x-pack/filebeat/input/salesforce: Use new JWT provider to include optional token endpoint

shmsr · shmsr · commit d801a3c29183 · 2025-04-16T01:34:04.000+05:30
diff --git a/NOTICE.txt b/NOTICE.txt
@@ -14469,11 +14469,11 @@ Contents of probable licence file $GOMODCACHE/github.com/elastic/go-seccomp-bpf@
 
 --------------------------------------------------------------------------------
 Dependency : github.com/elastic/go-sfdc
-Version: v0.0.0-20241010131323-8e176480d727
+Version: v0.0.0-20250415195157-fd0324f12c86
 Licence type (autodetected): MIT
 --------------------------------------------------------------------------------
 
-Contents of probable licence file $GOMODCACHE/github.com/elastic/go-sfdc@v0.0.0-20241010131323-8e176480d727/LICENSE.txt:
+Contents of probable licence file $GOMODCACHE/github.com/elastic/go-sfdc@v0.0.0-20250415195157-fd0324f12c86/LICENSE.txt:
 
 MIT License
 
diff --git a/filebeat/docs/modules/salesforce.asciidoc b/filebeat/docs/modules/salesforce.asciidoc
@@ -118,6 +118,7 @@ Example config:
         client.username: "my.email@here.com"
         client.key_path: client_key.pem
         url: https://login.salesforce.com
+        token_url: "https://[custom-domain].my.salesforce.com"
       user_password_flow:
         enabled: true
         client.id: "my-client-id"
@@ -168,6 +169,10 @@ Path to the client key file for JWT authentication.
 
 The audience URL for JWT authentication.
 
+*`var.authentication.jwt_bearer_flow.token_url`*::
+
+The Salesforce OAuth token endpoint for JWT authentication. This endpoint is used for JWT Bearer flow and defaults to `var.authentication.jwt_bearer_flow.url` if empty. Only use a custom value if you have a custom domain and don't allow default endpoints such as `https://login.salesforce.com` or `https://test.salesforce.com`.
+
 *`var.authentication.user_password_flow.enabled`*::
 
 Set to true to use user-password authentication.
@@ -562,6 +567,7 @@ Check the Elastic Agent logs for errors. Verify the module configuration is corr
 
 :modulename!:
 
