Skip to content

[checkpoint_harmony_endpoint] Auth and pagination fixes #12158

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ShourieG merged 0 commits into from
Dec 24, 2024
Merged

[checkpoint_harmony_endpoint] Auth and pagination fixes #12158

ShourieG merged 0 commits into from
Dec 24, 2024

Conversation

@chrisberkhout
Copy link
Contributor

@chrisberkhout chrisberkhout commented Dec 18, 2024
edited
Loading

Proposed commit message

[checkpoint_harmony_endpoint] Auth and pagination fixes

Bug fixes:

- Select either a saved auth token (if it's not close to expiry) or a
  newly fetched one. Use it for any following request and save it in the
  cursor state. Clear the auth data after any data request that returns
  401. Don't clear the auth data at the end of a sequence of requests.
  Don't use the presence or absence of an auth token to decide which
  data request to make.

- Paginate correctly by advancing the `startTime` and `endTime` query
  parameters.

Other improvements and refactoring:

- Assume a successful response from the auth endpoint, rather explicitly
  trying to set the auth token from the body of an error response.
- Don't try to read `body.message` from an error response, since error
  responses don't have a `message` key.
- Remove the unused `last_page` key from cursor data.
- Remove the redundant `task_ready` key from cursor data and just use
  `page_token` instead. Don't override `page_token` to `null` when it's
  already `null`.
- Use optional access to cursor values for shorter conditions.
- Improve clarity in CEL comments and order of handling.

- Extend the default `interval` and improve the variable descriptions
  for `interval` and `initial_interval`.
- Add the missing definition for one set of rate limiting variables,
  give all definitions default values, and use those variables in the
  input config.
- Note the minimum `page_limit` value in that variable's description.

- System test just one data stream, but make it a better test that
  covers polling and pagination.

Notes:

- All data streams have identical `cel.yml.hbs` files.
- This has been manually tested against a live system.
- API doc: https://app.swaggerhub.com/apis-docs/Check-Point/infinity-events-api/1.0.0

Tasks to complete the draft

  • Handle 401s for any request, not just the query submission
  • Save auth_token expiry information in the cursor, and use to decide when to get a new token
    Example auth response: {"success":true,"data":{"token":"cGibheyJ...","csrf":"a69fe9ac-3764-436c-a254-812a443a6b8d","expires":"Wed, 18 Dec 2024 17:28:31 GMT","expiresIn":1800}}
  • Check whether the system test data needs to be updated.
  • Update the proposed commit message with details of the additional changes.

Review tips

Remember that all the cel.yml.hbs files are identical.

Can be read commit-by-commit, but it's probably best to focus on the bugfix-related logic in the final version.

Turning off whitespace changes in Github or another diff viewer can help a lot, as many lines have indentation changes.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Related issues

@chrisberkhout chrisberkhout added bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Integration:checkpoint_harmony_endpoint Check Point Harmony Endpoint labels Dec 18, 2024
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Dec 18, 2024
edited
Loading

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@chrisberkhout chrisberkhout changed the title [checkpoint_harmony_endpoint] CEL fixes including auth handling [checkpoint_harmony_endpoint] Auth and pagination fixes Dec 19, 2024
@chrisberkhout chrisberkhout marked this pull request as ready for review December 19, 2024 15:09
@chrisberkhout chrisberkhout requested a review from a team as a code owner December 19, 2024 15:09
@elasticmachine
Copy link

elasticmachine commented Dec 19, 2024

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elasticmachine
Copy link

elasticmachine commented Dec 19, 2024

💚 Build Succeeded

History

  • 💚 Build #19702 succeeded b4cb9929a94ae653637f9dc39e7c8f55a09e2e5f
  • 💚 Build #19683 succeeded dec7a683aa555876e9e5c71b89b68c34897c5614

cc @chrisberkhout @ShourieG

@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Dec 19, 2024

Quality Gate failed Quality Gate failed

Failed conditions
33.3% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

@chrisberkhout
Copy link
Contributor Author

chrisberkhout commented Dec 19, 2024

Coverage reduction is because I removed all but one of the system tests. Those tests weren't great and were just cut and pasted versions of each other, for data streams that all have identical input config.

