contentctl 5.1.0__py3-none-any.whl → 5.3.0__py3-none-any.whl

contentctl/objects/correlation_search.py

@@ -1,35 +1,36 @@
+import json
 import logging
+import re
 import time
-import json
-from typing import Any
-from enum import StrEnum, IntEnum
+from enum import IntEnum, StrEnum
 from functools import cached_property
+from typing import Any
 
-from pydantic import ConfigDict, BaseModel, computed_field, Field, PrivateAttr
-from splunklib.results import JSONResultsReader, Message  # type: ignore
-from splunklib.binding import HTTPError, ResponseReader  # type: ignore
 import splunklib.client as splunklib  # type: ignore
+from pydantic import BaseModel, ConfigDict, Field, PrivateAttr, computed_field
+from splunklib.binding import HTTPError, ResponseReader  # type: ignore
+from splunklib.results import JSONResultsReader, Message  # type: ignore
 from tqdm import tqdm  # type: ignore
 
-from contentctl.objects.risk_analysis_action import RiskAnalysisAction
-from contentctl.objects.notable_action import NotableAction
-from contentctl.objects.base_test_result import TestResultStatus
-from contentctl.objects.integration_test_result import IntegrationTestResult
 from contentctl.actions.detection_testing.progress_bar import (
-    format_pbar_string,  # type: ignore
-    TestReportingType,
     TestingStates,
+    TestReportingType,
+    format_pbar_string,  # type: ignore
 )
+from contentctl.helper.utils import Utils
+from contentctl.objects.base_test_result import TestResultStatus
+from contentctl.objects.detection import Detection
 from contentctl.objects.errors import (
+    ClientError,
     IntegrationTestingError,
     ServerError,
-    ClientError,
     ValidationFailed,
 )
-from contentctl.objects.detection import Detection
-from contentctl.objects.risk_event import RiskEvent
+from contentctl.objects.integration_test_result import IntegrationTestResult
+from contentctl.objects.notable_action import NotableAction
 from contentctl.objects.notable_event import NotableEvent
-
+from contentctl.objects.risk_analysis_action import RiskAnalysisAction
+from contentctl.objects.risk_event import RiskEvent
 
 # Suppress logging by default; enable for local testing
 ENABLE_LOGGING = False
@@ -37,46 +38,6 @@ LOG_LEVEL = logging.DEBUG
 LOG_PATH = "correlation_search.log"
 
 
-def get_logger() -> logging.Logger:
-    """
-    Gets a logger instance for the module; logger is configured if not already configured. The
-    NullHandler is used to suppress loggging when running in production so as not to conflict w/
-    contentctl's larger pbar-based logging. The StreamHandler is enabled by setting ENABLE_LOGGING
-    to True (useful for debugging/testing locally)
-    """
-    # get logger for module
-    logger = logging.getLogger(__name__)
-
-    # set propagate to False if not already set as such (needed to that we do not flow up to any
-    # root loggers)
-    if logger.propagate:
-        logger.propagate = False
-
-    # if logger has no handlers, it needs to be configured for the first time
-    if not logger.hasHandlers():
-        # set level
-        logger.setLevel(LOG_LEVEL)
-
-        # if logging enabled, use a StreamHandler; else, use the NullHandler to suppress logging
-        handler: logging.Handler
-        if ENABLE_LOGGING:
-            handler = logging.FileHandler(LOG_PATH)
-        else:
-            handler = logging.NullHandler()
-
-        # Format our output
-        formatter = logging.Formatter(
-            "%(asctime)s - %(levelname)s:%(name)s - %(message)s"
-        )
-        handler.setFormatter(formatter)
-
-        # Set handler level and add to logger
-        handler.setLevel(LOG_LEVEL)
-        logger.addHandler(handler)
-
-    return logger
-
-
 class SavedSearchKeys(StrEnum):
     """
     Various keys into the SavedSearch content
@@ -135,34 +96,58 @@ class ResultIterator:
     Given a ResponseReader, constructs a JSONResultsReader and iterates over it; when Message instances are encountered,
     they are logged if the message is anything other than "error", in which case an error is raised. Regular results are
     returned as expected
+
     :param response_reader: a ResponseReader object
-    :param logger: a Logger object
+    :type response_reader: :class:`splunklib.binding.ResponseReader`
+    :param error_filters: set of re Patterns used to filter out errors we're ok ignoring
+    :type error_filters: list[:class:`re.Pattern[str]`]
     """
 
