Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[LastPass] Fix page index for event reports #9457

Merged
merged 2 commits into from
Mar 28, 2024
Merged

[LastPass] Fix page index for event reports #9457

merged 2 commits into from
Mar 28, 2024

Conversation

kcreddy
Copy link
Contributor

@kcreddy kcreddy commented Mar 27, 2024
edited
Loading

Proposed commit message

The response page index starts with 0 as per the agent logs:
"message":"last received page: &httpjson.response{page:0, .....{\"Event1\":map[string]interface {}{..... \"Time\":\"2024-02-14 21:20:48\", ......,. The response at page 0 contains Event1. But the input's cursor checks page index 1 for Event1 leading to failed template evaluation.
Fixing it by updating the page index to 0.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No Coverage information No data about Coverage
No Duplication information No data about Duplication

See analysis details on SonarQube

@elasticmachine
Copy link

💚 Build Succeeded

@kcreddy kcreddy marked this pull request as ready for review March 27, 2024 08:48
@kcreddy kcreddy requested a review from a team as a code owner March 27, 2024 08:48
@kcreddy kcreddy added the Team:Security-Service Integrations Security Service Integrations Team label Mar 27, 2024
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

efd6
efd6 reviewed Mar 28, 2024
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have a test for this or has it been tested manually?

@kcreddy
Copy link
Contributor Author

kcreddy commented Mar 28, 2024

Do we have a test for this or has it been tested manually?

Don't have the environment to test this. The options would be to test directly in customer environment or add system tests. Let me try and add system test

@kcreddy
Copy link
Contributor Author

kcreddy commented Mar 28, 2024

@efd6, I ran existing system tests: https://github.com/elastic/integrations/blob/main/packages/lastpass/_dev/deploy/docker/files/config.yml#L9-L15

With current version i.e., page index as 1: template execution failed for .cursor.last_time

{
  "@timestamp": "2024-03-28T06:54:07.736Z",
  "message": "last received page: &httpjson.response{page:0, url:url.URL{Scheme:\"http\", Opaque:\"\", User:(*url.Userinfo)(nil), Host:\"elastic-package-service-lastpass-1:8090\", Path:\"\", RawPath:\"\", OmitHost:false, ForceQuery:false, RawQuery:\"from=2024-03-27+06%3A54%3A07\", Fragment:\"\", RawFragment:\"\"}, header:http.Header{\"Content-Length\":[]string{\"319\"}, \"Content-Type\":[]string{\"text/plain; charset=utf-8\"}, \"Date\":[]string{\"Thu, 28 Mar 2024 06:54:07 GMT\"}}, xmlDetails:map[string]xml.Detail(nil), body:map[string]interface {}{\"data\":map[string]interface {}{\"Event1\":map[string]interface {}{\"Action\":\"Failed Login Attempt\", \"Data\":\"\", \"IP_Address\":\"10.16.21.21\", \"Time\":\"2015-07-17 09:51:51\", \"Username\":\"j.user@example.com\"}, \"Event2\":map[string]interface {}{\"Action\":\"Failed Login Attempt\", \"Data\":\"\", \"IP_Address\":\"10.16.21.21\", \"Time\":\"2015-07-17 09:51:56\", \"Username\":\"j.user@example.com\"}}, \"next\":interface {}(nil), \"status\":\"OK\"}}",
  "target": null,
  "value": null,
  "error": null
},
{
  "@timestamp": "2024-03-28T06:54:09.690Z",
  "message": "template execution failed",
  "target": "last_time",
  "value": null,
  "error": {
    "message": "the template result is empty"
  }
}

With this PR change i.e., page index updated to 0:

{
  "@timestamp": "2024-03-28T06:24:23.721Z",
  "message": "last received page: &httpjson.response{page:0, url:url.URL{Scheme:\"http\", Opaque:\"\", User:(*url.Userinfo)(nil), Host:\"elastic-package-service-lastpass-1:8090\", Path:\"\", RawPath:\"\", OmitHost:false, ForceQuery:false, RawQuery:\"from=2024-03-27+06%3A24%3A23\", Fragment:\"\", RawFragment:\"\"}, header:http.Header{\"Content-Length\":[]string{\"319\"}, \"Content-Type\":[]string{\"text/plain; charset=utf-8\"}, \"Date\":[]string{\"Thu, 28 Mar 2024 06:24:23 GMT\"}}, xmlDetails:map[string]xml.Detail(nil), body:map[string]interface {}{\"data\":map[string]interface {}{\"Event1\":map[string]interface {}{\"Action\":\"Failed Login Attempt\", \"Data\":\"\", \"IP_Address\":\"10.16.21.21\", \"Time\":\"2015-07-17 09:51:51\", \"Username\":\"j.user@example.com\"}, \"Event2\":map[string]interface {}{\"Action\":\"Failed Login Attempt\", \"Data\":\"\", \"IP_Address\":\"10.16.21.21\", \"Time\":\"2015-07-17 09:51:56\", \"Username\":\"j.user@example.com\"}}, \"next\":interface {}(nil), \"status\":\"OK\"}}",
  "target": null,
  "value": null,
  "error": null
},
{
  "@timestamp": "2024-03-28T06:24:25.697Z",
  "message": "evaluated template",
  "target": "last_time",
  "value": "2015-07-17 09:51:51",
  "error": null
},
{
  "@timestamp": "2024-03-28T06:24:25.697Z",
  "message": "cursor.last_time stored with 2015-07-17 09:51:51",
  "target": null,
  "value": null,
  "error": null
}

@kcreddy kcreddy merged commit 53696e9 into elastic:main Mar 28, 2024
5 checks passed
@elasticmachine
Copy link

Package lastpass - 1.15.1 containing this change is available at https://epr.elastic.co/search?package=lastpass

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

Assignees
No one assigned
Labels
bugfix Integration:lastpass LastPass Team:Security-Service Integrations Security Service Integrations Team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@kcreddy @elasticmachine @efd6