ansible-collections / splunk.es Goto Github PK

This collection will be included in Ansible 2.10 because it contains modules and/or plugins that were included in Ansible 2.9. Please review:

• The list of requirements for inclusion in Ansible: https://github.com/ansible-collections/overview/blob/master/collection_requirements.rst
• The roadmap with all important dates for Ansible 2.10: https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/COLLECTIONS_2_10.rst

DEADLINE: 2020-08-18

The latest version of the collection available on August 18 will be included in Ansible 2.10.0, except possibly newer versions which differ only in the patch level. (For details, see the roadmap). Please release version 1.0.0 of your collection by this date! If 1.0.0 does not exist, the same 0.x.y version will be used in all of Ansible 2.10 without updates, and your 1.x.y release will not be included until Ansible 2.11 (unless you request an exception at a community working group meeting and go through a demanding manual process to vouch for backwards compatibility . . . you want to avoid this!).

Follow semantic versioning rules

Your collection versioning must follow all semver rules. This means:

• Patch level releases can only contain bugfixes;
• Minor releases can contain new features, new modules and plugins, and bugfixes, but must not break backwards compatibility;
• Major releases can break backwards compatibility.

Changelogs and Porting Guide

Your collection should provide data for the Ansible 2.10 changelog and porting guide. The changelog and porting guide are automatically generated from ansible-base, and from the changelogs of the included collections. All changes from the breaking_changes, major_changes, removed_features and deprecated_features sections will appear in both the changelog and the porting guide. You have two options for providing changelog fragments to include:

1. If possible, use the antsibull-changelog tool, which uses the same changelog fragment as the ansible/ansible repository (see the documentation).
2. If you cannot use antsibull-changelog, you can provide the changelog in a machine-readable format as changelogs/changelog.yaml inside your collection (see the documentation of changelogs/changelog.yaml format).

If you cannot contribute to the integrated Ansible changelog using one of these methods, please provide a link to your collection's changelog by creating an issue in https://github.com/ansible-community/ansible-build-data/. If you do not provide changelogs/changelog.yml or a link, users will not be able to find out what changed in your collection from the Ansible changelog and porting guide.

Make sure your collection passes the sanity tests

Run ansible-test sanity --docker -v in the collection with the latest ansible-base or stable-2.10 ansible/ansible checkout.

Keep informed

Be sure you're subscribed to:

• Changes impacting Collections to track changes that Collection maintainers should be aware of;
• The Bullhorn, a newsletter for the Ansible developer community, back issues and how to add content.

Questions and Feedback

If you have questions or want to provide feedback, please see the Feedback section in the collection requirements.

(Internal link to keep track of issues: ansible-collections/overview#102)

Ansible Contributor Summit

We are happy to announce that the registration for the Ansible Contributor Summit is open!

Why

• This is a great opportunity for interested people to meet, discuss related topics, share their stories and opinions, get the latest important updates and just to hang out together.

• There will be different announcements & presentations by Community, Core, Cloud, Network, and other teams.

• Current contributors will be happy to share their stories and experience with newcomers.

• There will be links to interactive self-passed instruqt scenarios shared during the event that help newcomers learn different aspects of development.

Where/when

Online on Matrix and Youtube. Tuesday, April 12, 2022, 12:00 - 20:00 UTC.

How to join

• Add the event to your calendar. Use the ical URL (for example, in Google Calendar "Add other calendars" > "Import from URL") instead of importing the .ics file so that any updates to the event will be reflected in your calendar.

• Check out the Summit page:

  • Add you name to attendees.
  • Suggest summit topics that would be interesting to you to hear about.
  • Vote on and propose changes to topics suggested by others.
  • If you want to be a presenter, please contact the Ansible Community team via [email protected].

