logstash-input-okta_system_log 0.9.1 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 2057148c528cf4a3379996d138d25279324d4f49
-  data.tar.gz: 3f82e07a5676108103b9e136b5f8c58673054193
+SHA256:
+  metadata.gz: ac642acfaa84ac1de1ea468f54a8569e1707ba799e70f311cc05800108b96a20
+  data.tar.gz: 0e40ff8755bc942a86246c36a412db806d794bca56174a9c3bb7e36829994fb3
 SHA512:
-  metadata.gz: 2d5363d850f9b6567f229a2e9d15fbe99a1cb0a4182cadb69e4ce599cd4cbe1caa1ee712304270d2ab4426883de4bc89ac85ae5761b38889affcbffac0d0797e
-  data.tar.gz: b1dfc1ced00b797b42233ae2c74d8643128d26d3979d53903b23d88362f6158e968d6f5757bf160ee4daea601b35a21343855dbad3707d682abb31cb02983399
+  metadata.gz: 3fc3c400b5e20f86f2de968c8fcc996af4924017f8c9dbcf33d611249444cfba8fc7f5a038be57f3c10b8bf94c7c1baa54ef8b39bb1ffa6f30ded61df1ec975e
+  data.tar.gz: 6d3c67ccf03cf06f81f6057e324e757fecbb583918cf74f4f41bb0f92fd31ead55b9214803eb546c19378feb627c9aca8d54f68e8de296cf6a9dd6f8a71398d6

data/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.10.0
+  - Use the new rate limit API headers
 ## 0.9.1
   - Updates dependencies to standard
 ## 0.9.0

data/lib/logstash/inputs/okta_system_log.rb

@@ -18,6 +18,7 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
   HTTP_OK_200 = 200
   HTTP_BAD_REQUEST_400 = 400
   HTTP_UNAUTHORIZED_401 = 401
+  HTTP_TOO_MANY_REQUESTS_429 = 429
    
   # Sleep Timers
   SLEEP_API_RATE_LIMIT = 1
@@ -86,6 +87,24 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
   # Ex. ["new", "york"]
   config :q, :validate => :string, :list => true
 
+  # rate_limit will set the pace of collection to the desired limit
+  # Based on: https://developer.okta.com/docs/reference/api/system-log/#system-events
+  # It supports three convenience parameters of RATE_SLOW, RATE_MEDIUM and RATE_FAST
+  # A user can also set a value of 0.1 -> 1.0, the plugin will automatically _floor_
+  #   the value to the tenths place
+  #   This value represents the percentage of the allocated rate limit to consume
+  # Defaults to RATE_MEDIUM
+  # The default and slower (e.g. lower)  parameters will not generate errors
+  # RATE_FAST and faster (e.g. higher) parameters _may_ generate warnings and errors
+  # RATE_SLOW: 0.4
+  # RATE_MEDIUM: 0.5
+  # RATE_FAST: 0.6
+  #
+  # Format: Either the convenience or a string with the decimal of 0.1 -> 1.0
+  # Ex. "RATE_MEDIUM"
+  # Ex. "0.3"
+  config :rate_limit, :validate => :string, :default => "RATE_MEDIUM"
+
   # The file in which the auth_token for Okta will be contained.
   # This will contain the auth_token which can have a lot access to your Okta instance.
   # It cannot be stressed enough how important it is to protect this file.
@@ -117,7 +136,7 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
   # This option will reverse that paradigm and exit if a failure occurs
   #
   # Format: Boolean
-  config :state_file_fatal_falure, :validate => :boolean, :default => false
+  config :state_file_fatal_failure, :validate => :boolean, :default => false
 
   # If you'd like to work with the request/response metadata.
   # Set this value to the name of the field you'd like to store a nested
@@ -201,6 +220,11 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
   config :state_file_base, :validate => :string,
     :obsolete => "state_file_base is obsolete, use state_file_path instead"
  
