diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 8ebc79340811..10acecb4f81f 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -235,6 +235,7 @@ is collected by it. - Allow http_endpoint input to receive PUT and PATCH requests. {pull}36734[36734] - Add cache processor. {pull}36786[36786] - Avoid unwanted publication of Azure entity records. {pull}36753[36753] +- Avoid unwanted publication of Okta entity records. {pull}36770[36770] *Auditbeat* diff --git a/x-pack/filebeat/input/entityanalytics/provider/okta/conf.go b/x-pack/filebeat/input/entityanalytics/provider/okta/conf.go index e344b56478fc..eb0906e78d54 100644 --- a/x-pack/filebeat/input/entityanalytics/provider/okta/conf.go +++ b/x-pack/filebeat/input/entityanalytics/provider/okta/conf.go @@ -168,3 +168,21 @@ func (c *conf) Validate() error { return errors.New("dataset must be 'all', 'users', 'devices' or empty") } } + +func (c *conf) wantUsers() bool { + switch strings.ToLower(c.Dataset) { + case "", "all", "users": + return true + default: + return false + } +} + +func (c *conf) wantDevices() bool { + switch strings.ToLower(c.Dataset) { + case "", "all", "devices": + return true + default: + return false + } +} diff --git a/x-pack/filebeat/input/entityanalytics/provider/okta/okta.go b/x-pack/filebeat/input/entityanalytics/provider/okta/okta.go index 4aff3cd3e595..d56ae7570600 100644 --- a/x-pack/filebeat/input/entityanalytics/provider/okta/okta.go +++ b/x-pack/filebeat/input/entityanalytics/provider/okta/okta.go @@ -12,7 +12,6 @@ import ( "io" "net/http" "net/url" - "strings" "time" "github.com/hashicorp/go-retryablehttp" @@ -253,16 +252,22 @@ func (p *oktaInput) runFullSync(inputCtx v2.Context, store *kvstore.Store, clien return err } - if len(state.users) != 0 || len(state.devices) != 0 { + wantUsers := p.cfg.wantUsers() + wantDevices := p.cfg.wantDevices() + if (len(state.users) != 0 && wantUsers) || (len(state.devices) != 0 && wantDevices) { tracker := kvstore.NewTxTracker(ctx) start := time.Now() p.publishMarker(start, start, inputCtx.ID, true, client, tracker) - for _, u := range state.users { - p.publishUser(u, state, inputCtx.ID, client, tracker) + if wantUsers { + for _, u := range state.users { + p.publishUser(u, state, inputCtx.ID, client, tracker) + } } - for _, d := range state.devices { - p.publishDevice(d, state, inputCtx.ID, client, tracker) + if wantDevices { + for _, d := range state.devices { + p.publishDevice(d, state, inputCtx.ID, client, tracker) + } } end := time.Now() @@ -339,9 +344,7 @@ func (p *oktaInput) runIncrementalUpdate(inputCtx v2.Context, store *kvstore.Sto // any existing deltaLink will be ignored, forcing a full synchronization from Okta. // Returns a set of modified users by ID. func (p *oktaInput) doFetchUsers(ctx context.Context, state *stateStore, fullSync bool) ([]*User, error) { - switch strings.ToLower(p.cfg.Dataset) { - case "", "all", "users": - default: + if !p.cfg.wantUsers() { p.logger.Debugf("Skipping user collection from API: dataset=%s", p.cfg.Dataset) return nil, nil } @@ -426,9 +429,7 @@ func (p *oktaInput) doFetchUsers(ctx context.Context, state *stateStore, fullSyn // synchronization from Okta. // Returns a set of modified devices by ID. func (p *oktaInput) doFetchDevices(ctx context.Context, state *stateStore, fullSync bool) ([]*Device, error) { - switch strings.ToLower(p.cfg.Dataset) { - case "", "all", "devices": - default: + if !p.cfg.wantDevices() { p.logger.Debugf("Skipping device collection from API: dataset=%s", p.cfg.Dataset) return nil, nil }