-    def __init__(self, response_reader: ResponseReader) -> None:
+    def __init__(
+        self, response_reader: ResponseReader, error_filters: list[re.Pattern[str]] = []
+    ) -> None:
         # init the results reader
         self.results_reader: JSONResultsReader = JSONResultsReader(response_reader)
 
+        # the list of patterns for errors to ignore
+        self.error_filters: list[re.Pattern[str]] = error_filters
+
         # get logger
-        self.logger: logging.Logger = get_logger()
+        self.logger: logging.Logger = Utils.get_logger(
+            __name__, LOG_LEVEL, LOG_PATH, ENABLE_LOGGING
+        )
 
     def __iter__(self) -> "ResultIterator":
         return self
 
-    def __next__(self) -> dict[Any, Any]:
+    def __next__(self) -> dict[str, Any]:
         # Use a reader for JSON format so we can iterate over our results
         for result in self.results_reader:
             # log messages, or raise if error
             if isinstance(result, Message):
                 # convert level string to level int
-                level_name = result.type.strip().upper()  # type: ignore
+                level_name: str = result.type.strip().upper()  # type: ignore
+                # TODO (PEX-510): this method is deprecated; replace with our own enum
                 level: int = logging.getLevelName(level_name)
 
                 # log message at appropriate level and raise if needed
                 message = f"SPLUNK: {result.message}"  # type: ignore
                 self.logger.log(level, message)
+                filtered = False
                 if level == logging.ERROR:
-                    raise ServerError(message)
+                    # if the error matches any of the filters, flag it
+                    for filter in self.error_filters:
+                        self.logger.debug(f"Filter: {filter}; message: {message}")
+                        if filter.match(message) is not None:
+                            self.logger.debug(
+                                f"Error matched filter {filter}; continuing"
+                            )
+                            filtered = True
+                            break
+
+                    # if no filter was matched, raise
+                    if not filtered:
+                        raise ServerError(message)
 
             # if dict, just return
             elif isinstance(result, dict):
@@ -218,7 +203,12 @@ class CorrelationSearch(BaseModel):
 
     # The logger to use (logs all go to a null pipe unless ENABLE_LOGGING is set to True, so as not
     # to conflict w/ tqdm)
-    logger: logging.Logger = Field(default_factory=get_logger, init=False)
+    logger: logging.Logger = Field(
+        default_factory=lambda: Utils.get_logger(
+            __name__, LOG_LEVEL, LOG_PATH, ENABLE_LOGGING
+        ),
+        init=False,
+    )
 
     # The set of indexes to clear on cleanup
     indexes_to_purge: set[str] = Field(default=set(), init=False)

contentctl/objects/dashboard.py

@@ -4,9 +4,10 @@ from enum import StrEnum
 from typing import Any
 
 from jinja2 import Environment
-from pydantic import Field, Json, model_validator
+from pydantic import Field, Json, field_validator, model_validator
 
 from contentctl.objects.config import build
+from contentctl.objects.enums import ContentStatus
 from contentctl.objects.security_content_object import SecurityContentObject
 
 DEFAULT_DASHBOARD_JINJA2_TEMPLATE = """<dashboard version="2" theme="{{ dashboard.theme }}">
@@ -48,6 +49,19 @@ class Dashboard(SecurityContentObject):
     json_obj: Json[dict[str, Any]] = Field(
         ..., description="Valid JSON object that describes the dashboard"
     )
+    status: ContentStatus = ContentStatus.production
+
+    @field_validator("status", mode="after")
+    @classmethod
+    def NarrowStatus(cls, status: ContentStatus) -> ContentStatus:
+        return cls.NarrowStatusTemplate(status, [ContentStatus.production])
+
+    def label(self, config: build) -> str:
+        return f"{config.app.label} - {self.name}"
+
+    @classmethod
+    def containing_folder(cls) -> pathlib.Path:
+        return pathlib.Path("dashboards")
 
     @model_validator(mode="before")
     @classmethod

contentctl/objects/data_source.py

@@ -1,9 +1,11 @@
 from __future__ import annotations
 
+import pathlib
 from typing import Any, Optional
 
-from pydantic import BaseModel, Field, HttpUrl, model_serializer
+from pydantic import BaseModel, Field, HttpUrl, field_validator, model_serializer
 
+from contentctl.objects.enums import ContentStatus
 from contentctl.objects.security_content_object import SecurityContentObject
 
