Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix(okta): Source does not update since query every interval #24053

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(okta): Source does not update since query every interval #24053

wants to merge 1 commit into from
+404 −444

Conversation

@Overflow0xFFFF
Copy link

@Overflow0xFFFF Overflow0xFFFF commented Oct 22, 2025
edited by thomasqueirozb
Loading

Summary

Currently, the Okta source component does not function as expected. Vector never updates the since API query parameter to bring in a new window of Okta logs; the static since value means that the window only grows and grows with each interval. Additionally, because an until parameter is never provided, the Okta API always includes header links in the response instead of only on pagination. This leads to scenarios where Vector will quickly hit the Okta API rate limit.

This PR thus makes the following changes:

  • Update since query every interval to bring in new logs.
  • Remove dangery support for following header links.
  • Rewrite the Okta implementation to look more like an HTTP Client source.
  • Add Okta failure modes to the integration tests.

This is my first PR to Vector, and I'm very open to feedback! 😄

I associated this PR to an existing closed issue, where another PR started the Okta work. In building on top of that work, if it is more prudent to open a separate issue for what I'm seeing above, I'm happy to knock that out as well.

I did my best in trying to preserve the original intent with the since argument, but I wasn't able to find my way towards a better implementation with the structure of the code as-is. I'm open to suggestions as to how to make this component feel more "Vector-native"!

Furthermore, it is worth disclosing that no AI tools were used in the development of this PR.

Vector configuration

api:
  address: 127.0.0.1:8686
  enabled: false
  playground: false

data_dir: /tmp/vector-data-dir

sources:
  okta:
    type: okta
    domain: ***.okta.com
    token: ***
    scrape_interval_secs: 300
    decoding:
      codec: json

sinks:
  debug:
    inputs: [okta]
    type: "console"
    encoding:
      codec: json

How did you test this PR?

I built Vector and used the above configuration, alongside the VECTOR_LOG=debug flag, to diagnose and troubleshoot failures with the Okta source. For other components, I ran the test suite.

All changes have been human-tested with a release build of this branch against a live Okta environment.

Change Type

  • Bug fix
  • New feature
  • Non-functional (chore, refactoring, docs)
  • Performance

Is this a breaking change?

  • Yes
  • No

Does this PR include user facing changes?

  • Yes. Please add a changelog fragment based on our guidelines.
  • No. A maintainer will apply the no-changelog label to this PR.

References

Notes

  • Please read our Vector contributor resources.
  • Do not hesitate to use @vectordotdev/vector to reach out to us regarding this PR.
  • Some CI checks run only after we manually approve them.
    • We recommend adding a pre-push hook, please see this template.
    • Alternatively, we recommend running the following locally before pushing to the remote branch:
      • make fmt
      • make check-clippy (if there are failures it's possible some of them can be fixed with make clippy-fix)
      • make test
  • After a review is requested, please avoid force pushes to help us review incrementally.
    • Feel free to push as many commits as you want. They will be squashed into one before merging.
    • For example, you can run git merge origin master and git push.
  • If this PR introduces changes Vector dependencies (modifies Cargo.lock), please
    run make build-licenses to regenerate the license inventory and commit the changes (if any). More details here.

@Overflow0xFFFF Overflow0xFFFF requested a review from a team as a code owner October 22, 2025 20:17
@github-actions github-actions bot added the domain: sources Anything related to the Vector's sources label Oct 22, 2025
@Overflow0xFFFF
fix(okta): Source does not update since query every interval
09cd3d4 
* Update `since` query every interval to bring in new logs.
* Remove dangery support for following header links.
* Rewrite the Okta implementation to look more like an HTTP Client
  source.
* Add Okta failure modes to the integration tests.
@thomasqueirozb
Copy link
Contributor

Hi @Overflow0xFFFF, thanks for your contribution! Since this alters Vector behavior it is a user facing change and requires a changelog.

I also took a very brief look at the code and it looks like it does a lot more than just updating since (namely adding decoding/framing options). I'd suggest splitting these changes into multiple PRs if that's the case.

Note: anything that alters user facing options should also have docs regenerated by running make generate-component-docs. See DEVELOPING.md for more details.

@thomasqueirozb thomasqueirozb added the meta: awaiting author Pull requests that are awaiting their author. label Oct 24, 2025
@sonnens
Copy link
Contributor

sonnens commented Oct 24, 2025

This change is incorrect

The original feature very explicitly does not update the since parameter, because that will duplicate or skip log events. Okta's official API docs dictate that you not manually paginate events using next/until ( https://developer.okta.com/docs/reference/system-log-query/#transfer-data-to-a-separate-system )

for more information on the Okta system log api see the api docs:
https://developer.okta.com/docs/api/openapi/okta-management/management/tag/SystemLog/

@sonnens
Copy link
Contributor

sonnens commented Oct 24, 2025

believe me that if there were any way to have avoided following the rel= links I would've but the original feature is correct to spec for an API spec that I do not control

@Overflow0xFFFF
Copy link
Author

I see what you mean in the docs! I was referencing https://developer.okta.com/docs/api/openapi/okta-management/management/tag/SystemLog/#tag/SystemLog, which offered no such warnings. It makes sense not to drastically change the implementation away from what's already in the master branch, then -- I was making the assumption that since did need to change.

I'm going to retest and reconfirm what I'm seeing on the master branch before proceeding further. There's a good chance I may be able to scope this PR down quite a bit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

domain: sources Anything related to the Vector's sources meta: awaiting author Pull requests that are awaiting their author. source: okta

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Overflow0xFFFF @thomasqueirozb @sonnens @pront