x-pack/filebeat/input/salesforce: Use new JWT provider to include optional token endpoint

shmsr · shmsr · commit 140c7400a78a · 2025-12-08T01:31:00.000+05:30
diff --git a/NOTICE.txt b/NOTICE.txt
@@ -13030,11 +13030,11 @@ Contents of probable licence file $GOMODCACHE/github.com/elastic/go-seccomp-bpf@
 
 --------------------------------------------------------------------------------
 Dependency : github.com/elastic/go-sfdc
-Version: v0.0.0-20241010131323-8e176480d727
+Version: v0.0.0-20251207194532-c5aadd4a4e06
 Licence type (autodetected): MIT
 --------------------------------------------------------------------------------
 
-Contents of probable licence file $GOMODCACHE/github.com/elastic/go-sfdc@v0.0.0-20241010131323-8e176480d727/LICENSE.txt:
+Contents of probable licence file $GOMODCACHE/github.com/elastic/go-sfdc@v0.0.0-20251207194532-c5aadd4a4e06/LICENSE.txt:
 
 MIT License
 
diff --git a/filebeat/docs/modules/salesforce.asciidoc b/filebeat/docs/modules/salesforce.asciidoc
@@ -118,6 +118,7 @@ Example config:
         client.username: "my.email@here.com"
         client.key_path: client_key.pem
         url: https://login.salesforce.com
+        token_url: "https://[custom-domain].my.salesforce.com"
       user_password_flow:
         enabled: true
         client.id: "my-client-id"
@@ -168,6 +169,10 @@ Path to the client key file for JWT authentication.
 
 The audience URL for JWT authentication.
 
+*`var.authentication.jwt_bearer_flow.token_url`*::
+
+The Salesforce OAuth token endpoint for JWT authentication. This endpoint is used for JWT Bearer flow and defaults to `var.authentication.jwt_bearer_flow.url` if empty. Only use a custom value if you have a custom domain and don't allow default endpoints such as `https://login.salesforce.com` or `https://test.salesforce.com`.
+
 *`var.authentication.user_password_flow.enabled`*::
 
 Set to true to use user-password authentication.
@@ -236,6 +241,7 @@ Example config:
         client.username: "my.email@here.com"
         client.key_path: client_key.pem
         url: https://login.salesforce.com
+        token_url: "https://[custom-domain].my.salesforce.com"
       user_password_flow:
         enabled: true
         client.id: "my-client-id"
@@ -286,6 +292,10 @@ Path to the client key file for JWT authentication.
 
 The audience URL for JWT authentication.
 
+*`var.authentication.jwt_bearer_flow.token_url`*::
+
+The Salesforce OAuth token endpoint for JWT authentication. This endpoint is used for JWT Bearer flow and defaults to `var.authentication.jwt_bearer_flow.url` if empty. Only use a custom value if you have a custom domain and don't allow default endpoints such as `https://login.salesforce.com` or `https://test.salesforce.com`.
+
 *`var.authentication.user_password_flow.enabled`*::
 
 Set to true to use user-password authentication.
@@ -354,6 +364,7 @@ Example config:
         client.username: "my.email@here.com"
         client.key_path: client_key.pem
         url: https://login.salesforce.com
+        token_url: "https://[custom-domain].my.salesforce.com"
       user_password_flow:
         enabled: true
         client.id: "my-client-id"
@@ -400,6 +411,10 @@ Path to the client key file for JWT authentication.
 
 The audience URL for JWT authentication.
 
+*`var.authentication.jwt_bearer_flow.token_url`*::
+
+The Salesforce OAuth token endpoint for JWT authentication. This endpoint is used for JWT Bearer flow and defaults to `var.authentication.jwt_bearer_flow.url` if empty. Only use a custom value if you have a custom domain and don't allow default endpoints such as `https://login.salesforce.com` or `https://test.salesforce.com`.
+
 *`var.authentication.user_password_flow.enabled`*::
 
 Set to true to use user-password authentication.
@@ -457,6 +472,7 @@ Example config:
         client.username: "my.email@here.com"
         client.key_path: client_key.pem
         url: https://login.salesforce.com
+        token_url: "https://[custom-domain].my.salesforce.com"
       user_password_flow:
         enabled: true
         client.id: "my-client-id"
@@ -504,6 +520,10 @@ Path to the client key file for JWT authentication.
 
