feat: release 6.1.0

.github/workflows/build-test-release.yml

@@ -17,11 +17,11 @@ jobs:
   meta:
     runs-on: ubuntu-22.04
     outputs:
-      matrix_supportedSplunk: ${{ steps.matrix.outputs.supportedSplunk }}
+      matrix_supportedSplunk: ${{ steps.matrix.outputs.latestSplunk }}
     steps:
       - uses: actions/checkout@v4
       - id: matrix
-        uses: splunk/addonfactory-test-matrix-action@v1
+        uses: splunk/addonfactory-test-matrix-action@v3
 
   fossa-scan:
     continue-on-error: true

docker-compose-ci.yml

@@ -88,6 +88,7 @@ services:
       - SPLUNK_HEC_TOKEN=${SPLUNK_HEC_TOKEN}
       - SPLUNK_START_ARGS=--accept-license
       - TEST_SC4S_ACTIVATE_EXAMPLES=yes
+      - SPLUNK_GENERAL_TERMS=--accept-sgt-current-at-splunk-com
 volumes:
   results:
     external: false

docker-compose.yml

@@ -38,8 +38,9 @@ services:
       - "6514"
     stdin_open: true
     tty: true
-    links:
-      - splunk
+    depends_on:
+      splunk:
+        condition: service_healthy
     environment:
       - SPLUNK_HEC_URL=https://splunk:8088
       - SPLUNK_HEC_TOKEN=${SPLUNK_HEC_TOKEN}
@@ -79,6 +80,7 @@ services:
       - SPLUNK_START_ARGS=--accept-license
       - SPLUNK_HEC_TOKEN=${SPLUNK_HEC_TOKEN}
       - TEST_SC4S_ACTIVATE_EXAMPLES=yes
+      - SPLUNK_GENERAL_TERMS=--accept-sgt-current-at-splunk-com
 
   uf:
     build:
@@ -92,8 +94,9 @@ services:
     ports:
       - "9997"
       - "8089"
-    links:
-      - splunk
+    depends_on:
+      splunk:
+        condition: service_healthy
     environment:
       - SPLUNK_PASSWORD=Chang3d!
       - SPLUNK_START_ARGS=--accept-license
@@ -102,4 +105,4 @@ services:
 
 volumes:
   splunk-sc4s-var:
-    external: false
+    external: false

pyproject.toml

@@ -16,7 +16,7 @@
 
 [tool.poetry]
 name = "pytest-splunk-addon"
-version = "6.0.0"
+version = "6.1.0-beta.1"
 description = "A Dynamic test tool for Splunk Apps and Add-ons"
 authors = ["Splunk <[email protected]>"]
 license = "APACHE-2.0"

pytest_splunk_addon/CIM_Models/datamodel_definition.py

@@ -2399,4 +2399,5 @@
 # No fields changes between v6.0.0 and v6.0.2
 datamodels["6.0.1"] = datamodels["6.0.0"]
 datamodels["6.0.2"] = datamodels["6.0.0"]
-datamodels["latest"] = datamodels["6.0.2"]
+datamodels["6.1.0"] = datamodels["6.0.2"]
+datamodels["latest"] = datamodels["6.1.0"]

pytest_splunk_addon/__init__.py

@@ -18,4 +18,4 @@
 
 __author__ = """Splunk Inc."""
 __email__ = "[email protected]"
-__version__ = "6.0.0"
+__version__ = "6.1.0-beta.1"

pytest_splunk_addon/data_models/Authentication.json

@@ -107,6 +107,16 @@
           "validity": "if(action in ['success', 'failure'], action, null())",
           "comment": "The human-readable message associated with the authentication action (success or failure)."
         },
+        {
+          "name": "reason_id",
+          "type": "optional",
+          "comment": "The reason why logon failed. For example \\'0xC0000234\\'."
+        },
+        {
+          "name": "process",
+          "type": "optional",
+          "comment": "Full path and the name of the executable for the process that attempted the logon. For example, it is a \\\"Process Name\\\" in Windows such as `C:\\\\Windows\\\\System32\\\\svchost.exe`."
+        },
         {
           "name": "src_user",
           "condition": "src_user=* tag=privileged",
@@ -118,6 +128,7 @@
           "type": "optional",
           "comment": "The account that manages the user that initiated the request. The account represents the organization, a Cloud customer, or a Cloud account."
         }
+
       ],
       "child_dataset": [
         {

