fastly / sigsci-splunk-app

Splunk app for Fastly (Signal Sciences)
https://splunkbase.splunk.com/app/3495
MIT License
9 stars 10 forks source link

Add-on Builder Import Fail #10

Closed jesuscmartinez closed 5 years ago

jesuscmartinez commented 5 years ago

When I attempt to import the add-on into Add-on Builder I receive errors.

Via the UI I attempted to import signal-sciences-ng-wafrasp-ta_1019.tgz and received: The add-on project could not be imported because a problem occurred while loading the meta data.

Checked out the repo and attempted the import via CLI and received the following error:

  File "/Applications/Splunk/etc/apps/splunk_app_addon-builder/bin/aob/aob_tools/project_migration_tool.py", line 324, in <module>
    main()
  File "/Applications/Splunk/etc/apps/splunk_app_addon-builder/bin/aob/aob_tools/project_migration_tool.py", line 321, in main
    args.password)
  File "/Applications/Splunk/etc/apps/splunk_app_addon-builder/bin/aob/aob_tools/project_migration_tool.py", line 213, in import_project
    raise RuntimeError('{} not found. The directory structure is not correct.'.format(app_conf))
RuntimeError: /Users/jmartine/workspace/sigsci-splunk-app/sigsci_TA_for_splunk/local/app.conf not found. The directory structure is not correct.

The add-on is current installed, so I attempted to export, and then import. Export was successful. Import failed:

Traceback (most recent call last):
  File "/Applications/Splunk/etc/apps/splunk_app_addon-builder/bin/aob/aob_tools/project_migration_tool.py", line 324, in <module>
    main()
  File "/Applications/Splunk/etc/apps/splunk_app_addon-builder/bin/aob/aob_tools/project_migration_tool.py", line 321, in main
    args.password)
  File "/Applications/Splunk/etc/apps/splunk_app_addon-builder/bin/aob/aob_tools/project_migration_tool.py", line 216, in import_project
    raise RuntimeError('Fail to get app name from %s. Please validate the configuration content.' % app_conf)
RuntimeError: Fail to get app name from /tmp/sigsci/sigsci_TA_for_splunk/local/app.conf. Please validate the configuration content.

Copied default/app.conf into local/app.conf and recieved the following error:

Traceback (most recent call last):
  File "/Applications/Splunk/etc/apps/splunk_app_addon-builder/bin/aob/aob_tools/project_migration_tool.py", line 324, in <module>
    main()
  File "/Applications/Splunk/etc/apps/splunk_app_addon-builder/bin/aob/aob_tools/project_migration_tool.py", line 321, in main
    args.password)
  File "/Applications/Splunk/etc/apps/splunk_app_addon-builder/bin/aob/aob_tools/project_migration_tool.py", line 240, in import_project
    raise e
Exception: Fail to import TA sigsci_TA_for_splunk. Error:                                                                                                                                                                                                                                                                
{"err_code": 37, "err_args": {"app": "sigsci_TA_for_splunk"}}

Am I corrrect in believing that I would/should import the project to help do development and testing then export? I'd like to extend the modulars to support Agent events as well. Thanks for the support.


Splunk Enterprise Version: 7.3.0 Build: 657388c7a488

splunk_app_addon-builder | 2.2.0

dacoburn commented 5 years ago

@jesuscmartinez according to the splunk-appinspect when packaging up an app for distribution you can't have anything in the local folders so I explicitly delete them in order to pass the inspection. Doing so seems to have broken things for the App Builder a long time ago. I generally did the first time import to create the app structure and modify things manually.

The only code I've really added is from input_module_SigsciEvent.py

input_module_SigsciRequests.py

For the agent events I believe they are under the activity API so I would likely need to add a new input type to keep things somewhat simple.

dacoburn commented 5 years ago

@jesuscmartinez I created a new app with the add-on builder and compared the app.conf and app.manifest. As far as I can tell they are both basically the same as the one in my App. Not sure why once you prep it for publishing it stops working with the add-on builder.

I did update the API used for getting events to the one that has both the Flagged IPs and Agent Alerts. So from 1.0.22 of the app you'll get both.

If you want to figure out how to get things importable that would be cool, otherwise I'll probably close out as at this point the Add-On builder doesn't really offer me much when making changes.

dacoburn commented 5 years ago

Closing due to inactivity, reopen if needed.