Skip to content

jumpcloud: fix start_time errors when source_lag_time is configured#18245

Merged
kcreddy merged 4 commits intoelastic:mainfrom
kcreddy:jumpcloud-date-parsing
Apr 8, 2026
Merged

jumpcloud: fix start_time errors when source_lag_time is configured#18245
kcreddy merged 4 commits intoelastic:mainfrom
kcreddy:jumpcloud-date-parsing

Conversation

@kcreddy
Copy link
Copy Markdown
Contributor

@kcreddy kcreddy commented Apr 7, 2026
edited
Loading

Proposed commit message

jumpcloud: fix start_time errors when source_lag_time is configured

PR #15432 (v1.17.0) added source_lag_time with a guard condition to
clamp start_time when the cursor is ahead of now - source_lag_time.
Two bugs in the implementation cause 400 Bad Request errors from the
JumpCloud API:

1. parseDate uses the default RFC3339 layout, which cannot parse
   JumpCloud's fractional-second timestamps (e.g.
   2023-01-14T08:16:06.495Z). When parsing fails, parseDate silently
   returns zero time, disabling the guard condition entirely.

2. The YAML >- block scalar introduces a trailing newline in the
   if-true branch output. When the guard fires, start_time is sent
   as "2026-03-09T10:46:26Z\n", which JumpCloud rejects as invalid.

Fix (1) by passing "RFC3339Nano" layout to parseDate so it handles
fractional seconds. Fix (2) by adding the -]] trim marker to strip
the trailing newline.

Exercise the source_lag_time code path in the existing system test.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

kcreddy added 2 commits April 7, 2026 16:21
@kcreddy
jumpcloud: fix start_time errors when source_lag_time is configured
e403919 
PR elastic#15432 (v1.17.0) added source_lag_time with a guard condition to
clamp start_time when the cursor is ahead of now - source_lag_time.
Two bugs in the implementation cause 400 Bad Request errors from the
JumpCloud API:

1. parseDate uses the default RFC3339 layout, which cannot parse
   JumpCloud's fractional-second timestamps (e.g.
   2023-01-14T08:16:06.495Z). When parsing fails, parseDate silently
   returns zero time, disabling the guard condition entirely.

2. The YAML >- block scalar introduces a trailing newline in the
   if-true branch output. When the guard fires, start_time is sent
   as "2025-04-01T09:45:26Z\n", which JumpCloud rejects as invalid.

Fix (1) by passing "RFC3339Nano" layout to parseDate so it handles
fractional seconds. Fix (2) by adding the -]] trim marker to strip
the trailing newline.

Add a system test configuration exercising the source_lag_time code
path across multiple polling cycles.
@kcreddy
update pr number
f3c2204
@kcreddy kcreddy self-assigned this Apr 7, 2026
@kcreddy kcreddy added bugfix Pull request that fixes a bug issue Integration:jumpcloud JumpCloud (Community supported) Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Apr 7, 2026
@kcreddy kcreddy marked this pull request as ready for review April 7, 2026 11:02
@kcreddy kcreddy requested a review from a team as a code owner April 7, 2026 11:02
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Apr 7, 2026

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Apr 7, 2026

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

efd6
efd6 approved these changes Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit only.

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Apr 8, 2026

💚 Build Succeeded

History

cc @kcreddy

@kcreddy kcreddy merged commit ff5b279 into elastic:main Apr 8, 2026
9 checks passed
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Apr 8, 2026

Package jumpcloud - 1.17.1 containing this change is available at https://epr.elastic.co/package/jumpcloud/1.17.1/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@efd6 efd6 efd6 approved these changes

Assignees

@kcreddy kcreddy

Labels

bugfix Pull request that fixes a bug issue Integration:jumpcloud JumpCloud (Community supported) Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kcreddy @elasticmachine @efd6