 
@@ -17,13 +19,25 @@ class DataSource(SecurityContentObject):
     source: str = Field(...)
     sourcetype: str = Field(...)
     separator: Optional[str] = None
+    separator_value: None | str = None
     configuration: Optional[str] = None
     supported_TA: list[TA] = []
     fields: None | list = None
     field_mappings: None | list = None
+    mitre_components: list[str] = []
     convert_to_log_source: None | list = None
     example_log: None | str = None
     output_fields: list[str] = []
+    status: ContentStatus = ContentStatus.production
+
+    @field_validator("status", mode="after")
+    @classmethod
+    def NarrowStatus(cls, status: ContentStatus) -> ContentStatus:
+        return cls.NarrowStatusTemplate(status, [ContentStatus.production])
+
+    @classmethod
+    def containing_folder(cls) -> pathlib.Path:
+        return pathlib.Path("data_sources")
 
     @model_serializer
     def serialize_model(self):

contentctl/objects/deployment.py

@@ -1,19 +1,23 @@
 from __future__ import annotations
+
+import datetime
+import pathlib
+import uuid
+from typing import Any
+
 from pydantic import (
     Field,
-    computed_field,
+    NonNegativeInt,
     ValidationInfo,
+    computed_field,
+    field_validator,
     model_serializer,
-    NonNegativeInt,
 )
-from typing import Any
-import uuid
-import datetime
-from contentctl.objects.security_content_object import SecurityContentObject
-from contentctl.objects.deployment_scheduling import DeploymentScheduling
-from contentctl.objects.alert_action import AlertAction
 
-from contentctl.objects.enums import DeploymentType
+from contentctl.objects.alert_action import AlertAction
+from contentctl.objects.deployment_scheduling import DeploymentScheduling
+from contentctl.objects.enums import ContentStatus, DeploymentType
+from contentctl.objects.security_content_object import SecurityContentObject
 
 
 class Deployment(SecurityContentObject):
@@ -22,6 +26,12 @@ class Deployment(SecurityContentObject):
     type: DeploymentType = Field(...)
     author: str = Field(..., max_length=255)
     version: NonNegativeInt = 1
+    status: ContentStatus = ContentStatus.production
+
+    @field_validator("status", mode="after")
+    @classmethod
+    def NarrowStatus(cls, status: ContentStatus) -> ContentStatus:
+        return cls.NarrowStatusTemplate(status, [ContentStatus.production])
 
     # Type was the only tag exposed and should likely be removed/refactored.
     # For transitional reasons, provide this as a computed_field in prep for removal
@@ -30,6 +40,10 @@ class Deployment(SecurityContentObject):
     def tags(self) -> dict[str, DeploymentType]:
         return {"type": self.type}
 
+    @classmethod
+    def containing_folder(cls) -> pathlib.Path:
+        return pathlib.Path("deployments")
+
     @staticmethod
     def getDeployment(v: dict[str, Any], info: ValidationInfo) -> Deployment:
         if v != {}:

contentctl/objects/detection.py

@@ -1,4 +1,5 @@
 from __future__ import annotations
+
 from contentctl.objects.abstract_security_content_objects.detection_abstract import (
     Detection_Abstract,
 )
@@ -16,3 +17,4 @@ class Detection(Detection_Abstract):
     # undefined issues with the contentctl tooling
     # or output of the tooling.
     pass
+    pass

contentctl/objects/enums.py

@@ -1,6 +1,7 @@
 from __future__ import annotations
+
+from enum import StrEnum, auto
 from typing import List
-from enum import StrEnum, IntEnum
 
 
 class AnalyticsType(StrEnum):
@@ -46,18 +47,21 @@ class PlaybookType(StrEnum):
     RESPONSE = "Response"
 
 
-class SecurityContentType(IntEnum):
-    detections = 1
-    baselines = 2
-    stories = 3
-    playbooks = 4
-    macros = 5
-    lookups = 6
-    deployments = 7
-    investigations = 8
-    unit_tests = 9
-    data_sources = 11
-    dashboards = 12
+class SecurityContentType(StrEnum):
+    detection = auto()
+    baseline = auto()
+    story = auto()
+    playbook = auto()
+    macro = auto()
+    lookup = auto()
+    deployment = auto()
+    investigation = auto()
+    unit_test = auto()
+    data_source = auto()
+    dashboard = auto()
+
+
+# Create a mapping to map the type of content to the directory which stores it
 
 
 # Bringing these changes back in line will take some time after
@@ -87,11 +91,17 @@ class SecurityContentInvestigationProductName(StrEnum):
     SPLUNK_PHANTOM = "Splunk Phantom"
 
 
-class DetectionStatus(StrEnum):
-    production = "production"
-    deprecated = "deprecated"
-    experimental = "experimental"
-    validation = "validation"
+class ContentStatus(StrEnum):
+    experimental = auto()
+    production = auto()
+    deprecated = auto()
+    removed = auto()
+
+
+CONTENT_STATUS_THAT_REQUIRES_DEPRECATION_INFO = [
+    ContentStatus.deprecated,
+    ContentStatus.removed,
+]
 
 
 class LogLevel(StrEnum):

contentctl/objects/investigation.py

@@ -1,9 +1,16 @@
 from __future__ import annotations
 
+import pathlib
 import re
-from typing import Any, List, Literal
-
-from pydantic import ConfigDict, Field, computed_field, model_serializer
+from typing import Any, List
+
+from pydantic import (
+    ConfigDict,
+    Field,
+    computed_field,
+    field_validator,
+    model_serializer,
+)
 
 from contentctl.objects.config import CustomApp
 from contentctl.objects.constants import (
@@ -11,7 +18,7 @@ from contentctl.objects.constants import (
     CONTENTCTL_MAX_STANZA_LENGTH,
     CONTENTCTL_RESPONSE_TASK_NAME_FORMAT_TEMPLATE,
 )
-from contentctl.objects.enums import DataModel, DetectionStatus
+from contentctl.objects.enums import ContentStatus, DataModel
 from contentctl.objects.investigation_tags import InvestigationTags
 from contentctl.objects.security_content_object import SecurityContentObject
 
@@ -24,7 +31,16 @@ class Investigation(SecurityContentObject):
     how_to_implement: str = Field(...)
     known_false_positives: str = Field(...)
     tags: InvestigationTags
-    status: Literal[DetectionStatus.production, DetectionStatus.deprecated]
+    status: ContentStatus
+
+    @field_validator("status", mode="after")
+    @classmethod
+    def NarrowStatus(cls, status: ContentStatus) -> ContentStatus:
+        return cls.NarrowStatusTemplate(status, [ContentStatus.removed])
+
+    @classmethod
+    def containing_folder(cls) -> pathlib.Path:
+        return pathlib.Path("investigations")
 
     # enrichment
     @computed_field
@@ -62,18 +78,8 @@ class Investigation(SecurityContentObject):
 
     # This is a slightly modified version of the get_conf_stanza_name function from
     # SecurityContentObject_Abstract
-    def get_response_task_name(
-        self, app: CustomApp, max_stanza_length: int = CONTENTCTL_MAX_STANZA_LENGTH
-    ) -> str:
-        stanza_name = CONTENTCTL_RESPONSE_TASK_NAME_FORMAT_TEMPLATE.format(
-            app_label=app.label, detection_name=self.name
-        )
-        if len(stanza_name) > max_stanza_length:
-            raise ValueError(
-                f"conf stanza may only be {max_stanza_length} characters, "
-                f"but stanza was actually {len(stanza_name)} characters: '{stanza_name}' "
-            )
-        return stanza_name
+    def get_response_task_name(self, app: CustomApp) -> str:
+        return self.static_get_conf_stanza_name(self.name, app)
 
     @model_serializer
     def serialize_model(self):
@@ -103,6 +109,20 @@ class Investigation(SecurityContentObject):
         # back to itself
         for story in self.tags.analytic_story:
             story.investigations.append(self)
-        # back to itself
-        for story in self.tags.analytic_story:
-            story.investigations.append(self)
+
+    @classmethod
+    def static_get_conf_stanza_name(
+        cls,
+        name: str,
+        app: CustomApp,
+        max_stanza_length: int = CONTENTCTL_MAX_STANZA_LENGTH,
+    ) -> str:
+        stanza_name = CONTENTCTL_RESPONSE_TASK_NAME_FORMAT_TEMPLATE.format(
+            app_label=app.label, detection_name=name
+        )
+        if len(stanza_name) > max_stanza_length:
+            raise ValueError(
+                f"conf stanza may only be {max_stanza_length} characters, "
+                f"but stanza was actually {len(stanza_name)} characters: '{stanza_name}' "
+            )
+        return stanza_name

