New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
forgerock: use dynamic mappings for object fields #8056
Conversation
type: object | ||
object_type: keyword | ||
object_type_mapping_type: '*' | ||
description: Details around the response status. | ||
- name: forgerock.request.detail.action |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I left the specific forgerock.request.detail.*
fields here and below for the documentation they provide. It's not clear to me whether this breaks the dynamic mapping. The same situation is in the specific forgerock.response.detail.*
fields below.
It looks to me like it is OK.
"dynamic_templates": [
{
"forgerock.request.detail.*": {
"path_match": "forgerock.request.detail.*",
"mapping": {
"type": "keyword"
}
}
},
{
"forgerock.http.request.headers.*": {
"path_match": "forgerock.http.request.headers.*",
"mapping": {
"type": "keyword"
}
}
},
{
"forgerock.http.request.queryParameters.*": {
"path_match": "forgerock.http.request.queryParameters.*",
"mapping": {
"type": "keyword"
}
}
},
{
"forgerock.response.detail.*": {
"path_match": "forgerock.response.detail.*",
"mapping": {
"type": "keyword"
}
}
},
{
"strings_as_keyword": {
"match_mapping_type": "string",
"mapping": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
],
description: Specifies the JSON representation of the object prior to the activity. | ||
- name: forgerock.before.sunAMAuthInvalidAttemptsData |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Deleted as it is only here for testing AFAICS. Same for the ... .after. ...
case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"dynamic_templates": [
{
"forgerock.before.*": {
"path_match": "forgerock.before.*",
"mapping": {
"type": "keyword"
}
}
},
{
"forgerock.after.*": {
"path_match": "forgerock.after.*",
"mapping": {
"type": "keyword"
}
}
},
{
"strings_as_keyword": {
"match_mapping_type": "string",
"mapping": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
],
🌐 Coverage report
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
If you're interested in even more validation, I think we have creds in the vault for the testing instance they gave access to for development
Package forgerock - 1.11.0 containing this change is available at https://epr.elastic.co/search?package=forgerock |
Proposed commit message
See title.
Checklist
changelog.yml
file.Author's Checklist
How to test this PR locally
Related issues
Screenshots