive(:local_sleep).with(1) { 1 }
|
462
488
|
instance.send(:run_once, queue)
|
463
489
|
end
|
464
490
|
|
@@ -475,7 +501,6 @@ describe LogStash::Inputs::OktaSystemLog do
|
|
475
501
|
context "with an empty body" do
|
476
502
|
let(:response_body) { "" }
|
477
503
|
it "should return an empty event" do
|
478
|
-
instance.send(:run_once, queue)
|
479
504
|
expect(event.get("[_http_poller_metadata][response_headers][content-length]")).to eql("0")
|
480
505
|
end
|
481
506
|
end
|
@@ -488,7 +513,6 @@ describe LogStash::Inputs::OktaSystemLog do
|
|
488
513
|
}
|
489
514
|
|
490
515
|
it "should not have any metadata on the event" do
|
491
|
-
instance.send(:run_once, queue)
|
492
516
|
expect(event.get(metadata_target)).to be_nil
|
493
517
|
end
|
494
518
|
end
|
@@ -510,23 +534,31 @@ describe LogStash::Inputs::OktaSystemLog do
|
|
510
534
|
let(:response_body) { "{}" }
|
511
535
|
|
512
536
|
it "responds to a 500 code", :http_code => 500 do
|
513
|
-
instance.send(:run_once, queue)
|
514
537
|
expect(event.to_hash).to include("http_response_error")
|
515
538
|
expect(event.to_hash["http_response_error"]).to include({"http_code" => code})
|
516
539
|
expect(event.get("tags")).to include('_http_response_error')
|
517
540
|
end
|
518
541
|
it "responds to a 401/Unauthorized code", :http_code => 401 do
|
519
|
-
instance.send(:run_once, queue)
|
520
542
|
expect(event.to_hash).to include("okta_response_error")
|
521
543
|
expect(event.to_hash["okta_response_error"]).to include({"http_code" => code})
|
522
544
|
expect(event.get("tags")).to include('_okta_response_error')
|
523
545
|
end
|
524
546
|
it "responds to a 400 code", :http_code => 400 do
|
525
|
-
instance.send(:run_once, queue)
|
526
547
|
expect(event.to_hash).to include("okta_response_error")
|
527
548
|
expect(event.to_hash["okta_response_error"]).to include({"http_code" => code})
|
528
549
|
expect(event.get("tags")).to include('_okta_response_error')
|
529
550
|
end
|
551
|
+
context "when the request rate limit is reached" do
|
552
|
+
let(:headers) { {"x-rate-limit-remaining" => 0, "x-rate-limit-reset" => 0} }
|
553
|
+
it "reports and sleeps for the designated time", :http_code => 429 do
|
554
|
+
expect(instance).to have_received(:get_epoch)
|
555
|
+
expect(instance).to have_received(:local_sleep).with(1)
|
556
|
+
expect(event.to_hash).to include("okta_response_error")
|
557
|
+
expect(event.to_hash["okta_response_error"]).to include({"http_code" => code})
|
558
|
+
expect(event.to_hash["okta_response_error"]).to include({"reset_time" => 0})
|
559
|
+
expect(event.get("tags")).to include('_okta_response_error')
|
560
|
+
end
|
561
|
+
end
|
530
562
|
context "specific okta errors" do
|
531
563
|
let(:payload) { {:okta_error => "E0000031" } }
|
532
564
|
let(:response_body) { LogStash::Json.dump(payload) }
|
@@ -588,7 +620,8 @@ describe LogStash::Inputs::OktaSystemLog do
|
|
588
620
|
before(:each) do
|
589
621
|
subject.client.stub("https://#{opts["hostname"]+klass::OKTA_EVENT_LOG_PATH+klass::AUTH_TEST_URL}",
|
590
622
|
:body => "{}",
|
591
|
-
:code => klass::HTTP_OK_200
|
623
|
+
:code => klass::HTTP_OK_200,
