Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exception on extra fields #325

Open
wants to merge 20 commits into
base: main
Choose a base branch
from
Open

Exception on extra fields #325

wants to merge 20 commits into from

Conversation

pyth0n1c
Copy link
Contributor

@pyth0n1c pyth0n1c commented Nov 12, 2024
edited
Loading

Throw an exception is extra fields are included in YML files.
This results is much cleaner files and catching typos in field names.
Note that this removed datamodel field frmo some files in favor of making it a computed_field, as it has been for some time for detections.

The following security_content PR fixes outstanding issues with content and should be merged first: splunk/security_content#3202

This PR also pins to Pydantic ~2.9.2. Pydantic >= 2.10, which was released 11-20-2024, throws an exception that we will resolve in a future release.

@pyth0n1c pyth0n1c mentioned this pull request Nov 12, 2024
Open
@pyth0n1c pyth0n1c mentioned this pull request Nov 18, 2024
Closed
@ljstella
Copy link
Contributor

Just updated this with main- if you want to temporarily run the smoketest_escu job on all the platforms, on all the versions, I made a slight temporary tweak in the RBA migration branch that you might want to do something similar to: https://github.com/splunk/contentctl/pull/263/files#diff-48a325cafd3c5cd9f969b09790dff0ab3d3c0b2acd656c90ad4647ee35aa9214R39

Just pass it your security_content branch, and then after a full run of green, feel free to take it out.

@pyth0n1c
Removed risk_Score from contentctl
39ce0ef 
new template.  Added drilldowns, if
appropriate, and made the link
to attack_data set invalid, so
that if it is not updated it fails
validation. This prevents an
incorrect attack_data from failing
silently.
@pyth0n1c
make a change to github workflow,
c647a9f 
temporarily, to test against
relevant updated content
@pyth0n1c
clean up new content template
0a910ce
@pyth0n1c
fix out security_content
9856df5 
repo reference
@pyth0n1c
remove duplicate in list
aa99df8
@pyth0n1c
Revert test to security_content develop branch.
4bb9d41 
Bump version of contentctl to v4.5.0 in prep
for release.
@pyth0n1c
Update new_content generation to give a
f97597b 
repeatable value when a field has not been
updated. Provide more context for enum fields
as to what can be set. Finally, throw an error
during YML read if an un-UPDATED field
still exists in any of the YMLs.
@pyth0n1c
update drilldowns
3fea2f6
@pyth0n1c
change _UPDATE_ string to __UPDATE__
db19969 
Remove extra pair of quotes
from new detection template
@pyth0n1c
pin pydantic to older minor
b382d44 
version to resolve bug in
our code
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cmcginley-splunk cmcginley-splunk Awaiting requested review from cmcginley-splunk

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pyth0n1c @ljstella