 The audience URL for JWT authentication.
 
+*`var.authentication.jwt_bearer_flow.token_url`*::
+
+The Salesforce OAuth token endpoint for JWT authentication. This endpoint is used for JWT Bearer flow and defaults to `var.authentication.jwt_bearer_flow.url` if empty. Only use a custom value if you have a custom domain and don't allow default endpoints such as `https://login.salesforce.com` or `https://test.salesforce.com`.
+
 *`var.authentication.user_password_flow.enabled`*::
 
 Set to true to use user-password authentication.
diff --git a/go.mod b/go.mod
@@ -177,7 +177,7 @@ require (
 	github.com/elastic/go-elasticsearch/v8 v8.19.0
 	github.com/elastic/go-freelru v0.16.0
 	github.com/elastic/go-quark v0.3.0
-	github.com/elastic/go-sfdc v0.0.0-20241010131323-8e176480d727
+	github.com/elastic/go-sfdc v0.0.0-20251207194532-c5aadd4a4e06
 	github.com/elastic/mito v1.24.0
 	github.com/elastic/mock-es v0.0.0-20250530054253-8c3b6053f9b6
 	github.com/elastic/sarama v1.19.1-0.20250603175145-7672917f26b6
diff --git a/go.sum b/go.sum
@@ -406,8 +406,8 @@ github.com/elastic/go-quark v0.3.0 h1:d4vokx0psEJo+93fnhvWpTJMggPd9rfMJSleoLva4x
 github.com/elastic/go-quark v0.3.0/go.mod h1:bO/XIGZBUJGxyiJ9FTsSYn9YlfOTRJnmOP+iBE2FyjA=
 github.com/elastic/go-seccomp-bpf v1.5.0 h1:gJV+U1iP+YC70ySyGUUNk2YLJW5/IkEw4FZBJfW8ZZY=
 github.com/elastic/go-seccomp-bpf v1.5.0/go.mod h1:umdhQ/3aybliBF2jjiZwS492I/TOKz+ZRvsLT3hVe1o=
-github.com/elastic/go-sfdc v0.0.0-20241010131323-8e176480d727 h1:yuiN60oaQUz2PtNpNhDI2H6zrCdfiiptmNdwV5WUaKA=
-github.com/elastic/go-sfdc v0.0.0-20241010131323-8e176480d727/go.mod h1:sw1pzz4pIqzDQxFWt3dFoG2uIUFAfThxlMfWpjH590E=
+github.com/elastic/go-sfdc v0.0.0-20251207194532-c5aadd4a4e06 h1:TEeq+uvg9+B0f+8JdaqzAdtmhgz9KX/OGtKyQAKA4ac=
+github.com/elastic/go-sfdc v0.0.0-20251207194532-c5aadd4a4e06/go.mod h1:sw1pzz4pIqzDQxFWt3dFoG2uIUFAfThxlMfWpjH590E=
 github.com/elastic/go-structform v0.0.12 h1:HXpzlAKyej8T7LobqKDThUw7BMhwV6Db24VwxNtgxCs=
 github.com/elastic/go-structform v0.0.12/go.mod h1:CZWf9aIRYY5SuKSmOhtXScE5uQiLZNqAFnwKR4OrIM4=
 github.com/elastic/go-sysinfo v1.15.3 h1:W+RnmhKFkqPTCRoFq2VCTmsT4p/fwpo+3gKNQsn1XU0=
diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml
@@ -1494,6 +1494,7 @@ filebeat.modules:
 # - enabled: Set to true to enable ingestion of Salesforce module fileset
 # - initial_interval: Initial interval for log collection. This setting determines the time period for which the logs will be initially collected when the ingestion process starts, i.e. 1d/h/m/s
 # - api_version: API version for Salesforce, version should be greater than 46.0
+# - url: URL for Salesforce instance
 
