emit administers and supervises relationship source fields

[alexreal1314]

Summary

Updates the org-data command's identity integrations to emit the raw source fields that the Entity Store v2 relationship maintainers (administers and supervises) consume. Each generator writes the pre-pipeline shape; the integration ingest pipelines then build *.entity.relationships.*.

• Active Directory (active_directory_integration.ts) — now populates both relationships:

  • administers (user → host and user -> user): managers reference their direct reports' Windows computer DNs via managedObjects / managed_objects. Host targets use the FQDN host.name (cn.toLowerCase() + "." + domain) so they resolve to the device entity's host:<FQDN> EUID.
  • supervises (user → user): direct report user DNs via directReports / direct_reports.
  • Fixed manager linkage to use the shared managerId === employee.oktaUserId key (consistent across all three integrations).
  • Emits both camelCase (raw) and snake_case (post-pipeline) shapes since the generator bypasses the rename pipeline.
  • Computer (device) docs also emit administers for the ~15% of machines that manage other computers.

• Okta (okta_integration.ts) — emits the raw top-level supervises[] array of { user_id, email, username } for managers. Also adds event.id to user/device docs so they're extracted by the entity store.

• Entra ID (entra_id_integration.ts) — emits raw azure_ad.directReports[] as expanded Graph objects { id, displayName, userPrincipalName, mail } for managers.

Why

The administers ([#272943]) and supervises ([#266369], research [#274248]) Entity Store maintainers need realistic source data to develop and test against. These generators feed the integration ingest pipelines, which build the relationship fields and raw_identifiers the maintainers resolve to canonical EUIDs.

Relationship resolvability

Integration	Relationship	Identifiers emitted	Resolvable?
Okta	supervises (user→user)	user.email, user.id (Okta id), user.name (login)	✅ all map to user EUID ranking
Entra ID	supervises (user→user)	user.email (mail), user.id (GUID), user.name (UPN)	✅ GUID always present as fallback
Active Directory	administers (user→host)	host id (DN) + name (FQDN)	✅ FQDN matches host:<FQDN> EUID
Active Directory	supervises (user→user)	id (DN), name (CN)	❌ known gap — needs Beats-side DN→email/sAMAccountName resolution

Maintainer resolution priority: user.email → user.id → user.name.

Test plan

• yarn start org-data --integrations okta — verify supervises[] on user docs and event.id present
• yarn start org-data --integrations entra_id — verify azure_ad.directReports[] on user docs
• yarn start org-data --integrations active_directory — verify managedObjects/directReports (+ snake_case) and FQDN host names
• After ingest, confirm pipelines build user.entity.relationships.{supervises,administers} and that the maintainers resolve Okta/Entra targets to EUIDs

Notes / follow-ups

• AD supervises remains unresolvable until the Beats AD input resolves DNs → mail/sAMAccountName/objectSID; do not rely on it yet.
• Entra ID Graph directReports expand caps at 20 reports per manager (accepted edge case).

[Copilot]

Pull request overview

This PR updates the org-data identity integration generators (Okta, Entra ID, Active Directory) to emit relationship source fields used by the Entity Store v2 administers and supervises maintainers, so downstream ingest pipelines can build *.entity.relationships.* for realistic development/test data.

Changes:

• Okta: emits top-level supervises[] for managers and adds event.id to user/device docs.
• Entra ID: emits azure_ad.directReports[] (expanded Graph-style objects) for managers.
• Active Directory: emits managedObjects/directReports (plus snake_case variants) and mirrors relationship extraction shapes for administers/supervises, including deterministic Windows device naming for resolvable host FQDNs.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
src/commands/org_data/integrations/okta_integration.ts	Adds supervises source array and event.id on user/device discovery docs.
src/commands/org_data/integrations/entra_id_integration.ts	Adds azure_ad.directReports source data for manager → report relationships.
src/commands/org_data/integrations/active_directory_integration.ts	Emits AD relationship source fields and generates resolvable administers/supervises relationship shapes.