+
 [float]
 === Fields
 
diff --git a/go.mod b/go.mod
@@ -179,7 +179,7 @@ require (
 	github.com/elastic/elastic-agent-system-metrics v0.11.11
 	github.com/elastic/go-elasticsearch/v8 v8.17.1
 	github.com/elastic/go-quark v0.3.0
-	github.com/elastic/go-sfdc v0.0.0-20241010131323-8e176480d727
+	github.com/elastic/go-sfdc v0.0.0-20250415195157-fd0324f12c86
 	github.com/elastic/mito v1.18.0
 	github.com/elastic/mock-es v0.0.0-20240712014503-e5b47ece0015
 	github.com/elastic/sarama v1.19.1-0.20250304185506-df6449b5c996
diff --git a/go.sum b/go.sum
@@ -62,10 +62,10 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+
 github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY=
-github.com/Azure/azure-sdk-for-go/sdk/monitor/query/azmetrics v1.1.0 h1:X/C/tY3dxwsuFnSNArmTWKr0O6P59SRY6VsUcIkefEw=
-github.com/Azure/azure-sdk-for-go/sdk/monitor/query/azmetrics v1.1.0/go.mod h1:wCAGp7Xm35A5laB8z8yK9p/kU8OEBFuTvUm4eKCzr/M=
 github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventhubs v1.3.0 h1:skbmKp8umb8jMxl4A4CwvYyfCblujU00XUB/ytUjEac=
 github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventhubs v1.3.0/go.mod h1:nynTZqX7jGM6FQy6Y+7uFT7Y+LhaAeO3q3d48VZzH5E=
+github.com/Azure/azure-sdk-for-go/sdk/monitor/query/azmetrics v1.1.0 h1:X/C/tY3dxwsuFnSNArmTWKr0O6P59SRY6VsUcIkefEw=
+github.com/Azure/azure-sdk-for-go/sdk/monitor/query/azmetrics v1.1.0/go.mod h1:wCAGp7Xm35A5laB8z8yK9p/kU8OEBFuTvUm4eKCzr/M=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.8.0 h1:0nGmzwBv5ougvzfGPCO2ljFRHvun57KpNrVCMrlk0ns=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.8.0/go.mod h1:gYq8wyDgv6JLhGbAU6gg8amCPgQWRE+aCvrV2gyzdfs=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/costmanagement/armcostmanagement v1.1.1 h1:ehSLdbLah6kk6HTVc6e/lrbmbz7MMbpNxkOd3OYlhB0=
@@ -382,8 +382,8 @@ github.com/elastic/go-quark v0.3.0 h1:d4vokx0psEJo+93fnhvWpTJMggPd9rfMJSleoLva4x
 github.com/elastic/go-quark v0.3.0/go.mod h1:bO/XIGZBUJGxyiJ9FTsSYn9YlfOTRJnmOP+iBE2FyjA=
 github.com/elastic/go-seccomp-bpf v1.5.0 h1:gJV+U1iP+YC70ySyGUUNk2YLJW5/IkEw4FZBJfW8ZZY=
 github.com/elastic/go-seccomp-bpf v1.5.0/go.mod h1:umdhQ/3aybliBF2jjiZwS492I/TOKz+ZRvsLT3hVe1o=
-github.com/elastic/go-sfdc v0.0.0-20241010131323-8e176480d727 h1:yuiN60oaQUz2PtNpNhDI2H6zrCdfiiptmNdwV5WUaKA=
-github.com/elastic/go-sfdc v0.0.0-20241010131323-8e176480d727/go.mod h1:sw1pzz4pIqzDQxFWt3dFoG2uIUFAfThxlMfWpjH590E=
+github.com/elastic/go-sfdc v0.0.0-20250415195157-fd0324f12c86 h1:/R15+u4zjjwizTHwiq0F4Uz7UlcFF+bDsqkSixCXxLI=
+github.com/elastic/go-sfdc v0.0.0-20250415195157-fd0324f12c86/go.mod h1:sw1pzz4pIqzDQxFWt3dFoG2uIUFAfThxlMfWpjH590E=
 github.com/elastic/go-structform v0.0.12 h1:HXpzlAKyej8T7LobqKDThUw7BMhwV6Db24VwxNtgxCs=
 github.com/elastic/go-structform v0.0.12/go.mod h1:CZWf9aIRYY5SuKSmOhtXScE5uQiLZNqAFnwKR4OrIM4=
 github.com/elastic/go-sysinfo v1.15.0 h1:54pRFlAYUlVNQ2HbXzLVZlV+fxS7Eax49stzg95M4Xw=
diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml
@@ -1494,6 +1494,7 @@ filebeat.modules:
 # - enabled: Set to true to enable ingestion of Salesforce module fileset
 # - initial_interval: Initial interval for log collection. This setting determines the time period for which the logs will be initially collected when the ingestion process starts, i.e. 1d/h/m/s
 # - api_version: API version for Salesforce, version should be greater than 46.0
+# - url: URL for Salesforce instance
 
 # Authentication Configurations:
 # User-Password Authentication:
@@ -1510,6 +1511,7 @@ filebeat.modules:
 # - client.username: Username for JWT authentication
 # - client.key_path: Path to client key for JWT authentication
 # - url: Audience URL for JWT authentication
+# - token_url: Token URL for JWT authentication
 
 # Event Monitoring:
 # - real_time: Set to true to enable real-time logging using object type data collection
@@ -1629,7 +1631,8 @@ filebeat.modules:
     var.url: "https://instance_id.my.salesforce.com"
 
     var.real_time: true
-    var.real_time_interval: 5m
+    var.real_time_interval: 5m
+
 #----------------------------- Google Santa Module -----------------------------
 - module: santa
   log:
diff --git a/x-pack/filebeat/input/salesforce/config_auth.go b/x-pack/filebeat/input/salesforce/config_auth.go
@@ -33,6 +33,7 @@ type JWTBearerFlow struct {
 	Enabled *bool `config:"enabled"`
 
