Replace setup.xml with a Splunk Cloud compatible setup page

hRun / SA-haveibeenpwned

Splunk add-on providing a custom search command to query Troy Hunt's haveibeenpwned API (https://haveibeenpwned.com/api/v3/) for known breaches of your domains or mail addresses.

https://splunkbase.splunk.com/app/5050/

Apache License 2.0

6 stars 4 forks source link

Replace setup.xml with a Splunk Cloud compatible setup page #2

Closed lukemonahan closed 3 years ago

lukemonahan commented 3 years ago

With this PR the app should now pass the Splunk Cloud AppInspect validation and then be installable on Splunk Cloud.

I've used the Splunk add-on builder framework to create the setup page, hence it's a pretty big commit with lots of library files from that project included.

Additionally:

Python3 only, as that's the only supported Python version on Cloud
Custom conf file has been changed to use the naming conventions from AOB, and also to encrypt the API key
Bumped version all the way to 2.0.0 due to need for users to reconfigure the add-on after upgrade

Not done yet:

Any docs for upgrading -- I can supply this if you decide you want to accept these changes and release
Enough testing yet

hRun commented 3 years ago

Hi Luke,

Thanks for getting involved! That's very much appreciated, especially since I wasn't aware that the current version isn't installable on Splunk Cloud.

The changes all look good to me, but please give me some time for testing later this week or early next week before I accept the PR. I want to check out if we can (or did?) retain Python 2 and 3 cross-compatibility, as I know of a few instances where the add-on is used in environments still running on Python 2. It would likely save some users some trouble who blindly update from Splunkbase without reading release notes.

Requiring reconfiguration after the upgrade is acceptable to me as that's quickly done. Altough the same users who don't read release notes might stumble accross it...

Cheers, hRun

lukemonahan commented 3 years ago

This is the only place I have explicitly set Python3:

https://github.com/hRun/SA-haveibeenpwned/blob/30f731981c0c10cce387ca8fc8e879cc3182b36e/default/restmap.conf#L11

This was called out by Appinspect as being required. If I change it to default, the app fails Splunk Cloud vetting with:

The handler of stanza [admin_external:SA_haveibeenpwned_settings] should be python3 executable. File: default/restmap.conf Line Number: 7

It appears it's no longer possible to have a python2/python3 compatible app that also passes Splunk Cloud vetting. You may have to advise users to use the 1.x series if they need python 2 any longer, if you also want to be Splunk Cloud compatible.

hRun commented 3 years ago

Turns out the add-on is still fully backwards compatible with Python2, if users require it. Just changing the Python related settings works perfectly well. I'll update the README accordingly. The only donwside of the update is that non-privileged users without the list_storage_passwords capability can no longer use mode=mail as they can't access the now encrypted API key. With the next commit I'll add a custom role which admins can assign to users if they wish. I didn't commit to your fork as I did some testing and noticed some additional unrelated improvements which I want to include with the next commit. Submission to Splunkbase will follow shortly.

Thanks again for your contribution. Cheers, hRun.