We are looking forward to seeing you!:)

Heja there,

sorry to bother you with this questions: I am currently building some modules around the ITSI API along-side our installation here. Now I understand, that those would not fit into this collection so something like splunk.itsi would be better. I also understand that community driven collections are prefixed with community.* and vendor driven with vendor.* but obviously we would love to see an vendor collection we can contribute to.
Long story short: do you have any @ for me where how we could start that collection?

Or should I just poke @gundalow for creating an community one? wave

Based on the community decision to use true/false for boolean values in documentation and examples, we ask that you evaluate booleans in this collection and consider changing any that do not use true/false (lowercase).

See documentation block format for more info (specifically, option defaults).

If you have already implemented this or decide not to, feel free to close this issue.

P.S. This is auto-generated issue, please raise any concerns here

SUMMARY

We are running sanity tests across every collection included in the Ansible community package (as part of this issue) and found that ansible-test sanity --docker against splunk.es 2.0.0 fails with ansible-core 2.13.0rc1 in ansible 6.0.0a2.

ISSUE TYPE

• Bug Report

COMPONENT NAME

n/a

ANSIBLE VERSION

ansible [core 2.13.0rc1]

COLLECTION VERSION

2.0.0

STEPS TO REPRODUCE

ansible-test sanity --docker

EXPECTED RESULTS

Tests are either passing or ignored.

ACTUAL RESULTS

ERROR: Found 8 validate-modules issue(s) which need to be resolved:
ERROR: plugins/httpapi/splunk.py:0:0: invalid-documentation: DOCUMENTATION.author: Invalid author for dictionary value @ data['author']. Got 'Ansible Security Automation Team'
ERROR: plugins/httpapi/splunk.py:0:0: invalid-documentation: DOCUMENTATION.httpapi: extra keys not allowed @ data['httpapi']. Got 'splunk'
ERROR: plugins/httpapi/splunk.py:0:0: invalid-documentation: DOCUMENTATION.name: required key not provided @ data['name']. Got None
ERROR: plugins/modules/splunk_adaptive_response_notable_event.py:0:0: invalid-documentation: DOCUMENTATION.module: not a valid value for dictionary value @ data['module']. Got 'adaptive_response_notable_event'
ERROR: plugins/modules/splunk_correlation_search.py:0:0: invalid-documentation: DOCUMENTATION.module: not a valid value for dictionary value @ data['module']. Got 'correlation_search'
ERROR: plugins/modules/splunk_correlation_search_info.py:0:0: invalid-documentation: DOCUMENTATION.module: not a valid value for dictionary value @ data['module']. Got 'correlation_search_info'
ERROR: plugins/modules/splunk_data_input_monitor.py:0:0: invalid-documentation: DOCUMENTATION.module: not a valid value for dictionary value @ data['module']. Got 'data_input_monitor'
ERROR: plugins/modules/splunk_data_input_network.py:0:0: invalid-documentation: DOCUMENTATION.module: not a valid value for dictionary value @ data['module']. Got 'data_input_network'
ERROR: The 1 sanity test(s) listed below (out of 43) failed. See error output above for details.
validate-modules
ERROR: Command "podman exec ansible-test-controller-FQH9InD7 /usr/bin/env ANSIBLE_TEST_CONTENT_ROOT=/root/ansible_collections/splunk/es LC_ALL=en_US.UTF-8 /usr/bin/python3.10 /root/ansible/bin/ansible-test sanity --containers '{}' --skip-test pylint --metadata tests/output/.tmp/metadata-8th72nog.json --truncate 0 --color no --host-path tests/output/.tmp/host-io87ffa1" returned exit status 1.

SUMMARY

According to the collection requirements,
default branches of the existing repositories under ansible_collections SHOULD be converted to use main.

I didn't realise from https://galaxy.ansible.com/splunk/enterprise_security that this was deprecated, may I suggest

remove all content
publish to Galaxy
Set the deprecated flag in Galaxy
Archive the GitHub repo

SUMMARY

ansible-collections/overview#45 (comment)

If irrelevant, feel free to close the issue

SUMMARY

I'm not sure if any of the maintainers here are also maintainers of the ansible-role-for-splunk, but would it be possible to include that role in this (or other splunk namespaced) collection?

