elastic / integrations

Elastic Integrations
https://www.elastic.co/integrations
Other
30 stars 447 forks source link

[cisco_ise] Revert mapping change for cisco_av_pair that was introduced with 1.24.1 #11800

Closed aleksmaus closed 2 hours ago

aleksmaus commented 1 day ago

Proposed commit message

[cisco_ise] Revert mapping change for cisco_av_pair that was introduced with 1.24.1 https://github.com/elastic/integrations/pull/11619/files#diff-ce8c42e24fb4e94c7fb135eed466345a68c36cb91a247069fb9ea88312f97bbbL228

The mapping change in 1.24.1 causes the error, when the user tries to use to update to this version of integration

mapper_exception Root causes: mapper_exception the (enabled) parameter can't be upgraded for the object mapping [cisco_ise.log.cisco_av_pair].

Similar issue with Okta integration that happened earlier was mentioned here https://support.elastic.dev/knowledge/view/1a2f83e7 and the kibana ticket https://github.com/elastic/kibana/issues/193044

The discussed and accepted solution is:

  1. Revert the mapping change with this PR (next patch release)
  2. Follow up with PR with the breaking mapping change with the next minor release of the package with constraint on 8.17 if the fix on Kibana side is added with 8.17.

In addition, added a filtering code that ensures that only known mapped fields for cisco_av_pair namely:

coa-push
cts-device-capability
cts-environment-data
cts-environment-version
cts-pac-opaque

are indexed. All the other fields are discarded. The tests were failing otherwise for the new logs with the new key/values.

Checklist

elasticmachine commented 1 day ago

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

elastic-vault-github-plugin-prod[bot] commented 1 day ago

:rocket: Benchmarks report

To see the full report comment with /test benchmark fullreport

elasticmachine commented 1 day ago

:green_heart: Build Succeeded

cc @aleksmaus

elastic-sonarqube[bot] commented 1 day ago

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

elastic-vault-github-plugin-prod[bot] commented 2 hours ago

Package cisco_ise - 1.24.2 containing this change is available at https://epr.elastic.co/package/cisco_ise/1.24.2/