pytest_splunk_addon/data_models/Endpoint.json

@@ -351,6 +351,11 @@
           "name": "vendor_product",
           "type": "required",
           "comment": "The vendor and product name of the Endpoint solution that reported the event, such as Carbon Black Cb Response. This field can be automatically populated by vendor and product fields in your data."
+        },
+        {
+          "name": "image",
+          "type": "optional",
+          "comment": "The binary file path or name that is tied to a process ID (PID) in events like process creation or termination."
         }
       ],
       "child_dataset": [],
@@ -469,6 +474,11 @@
           "name": "vendor_product",
           "type": "required",
           "comment": "The vendor and product name of the Endpoint solution that reported the event, such as Carbon Black Cb Response. This field can be automatically populated by vendor and product fields in your data."
+        },
+        {
+          "name": "image",
+          "type": "optional",
+          "comment": "The binary file path or name that is tied to a process ID (PID) in events like process creation or termination."
         }
       ],
       "child_dataset": [],

pytest_splunk_addon/data_models/Network_Traffic.json

@@ -198,7 +198,12 @@
         {
           "name": "rule",
           "type": "optional",
-          "comment": "The rule which defines the action that was taken in the network event. Note: This is a string value. Use rule_id for rule fields that are integer data types. The rule_id field is optional, so it is not included in the data model"
+          "comment": "The rule which defines the action that was taken in the network event. Note: This is a string value. Use rule_id for rule fields that are integer data types."
+        },
+        {
+          "name": "rule_id",
+          "type": "optional",
+          "comment": "The vendor-specific unique identifier of the rule. Examples: 0x00011f0000011f00, 0x00011f00-syn_flood."
         },
         {
           "name": "session_id",

pytest_splunk_addon/data_models/Updates.json

@@ -66,7 +66,8 @@
                     "available",
                     "installed",
                     "invalid",
-                    "restart required"
+                    "restart required",
+                    "failure"
                   ],
                 "comment":"Indicates the status of a given patch requirement." 
             },

pytest_splunk_addon/docker_class.py

@@ -65,7 +65,7 @@ def start(self, *services):
 
         :param services: the names of the services as defined in compose file
         """
-        self._docker_compose.execute("up", "--build", "-d", *services)
+        self._docker_compose.execute("up", "--build", "--wait", *services)
 
     def stop(self, *services):
         """Ensures that the given services are stopped via docker compose.

pytest_splunk_addon/event_ingestors/hec_event_ingestor.py

@@ -13,6 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+import json
+
 from .base_event_ingestor import EventIngestor
 import requests
 from time import time, mktime
@@ -52,7 +54,7 @@ def ingest(self, events, thread_count):
         """
         Ingests event and metric data into splunk using HEC token via event endpoint.
 
-        For batch ingestion of events in a single request at event endpoint provide a list of event dict to be ingested.
+        For batch ingestion of events in a single request at event endpoint provide stacked events one after the other to be ingested.
 
         The format of dictionary for ingesting a single event::
 
@@ -63,22 +65,20 @@ def ingest(self, events, thread_count):
                 "event": "event_str"
             }
 
-        The format of dictionary for ingesting a batch of events::
-
-            [
-                {
-                    "sourcetype": "sample_HEC",
-                    "source": "sample_source",
-                    "host": "sample_host",
-                    "event": "event_str1"
-                },
-                {
-                    "sourcetype": "sample_HEC",
-                    "source": "sample_source",
-                    "host": "sample_host",
-                    "event": "event_str2"
-                },
-            ]
+        The format for ingesting a batch of events::
+
+            {
+                "sourcetype": "sample_HEC",
+                "source": "sample_source",
+                "host": "sample_host",
+                "event": "event_str1"
+            }
+            {
+                "sourcetype": "sample_HEC",
+                "source": "sample_source",
+                "host": "sample_host",
+                "event": "event_str2"
+            }
 