contentctl/objects/lookup.py

@@ -2,15 +2,18 @@ from __future__ import annotations
 
 import abc
 import csv
+import datetime
 import pathlib
 import re
 from enum import StrEnum, auto
 from functools import cached_property
-from typing import TYPE_CHECKING, Annotated, Any, Literal, Optional, Self
+from typing import TYPE_CHECKING, Annotated, Any, Literal, Self
 
 from pydantic import (
+    BeforeValidator,
     Field,
     FilePath,
+    HttpUrl,
     NonNegativeInt,
     TypeAdapter,
     ValidationInfo,
@@ -24,6 +27,9 @@ if TYPE_CHECKING:
     from contentctl.input.director import DirectorOutputDto
     from contentctl.objects.config import validate
 
+from io import StringIO, TextIOBase
+
+from contentctl.objects.enums import ContentStatus
 from contentctl.objects.security_content_object import SecurityContentObject
 
 # This section is used to ignore lookups that are NOT  shipped with ESCU app but are used in the detections. Adding exclusions here will so that contentctl builds will not fail.
@@ -69,7 +75,19 @@ class Lookup_Type(StrEnum):
 
 # TODO (#220): Split Lookup into 2 classes
 class Lookup(SecurityContentObject, abc.ABC):
-    default_match: Optional[bool] = None
+    # We need to make sure that this is converted to a string because we widely
+    # use the string "False" in our lookup content.  However, PyYAML reads this
+    # as a BOOL and this causes parsing to fail. As such, we will always
+    # convert this to a string if it is passed as a bool
+    default_match: Annotated[
+        str, BeforeValidator(lambda dm: str(dm).lower() if isinstance(dm, bool) else dm)
+    ] = Field(
+        default="",
+        description="This field is given a default value of ''"
+        "because it is the default value specified in the transforms.conf "
+        "docs. Giving it a type of str rather than str | None simplifies "
+        "the typing for the field.",
+    )
     # Per the documentation for transforms.conf, EXACT should not be specified in this list,
     # so we include only WILDCARD and CIDR
     match_type: list[Annotated[str, Field(pattern=r"(^WILDCARD|CIDR)\(.+\)$")]] = Field(
@@ -80,6 +98,16 @@ class Lookup(SecurityContentObject, abc.ABC):
         default=None
     )
     case_sensitive_match: None | bool = Field(default=None)
+    status: ContentStatus = ContentStatus.production
+
+    @field_validator("status", mode="after")
+    @classmethod
+    def NarrowStatus(cls, status: ContentStatus) -> ContentStatus:
+        return cls.NarrowStatusTemplate(status, [ContentStatus.production])
+
+    @classmethod
+    def containing_folder(cls) -> pathlib.Path:
+        return pathlib.Path("lookups")
 
     @model_serializer
     def serialize_model(self):
@@ -88,7 +116,7 @@ class Lookup(SecurityContentObject, abc.ABC):
 
         # All fields custom to this model
         model = {
-            "default_match": "true" if self.default_match is True else "false",
+            "default_match": self.default_match,
             "match_type": self.match_type_to_conf_format,
             "min_matches": self.min_matches,
             "max_matches": self.max_matches,
@@ -161,6 +189,13 @@ class Lookup(SecurityContentObject, abc.ABC):
 
         return list(all_lookups)
 
+    @computed_field
+    @cached_property
+    def researchSiteLink(self) -> HttpUrl:
+        raise NotImplementedError(
+            f"researchSiteLink has not been implemented for [{type(self).__name__} - {self.name}]"
+        )
+
 
 class FileBackedLookup(Lookup, abc.ABC):
     # For purposes of the disciminated union, the child classes which
@@ -193,6 +228,10 @@ class FileBackedLookup(Lookup, abc.ABC):
         """
         pass
 
+    @property
+    def content_file_handle(self) -> TextIOBase:
+        return open(self.filename, "r")
+
 
 class CSVLookup(FileBackedLookup):
     lookup_type: Literal[Lookup_Type.csv]
@@ -232,8 +271,9 @@ class CSVLookup(FileBackedLookup):
         This function computes the filenames to write into the app itself.  This is abstract because
         CSV and MLmodel requirements are different.
         """
+
         return pathlib.Path(
-            f"{self.filename.stem}_{self.date.year}{self.date.month:02}{self.date.day:02}.{self.lookup_type}"
+            f"{self.name}_{self.date.year}{self.date.month:02}{self.date.day:02}.{self.lookup_type}"
         )
 