 # Authentication Configurations:
 # User-Password Authentication:
@@ -1510,6 +1511,7 @@ filebeat.modules:
 # - client.username: Username for JWT authentication
 # - client.key_path: Path to client key for JWT authentication
 # - url: Audience URL for JWT authentication
+# - token_url: Token URL for JWT authentication
 
 # Event Monitoring:
 # - real_time: Set to true to enable real-time logging using object type data collection
@@ -1541,6 +1543,7 @@ filebeat.modules:
         client.username: "<YourClientUsernameHere>"
         client.key_path: "<YourClientKeyPathHere>"
         url: "https://login.salesforce.com"
+        # token_url: "<YourTokenURLHere>"
 
     var.url: "https://instance_id.my.salesforce.com"
 
@@ -1567,6 +1570,7 @@ filebeat.modules:
         client.username: "<YourClientUsernameHere>"
         client.key_path: "<YourClientKeyPathHere>"
         url: "https://login.salesforce.com"
+        # token_url: "<YourTokenURLHere>"
 
     var.url: "https://instance_id.my.salesforce.com"
 
@@ -1596,6 +1600,7 @@ filebeat.modules:
         client.username: "<YourClientUsernameHere>"
         client.key_path: "<YourClientKeyPathHere>"
         url: "https://login.salesforce.com"
+        # token_url: "<YourTokenURLHere>"
 
     var.url: "https://instance_id.my.salesforce.com"
 
@@ -1625,11 +1630,13 @@ filebeat.modules:
         client.username: "<YourClientUsernameHere>"
         client.key_path: "<YourClientKeyPathHere>"
         url: "https://login.salesforce.com"
+        # token_url: "<YourTokenURLHere>"
 
     var.url: "https://instance_id.my.salesforce.com"
 
     var.real_time: true
-    var.real_time_interval: 5m
+    var.real_time_interval: 5m
+
 #----------------------------- Google Santa Module -----------------------------
 - module: santa
   log:
diff --git a/x-pack/filebeat/input/salesforce/config_auth.go b/x-pack/filebeat/input/salesforce/config_auth.go
@@ -33,6 +33,7 @@ type JWTBearerFlow struct {
 	Enabled *bool `config:"enabled"`
 
 	URL            string `config:"url"`
+	TokenURL       string `config:"token_url"` // If not provided, the URL will be used by go-sfdc package.
 	ClientID       string `config:"client.id"`
 	ClientUsername string `config:"client.username"`
 	ClientKeyPath  string `config:"client.key_path"`
diff --git a/x-pack/filebeat/input/salesforce/input.go b/x-pack/filebeat/input/salesforce/input.go
@@ -465,6 +465,7 @@ func (s *salesforceInput) getSFDCConfig(cfg *config) (*sfdc.Configuration, error
 
 		passCreds := credentials.JwtCredentials{
 			URL:            cfg.Auth.OAuth2.JWTBearerFlow.URL,
+			TokenURL:       cfg.Auth.OAuth2.JWTBearerFlow.TokenURL,
 			ClientId:       cfg.Auth.OAuth2.JWTBearerFlow.ClientID,
 			ClientUsername: cfg.Auth.OAuth2.JWTBearerFlow.ClientUsername,
 			ClientKey:      signKey,
diff --git a/x-pack/filebeat/module/salesforce/_meta/config.yml b/x-pack/filebeat/module/salesforce/_meta/config.yml
@@ -4,6 +4,7 @@
 # - enabled: Set to true to enable ingestion of Salesforce module fileset
 # - initial_interval: Initial interval for log collection. This setting determines the time period for which the logs will be initially collected when the ingestion process starts, i.e. 1d/h/m/s
 # - api_version: API version for Salesforce, version should be greater than 46.0
+# - url: URL for Salesforce instance
 
