Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Exception on extra fields #325

Merged
merged 21 commits into from
Dec 10, 2024
Merged

Exception on extra fields #325

merged 21 commits into from
Dec 10, 2024

Conversation

pyth0n1c
Copy link
Contributor

@pyth0n1c pyth0n1c commented Nov 12, 2024

Throw an exception if extra fields are included in YML files.
This results is much cleaner files and catching typos in field names.
Note that this removed datamodel field frmo some files in favor of making it a computed_field, as it has been for some time for detections.

The following security_content PR fixes outstanding issues with content and should be merged first: splunk/security_content#3202

This PR also significantly cleans up the code for the contentctl new workflow.

@ljstella
Copy link
Contributor

Just updated this with main- if you want to temporarily run the smoketest_escu job on all the platforms, on all the versions, I made a slight temporary tweak in the RBA migration branch that you might want to do something similar to: https://github.com/splunk/contentctl/pull/263/files#diff-48a325cafd3c5cd9f969b09790dff0ab3d3c0b2acd656c90ad4647ee35aa9214R39

Just pass it your security_content branch, and then after a full run of green, feel free to take it out.

new template.  Added drilldowns, if
appropriate, and made the link
to attack_data set invalid, so
that if it is not updated it fails
validation. This prevents an
incorrect attack_data from failing
silently.
temporarily, to test against
relevant updated content
Bump version of contentctl to v4.5.0 in prep
for release.
repeatable value when a field has not been
updated. Provide more context for enum fields
as to what can be set. Finally, throw an error
during YML read if an un-UPDATED field
still exists in any of the YMLs.
Remove extra pair of quotes
from new detection template
version to resolve bug in
our code
@cmcginley-splunk cmcginley-splunk self-requested a review November 21, 2024 20:10
@pyth0n1c pyth0n1c changed the base branch from main to contentctl_5 December 4, 2024 19:17
@ljstella ljstella self-requested a review December 10, 2024 19:15
Copy link
Contributor

@ljstella ljstella left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM for merging to a staging branch

@pyth0n1c pyth0n1c merged commit 7646c24 into contentctl_5 Dec 10, 2024
10 of 18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants