From b2e1d816830cc9948adac80c30243279344d12ec Mon Sep 17 00:00:00 2001 From: Harshil Gajera Date: Tue, 23 Jul 2024 17:21:06 +0530 Subject: [PATCH 1/4] ci: adding release notes --- docs/release_notes.md | 57 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 docs/release_notes.md diff --git a/docs/release_notes.md b/docs/release_notes.md new file mode 100644 index 000000000..00e1bd95a --- /dev/null +++ b/docs/release_notes.md @@ -0,0 +1,57 @@ +# Release Notes - Pytest-splunk-addon 6.0.0 + + +## New features + +- Extended the LR schema. Now you can use notes inside \ and field notes as well. + - Notes inside \: + ```bash + some note + ``` + - Field notes: + ```bash + + ``` + - Added support for CIM v5.3.2 + - New data models added: + - Data Access + - Database + - Event Signature + - Interprocess Messaging + - Computer Inventory + - JVM + - Performance + - Ticket Management + - Updated fields with expected values and conditions. + - Eg: Added expected values ["critical","high","medium","low","informational"] for severity field in Malware data model. + - For existing data models updated fields to required or optional based on CIM App Jsons. + - Eg: For Alert data model, body field is now marked as optional(as it is deprecated) and description is marked as required which was previously optional. + - So now if addon does not extract the description field for events tagged with Alert data model, then this will lead to failures for tests template: `test_cim_required_fields*` for those samples + - Furthermore, recommended fields have also been added to data models + - Eg: For Data Access fields like object_category and user_name are added as recommended fields. + - Again if the addon does not extract these fields then tests with test template : `test_cim_fields_recommended*` will fail for those samples. + - If the failures for test templates shown above are observed then it is recommended to extract those fields as the updates in all the Data models have been made with guidance of the SMEs. + + - Added support for CLEAN_KEYS param + - Now if Addons has field names in reports stanzas which have non-alphanumeric chars then those chars would be first converted to "_" and then tests would be generated as by default in splunk CLEAN_KEYS is set to true. + - Moreover, if any report stanzas has explicitly set CLEAN_KEYS=false then for those reports, field conversion would not happen and tests would be generated as it is. + - Eg: In the below stanza tests for server_contact field would be generated instead of server-contact. + ``` + [example_report] + FIELDS = server-contact + ``` + - Similarly, if in the example_report CLEAN_KEYS = false is provided then tests for server-contact would be generated as is. + + +## Improvements + - Refactoring change to remove standard_lib nested folder. + - Merged respective docker-compose* and pytest* files into one. + - Now we have common files docker-compose.yml and pytest.ini for ci and local execution. + - Added validation if a same field is present in cim_fields and missing_recommended_fields for sample and raise warning highlighting the same. + +## Bug fixes + + - Fixed the url rule for url["path"] and url["query"] + - url["path"] will result into a path. eg: /path + - url["query"] will result into a query. eg: ?a=b + - Fixed an issue of duplicate logging of warnings by every worker while parsing conf files. From 37d6fd06a9f137a7833be1a4e49f57902d1ca700 Mon Sep 17 00:00:00 2001 From: Harshil Gajera Date: Tue, 23 Jul 2024 17:21:58 +0530 Subject: [PATCH 2/4] ci: linking notes.md --- mkdocs.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mkdocs.yml b/mkdocs.yml index 51c1516fe..cc71168d4 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -73,4 +73,5 @@ nav: - AppTestGenerator: "api_reference/app_test_generator.md" - DataGenerator: "api_reference/sample_generation.md" - EventIngestor: "api_reference/event_ingestion.md" - - Troubleshooting: "troubleshoot.md" \ No newline at end of file + - Troubleshooting: "troubleshoot.md" + - Release Notes: "release_notes.md" \ No newline at end of file From 36610d70096bf7e99000ea77ff6c0b741dc69464 Mon Sep 17 00:00:00 2001 From: Harshil Gajera Date: Thu, 25 Jul 2024 11:08:06 +0530 Subject: [PATCH 3/4] ci: updating notes --- docs/release_notes.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/release_notes.md b/docs/release_notes.md index 00e1bd95a..7c8c82120 100644 --- a/docs/release_notes.md +++ b/docs/release_notes.md @@ -47,7 +47,6 @@ - Refactoring change to remove standard_lib nested folder. - Merged respective docker-compose* and pytest* files into one. - Now we have common files docker-compose.yml and pytest.ini for ci and local execution. - - Added validation if a same field is present in cim_fields and missing_recommended_fields for sample and raise warning highlighting the same. ## Bug fixes From 721a42fadc2a88af487ffecc4845f8df91432671 Mon Sep 17 00:00:00 2001 From: Harshil Gajera Date: Fri, 26 Jul 2024 16:22:33 +0530 Subject: [PATCH 4/4] ci: updating release notest --- docs/release_notes.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/release_notes.md b/docs/release_notes.md index 7c8c82120..064c996d7 100644 --- a/docs/release_notes.md +++ b/docs/release_notes.md @@ -1,5 +1,9 @@ # Release Notes - Pytest-splunk-addon 6.0.0 +## Breaking Changes +- Added code for lovely-pytest-docker in PSA and migrated to v2 version of docker-compose as GitHub runners have stopped supporting docker compose v1. + - As we have removed dependency of lovely-pytest-docker from PSA, in addon repos lovely-pytest-docker has to be excluded from pyproject.toml to avoid conflicts. + ## New features