 # Authentication Configurations:
 # User-Password Authentication:
@@ -20,6 +21,7 @@
 # - client.username: Username for JWT authentication
 # - client.key_path: Path to client key for JWT authentication
 # - url: Audience URL for JWT authentication
+# - token_url: Token URL for JWT authentication
 
 # Event Monitoring:
 # - real_time: Set to true to enable real-time logging using object type data collection
@@ -51,6 +53,7 @@
         client.username: "<YourClientUsernameHere>"
         client.key_path: "<YourClientKeyPathHere>"
         url: "https://login.salesforce.com"
+        # token_url: "<YourTokenURLHere>"
 
     var.url: "https://instance_id.my.salesforce.com"
 
@@ -77,6 +80,7 @@
         client.username: "<YourClientUsernameHere>"
         client.key_path: "<YourClientKeyPathHere>"
         url: "https://login.salesforce.com"
+        # token_url: "<YourTokenURLHere>"
 
     var.url: "https://instance_id.my.salesforce.com"
 
@@ -106,6 +110,7 @@
         client.username: "<YourClientUsernameHere>"
         client.key_path: "<YourClientKeyPathHere>"
         url: "https://login.salesforce.com"
+        # token_url: "<YourTokenURLHere>"
 
     var.url: "https://instance_id.my.salesforce.com"
 
@@ -135,8 +140,9 @@
         client.username: "<YourClientUsernameHere>"
         client.key_path: "<YourClientKeyPathHere>"
         url: "https://login.salesforce.com"
+        # token_url: "<YourTokenURLHere>"
 
     var.url: "https://instance_id.my.salesforce.com"
 
     var.real_time: true
-    var.real_time_interval: 5m
+    var.real_time_interval: 5m
diff --git a/x-pack/filebeat/modules.d/salesforce.yml.disabled b/x-pack/filebeat/modules.d/salesforce.yml.disabled
@@ -7,6 +7,7 @@
 # - enabled: Set to true to enable ingestion of Salesforce module fileset
 # - initial_interval: Initial interval for log collection. This setting determines the time period for which the logs will be initially collected when the ingestion process starts, i.e. 1d/h/m/s
 # - api_version: API version for Salesforce, version should be greater than 46.0
+# - url: URL for Salesforce instance
 
 # Authentication Configurations:
 # User-Password Authentication:
@@ -23,6 +24,7 @@
 # - client.username: Username for JWT authentication
 # - client.key_path: Path to client key for JWT authentication
 # - url: Audience URL for JWT authentication
+# - token_url: Token URL for JWT authentication
 
 # Event Monitoring:
 # - real_time: Set to true to enable real-time logging using object type data collection
@@ -54,6 +56,7 @@
         client.username: "<YourClientUsernameHere>"
         client.key_path: "<YourClientKeyPathHere>"
         url: "https://login.salesforce.com"
+        # token_url: "<YourTokenURLHere>"
 
     var.url: "https://instance_id.my.salesforce.com"
 
@@ -80,6 +83,7 @@
         client.username: "<YourClientUsernameHere>"
         client.key_path: "<YourClientKeyPathHere>"
         url: "https://login.salesforce.com"
+        # token_url: "<YourTokenURLHere>"
 
     var.url: "https://instance_id.my.salesforce.com"
 
@@ -109,6 +113,7 @@
         client.username: "<YourClientUsernameHere>"
         client.key_path: "<YourClientKeyPathHere>"
         url: "https://login.salesforce.com"
+        # token_url: "<YourTokenURLHere>"
 
     var.url: "https://instance_id.my.salesforce.com"
 
@@ -138,8 +143,9 @@
         client.username: "<YourClientUsernameHere>"
         client.key_path: "<YourClientKeyPathHere>"
         url: "https://login.salesforce.com"
+        # token_url: "<YourTokenURLHere>"
 
     var.url: "https://instance_id.my.salesforce.com"
 
     var.real_time: true
-    var.real_time_interval: 5m
+    var.real_time_interval: 5m