|
624
|
+
:headers => default_header
|
592
625
|
)
|
593
626
|
end
|
594
627
|
|
@@ -672,7 +705,7 @@ describe LogStash::Inputs::OktaSystemLog do
|
|
672
705
|
|
673
706
|
let(:url_initial) { "https://#{opts["hostname"]+klass::OKTA_EVENT_LOG_PATH}?after=1" }
|
674
707
|
let(:url_final) { "https://#{opts["hostname"]+klass::OKTA_EVENT_LOG_PATH}?after=2" }
|
675
|
-
let(:headers) { {"link" => ["<#{url_initial}>; rel=\"self\"", "<#{url_final}>; rel=\"next\""]} }
|
708
|
+
let(:headers) { default_header.merge({"link" => ["<#{url_initial}>; rel=\"self\"", "<#{url_final}>; rel=\"next\""]}).clone }
|
676
709
|
let(:code) { klass::HTTP_OK_200 }
|
677
710
|
let(:file_path) { opts['state_file_dir'] + opts["state_file_prefix"] }
|
678
711
|
let(:file_obj) { double("file") }
|
@@ -690,7 +723,8 @@ describe LogStash::Inputs::OktaSystemLog do
|
|
690
723
|
|
691
724
|
instance.client.stub("https://#{opts["hostname"]+klass::OKTA_EVENT_LOG_PATH+klass::AUTH_TEST_URL}",
|
692
725
|
:body => "{}",
|
693
|
-
:code => code
|
726
|
+
:code => code,
|
727
|
+
:headers => default_header
|
694
728
|
)
|
695
729
|
instance.register
|
696
730
|
instance.client.stub( url_initial,
|
@@ -707,7 +741,7 @@ describe LogStash::Inputs::OktaSystemLog do
|
|
707
741
|
expect(IO).to receive(:open).with(fd).and_yield(file_obj)
|
708
742
|
expect(file_obj).to receive(:write).with("#{url_final}\n") { url_final.length + 1 }
|
709
743
|
instance.client.stub( url_final,
|
710
|
-
:headers => {:link => "<#{url_final}>; rel=\"self\""},
|
744
|
+
:headers => default_header.merge({:link => "<#{url_final}>; rel=\"self\""}).clone,
|
711
745
|
:body => "{}",
|
712
746
|
:code => code )
|
713
747
|
instance.send(:run_once, queue)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-input-okta_system_log
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.10.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Security Risk Advisors
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-11-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -20,8 +20,8 @@ dependencies:
|
|
20
20
|
- !ruby/object:Gem::Version
|
21
21
|
version: '2.99'
|
22
22
|
name: logstash-core-plugin-api
|
23
|
-
prerelease: false
|
24
23
|
type: :runtime
|
24
|
+
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
26
26
|
requirements:
|
27
27
|
- - ">="
|
@@ -37,8 +37,8 @@ dependencies:
|
|
37
37
|
- !ruby/object:Gem::Version
|
38
38
|
version: '0'
|
39
39
|
name: logstash-codec-plain
|
40
|
-
prerelease: false
|
41
40
|
type: :runtime
|
41
|
+
prerelease: false
|
42
42
|
version_requirements: !ruby/object:Gem::Requirement
|
43
43
|
requirements:
|
44
44
|
- - ">="
|
@@ -51,8 +51,8 @@ dependencies:
|
|
51
51
|
- !ruby/object:Gem::Version
|
52
52
|
version: 0.0.22
|
53
53
|
name: stud
|
54
|
-
prerelease: false
|
55
54
|
type: :runtime
|
55
|
+
prerelease: false
|
56
56
|
version_requirements: !ruby/object:Gem::Requirement
|
57
57
|
requirements:
|
58
58
|
- - "~>"
|
@@ -68,8 +68,8 @@ dependencies:
|
|
68
68
|
- !ruby/object:Gem::Version
|
69
69
|
version: 8.0.0
|
70
70
|
name: logstash-mixin-http_client
|
71
|
-
prerelease: false
|
72
71
|
type: :runtime
