splunk-pickaxe 2.3.1 → 2.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +37 -1
- data/Rakefile +6 -0
- data/lib/splunk/pickaxe/config.rb +3 -1
- data/lib/splunk/pickaxe/erb_with_binding.rb +17 -0
- data/lib/splunk/pickaxe/objects.rb +4 -1
- data/lib/splunk/pickaxe/objects/dashboards.rb +4 -1
- data/lib/splunk/pickaxe/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: dcd56d84913d202840b8f0b807217044f0d057b6
|
|
4
|
+
data.tar.gz: 44fd867231ae53662d125bde0921a07da4486c8c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 940928c1c49050bfdfa214c6b0508cd7ec201ea0c8aeaaf75bd2921b872a2397a08d7d7add36490ffdcc2464cb0c062d57ecb98b4bfb4b4edda2cf556f764b24
|
|
7
|
+
data.tar.gz: 552676b068ef457f0bcf95a0f489a17e5a65364e7c9da840eea77eea974598d788383ab0763789f465738d7e3b44dec33bc32edcd8d1d0621a97e896cd1e42df
|
data/README.md
CHANGED
|
@@ -36,7 +36,8 @@ namespace:
|
|
|
36
36
|
app: MY_SPLUNK_APP
|
|
37
37
|
|
|
38
38
|
environments:
|
|
39
|
-
ENVIRONMENT_NAME:
|
|
39
|
+
ENVIRONMENT_NAME:
|
|
40
|
+
url: SPLUNK_API_URL (i.e. https://search-head.my-splunk.com:8089)
|
|
40
41
|
```
|
|
41
42
|
|
|
42
43
|
Add some Splunk objects; see [example repo](example-repo) or below for manually
|
|
@@ -201,6 +202,40 @@ envs:
|
|
|
201
202
|
By default if `envs` is not provided the object will be imported to all
|
|
202
203
|
environments.
|
|
203
204
|
|
|
205
|
+
All Splunk objects are processed through ERB before being loaded to allow for dynamic configuration. The values from `.pickaxe.yml` provided within the environment configuration appropriate to the executed command will be added to the ERB binding during the rendering process.
|
|
206
|
+
|
|
207
|
+
.pickaxe.yml
|
|
208
|
+
```yaml
|
|
209
|
+
namespace:
|
|
210
|
+
# The application in which to create the Splunk knowledge objects
|
|
211
|
+
app: MY_SPLUNK_APP
|
|
212
|
+
|
|
213
|
+
environments:
|
|
214
|
+
ENVIRONMENT_NAME:
|
|
215
|
+
url: SPLUNK_API_URL (i.e. https://search-head.my-splunk.com:8089)
|
|
216
|
+
index_name: my_index
|
|
217
|
+
```
|
|
218
|
+
|
|
219
|
+
my_alert.yml
|
|
220
|
+
```yaml
|
|
221
|
+
name: ALERT NAME
|
|
222
|
+
config:
|
|
223
|
+
# Search query of events used to trigger alert
|
|
224
|
+
search: >
|
|
225
|
+
MY SEARCH USING <%= index_name %>
|
|
226
|
+
```
|
|
227
|
+
|
|
228
|
+
Environment variables from the OS can also be referenced.
|
|
229
|
+
|
|
230
|
+
my_alert.yml
|
|
231
|
+
```yaml
|
|
232
|
+
name: ALERT NAME
|
|
233
|
+
config:
|
|
234
|
+
# Search query of events used to trigger alert
|
|
235
|
+
search: >
|
|
236
|
+
MY SEARCH USING <%= ENV['INDEX_NAME'] %>
|
|
237
|
+
```
|
|
238
|
+
|
|
204
239
|
Config
|
|
205
240
|
------
|
|
206
241
|
|
|
@@ -228,6 +263,7 @@ emails:
|
|
|
228
263
|
- my.email@domain.com
|
|
229
264
|
```
|
|
230
265
|
|
|
266
|
+
|
|
231
267
|
### Backwards Compatibility
|
|
232
268
|
|
|
233
269
|
In previous version the config used to look like this,
|
data/Rakefile
CHANGED
|
@@ -170,7 +170,13 @@ end
|
|
|
170
170
|
|
|
171
171
|
def update_version version
|
|
172
172
|
version_splits = version.split('.')
|
|
173
|
+
|
|
174
|
+
# Bump minor version up one
|
|
173
175
|
version_splits[1] = (version_splits[1].to_i + 1).to_s
|
|
176
|
+
|
|
177
|
+
# Ensure fix version is reset
|
|
178
|
+
version_splits[2] = 0
|
|
179
|
+
|
|
174
180
|
next_version = version_splits.join('.')
|
|
175
181
|
|
|
176
182
|
version_rb = IO.read('lib/splunk/pickaxe/version.rb')
|
|
@@ -24,7 +24,7 @@ module Splunk
|
|
|
24
24
|
Config.new deep_merge(DEFAULTS, YAML.load_file(config_path)), environment, execution_path
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
-
attr_reader :namespace, :environment, :execution_path, :emails, :url
|
|
27
|
+
attr_reader :namespace, :environment, :execution_path, :emails, :url, :env_config
|
|
28
28
|
|
|
29
29
|
def initialize(config, environment, execution_path)
|
|
30
30
|
raise "Config must have a 'namespace / app' config" unless config['namespace'].key?('app')
|
|
@@ -40,10 +40,12 @@ module Splunk
|
|
|
40
40
|
puts "Your .pickaxe.yml is using a deprecated config format. Check https://github.com/cerner/splunk-pickaxe#backwards-compatibility for details"
|
|
41
41
|
@emails = config['emails']
|
|
42
42
|
@url = env_config
|
|
43
|
+
@env_config = { 'url' => @url, 'emails' => @emails }
|
|
43
44
|
elsif env_config.is_a?(Hash)
|
|
44
45
|
raise "url config is required for environment [#{environment}]" unless env_config.has_key?('url')
|
|
45
46
|
@url = env_config['url']
|
|
46
47
|
@emails = env_config.has_key?('emails') ? env_config['emails'] : config['emails']
|
|
48
|
+
@env_config = env_config
|
|
47
49
|
else
|
|
48
50
|
raise "Unexepcted value for environment [#{environment}] config. Expected String or Hash, saw #{config['environments'][environment]}"
|
|
49
51
|
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'ostruct'
|
|
4
|
+
|
|
5
|
+
module Splunk
|
|
6
|
+
module Pickaxe
|
|
7
|
+
class ERBWithBinding < OpenStruct
|
|
8
|
+
def self.render_from_hash(t, h)
|
|
9
|
+
ERBWithBinding.new(h).render(t)
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def render(template)
|
|
13
|
+
ERB.new(template).result(binding)
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
require 'splunk-sdk-ruby'
|
|
4
4
|
require 'yaml'
|
|
5
|
+
require_relative 'erb_with_binding'
|
|
5
6
|
|
|
6
7
|
# Base class for syncing splunk objects (dashboards, alerts, etc...)
|
|
7
8
|
module Splunk
|
|
@@ -62,7 +63,9 @@ module Splunk
|
|
|
62
63
|
end
|
|
63
64
|
|
|
64
65
|
def config(file_path)
|
|
65
|
-
|
|
66
|
+
template = File.read(file_path)
|
|
67
|
+
yaml_contents = ERBWithBinding::render_from_hash(template, pickaxe_config.env_config)
|
|
68
|
+
YAML.safe_load(yaml_contents, [], [], true)
|
|
66
69
|
end
|
|
67
70
|
|
|
68
71
|
def create(entity)
|
|
@@ -28,11 +28,14 @@ module Splunk
|
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
def config(file_path)
|
|
31
|
+
template = IO.read(file_path)
|
|
32
|
+
xml_content = ERBWithBinding::render_from_hash(template, pickaxe_config.env_config)
|
|
33
|
+
|
|
31
34
|
# Dashboards don't have many properties just name and source XML
|
|
32
35
|
{
|
|
33
36
|
'name' => File.basename(file_path, '.xml'),
|
|
34
37
|
'config' => {
|
|
35
|
-
'eai:data' =>
|
|
38
|
+
'eai:data' => xml_content
|
|
36
39
|
}
|
|
37
40
|
}
|
|
38
41
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: splunk-pickaxe
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Bryan Baugher
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-02-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: splunk-sdk-ruby
|
|
@@ -97,6 +97,7 @@ files:
|
|
|
97
97
|
- lib/splunk/pickaxe/client.rb
|
|
98
98
|
- lib/splunk/pickaxe/config.rb
|
|
99
99
|
- lib/splunk/pickaxe/cookie_proxy.rb
|
|
100
|
+
- lib/splunk/pickaxe/erb_with_binding.rb
|
|
100
101
|
- lib/splunk/pickaxe/objects.rb
|
|
101
102
|
- lib/splunk/pickaxe/objects/alerts.rb
|
|
102
103
|
- lib/splunk/pickaxe/objects/dashboards.rb
|