From 3a9cbdc385941e2c7101631bdab36ac3150dc195 Mon Sep 17 00:00:00 2001 From: Chris Berkhout Date: Wed, 29 Jan 2025 10:33:43 +1100 Subject: [PATCH] [cisco_duo] Avoid obsolete cursor data in activity, telephony_v2 (#12492) In an earlier version of the CEL code for `activity`[1] and `telephony_v2`[2], `cursor.last_published` was set to a UNIX timestamp value. This was changed to use RFC3339 formatted times in later PRs[3][4] (with the corresponding read-time parsing added in [5]). Users who didn't create a new policy may have the current parsing logic fail when it encounters an old UNIX timestamp value in `cursor.last_published`. This PR addresses that issue by renaming `cursor.last_published` to `cursor.last_response_ts`. That effectively clears the cursor so that obsolete values will not be seen. [1]: https://github.com/elastic/integrations/blob/2ea993/packages/cisco_duo/data_stream/activity/agent/stream/cel.yml.hbs#L111-L114 [2]: https://github.com/elastic/integrations/blob/2ea993/packages/cisco_duo/data_stream/telephony_v2/agent/stream/cel.yml.hbs#L112-L115 [3]: https://github.com/elastic/integrations/pull/11640 [4]: https://github.com/elastic/integrations/pull/11670 [5]: https://github.com/elastic/integrations/pull/11772 --- packages/cisco_duo/changelog.yml | 5 +++++ .../data_stream/activity/agent/stream/cel.yml.hbs | 12 ++++++------ .../telephony_v2/agent/stream/cel.yml.hbs | 12 ++++++------ packages/cisco_duo/manifest.yml | 2 +- 4 files changed, 18 insertions(+), 13 deletions(-) diff --git a/packages/cisco_duo/changelog.yml b/packages/cisco_duo/changelog.yml index ca9e3e6e044..8faa13d1d59 100644 --- a/packages/cisco_duo/changelog.yml +++ b/packages/cisco_duo/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.3.2" + changes: + - description: Avoid obsolete cursor data in activity, telephony_v2. + type: bugfix + link: https://github.com/elastic/integrations/pull/12492 - version: "2.3.1" changes: - description: Fix broken links in Security Service integrations packages. diff --git a/packages/cisco_duo/data_stream/activity/agent/stream/cel.yml.hbs b/packages/cisco_duo/data_stream/activity/agent/stream/cel.yml.hbs index c03f4a1ed33..3032f9a00bc 100644 --- a/packages/cisco_duo/data_stream/activity/agent/stream/cel.yml.hbs +++ b/packages/cisco_duo/data_stream/activity/agent/stream/cel.yml.hbs @@ -38,7 +38,7 @@ program: | : state.with({ "mintime": string(1000 * int( - state.?cursor.last_published.optMap(t, + state.?cursor.last_response_ts.optMap(t, t.parse_time(time_layout.RFC3339Nano) ).orValue( now - duration(state.initial_interval) @@ -109,19 +109,19 @@ program: | : optional.none(), "cursor": { - ?"last_published": (has(body.?response.items) && size(body.response.items) > 0) ? + ?"last_response_ts": (has(body.?response.items) && size(body.response.items) > 0) ? optional.of( body.response.items.map(i, i.ts).max().as(last_timestamp, - !has(dyn(state).?cursor.last_published) ? + !has(dyn(state).?cursor.last_response_ts) ? last_timestamp - : (last_timestamp < dyn(state).cursor.last_published) ? - dyn(state).cursor.last_published + : (last_timestamp < dyn(state).cursor.last_response_ts) ? + dyn(state).cursor.last_response_ts : last_timestamp ) ) : - dyn(state).?cursor.last_published, + dyn(state).?cursor.last_response_ts, } } : diff --git a/packages/cisco_duo/data_stream/telephony_v2/agent/stream/cel.yml.hbs b/packages/cisco_duo/data_stream/telephony_v2/agent/stream/cel.yml.hbs index 553258248b6..2a500588e21 100644 --- a/packages/cisco_duo/data_stream/telephony_v2/agent/stream/cel.yml.hbs +++ b/packages/cisco_duo/data_stream/telephony_v2/agent/stream/cel.yml.hbs @@ -38,7 +38,7 @@ program: | : state.with({ "mintime": string(1000 * int( - state.?cursor.last_published.optMap(t, + state.?cursor.last_response_ts.optMap(t, t.parse_time(time_layout.RFC3339Nano) ).orValue( now - duration(state.initial_interval) @@ -106,19 +106,19 @@ program: | : optional.none(), "cursor": { - ?"last_published": (has(body.?response.items) && size(body.response.items) > 0) ? + ?"last_response_ts": (has(body.?response.items) && size(body.response.items) > 0) ? optional.of( body.response.items.map(i, i.ts).max().as(last_timestamp, - !has(dyn(state).?cursor.last_published) ? + !has(dyn(state).?cursor.last_response_ts) ? last_timestamp - : (last_timestamp < dyn(state).cursor.last_published) ? - dyn(state).cursor.last_published + : (last_timestamp < dyn(state).cursor.last_response_ts) ? + dyn(state).cursor.last_response_ts : last_timestamp ) ) : - dyn(state).?cursor.last_published, + dyn(state).?cursor.last_response_ts, } } : diff --git a/packages/cisco_duo/manifest.yml b/packages/cisco_duo/manifest.yml index 7c24246d93a..e9c4ad95793 100644 --- a/packages/cisco_duo/manifest.yml +++ b/packages/cisco_duo/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: cisco_duo title: Cisco Duo -version: "2.3.1" +version: "2.3.2" description: Collect logs from Cisco Duo with Elastic Agent. type: integration categories: