Splunk Cloud Vetting - Githubissues

CrossRealms / Splunk-App-Auto-Update-MaxMind-Database

Splunk App that auto updates the max-mind database (used for iplocation command)

10 stars 3 forks source link

Splunk Cloud Vetting #18

Closed Rawmi-21 closed 1 year ago

Rawmi-21 commented 1 year ago

Hello,

I saw in your commits that you did some action regarding Splunk App Vetting but Splunk Support is still telling me that it's not supported in Splunk Cloud.

Will it be the case in the future ?

VatsalJagani commented 1 year ago

I just validated that App still passes all App checks

Can you ask Splunk Support what is the exact issue?

Rawmi-21 commented 1 year ago

Hello,

Thanks for your quick reply. Splunk Finally gave me infos, I quote their message here :

"The app #5482 'Auto Update MaxMind Database' v2.0.0 did not meet security and functionality requirements for Splunk Cloud for the following reasons:

check_limits_conf

Deleting the limit.conf file from python script which is not allowed in Splunk cloud.

As this is developer supported, the app developer can reach out devinfo@splunk.com for more assistance on getting this app validated for Splunk Cloud or resubmit the app on Splunkbase once the above issues are remedied so our App Vetting Team can validate it for Splunk Cloud."

VatsalJagani commented 1 year ago

I've reached out to Splunk and I'll update you once I get the response back from them.

FYI, this should not be an issue. And the code they are refering to is just for handling the App upgrade scenario seemlessly.

VatsalJagani commented 1 year ago

Here is what I received from Splunk:

OK awesome, thanks for following up on this with us. I've asked the team to re-do the review and gave the all-clear on removing the limits.conf file. They'll redo the review under current compatibility requirements to ensure it's still otherwise compatible and, if so, approve this for Splunk Cloud.

Rawmi-21 commented 1 year ago

Thanks for your following ! Should I still wait or I can do a new Cloud App Request ?

VatsalJagani commented 1 year ago

I would say allow them some time and do a new Cloud App Request next week Tuesday. Hopefully by then Splunk Dev team internally have communicated with Cloud team.

mahirchavda commented 1 year ago

Hi @Rawmi-21, Kindly upgrade to newly released App version 3.0.0. Feel free to comment/reopen the issue if required.

Rawmi-21 commented 1 year ago

Hello,

Thanks for your update I just deployed the new app and configure my API Key. I have the message which indicates that the database have been updated successfully.

Now I want confirm that but this type of commands does not work on Splunk Cloud :

| rest /services/configs/conf-limits splunk_server=local | search title="iplocation" | table title, db_path.

Do you know how I can be sure that the database is actually updated ?

Regards,

VatsalJagani commented 1 year ago

@Rawmi-21 - This (query for validation) is no longer required actually as with the latest release of App v2.0.0 or v3.0.0.

I have the message which indicates that the database have been updated successfully.

This tells me that database is updated successfully.

Rawmi-21 commented 1 year ago

Which command is available instead ?

VatsalJagani commented 1 year ago

The only way to check now is:

Go in the backend and see the file update time (not possible in Splunk Cloud, but you can ask Splunk support)
Or you can check 20-30 IPs location now and try checking after 1 week to see any difference. Any difference means Add-on is upgrading the files.