[akamai] add api emulator for realistic testing (#9042)

This simulates the Akamai SIEM API. It provides realistic validation of request signatures. It emulates the time and offset based queries by simulating a world in which a new event happens every 5 minutes. The offset cursor is simply the unix time in sec of the last returned event. This is a reproducer for the issues described in #9038. Those issues only occur on Elastic Agent < 8.11.0.
elastic · Feb 8, 2024 · c048a13 · c048a13
1 parent 4555126
commit c048a13
Show file tree

Hide file tree

Showing 7 changed files with 39 additions and 66 deletions.
diff --git a/packages/akamai/_dev/deploy/docker/Dockerfile b/packages/akamai/_dev/deploy/docker/Dockerfile
@@ -0,0 +1,5 @@
+FROM golang:1.21
+
+RUN go install github.com/andrewkroh/go-examples/akamai-siem-emulator@80b18780e7
+
+CMD akamai-siem-emulator -h
diff --git a/packages/akamai/_dev/deploy/docker/docker-compose.yml b/packages/akamai/_dev/deploy/docker/docker-compose.yml
@@ -1,14 +1,15 @@
 version: '2.3'
 services:
-  akamai:
-    image: docker.elastic.co/observability/stream:v0.6.1
+  akamai-siem-emulator:
+    hostname: akamai-siem-emulator
+    build:
+      context: .
+      dockerfile: Dockerfile
     ports:
-      - 8080
-    volumes:
-      - ./files:/files:ro
-    environment:
-      PORT: 8080
+      - 9903
     command:
-      - http-server
-      - --addr=:8080
-      - --config=/files/config.yml
+      - akamai-siem-emulator
+      - -http=:9903
+      - -access-token=at-6b8c7217-8748-490d-b0f5-bfeb72b2e7cd
+      - -client-secret=cs-0d15cfd9-764a-48e6-a822-22756180ddb8
+      - -client-token=ct-f625f0b8-9c8f-44ce-8250-eaf17bc93051
diff --git a/packages/akamai/_dev/deploy/docker/files/config.yml b/packages/akamai/_dev/deploy/docker/files/config.yml
diff --git a/packages/akamai/changelog.yml b/packages/akamai/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.22.0"
+  changes:
+    - description: Require 8.11.0 or greater because it contains necessary fixes to the Elastic Agent.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/9042
 - version: "2.21.1"
   changes:
     - description: Changed owners

diff --git a/packages/akamai/data_stream/siem/_dev/test/system/test-default-config.yml b/packages/akamai/data_stream/siem/_dev/test/system/test-default-config.yml
diff --git a/packages/akamai/data_stream/siem/_dev/test/system/test-emulator-config.yml b/packages/akamai/data_stream/siem/_dev/test/system/test-emulator-config.yml
@@ -0,0 +1,16 @@
+input: httpjson
+service: akamai-siem-emulator
+vars: ~
+data_stream:
+  vars:
+    preserve_original_event: true
+    api_host: "http://akamai-siem-emulator:9903"
+    client_token: ct-f625f0b8-9c8f-44ce-8250-eaf17bc93051
+    client_secret: cs-0d15cfd9-764a-48e6-a822-22756180ddb8
+    access_token: at-6b8c7217-8748-490d-b0f5-bfeb72b2e7cd
+    config_ids: 123456
+    event_limit: 20
+    enable_request_tracer: true
+assert:
+  # 24 hours at 5 minutes between events.
+  hit_count: 288 #  = 24 * 60/5
diff --git a/packages/akamai/manifest.yml b/packages/akamai/manifest.yml
@@ -1,13 +1,13 @@
 name: akamai
 title: Akamai
-version: "2.21.1"
+version: "2.22.0"
 description: Collect logs from Akamai with Elastic Agent.
 type: integration
 format_version: "3.0.0"
 categories: [security, cdn_security]
 conditions:
   kibana:
-    version: "^8.7.1"
+    version: "^8.11.0"
 icons:
   - src: /img/akamai_logo.svg
     title: Akamai