+  # Based on data from here: https://developer.okta.com/docs/reference/api/system-log/#system-events
+  # -- For One App and Enterprise orgs, the warning is sent when the org is at 60% of its limit.
+  RATE_OPTIONS = {"RATE_SLOW" => 0.4, "RATE_MEDIUM" => 0.5, "RATE_FAST" => 0.6}
+  RATE_OPTIONS.default = false
+
   public
   Schedule_types = %w(cron every at in)
   def register
@@ -239,6 +263,12 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
         # Cast to string helps with that
         # Really only happens during tests and not during normal operations
         url_obj = URI.parse(@custom_url.to_s)
+        unless (url_obj.kind_of? URI::HTTP or url_obj.kind_of? URI::HTTPS)
+          raise LogStash::ConfigurationError, "Invalid custom_url, " +
+            "please verify the URL. custom_url = #{@custom_url}"
+          @logger.fatal("Invalid custom_url, " +
+            "please verify the URL. custom_url = #{@custom_url}")
+        end
       rescue URI::InvalidURIError
         @logger.fatal("Invalid custom_url, " +
           "please verify the URL. custom_url = #{@custom_url}")
@@ -358,6 +388,19 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
       end
     end
 
+    if (RATE_OPTIONS[@rate_limit] != false)
+      @rate_limit = RATE_OPTIONS[@rate_limit]
+    else
+      @rate_limit = @rate_limit.to_f.floor 1
+    end
+
+    if (@rate_limit < 0.1 or @rate_limit > 1.0)
+      raise LogStash::ConfigurationError, "rate_limit should be between " +
+        "'0.1' and '1.0' or 'RATE_SLOW', 'RATE_MEDIUM' or 'RATE_FAST'"
+    end
+
+    @rate_limit_factor = 1.0 - @rate_limit
+
     params_event = Hash.new
     params_event[:limit] = @limit if @limit > 0
     params_event[:since] = @since if @since
@@ -488,7 +531,7 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
       @metadata_function = method(:noop)
     end
 
-    if (@state_file_fatal_falure)
+    if (@state_file_fatal_failure)
       @state_file_failure_function = method(:fatal_state_file)
     else
       @state_file_failure_function = method(:error_state_file)
@@ -633,7 +676,11 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
       #  x.report { n.times { str.match(/<([^>]+)>/).captures[0] } } # (2) 262.166085sec @50000000 times
       #  x.report { n.times { str.split(';')[0][1...-1] } } # (1) 31.673270sec @50000000 times
       #end
-      
+
+
+      @logger.debug("Response headers", :headers => response.headers)
+      @trace_log_method.call("Response body", :body => response.body)
+
       # Store the next URL to call from the header
       next_url = nil
       Array(response.headers["link"]).each do |link_header|
@@ -644,7 +691,7 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
 
       if (response.body.length > 0)
         @codec.decode(response.body) do |decoded|
-          @logger.debug("Pushing event to queue")
+          @trace_log_method.call("Pushing event to queue")
           event = @target ? LogStash::Event.new(@target => decoded.to_hash) : decoded
           @metadata_function.call(event, requested_url, response, exec_time)
           decorate(event)
@@ -659,15 +706,16 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
         end
       end
 
+
       if (!next_url.nil? and next_url != @url)
         @url = next_url
-        @continue = true
-        @logger.debug("Continue status", :continue => @continue  )
-        # Add a sleep since we're gonna hit the API again
-        sleep SLEEP_API_RATE_LIMIT
+        if (response.headers['x-rate-limit-remaining'].to_i > response.headers['x-rate-limit-limit'].to_i * @rate_limit_factor and response.headers['x-rate-limit-remaining'].to_i > 0)
+          @continue = true
+          @trace_log_method.call("Rate Limit Status", :remaining => response.headers['x-rate-limit-remaining'].to_i, :limit => response.headers['x-rate-limit-limit'].to_i)
+        end
       end
+      @logger.debug("Continue status", :continue => @continue  )
 
-      @trace_log_method.call("Response body", :body => response.body)
 