 	URL            string `config:"url"`
+	TokenURL       string `config:"token_url"` // If not provided, the URL will be used by go-sfdc package.
 	ClientID       string `config:"client.id"`
 	ClientUsername string `config:"client.username"`
 	ClientKeyPath  string `config:"client.key_path"`
diff --git a/x-pack/filebeat/input/salesforce/input.go b/x-pack/filebeat/input/salesforce/input.go
@@ -438,6 +438,7 @@ func (s *salesforceInput) getSFDCConfig(cfg *config) (*sfdc.Configuration, error
 
 		passCreds := credentials.JwtCredentials{
 			URL:            cfg.Auth.OAuth2.JWTBearerFlow.URL,
+			TokenURL:       cfg.Auth.OAuth2.JWTBearerFlow.TokenURL,
 			ClientId:       cfg.Auth.OAuth2.JWTBearerFlow.ClientID,
 			ClientUsername: cfg.Auth.OAuth2.JWTBearerFlow.ClientUsername,
 			ClientKey:      signKey,
diff --git a/x-pack/filebeat/module/salesforce/_meta/config.yml b/x-pack/filebeat/module/salesforce/_meta/config.yml
@@ -4,6 +4,7 @@
 # - enabled: Set to true to enable ingestion of Salesforce module fileset
 # - initial_interval: Initial interval for log collection. This setting determines the time period for which the logs will be initially collected when the ingestion process starts, i.e. 1d/h/m/s
 # - api_version: API version for Salesforce, version should be greater than 46.0
+# - url: URL for Salesforce instance
 
 # Authentication Configurations:
 # User-Password Authentication:
@@ -20,6 +21,7 @@
 # - client.username: Username for JWT authentication
 # - client.key_path: Path to client key for JWT authentication
 # - url: Audience URL for JWT authentication
+# - token_url: Token URL for JWT authentication
 
 # Event Monitoring:
 # - real_time: Set to true to enable real-time logging using object type data collection
@@ -139,4 +141,4 @@
     var.url: "https://instance_id.my.salesforce.com"
 
     var.real_time: true
-    var.real_time_interval: 5m
+    var.real_time_interval: 5m
diff --git a/x-pack/filebeat/module/salesforce/_meta/docs.asciidoc b/x-pack/filebeat/module/salesforce/_meta/docs.asciidoc
@@ -111,6 +111,7 @@ Example config:
         client.username: "my.email@here.com"
         client.key_path: client_key.pem
         url: https://login.salesforce.com
+        token_url: "https://[custom-domain].my.salesforce.com"
       user_password_flow:
         enabled: true
         client.id: "my-client-id"
@@ -161,6 +162,10 @@ Path to the client key file for JWT authentication.
 
 The audience URL for JWT authentication.
 
+*`var.authentication.jwt_bearer_flow.token_url`*::
+
+The Salesforce OAuth token endpoint for JWT authentication. This endpoint is used for JWT Bearer flow and defaults to `var.authentication.jwt_bearer_flow.url` if empty. Only use a custom value if you have a custom domain and don't allow default endpoints such as `https://login.salesforce.com` or `https://test.salesforce.com`.
+
 *`var.authentication.user_password_flow.enabled`*::
 
 Set to true to use user-password authentication.
@@ -553,4 +558,4 @@ Check the Elastic Agent logs for errors. Verify the module configuration is corr
 
 :fileset_ex!:
 
-:modulename!:
+:modulename!:
diff --git a/x-pack/filebeat/modules.d/salesforce.yml.disabled b/x-pack/filebeat/modules.d/salesforce.yml.disabled
@@ -7,6 +7,7 @@
 # - enabled: Set to true to enable ingestion of Salesforce module fileset
 # - initial_interval: Initial interval for log collection. This setting determines the time period for which the logs will be initially collected when the ingestion process starts, i.e. 1d/h/m/s
 # - api_version: API version for Salesforce, version should be greater than 46.0
+# - url: URL for Salesforce instance
 
 # Authentication Configurations:
 # User-Password Authentication:
@@ -23,6 +24,7 @@
 # - client.username: Username for JWT authentication
 # - client.key_path: Path to client key for JWT authentication
 # - url: Audience URL for JWT authentication
+# - token_url: Token URL for JWT authentication
 
 # Event Monitoring:
 # - real_time: Set to true to enable real-time logging using object type data collection
@@ -142,4 +144,4 @@
     var.url: "https://instance_id.my.salesforce.com"
 
     var.real_time: true
-    var.real_time_interval: 5m
+    var.real_time_interval: 5m
