From 6ff6e5fe9ee7eb2c164e8acd38aa30b6db00ffdb Mon Sep 17 00:00:00 2001 From: Dan Kortschak Date: Fri, 13 Dec 2024 21:24:06 +1030 Subject: [PATCH] google_workspace: fix string literal syntax in painless scripts (#12068) --- packages/google_workspace/changelog.yml | 8 ++++++++ .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../test-admin-gmail.log-expected.json | 4 ---- .../elasticsearch/ingest_pipeline/default.yml | 18 ++++++++++++++++++ .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- packages/google_workspace/manifest.yml | 2 +- 12 files changed, 35 insertions(+), 13 deletions(-) diff --git a/packages/google_workspace/changelog.yml b/packages/google_workspace/changelog.yml index fe45d010d5f..59dfa1eabcd 100644 --- a/packages/google_workspace/changelog.yml +++ b/packages/google_workspace/changelog.yml @@ -1,4 +1,12 @@ # newer versions go on top +- version: "2.26.1" + changes: + - description: Fix string literals in painless scripts. + type: bugfix + link: https://github.com/elastic/integrations/pull/12068 + - description: Add missing empty fields cleanup to `admin` data stream. + type: bugfix + link: https://github.com/elastic/integrations/pull/12068 - version: "2.26.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/google_workspace/data_stream/access_transparency/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/access_transparency/elasticsearch/ingest_pipeline/default.yml index 52044b37899..a2369232412 100644 --- a/packages/google_workspace/data_stream/access_transparency/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/access_transparency/elasticsearch/ingest_pipeline/default.yml @@ -357,7 +357,7 @@ processors: - script: description: Drops null/empty values recursively. lang: painless - source: + source: | boolean dropEmptyFields(Object object) { if (object == null || object == '') { return true; diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-gmail.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-gmail.log-expected.json index 192b2463971..8077fb24d5e 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-gmail.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-gmail.log-expected.json @@ -795,13 +795,9 @@ "email": { "log_search_filter": { "end_date": "2022-03-07T12:59:59.000Z", - "message_id": "", "recipient": { "value": "recipient@example.com" }, - "sender": { - "value": "" - }, "start_date": "2022-02-27T13:00:00.000Z" } } diff --git a/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml index 876111dc7d0..c9fe671e569 100644 --- a/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml @@ -801,6 +801,24 @@ processors: - google_workspace.admin.END_DATE_TIME - google_workspace.admin.WHITELISTED_GROUPS ignore_missing: true + - script: + tag: script_to_drop_null_values + lang: painless + description: Drops null/empty values recursively. + source: |- + boolean drop(Object object) { + if (object == null || object == '') { + return true; + } else if (object instanceof Map) { + ((Map) object).values().removeIf(v -> drop(v)); + return (((Map) object).size() == 0); + } else if (object instanceof List) { + ((List) object).removeIf(v -> drop(v)); + return (((List) object).length == 0); + } + return false; + } + drop(ctx); on_failure: - set: field: event.kind diff --git a/packages/google_workspace/data_stream/alert/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/alert/elasticsearch/ingest_pipeline/default.yml index 152714fb3dd..6e73d4c9882 100644 --- a/packages/google_workspace/data_stream/alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/alert/elasticsearch/ingest_pipeline/default.yml @@ -1038,7 +1038,7 @@ processors: - script: description: Drops null/empty values recursively. lang: painless - source: + source: | boolean dropEmptyFields(Object object) { if (object == null || object == '') { return true; diff --git a/packages/google_workspace/data_stream/context_aware_access/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/context_aware_access/elasticsearch/ingest_pipeline/default.yml index 436f71f3c5f..d7e67ada403 100644 --- a/packages/google_workspace/data_stream/context_aware_access/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/context_aware_access/elasticsearch/ingest_pipeline/default.yml @@ -332,7 +332,7 @@ processors: - script: description: Drops null/empty values recursively. lang: painless - source: + source: | boolean dropEmptyFields(Object object) { if (object == null || object == '') { return true; diff --git a/packages/google_workspace/data_stream/device/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/device/elasticsearch/ingest_pipeline/default.yml index cb081a57dce..eb6c0df14d1 100644 --- a/packages/google_workspace/data_stream/device/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/device/elasticsearch/ingest_pipeline/default.yml @@ -529,7 +529,7 @@ processors: - script: description: Drops null/empty values recursively. lang: painless - source: + source: | boolean dropEmptyFields(Object object) { if (object == null || object == '') { return true; diff --git a/packages/google_workspace/data_stream/gcp/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/gcp/elasticsearch/ingest_pipeline/default.yml index b309599d13f..355d7196d99 100644 --- a/packages/google_workspace/data_stream/gcp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/gcp/elasticsearch/ingest_pipeline/default.yml @@ -312,7 +312,7 @@ processors: - script: description: Drops null/empty values recursively. lang: painless - source: + source: | boolean dropEmptyFields(Object object) { if (object == null || object == '') { return true; diff --git a/packages/google_workspace/data_stream/group_enterprise/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/group_enterprise/elasticsearch/ingest_pipeline/default.yml index bcff1c01ae9..e730c0fdc95 100644 --- a/packages/google_workspace/data_stream/group_enterprise/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/group_enterprise/elasticsearch/ingest_pipeline/default.yml @@ -352,7 +352,7 @@ processors: - script: description: Drops null/empty values recursively. lang: painless - source: + source: | boolean dropEmptyFields(Object object) { if (object == null || object == '') { return true; diff --git a/packages/google_workspace/data_stream/rules/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/rules/elasticsearch/ingest_pipeline/default.yml index a3c96503532..82c211e0d08 100644 --- a/packages/google_workspace/data_stream/rules/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/rules/elasticsearch/ingest_pipeline/default.yml @@ -509,7 +509,7 @@ processors: - script: description: Drops null/empty values recursively. lang: painless - source: + source: | boolean dropEmptyFields(Object object) { if (object == null || object == '') { return true; diff --git a/packages/google_workspace/data_stream/token/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/token/elasticsearch/ingest_pipeline/default.yml index ee301e45fd2..8eeac10c3f8 100644 --- a/packages/google_workspace/data_stream/token/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/token/elasticsearch/ingest_pipeline/default.yml @@ -346,7 +346,7 @@ processors: - script: description: Drops null/empty values recursively. lang: painless - source: + source: | boolean dropEmptyFields(Object object) { if (object == null || object == '') { return true; diff --git a/packages/google_workspace/manifest.yml b/packages/google_workspace/manifest.yml index 116b78d226d..fd9c25e95b5 100644 --- a/packages/google_workspace/manifest.yml +++ b/packages/google_workspace/manifest.yml @@ -1,6 +1,6 @@ name: google_workspace title: Google Workspace -version: "2.26.0" +version: "2.26.1" source: license: Elastic-2.0 description: Collect logs from Google Workspace with Elastic Agent.