|
72
|
+
prerelease: false
|
73
73
|
version_requirements: !ruby/object:Gem::Requirement
|
74
74
|
requirements:
|
75
75
|
- - ">="
|
@@ -85,8 +85,8 @@ dependencies:
|
|
85
85
|
- !ruby/object:Gem::Version
|
86
86
|
version: 3.0.9
|
87
87
|
name: rufus-scheduler
|
88
|
-
prerelease: false
|
89
88
|
type: :runtime
|
89
|
+
prerelease: false
|
90
90
|
version_requirements: !ruby/object:Gem::Requirement
|
91
91
|
requirements:
|
92
92
|
- - "~>"
|
@@ -99,8 +99,8 @@ dependencies:
|
|
99
99
|
- !ruby/object:Gem::Version
|
100
100
|
version: '0'
|
101
101
|
name: logstash-codec-json
|
102
|
-
prerelease: false
|
103
102
|
type: :development
|
103
|
+
prerelease: false
|
104
104
|
version_requirements: !ruby/object:Gem::Requirement
|
105
105
|
requirements:
|
106
106
|
- - ">="
|
@@ -113,8 +113,8 @@ dependencies:
|
|
113
113
|
- !ruby/object:Gem::Version
|
114
114
|
version: '0'
|
115
115
|
name: logstash-codec-line
|
116
|
-
prerelease: false
|
117
116
|
type: :development
|
117
|
+
prerelease: false
|
118
118
|
version_requirements: !ruby/object:Gem::Requirement
|
119
119
|
requirements:
|
120
120
|
- - ">="
|
@@ -127,8 +127,8 @@ dependencies:
|
|
127
127
|
- !ruby/object:Gem::Version
|
128
128
|
version: 0.0.16
|
129
129
|
name: logstash-devutils
|
130
|
-
prerelease: false
|
131
130
|
type: :development
|
131
|
+
prerelease: false
|
132
132
|
version_requirements: !ruby/object:Gem::Requirement
|
133
133
|
requirements:
|
134
134
|
- - ">="
|
@@ -141,8 +141,8 @@ dependencies:
|
|
141
141
|
- !ruby/object:Gem::Version
|
142
142
|
version: '0'
|
143
143
|
name: flores
|
144
|
-
prerelease: false
|
145
144
|
type: :development
|
145
|
+
prerelease: false
|
146
146
|
version_requirements: !ruby/object:Gem::Requirement
|
147
147
|
requirements:
|
148
148
|
- - ">="
|
@@ -155,27 +155,13 @@ dependencies:
|
|
155
155
|
- !ruby/object:Gem::Version
|
156
156
|
version: '0'
|
157
157
|
name: timecop
|
158
|
-
prerelease: false
|
159
158
|
type: :development
|
159
|
+
prerelease: false
|
160
160
|
version_requirements: !ruby/object:Gem::Requirement
|
161
161
|
requirements:
|
162
162
|
- - ">="
|
163
163
|
- !ruby/object:Gem::Version
|
164
164
|
version: '0'
|
165
|
-
- !ruby/object:Gem::Dependency
|
166
|
-
requirement: !ruby/object:Gem::Requirement
|
167
|
-
requirements:
|
168
|
-
- - "~>"
|
169
|
-
- !ruby/object:Gem::Version
|
170
|
-
version: 12.1.0
|
171
|
-
name: rake
|
172
|
-
prerelease: false
|
173
|
-
type: :development
|
174
|
-
version_requirements: !ruby/object:Gem::Requirement
|
175
|
-
requirements:
|
176
|
-
- - "~>"
|
177
|
-
- !ruby/object:Gem::Version
|
178
|
-
version: 12.1.0
|
179
165
|
description:
|
180
166
|
email: security@securityriskadvisors.com
|
181
167
|
executables: []
|
@@ -212,8 +198,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
212
198
|
- !ruby/object:Gem::Version
|
213
199
|
version: '0'
|
214
200
|
requirements: []
|
215
|
-
|
216
|
-
rubygems_version: 2.4.8
|
201
|
+
rubygems_version: 3.0.6
|
217
202
|
signing_key:
|
218
203
|
specification_version: 4
|
219
204
|
summary: This plugin fetches log events from Okta using the System Log API
|