[beyondinsight_password_safe] Handle null password ion authentication#17411
Conversation
StacieClark-Elastic
added
bugfix
|
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
StacieClark-Elastic
changed the title
…n when password is null
StacieClark-Elastic
force-pushed
the
beyondinsight_password_safe-handle-null-password
branch
from
751fd99 to
49b09d2
Compare
🚀 Benchmarks reportTo see the full report comment with |
efd6
left a comment
efd6
left a comment
There was a problem hiding this comment.
Suggest the following commit message
beyondinsight_password_safe: handle optional password in authentication
The BeyondInsight API does not always require a password for
authentication. Whether one is needed depends on the "User Password
Required" setting on the API registration in BeyondInsight. When no
password was configured, the integration failed because it assumed
the password field was always present in state.
ref: https://docs.beyondtrust.com/bips/docs/bi-cloud-configure-api
| url: http://{{Hostname}}:{{Port}}/BeyondTrust/api/public/v3 | ||
| apikey: test_api_key | ||
| username: testuser2 | ||
| password: null |
There was a problem hiding this comment.
This has no default in the manifest, so it can be omitted here.
| password: null |
There was a problem hiding this comment.
The test is specifically for when the password is null. Should we ever add a default in the manifest then this test will no longer test the condition for which it is written.
There was a problem hiding this comment.
In the state construction I think the password field should be conditionally included
{{#if password}}
password: {{escape_string password}}
{{/if}}
There was a problem hiding this comment.
The password always exists. Sometimes it is null.
There was a problem hiding this comment.
I discussed this with @andrewkroh before I did the fix as I was also confused about the password existing and being null. This fix will allow users to not have to update their policies when the integration is updated.
| "Authorization": [ | ||
| sprintf("PS-Auth key=%s; runas=%s;", [state.apikey, state.username]) + | ||
| ((state.password != "") ? (sprintf(" pwd=[%s];", [state.password])) : ""), | ||
| ((state.?password.orValue("") != "") ? (sprintf(" pwd=[%s];", [state.password])) : ""), |
There was a problem hiding this comment.
With conditional rendering into the config, this becomes has(state.password) ? …
There was a problem hiding this comment.
The password always exists. sometimes it is null.
There was a problem hiding this comment.
Can you confirm that password: {{escape_string password}} gives {"password": ""} if the password var is null?
💚 Build Succeeded
History
|
3 participants
Proposed commit message
beyondinsight_password_safe: handle optional password in authentication
The BeyondInsight API does not always require a password for
authentication. The password will be null when it is not supplied.
Whether one is needed depends on the "User Password
Required" setting on the API registration in BeyondInsight. When no
password was configured, the integration failed because it assumed
the password field was always present in state.
ref: https://docs.beyondtrust.com/bips/docs/bi-cloud-configure-api
Checklist
changelog.ymlfile.