     when HTTP_UNAUTHORIZED_401
       @codec.decode(response.body) do |decoded|
@@ -739,12 +787,50 @@ class LogStash::Inputs::OktaSystemLog < LogStash::Inputs::Base
       else
         handle_unknown_okta_code(queue,response,requested_url,exec_time)
       end
+    when HTTP_TOO_MANY_REQUESTS_429
+         @codec.decode(response.body) do |decoded|
+          event = @target ? LogStash::Event.new(@target => decoded.to_hash) : decoded
+          @metadata_function.call(event, requested_url, response, exec_time)
+          event.set("okta_response_error", {
+            "okta_plugin_status" => "rate limit exceeded; sleeping.",
+            "http_code" => 429,
+            "okta_error" => "E0000047",
+            "reset_time" => response.headers['x-rate-limit-reset']
+          })
+          event.tag("_okta_response_error")
+          decorate(event)
+          queue << event
+        end
+
+        now = get_epoch
+        sleep_time = (now - response.headers['x-rate-limit-reset'].to_i > 60) ? 60 : now - response.headers['x-rate-limit-reset'].to_i
+        @logger.error("Rate limited exceeded",
+          :response_code => response.code,
+          :okta_error => "E0000047",
+          :sleep_time => sleep_time,
+          :reset_time => response.headers['x-rate-limit-reset'])
+
+        @logger.debug("rate limit error response",
+          :response_body => response.body,
+          :response_headers => response.headers)
+
+        # Use a local function so the test can override it
+        local_sleep sleep_time
     else
       handle_unknown_http_code(queue,response,requested_url,exec_time)
     end
 
   end # def handle_success
 
+  private
+  def get_epoch()
+    return Time.now.to_i
+  end
+
+  private
+  def local_sleep(time)
+    sleep time
+  end
   private
   def handle_unknown_okta_code(queue,response,requested_url,exec_time)
     @codec.decode(response.body) do |decoded|

data/logstash-input-okta_system_log.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name          = 'logstash-input-okta_system_log'
-  s.version       = '0.9.1'
+  s.version       = '0.10.0'
   s.licenses      = ['Apache-2.0']
   s.summary       = 'This plugin fetches log events from Okta using the System Log API'
   s.homepage      = 'https://github.com/SecurityRiskAdvisors/logstash-input-okta_system_log'
@@ -31,7 +31,5 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'logstash-devutils', '>= 0.0.16'
   s.add_development_dependency 'flores'
   s.add_development_dependency 'timecop'
-  s.add_development_dependency 'rake', "~> 12.1.0"
-
 
 end

data/spec/inputs/okta_system_log_spec.rb

@@ -15,6 +15,8 @@ describe LogStash::Inputs::OktaSystemLog do
   let(:default_host) { "localhost" }
   let(:metadata_target) { "_http_poller_metadata" }
   let(:default_state_file_path) { "/dev/null" }
+  let(:default_header) { {"x-rate-limit-remaining" => 3, "x-rate-limit-limit" => 4} }
+  let(:default_rate_limit) { "RATE_MEDIUM" }
 
   let(:default_opts) {
     {
@@ -24,6 +26,7 @@ describe LogStash::Inputs::OktaSystemLog do
       "auth_token_key" => default_auth_token_key,
       "metadata_target" => metadata_target,
       "state_file_path" => default_state_file_path,
+      "rate_limit"  => default_rate_limit,
       "codec" => "json"
     }
   }
@@ -68,7 +71,7 @@ describe LogStash::Inputs::OktaSystemLog do
 
     context "custom_url is in an incorrect format" do
       let(:opts) { 
-        opts = default_opts.merge({"custom_url" => "http://___/foo/bar"}).clone
+        opts = default_opts.merge({"custom_url" => "htp://___/foo/bar"}).clone
         opts.delete("hostname")
         opts
       }
@@ -105,6 +108,21 @@ describe LogStash::Inputs::OktaSystemLog do
       include_examples("configuration errors")
     end
 
+    context "the rate_limit parameter is too large" do
+      let(:opts) { default_opts.merge({"rate_limit" => "1.5"}) }
+      include_examples("configuration errors")
+    end
+
+    context "the rate_limit parameter is too small" do
+      let(:opts) { default_opts.merge({"rate_limit" => "-0.5"}) }
+      include_examples("configuration errors")
+    end
+
+    context "the rate_limit parameter uses a non-standard stand-in" do
+      let(:opts) { default_opts.merge({"rate_limit" => "RATE_CRAWL"}) }
+      include_examples("configuration errors")
+    end
+
     context "the metadata target is not set" do
       let(:opts) { 
         opts = default_opts.clone
@@ -184,7 +202,8 @@ describe LogStash::Inputs::OktaSystemLog do
     before do
         subject.client.stub("https://#{default_opts["hostname"]+klass::OKTA_EVENT_LOG_PATH+klass::AUTH_TEST_URL}", 
                             :body => "{}",
-                            :code => klass::HTTP_OK_200
+                            :code => klass::HTTP_OK_200,
+                            :headers => default_header
         )
        allow(File).to receive(:directory?).with(default_state_file_path) { false }
        allow(File).to receive(:exist?).with(default_state_file_path) { true }
@@ -220,7 +239,8 @@ describe LogStash::Inputs::OktaSystemLog do
     before do
       instance.client.stub("https://#{default_opts["hostname"]+klass::OKTA_EVENT_LOG_PATH+klass::AUTH_TEST_URL}", 
                           :body => "{}",
-                          :code => klass::HTTP_OK_200
+                          :code => klass::HTTP_OK_200,
+                          :headers => default_header
       )
        allow(File).to receive(:directory?).and_call_original
        allow(File).to receive(:directory?).with(default_state_file_path) { false }
@@ -341,7 +361,8 @@ describe LogStash::Inputs::OktaSystemLog do
         unless (custom_settings)
           poller.client.stub("https://#{settings["hostname"]+klass::OKTA_EVENT_LOG_PATH+klass::AUTH_TEST_URL}", 
                               :body => "{}",
-                              :code => klass::HTTP_OK_200
+                              :code => klass::HTTP_OK_200,
+                              :headers => default_header
                               )
         end
         allow(File).to receive(:directory?).with(default_state_file_path) { false }
@@ -429,6 +450,7 @@ describe LogStash::Inputs::OktaSystemLog do
       let(:code) { klass::HTTP_OK_200 }
       let(:hostname) { default_host }
       let(:custom_settings) { false }
+      let(:headers) { default_header }
 
       let(:opts) { default_opts }
       let(:instance) {
@@ -442,7 +464,8 @@ describe LogStash::Inputs::OktaSystemLog do
       before do
         instance.client.stub("https://#{opts["hostname"]+klass::OKTA_EVENT_LOG_PATH+klass::AUTH_TEST_URL}", 
                             :body => "{}",
-                            :code => klass::HTTP_OK_200
+                            :code => klass::HTTP_OK_200,
+                            :headers => headers
                             )
         allow(File).to receive(:directory?).with(default_state_file_path) { false }
         allow(File).to receive(:exist?).with(default_state_file_path) { true }
@@ -456,9 +479,12 @@ describe LogStash::Inputs::OktaSystemLog do
         allow(instance).to receive(:decorate)
         instance.client.stub(%r{#{opts["hostname"]}.*}, 
                              :body => response_body,
-                             :code => code
+                             :code => code,
+                             :headers => headers
         )
 
+        allow(instance).to receive(:get_epoch) { 1 }
+        allow(instance).to receive(:local_sleep).with(1) { 1 }
         instance.send(:run_once, queue)
       end
 
@@ -475,7 +501,6 @@ describe LogStash::Inputs::OktaSystemLog do
       context "with an empty body" do
         let(:response_body) { "" }
         it "should return an empty event" do
-          instance.send(:run_once, queue)
           expect(event.get("[_http_poller_metadata][response_headers][content-length]")).to eql("0")
         end
       end
@@ -488,7 +513,6 @@ describe LogStash::Inputs::OktaSystemLog do
         }
 
         it "should not have any metadata on the event" do
-          instance.send(:run_once, queue)
           expect(event.get(metadata_target)).to be_nil
         end
       end
@@ -510,23 +534,31 @@ describe LogStash::Inputs::OktaSystemLog do
         let(:response_body) { "{}" }
 