         Args:
             events (list): List of events (SampleEvent) to be ingested
@@ -115,20 +115,21 @@ def ingest(self, events, thread_count):
 
     def __ingest(self, data):
         try:
+            batch_data = "\n".join(json.dumps(obj) for obj in data)
             LOGGER.info(
                 "Making a HEC event request with the following params:\nhec_uri:{}\nheaders:{}".format(
                     str(self.hec_uri), str(self.session_headers)
                 )
             )
             LOGGER.debug(
                 "Creating the following sample event to be ingested via HEC event endoipnt:{}".format(
-                    str(data)
+                    str(batch_data)
                 )
             )
             response = requests.post(  # nosemgrep: splunk.disabled-cert-validation
                 "{}/{}".format(self.hec_uri, "event"),
                 auth=None,
-                json=data,
+                data=batch_data,
                 headers=self.session_headers,
                 verify=False,
             )

pytest_splunk_addon/splunk.py

@@ -490,14 +490,6 @@ def uf_docker(docker_services, tmp_path_factory, worker_id, request):
     """
     Provides IP of the uf server and management port based on pytest-args(splunk_type)
     """
-    LOGGER.info("Starting docker_service=uf")
-    os.environ["CURRENT_DIR"] = os.getcwd()
-    if worker_id:
-        # get the temp directory shared by all workers
-        root_tmp_dir = tmp_path_factory.getbasetemp().parent
-        fn = root_tmp_dir / "pytest_docker"
-        with FileLock(str(fn) + ".lock"):
-            docker_services.start("uf")
     uf_info = {
         "uf_host": docker_services.docker_ip,
         "uf_port": docker_services.port_for("uf", 8089),
@@ -540,6 +532,7 @@ def splunk_docker(
     """
     # configuration of environment variables needed by docker-compose file
     os.environ["SPLUNK_APP_PACKAGE"] = request.config.getoption("splunk_app")
+    os.environ["CURRENT_DIR"] = os.getcwd()
     try:
         config = configparser.ConfigParser()
         config.read(
@@ -558,14 +551,14 @@ def splunk_docker(
     os.environ["SPLUNK_VERSION"] = request.config.getoption("splunk_version")
     os.environ["SC4S_VERSION"] = request.config.getoption("sc4s_version")
 
-    LOGGER.info("Starting docker_service=splunk")
+    LOGGER.info("Starting docker services")
     if worker_id:
         # get the temp directory shared by all workers
         root_tmp_dir = tmp_path_factory.getbasetemp().parent
         fn = root_tmp_dir / "pytest_docker"
         # if you encounter docker-compose not found modify shell path in your IDE to use /bin/bash
         with FileLock(str(fn) + ".lock"):
-            docker_services.start("splunk")
+            docker_services.start()
 
     splunk_info = {
         "host": docker_services.docker_ip,
@@ -648,13 +641,6 @@ def sc4s_docker(docker_services, tmp_path_factory, worker_id):
     """
     Provides IP of the sc4s server and related ports based on pytest-args(splunk_type)
     """
-    if worker_id:
-        # get the temp directory shared by all workers
-        root_tmp_dir = tmp_path_factory.getbasetemp().parent
-        fn = root_tmp_dir / "pytest_docker"
-        with FileLock(str(fn) + ".lock"):
-            docker_services.start("sc4s")
-
     ports = {514: docker_services.port_for("sc4s", 514)}
     for x in range(5000, 5007):
         ports.update({x: docker_services.port_for("sc4s", x)})

tests/unit/tests_standard_lib/test_event_ingestors/conftest.py

@@ -68,26 +68,26 @@ def modinput_posts_sent():
     return [
         (
             f"POST {HEC_URI}/event",
-            "[{"
+            "{"
             '"sourcetype": "test:indextime:sourcetype:modinput_host_event_time_plugin", '
             '"source": "pytest-splunk-addon:modinput", '
             '"event": "test_modinput_1 host=modinput_host_event_time_plugin.samples_1", '
             '"index": "main", '
             '"host": "modinput_host_event_time_plugin.samples_1"'
-            "}, {"
+            "}\n{"
             '"sourcetype": "test:indextime:sourcetype:modinput_host_event_time_plugin", '
             '"source": "pytest-splunk-addon:modinput", '
             '"event": "test_modinput_2 host=modinput_host_event_time_plugin.samples_2", '
             '"index": "main", '
             '"host": "modinput_host_event_time_plugin.samples_2"'
-            "}, {"
+            "}\n{"
             '"sourcetype": "pytest_splunk_addon", '
             '"source": "pytest_splunk_addon:hec:event", '
             '"event": "fake event nothing happened", '
             '"index": "fake_index", '
             '"host": "fake host", '
             '"time": 1234.5678'
-            "}]",
+            "}",
         )
     ]