Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cyberark PAS: Fix handling of non-array CAProperty #31094

Merged
merged 2 commits into from
Apr 5, 2022
Merged

Cyberark PAS: Fix handling of non-array CAProperty #31094

merged 2 commits into from
Apr 5, 2022

Conversation

adriansr
Copy link
Contributor

@adriansr adriansr commented Mar 31, 2022
edited
Loading

What does this PR do?

Fixes handling of the CAProperties.CAProperty field included in events from the Cyberark PAS.

It can be an object instead of an array of objects when a single property is defined.

Why is it important?

Prevents ingestion errors in the above case:

Cannot index event [..] (status=400): {"type":"illegal_argument_exception","reason":"cannot set [CAProperty] with parent object of type [java.lang.String] as part of path [cyberarkpas.audit.CAProperties.CAProperty]"}, dropping event!

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
    - [ ] I have made corresponding changes to the documentation
    - [ ] I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

@adriansr adriansr requested review from a team as code owners March 31, 2022 18:02
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Mar 31, 2022
@mergify
Copy link
Contributor

mergify bot commented Mar 31, 2022

This pull request does not have a backport label. Could you fix it @adriansr? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v./d./d./d is the label to automatically backport to the 7./d branch. /d is the digit

NOTE: backport-skip has been added to this pull request.

@mergify mergify bot added the backport-skip Skip notification from the automated backport with mergify label Mar 31, 2022
@adriansr adriansr added bug review Filebeat Filebeat Team:Security-External Integrations needs_integration_sync Changes in this PR need synced to elastic/integrations. labels Mar 31, 2022
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Mar 31, 2022
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@adriansr adriansr added backport-v8.1.0 Automated backport with mergify backport-v8.2.0 Automated backport with mergify backport-7.17 Automated backport to the 7.17 branch with mergify and removed backport-skip Skip notification from the automated backport with mergify labels Mar 31, 2022
@cmacknz cmacknz removed the request for review from a team March 31, 2022 18:18
@elasticmachine
Copy link
Collaborator

elasticmachine commented Mar 31, 2022
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-04-05T09:51:42.138+0000

  • Duration: 68 min 5 sec

Test stats 🧪

Test Results
Failed 0
Passed 2056
Skipped 159
Total 2215

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@adriansr
Copy link
Contributor Author

adriansr commented Apr 1, 2022

/test

@mergify
Copy link
Contributor

mergify bot commented Apr 4, 2022

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b fix_cyberarkpas_caprops upstream/fix_cyberarkpas_caprops
git merge upstream/main
git push upstream fix_cyberarkpas_caprops

adriansr added 2 commits April 5, 2022 11:50
@adriansr
Cyberark PAS: Fix handling of non-array CAProperty
1885a9d 
The CAProperty field included in events from the Cyberark PAS can be an
object instead of an array in cases when a single property is defined.
@adriansr
Changelog
f48bf4b
@adriansr adriansr force-pushed the fix_cyberarkpas_caprops branch from 76f7708 to f48bf4b Compare April 5, 2022 09:51
@adriansr adriansr merged commit 7b366f9 into elastic:main Apr 5, 2022
@adriansr adriansr deleted the fix_cyberarkpas_caprops branch April 5, 2022 12:59
mergify bot pushed a commit that referenced this pull request Apr 5, 2022
@adriansr
Cyberark PAS: Fix handling of non-array CAProperty (#31094)
3f69118 
The CAProperty field included in events from the Cyberark PAS can be an
object instead of an array in cases when a single property is defined.

(cherry picked from commit 7b366f9)
@mergify mergify bot mentioned this pull request Apr 5, 2022
Merged
mergify bot pushed a commit that referenced this pull request Apr 5, 2022
@adriansr
Cyberark PAS: Fix handling of non-array CAProperty (#31094)
efad85c 
The CAProperty field included in events from the Cyberark PAS can be an
object instead of an array in cases when a single property is defined.

(cherry picked from commit 7b366f9)
@mergify mergify bot mentioned this pull request Apr 5, 2022
Merged
mergify bot pushed a commit that referenced this pull request Apr 5, 2022
@adriansr
Cyberark PAS: Fix handling of non-array CAProperty (#31094)
7a551f0 
The CAProperty field included in events from the Cyberark PAS can be an
object instead of an array in cases when a single property is defined.

(cherry picked from commit 7b366f9)
@mergify mergify bot mentioned this pull request Apr 5, 2022
Merged
adriansr added a commit that referenced this pull request Apr 5, 2022
@mergify @adriansr
Cyberark PAS: Fix handling of non-array CAProperty (#31094) (#31161)
b03b11e 
The CAProperty field included in events from the Cyberark PAS can be an
object instead of an array in cases when a single property is defined.

(cherry picked from commit 7b366f9)

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
emilioalvap pushed a commit to emilioalvap/beats that referenced this pull request Apr 6, 2022
@adriansr @emilioalvap
Cyberark PAS: Fix handling of non-array CAProperty (elastic#31094)
80a8b48 
The CAProperty field included in events from the Cyberark PAS can be an
object instead of an array in cases when a single property is defined.
adriansr added a commit that referenced this pull request Apr 6, 2022
@mergify @adriansr
[7.17](backport #31094) Cyberark PAS: Fix handling of non-array CAPro…
f560c24 
…perty (#31160)

The CAProperty field included in events from the Cyberark PAS can be an
object instead of an array in cases when a single property is defined.

(cherry picked from commit 7b366f9)

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
rdner added a commit that referenced this pull request Apr 7, 2022
@mergify @adriansr @rdner
[8.2](backport #31094) Cyberark PAS: Fix handling of non-array CAProp…
604b41f 
…erty (#31162)

The CAProperty field included in events from the Cyberark PAS can be an
object instead of an array in cases when a single property is defined.

(cherry picked from commit 7b366f9)

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
Co-authored-by: Denis Rechkunov <denis.rechkunov@elastic.co>
kush-elastic pushed a commit to kush-elastic/beats that referenced this pull request May 2, 2022
@adriansr @kush-elastic
Cyberark PAS: Fix handling of non-array CAProperty (elastic#31094)
83229ba 
The CAProperty field included in events from the Cyberark PAS can be an
object instead of an array in cases when a single property is defined.
chrisberkhout pushed a commit that referenced this pull request Jun 1, 2023
@adriansr @chrisberkhout
Cyberark PAS: Fix handling of non-array CAProperty (#31094)
d3256db 
The CAProperty field included in events from the Cyberark PAS can be an
object instead of an array in cases when a single property is defined.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees

@adriansr adriansr

Labels
backport-7.17 Automated backport to the 7.17 branch with mergify backport-v8.1.0 Automated backport with mergify backport-v8.2.0 Automated backport with mergify bug Filebeat Filebeat needs_integration_sync Changes in this PR need synced to elastic/integrations. review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@adriansr @elasticmachine @andrewkroh