     @model_validator(mode="after")
@@ -243,9 +283,11 @@ class CSVLookup(FileBackedLookup):
         # If a row has MORE fields than fieldnames, they will be dumped in a list under the key 'restkey' - this should throw an Exception
         # If a row has LESS fields than fieldnames, then the field should contain None by default. This should also throw an exception.
         csv_errors: list[str] = []
-        with open(self.filename, "r") as csv_fp:
-            RESTKEY = "extra_fields_in_a_row"
-            csv_dict = csv.DictReader(csv_fp, restkey=RESTKEY)
+
+        RESTKEY = "extra_fields_in_a_row"
+        with self.content_file_handle as handle:
+            csv_dict = csv.DictReader(handle, restkey=RESTKEY)
+
             if csv_dict.fieldnames is None:
                 raise ValueError(
                     f"Error validating the CSV referenced by the lookup: {self.filename}:\n\t"
@@ -278,6 +320,28 @@ class CSVLookup(FileBackedLookup):
         return self
 
 
+class RuntimeCSV(CSVLookup):
+    contents: str = Field(
+        description="This field contains the contents that would usually "
+        "be written to a CSV file. However, we store these in memory, "
+        "rather than on disk, to avoid needing to create a CSV file "
+        "before copying it into the app build."
+    )
+    # Since these are defined at runtime, they always have
+    # a date of today
+    date: datetime.date = Field(default=datetime.date.today())
+
+    @model_validator(mode="after")
+    def ensure_lookup_file_exists(self) -> Self:
+        # Because the contents of this file are created at runtime, it does
+        # not actually need to exist. As such, we do not validate it
+        return self
+
+    @property
+    def content_file_handle(self) -> TextIOBase:
+        return StringIO(self.contents)
+
+
 class KVStoreLookup(Lookup):
     lookup_type: Literal[Lookup_Type.kvstore]
     fields: list[str] = Field(
@@ -351,6 +415,11 @@ class MlModel(FileBackedLookup):
         return pathlib.Path(f"{self.filename.stem}.{self.lookup_type}")
 
 
-LookupAdapter = TypeAdapter(
+LookupAdapter: TypeAdapter[CSVLookup | KVStoreLookup | MlModel] = TypeAdapter(
     Annotated[CSVLookup | KVStoreLookup | MlModel, Field(discriminator="lookup_type")]
 )
+
+# The following are defined as they are used by the Director.  For normal SecurityContentObject
+# types, they already exist. But do not for the TypeAdapter
+setattr(LookupAdapter, "containing_folder", lambda: "lookups")
+setattr(LookupAdapter, "__name__", "Lookup")

contentctl/objects/macro.py

@@ -1,14 +1,19 @@
 # Used so that we can have a staticmethod that takes the class
 # type Macro as an argument
 from __future__ import annotations
-from typing import TYPE_CHECKING, List
+
+import datetime
+import pathlib
 import re
-from pydantic import Field, model_serializer, NonNegativeInt
 import uuid
-import datetime
+from typing import TYPE_CHECKING, List
+
+from pydantic import Field, NonNegativeInt, field_validator, model_serializer
 
 if TYPE_CHECKING:
     from contentctl.input.director import DirectorOutputDto
+
+from contentctl.objects.enums import ContentStatus
 from contentctl.objects.security_content_object import SecurityContentObject
 
 # The following macros are included in commonly-installed apps.
@@ -28,9 +33,19 @@ class Macro(SecurityContentObject):
     arguments: List[str] = Field([])
     # TODO: Add id field to all macro ymls
     id: uuid.UUID = Field(default_factory=uuid.uuid4)
-    date: datetime.date = Field(datetime.date.today())
+    date: datetime.date = Field(default=datetime.date.today())
     author: str = Field("NO AUTHOR DEFINED", max_length=255)
     version: NonNegativeInt = 1
+    status: ContentStatus = ContentStatus.production
+
+    @field_validator("status", mode="after")
+    @classmethod
+    def NarrowStatus(cls, status: ContentStatus) -> ContentStatus:
+        return cls.NarrowStatusTemplate(status, [ContentStatus.production])
+
+    @classmethod
+    def containing_folder(cls) -> pathlib.Path:
+        return pathlib.Path("macros")
 
     @model_serializer
     def serialize_model(self):