Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[crowdstrike] Fix multi-line string handling for config variable #2701

Merged
merged 1 commit into from
Feb 16, 2022
Merged

[crowdstrike] Fix multi-line string handling for config variable #2701

merged 1 commit into from
Feb 16, 2022

Conversation

andrewkroh
Copy link
Member

@andrewkroh andrewkroh commented Feb 15, 2022
edited
Loading

What does this PR do?

The default value for fdr_parsing_script is a multline string. When the handlebar
template was evaluated this created invalid YAML. By changing the variable type to
'yaml' Kibana produces config that is valid. It looks like

sqs.notification_parsing_script.source: >-
      function parse(n) { var m = JSON.parse(n); var evts = []; var files =
      m.files; ...

I cannot find any documentation for the 'yaml' variable type so I hoping this is how it was
expected to be used.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Related issues

Screenshots

Before:
Screen Shot 2022-02-15 at 5 40 43 PM

After:
Screen Shot 2022-02-15 at 5 46 13 PM

@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@andrewkroh andrewkroh force-pushed the crowdstrike/bugfix/fdr-parse-script-yaml branch from 225ff2f to 7689cd0 Compare February 15, 2022 23:32
@andrewkroh andrewkroh requested a review from a team February 15, 2022 23:34
@andrewkroh andrewkroh force-pushed the crowdstrike/bugfix/fdr-parse-script-yaml branch from 7689cd0 to 65a8256 Compare February 15, 2022 23:36
@elasticmachine
Copy link

elasticmachine commented Feb 15, 2022
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-02-15T23:37:29.968+0000

  • Duration: 21 min 2 sec

Test stats 🧪

Test Results
Failed 0
Passed 13
Skipped 0
Total 13

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@andrewkroh
Fix multi-line string handling for config variable
7d13272 
The default value for `fdr_parsing_script` is a multline string. When the handlebar
template was evaluated this created invalid YAML. By changing the variable type to
'yaml' Kibana produces config that is valid. It looks like

    sqs.notification_parsing_script.source: >-
          function parse(n) { var m = JSON.parse(n); var evts = []; var files =
          m.files; ...

I cannot find any documentation for the 'yaml' variable type so I hoping this is how it was
expected to be used.

Fixes elastic#2646
@andrewkroh andrewkroh force-pushed the crowdstrike/bugfix/fdr-parse-script-yaml branch from 65a8256 to 7d13272 Compare February 15, 2022 23:36
efd6
efd6 approved these changes Feb 16, 2022
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM mod knowing that this is how it's supposed to be used.

@andrewkroh andrewkroh merged commit 015b22e into elastic:main Feb 16, 2022
This was referenced Feb 16, 2022
Merged
Closed
@jen-huang jen-huang mentioned this pull request Feb 17, 2022
Open
eyalkraft pushed a commit to build-security/integrations that referenced this pull request Mar 30, 2022
@andrewkroh
Fix multi-line string handling for config variable (elastic#2701)
06ecb19 
The default value for `fdr_parsing_script` is a multline string. When the handlebar
template was evaluated this created invalid YAML. By changing the variable type to
'yaml' Kibana produces config that is valid. It looks like

    sqs.notification_parsing_script.source: >-
          function parse(n) { var m = JSON.parse(n); var evts = []; var files =
          m.files; ...

I cannot find any documentation for the 'yaml' variable type so I hoping this is how it was
expected to be used.

Fixes elastic#2646
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

Assignees
No one assigned
Labels
bug Something isn't working Integration:Crowdstrike
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[crowdstrike] 'Is FDR queue' option not being honored
3 participants
@andrewkroh @elasticmachine @efd6