@ShourieG ShourieG removed their assignment Dec 24, 2024
ShourieG
ShourieG approved these changes Dec 24, 2024
View reviewed changes
Copy link
Contributor

@ShourieG ShourieG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, tested manually against live endpoint to cross-check proper operation.

@ShourieG ShourieG merged commit d1a9faf into elastic:main Dec 24, 2024
4 of 5 checks passed
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Dec 24, 2024

Package checkpoint_harmony_endpoint - 0.2.1 containing this change is available at https://epr.elastic.co/package/checkpoint_harmony_endpoint/0.2.1/

harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@chrisberkhout
[checkpoint_harmony_endpoint] Auth and pagination fixes (elastic#12158)
6563103 
* First round of fixes.

- Use optional access to cursor values for shorter conditions.
- Assume a 200 response from the auth endpoint, rather trying to set
  auth_token from the body of an error response.
- Always get an auth token from cursor data or by fetching a new one,
  and then use it for any following request, and...
- Check for the the absence of a task_id to decide when to submit a
  query, instead of always doing it after getting the auth token.
- Don't try to get body.message from an error response, because they
  actually look like this:
    {
      "success": false,
      "error": {
        "status": 400,
        "name": "Bad Request",
        "details": [
          "pageLimit must not be less than 10"
        ]
      }
    }
- Clarify the comments describing each section.

* Note the minimum page_limit value.

* Fix the rate limiting variables.

* Handle 401 responses for all requests that use the auth token.

* Save the auth token after any response. Don't clear the auth token at the end of a sequence.

A new token may be fetched in the middle of a sequence, so all results
need to save it.

* Remove unused last_page key from cursor data.

* Clear the task ID when done (query task returned no results).

* Improve clarity in comments and order of handling.

* Remove redundant task_ready key from cursor date and just use page_token instead. Don't override page_token to null when it's already null.

* Keep the token expiry time and get a new token 5 mins before expiry.

* Advance startTime and endTime parameters.

* Extend the default interval and improve variable descriptions.

* System test just one data stream, but make it a better test, that covers polling and pagination.

* Version bump, changelog entry.
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@chrisberkhout
[checkpoint_harmony_endpoint] Auth and pagination fixes (elastic#12158)
1bbd360 
* First round of fixes.

- Use optional access to cursor values for shorter conditions.
- Assume a 200 response from the auth endpoint, rather trying to set
  auth_token from the body of an error response.
- Always get an auth token from cursor data or by fetching a new one,
  and then use it for any following request, and...
- Check for the the absence of a task_id to decide when to submit a
  query, instead of always doing it after getting the auth token.
- Don't try to get body.message from an error response, because they
  actually look like this:
    {
      "success": false,
      "error": {
        "status": 400,
        "name": "Bad Request",
        "details": [
          "pageLimit must not be less than 10"
        ]
      }
    }
- Clarify the comments describing each section.

* Note the minimum page_limit value.

* Fix the rate limiting variables.

* Handle 401 responses for all requests that use the auth token.

* Save the auth token after any response. Don't clear the auth token at the end of a sequence.

A new token may be fetched in the middle of a sequence, so all results
need to save it.

* Remove unused last_page key from cursor data.

* Clear the task ID when done (query task returned no results).

* Improve clarity in comments and order of handling.

* Remove redundant task_ready key from cursor date and just use page_token instead. Don't override page_token to null when it's already null.

* Keep the token expiry time and get a new token 5 mins before expiry.

* Advance startTime and endTime parameters.

* Extend the default interval and improve variable descriptions.

* System test just one data stream, but make it a better test, that covers polling and pagination.

* Version bump, changelog entry.
@chemamartinez chemamartinez mentioned this pull request Mar 7, 2025
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ShourieG ShourieG ShourieG approved these changes

Assignees

@chrisberkhout chrisberkhout

Labels

bugfix Pull request that fixes a bug issue Integration:checkpoint_harmony_endpoint Check Point Harmony Endpoint Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Checkpoint Harmony Endpoint] - Add support for auto refresh of access tokens via CEL code

3 participants

@chrisberkhout @elasticmachine @ShourieG