From 812e67c81525b3b734fd7f1fcfcd5525d8696845 Mon Sep 17 00:00:00 2001 From: Chris Berkhout Date: Thu, 8 Aug 2024 13:06:53 +0200 Subject: [PATCH 1/2] x-pack/filebeat/i.../entitya.../.../okta: Avoid a negative request rate (#40267) This is the minimal change necessary to fix the following problem. Around the time of a rate limit reset, if current time is after the reset time returned in response headers, the rate limiting code will set a negative target rate, and if that's done at a time when no request budget has accumulated, it will not recover and will wait forever. (cherry picked from commit 5087dd45412f872414e30a3aeddacbfed5fd6782) --- CHANGELOG.next.asciidoc | 2 ++ .../input/entityanalytics/provider/okta/internal/okta/okta.go | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 389644d3696..70bf0e0d04b 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -83,6 +83,8 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] - [threatintel] MISP pagination fixes {pull}37898[37898] - Fix file handle leak when handling errors in filestream {pull}37973[37973] - Fix bug in CEL input rate limit logic. {issue}40106[40106] {pull}40270[40270] +- Relax requirements in Okta entity analytics provider user and device profile data shape. {pull}40359[40359] +- Fix bug in Okta entity analytics rate limit logic. {issue}40106[40106] {pull}40267[40267] *Heartbeat* diff --git a/x-pack/filebeat/input/entityanalytics/provider/okta/internal/okta/okta.go b/x-pack/filebeat/input/entityanalytics/provider/okta/internal/okta/okta.go index aae221e6be9..6d0c3c94cfc 100644 --- a/x-pack/filebeat/input/entityanalytics/provider/okta/internal/okta/okta.go +++ b/x-pack/filebeat/input/entityanalytics/provider/okta/internal/okta/okta.go @@ -408,7 +408,7 @@ func oktaRateLimit(h http.Header, window time.Duration, limiter *rate.Limiter) e rateLimit := rate.Limit(rem / per) // Process reset if we need to wait until reset to avoid a request against a zero quota. - if rateLimit == 0 { + if rateLimit <= 0 { waitUntil := resetTime.UTC() // next gives us a sane next window estimate, but the // estimate will be overwritten when we make the next From 9fa668856e2fc5b9abdf4de766f485c492c7207c Mon Sep 17 00:00:00 2001 From: Chris Berkhout Date: Thu, 8 Aug 2024 21:51:49 +1000 Subject: [PATCH 2/2] Update CHANGELOG.next.asciidoc Remove unrelated changelog entry --- CHANGELOG.next.asciidoc | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 70bf0e0d04b..987605f36b0 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -83,7 +83,6 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] - [threatintel] MISP pagination fixes {pull}37898[37898] - Fix file handle leak when handling errors in filestream {pull}37973[37973] - Fix bug in CEL input rate limit logic. {issue}40106[40106] {pull}40270[40270] -- Relax requirements in Okta entity analytics provider user and device profile data shape. {pull}40359[40359] - Fix bug in Okta entity analytics rate limit logic. {issue}40106[40106] {pull}40267[40267] *Heartbeat*