ISSUE TYPE

• Feature Idea

COMPONENT NAME

role:
  - name: splunk.es.splunk

ADDITIONAL INFORMATION

While it is not necessary, I think it would be convenient to source the splunk role from a collection rather than directly from Github (I don't think even the standalone role is available on galaxy.ansible.com).

SUMMARY

Trying to install the splunk.se collection reading the doc provided but it fails with following error all the time

root@splunk:~# ansible-galaxy collection install splunk.es

• downloading role 'collection', owned by
  [WARNING]: - collection was NOT installed successfully: Content has no field named 'owner'

ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.
root@splunk:#
---- with ignore-errors
root@splunk:# ansible-galaxy collection install splunk.es --ignore-errors

• downloading role 'collection', owned by
  [WARNING]: - collection was NOT installed successfully: Content has no field named 'owner'

• downloading role 'es', owned by splunk
  [WARNING]: - splunk.es was NOT installed successfully: - sorry, splunk.es was not found on
  https://galaxy.ansible.com.

root@splunk:~#

ISSUE TYPE

• Bug Report

COMPONENT NAME

ANSIBLE VERSION

root@splunk:~# ansible --version
ansible 2.5.1

CONFIGURATION

OS / ENVIRONMENT

Ubuntu 18.4

STEPS TO REPRODUCE

EXPECTED RESULTS

ACTUAL RESULTS

SUMMARY

This functionality would allow to programatically manage risk objects defined within a correlation search. Currently this is not supported at all.

Risk based Alerting information:
https://lantern.splunk.com/Security/UCE/Guided_Insights/Risk-based_alerting/Implementing_risk-based_alerting

ISSUE TYPE

• Feature Idea

COMPONENT NAME

New module: splunk_adaptive_response_risk_analysis_events

ADDITIONAL INFORMATION

Usage: exactly the same as other modules from this collection but using different fields / data structures

      - name: Add adaptive response risk analysis events config
        splunk.es.splunk_adaptive_response_risk_analysis_events:
          config:
            - correlation_search_name: "{{ correlation_search }}"
              name: "{{ risk_message_title }}"
              description: "{{ correlation_search_description }}"
              risk_modifiers:
                risk_objects:
                  - risk_object_field: value11
                    risk_object_type: value12 
                    risk_object_score: value13
                  - risk_object_field: value21 
                    risk_object_type: value22
                    risk_object_score: value23
                   [...]
                threat_objects:
                  - threat_object_field: value31 
                    threat_object_type: value32
                  - threat object_field: value41
                    threat_object_type: value42
                   [...]
          state: merged

N/A

SUMMARY

Dear maintainers,

This is important for your collections!

• In accordance with the Community decision, we have created the news-for-maintainers repository for announcements of changes impacting collection maintainers (see the examples) instead of Issue 45 that will be closed soon.

  • To keep yourself well-informed and, therefore, things in your collection working, please subscribe to the repository by using the Watch button in the upper right corner on the repository's home page.
  • If you do not want to get notifications about related discussions, please subscribe only to Issues.
  • Please read the brief guidelines on how the repository should be used.
  • Please avoid unnecessary discussions in issues, use the Discussions feature. Every comment posted will notify a lot of folks!

• Also we would like to remind you about the Bullhorn contributor newsletter which has recently started to be released weekly. To learn what it looks like, see the past releases. Please subscribe and talk to the Community via Bullhorn!

• Join us in #ansible-social (for news reporting & chat), #ansible-community (for discussing collection & maintainer topics), and other channels on Matrix/IRC.

• Help the Community and the Steering Committee to make right decisions by taking part in discussing and voting on the Community Topics that impact the whole project and the collections in particular. Your opinion there will be much appreciated!

Thank you!