         it "responds to a 500 code", :http_code => 500 do
-          instance.send(:run_once, queue)
           expect(event.to_hash).to include("http_response_error")
           expect(event.to_hash["http_response_error"]).to include({"http_code" => code})
           expect(event.get("tags")).to include('_http_response_error')
         end
         it "responds to a 401/Unauthorized code", :http_code => 401 do
-          instance.send(:run_once, queue)
           expect(event.to_hash).to include("okta_response_error")
           expect(event.to_hash["okta_response_error"]).to include({"http_code" => code})
           expect(event.get("tags")).to include('_okta_response_error')
         end
         it "responds to a 400 code", :http_code => 400 do
-          instance.send(:run_once, queue)
           expect(event.to_hash).to include("okta_response_error")
           expect(event.to_hash["okta_response_error"]).to include({"http_code" => code})
           expect(event.get("tags")).to include('_okta_response_error')
         end
+        context "when the request rate limit is reached" do
+          let(:headers) { {"x-rate-limit-remaining" => 0, "x-rate-limit-reset" => 0} }
+          it "reports and sleeps for the designated time", :http_code => 429  do
+            expect(instance).to have_received(:get_epoch)
+            expect(instance).to have_received(:local_sleep).with(1)
+            expect(event.to_hash).to include("okta_response_error")
+            expect(event.to_hash["okta_response_error"]).to include({"http_code" => code})
+            expect(event.to_hash["okta_response_error"]).to include({"reset_time" => 0})
+            expect(event.get("tags")).to include('_okta_response_error')
+          end
+        end
         context "specific okta errors" do
           let(:payload) { {:okta_error => "E0000031" } }
           let(:response_body) { LogStash::Json.dump(payload) }
@@ -588,7 +620,8 @@ describe LogStash::Inputs::OktaSystemLog do
       before(:each) do
         subject.client.stub("https://#{opts["hostname"]+klass::OKTA_EVENT_LOG_PATH+klass::AUTH_TEST_URL}", 
                             :body => "{}",
-                            :code => klass::HTTP_OK_200
+                            :code => klass::HTTP_OK_200,
+                            :headers => default_header
                             )
       end
 
@@ -672,7 +705,7 @@ describe LogStash::Inputs::OktaSystemLog do
       
       let(:url_initial) { "https://#{opts["hostname"]+klass::OKTA_EVENT_LOG_PATH}?after=1" }
       let(:url_final) { "https://#{opts["hostname"]+klass::OKTA_EVENT_LOG_PATH}?after=2" }
-      let(:headers) { {"link" => ["<#{url_initial}>; rel=\"self\"", "<#{url_final}>; rel=\"next\""]} }
+      let(:headers) { default_header.merge({"link" => ["<#{url_initial}>; rel=\"self\"", "<#{url_final}>; rel=\"next\""]}).clone }
       let(:code) { klass::HTTP_OK_200 }
       let(:file_path) { opts['state_file_dir'] + opts["state_file_prefix"] }
       let(:file_obj) { double("file") }
@@ -690,7 +723,8 @@ describe LogStash::Inputs::OktaSystemLog do
 
         instance.client.stub("https://#{opts["hostname"]+klass::OKTA_EVENT_LOG_PATH+klass::AUTH_TEST_URL}", 
                             :body => "{}",
-                            :code => code
+                            :code => code,
+                            :headers => default_header
                             )
         instance.register
         instance.client.stub( url_initial,
@@ -707,7 +741,7 @@ describe LogStash::Inputs::OktaSystemLog do
         expect(IO).to receive(:open).with(fd).and_yield(file_obj)
         expect(file_obj).to receive(:write).with("#{url_final}\n") { url_final.length + 1 }
         instance.client.stub( url_final,
-          :headers => {:link => "<#{url_final}>; rel=\"self\""},
+          :headers => default_header.merge({:link => "<#{url_final}>; rel=\"self\""}).clone,
           :body => "{}",
           :code => code )
         instance.send(:run_once, queue)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-input-okta_system_log
 version: !ruby/object:Gem::Version
-  version: 0.9.1
+  version: 0.10.0
 platform: ruby
 authors:
 - Security Risk Advisors
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-10-15 00:00:00.000000000 Z
+date: 2020-11-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -20,8 +20,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.99'
   name: logstash-core-plugin-api
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -37,8 +37,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-codec-plain
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -51,8 +51,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.0.22
   name: stud
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -68,8 +68,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 8.0.0
   name: logstash-mixin-http_client
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -85,8 +85,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 3.0.9
   name: rufus-scheduler
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -99,8 +99,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-codec-json
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -113,8 +113,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-codec-line
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -127,8 +127,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.0.16
   name: logstash-devutils
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -141,8 +141,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: flores
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -155,27 +155,13 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: timecop
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 12.1.0
-  name: rake
-  prerelease: false
-  type: :development
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 12.1.0
 description:
 email: security@securityriskadvisors.com
 executables: []
@@ -212,8 +198,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.4.8
+rubygems_version: 3.0.6
 signing_key:
 specification_version: 4
 summary: This plugin fetches log events from Okta using the System Log API