[Stack Connectors][Microsoft Defender] Add caching of OAuth access token to connector #206975
Conversation
paul-tavares
added
release_note:skip
|
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]
History
|
|
Starting backport for target branches: 8.x |
…ken to connector (elastic#206975) ## Summary - Adds caching of the OAuth token needed to call Microsoft Defender's API to the connector along with auto-regenerate when it expires ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 1e688f2)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…ess token to connector (#206975) (#207435) # Backport This will backport the following commits from `main` to `8.x`: - [[Stack Connectors][Microsoft Defender] Add caching of OAuth access token to connector (#206975)](#206975) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Paul Tavares","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-01-21T19:59:14Z","message":"[Stack Connectors][Microsoft Defender] Add caching of OAuth access token to connector (#206975)\n\n## Summary\r\n\r\n- Adds caching of the OAuth token needed to call Microsoft Defender's\r\nAPI to the connector along with auto-regenerate when it expires\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"1e688f2cbea273809dfda3f88ee52b70593cce6b","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Defend Workflows","backport:prev-minor","v8.18.0"],"title":"[Stack Connectors][Microsoft Defender] Add caching of OAuth access token to connector","number":206975,"url":"https://github.com/elastic/kibana/pull/206975","mergeCommit":{"message":"[Stack Connectors][Microsoft Defender] Add caching of OAuth access token to connector (#206975)\n\n## Summary\r\n\r\n- Adds caching of the OAuth token needed to call Microsoft Defender's\r\nAPI to the connector along with auto-regenerate when it expires\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"1e688f2cbea273809dfda3f88ee52b70593cce6b"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/206975","number":206975,"mergeCommit":{"message":"[Stack Connectors][Microsoft Defender] Add caching of OAuth access token to connector (#206975)\n\n## Summary\r\n\r\n- Adds caching of the OAuth token needed to call Microsoft Defender's\r\nAPI to the connector along with auto-regenerate when it expires\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"1e688f2cbea273809dfda3f88ee52b70593cce6b"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Paul Tavares <[email protected]>
There was a problem hiding this comment.
Looks good, just wondering about that token service. What would happen if we generate a token and cache it, and then change the credentials in the connector? Would it still have the prev token, or regenerate?
I think I am facing this issue with CrowdStrike tokens, so wondering how we could approach it, but my assumption is that you're using a service exposed by response-ops so this should probably be covered, right?
| connector: { id: connectorId }, | ||
| logger, | ||
| } = this.params; | ||
| const connectorTokenClient = this.params.services.connectorTokenClient; |
There was a problem hiding this comment.
is this services.connectorTokenClient a functionality exposed by response ops team, or you created that in a separate PR before?
There was a problem hiding this comment.
Yes, this is exposed by the ResponseOps framework. Its purpose is to only store tokens so they can be reused across instances of kibana.
There was a problem hiding this comment.
Thank you, I'll try to rebuild the token cache in CS to use this one 👍
|
Thanks for the review @tomsonpl . Re:
Thats a good point and I'll follow up with another PR to introduce some logic to mitigate that. The previously generated token would still be used until it expires - then a new one would be generated. Re:
No, that is not correct. The service from ResponseOps provides only a mechanism for storing the token - I do think they have some logic that checks the expiration date to see if it is expired based on the expiration date we provide when we store the token, but thats it. |
…ken to connector (elastic#206975) ## Summary - Adds caching of the OAuth token needed to call Microsoft Defender's API to the connector along with auto-regenerate when it expires ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Summary
Checklist