x-pack/filebeat/input/entityanalytics/provider/azuread: allow fine-grain control of API requests

[efd6]

Proposed commit message

This adds support for specifying which of users/devices to collect from the AzureAD API endpoints in order to reduce network costs for users who do not need a full set of entities.

The current change does not change the behaviour of device collection of registered owners and registered users; when the "devices" dataset is selected there user entities will still be collected as they are considered here as an attribute of the device, rather than a component of the users dataset.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

• [ ]

How to test this PR locally

Related issues

• For x-pack/filebeat/input/entityanalytics: allow selection of data set components (user/device) #36440

Use cases

Screenshots

Logs

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-09-05T21:26:15.517+0000

• Duration: 74 min 46 sec

Test stats 🧪

Test	Results
Failed	0
Passed	3168
Skipped	176
Total	3344

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[efd6]

@jamiehynds Please take a look at the intended behaviour documented here.

[bhapas]

Suggested change

	p.logger.Debugf("Received %d devices from API", len(changedUsers))
	p.logger.Debugf("Received %d devices from API", len(changedDevices))

[efd6]

Thanks. That was incorrect in the previous code. Good catch.

[bhapas]

Additional comment: If validation is required , then can we extend the unit test here

[efd6]

That feels like testing that addition works.

[bhapas]

Not super important may be..!

[jamiehynds]

@efd6 this approach looks ok to me and we can set the default to 'all'. To be safe we can add a section to the integration docs to outline the three options, and the fact that we'll include registered users/owners as part of the device data collection.

FYI @piyush-elastic

[taylor-swanson]

This approach LGTM

I think testing is good enough, although an extra unit test case for config validation wouldn't hurt (could just be an invalid value to make sure that branch is counted in coverage).