def __init__(self,
appname,
uri,
session_key,
service_with_tab_context=None):
self.__appname = appname
self.__logger = logger.get_input_builder_logger()
self.__uri = uri
self.__session_key = session_key
self.__conf_mgr_with_tab_context = common_util.create_conf_mgr(
self.__session_key, self.__uri)
self.__default_input_properties = {
"index": "default",
"sourcetype": "{}_sourcetype".format(self.__appname),
"interval": 60,
"use_external_validation": True,
"streaming_mode_xml": True,
}
if not service_with_tab_context:
service_with_tab_context = common_util.create_splunk_service(
session_key, uri)
self.__service_with_tab_context = service_with_tab_context
self.__meta_mgr = meta_manager.create_meta_manager(
session_key, uri, meta_const.DATA_INPUT_BUILDER, self.__appname)
self.required_meta_keys = ['name', 'type', 'sourcetype']
self.__alert_builder = None
def __init__(self, conf):
self.conf = conf
self.app_name = conf.get("app_name")
self.checkpoint_dir = conf.get("checkpoint_dir")
self.sourcetype = conf.get("name").replace("field_extraction_mi://",
"").strip()
self.checkpoint_file = self._get_checkpoint_file()
self.tmp_mgr = temp_manager.TempManager()
self.loader = RegexLoader()
self.splunk_endpoint = conf.get("server_uri")
self.splunk_session_key = conf.get("session_key")
self.extraction_builder = TAExtractionBuilder(self.splunk_endpoint,
self.splunk_session_key,
self.app_name)
self.batch_size = conf.get("batch_size")
if self.batch_size > 10000:
_LOGGER.warn(
"The event batch size is {} > 10000, use 10000".format(
self.batch_size))
self.batch_size = 10000
self.meta_mgr = meta_manager.create_meta_manager(
conf.get("session_key"), conf.get("server_uri"),
meta_const.FIELD_EXTRACT_BUILDER, self.app_name)
def __init__(self,
splunk_uri,
session_key,
app_name,
service_with_tab_context=None,
service_with_ta_context=None):
_LOGGER.info("Init Splunk Regex Loader...")
self.splunk_endpoint = splunk_uri
self.splunk_session_key = session_key
self.app_name = app_name
if service_with_ta_context:
self.service = service_with_ta_context
else:
self.service = common_util.create_splunk_service(
session_key, splunk_uri, app_name)
if service_with_tab_context:
self.service_with_tab_context = service_with_tab_context
else:
self.service_with_tab_context = common_util.create_splunk_service(
session_key, splunk_uri)
self.meta_mgr = meta_manager.create_meta_manager(
session_key, splunk_uri, meta_const.FIELD_EXTRACT_BUILDER,
app_name)
self.tab_conf_mgr = tab_conf_manager.create_tab_conf_manager(
session_key, splunk_uri, app_name)
self.internal_conf_mgr = tab_conf_manager.create_tab_conf_manager(
session_key, splunk_uri, builder_constant.ADDON_BUILDER_APP_NAME)
self.event_mgr = meta_manager_event.EventMetaManager(
self.splunk_endpoint,
self.splunk_session_key,
service=self.service_with_tab_context)
def current_creating_app(self, action, **params):
# POST
cl = cherrypy.request.headers["Content-Length"]
raw_body = cherrypy.request.body.read(int(cl))
app_context = json.loads(raw_body)
app_name = app_context.get('app_name', '')
if app_name:
controller_util.set_current_ta_project(app_name)
else:
controller_util.delete_current_ta_project()
app_display_name = app_context.get('app_display_name', '')
controller_util.set_current_ta_display_name(app_display_name)
# default is built by tabuilder
built = app_context.get('built', 'yes')
controller_util.set_built_flag(built)
if app_name:
mgr = meta_manager.create_meta_manager(
cherrypy.session.get("sessionKey"), scc.getMgmtUri(),
meta_const.APP_CONTEXT, app_name)
return self.render_json({
'app_name':
app_name,
'app_display_name':
app_display_name,
'built':
built,
'cookies':
controller_util.format_response_cookie()
})
def __init__(self,
app_name,
splunk_uri,
splunk_session_key,
service_with_tab_context=None,
service_with_ta_context=None):
self.splunk_uri = splunk_uri
self.splunk_session_key = splunk_session_key
self.meta_mgr = meta_manager.create_meta_manager(splunk_session_key, splunk_uri, SOURCETYPE_BUILDER, app_name)
self.tab_conf_mgr = tab_conf_manager.create_tab_conf_manager(splunk_session_key, splunk_uri, app_name)
self._app = app_name
if not service_with_tab_context:
service_with_tab_context = common_util.create_splunk_service(splunk_session_key, splunk_uri)
self.service_with_tab_context = service_with_tab_context
def __init__(self,
appname,
uri,
session_key,
service_with_tab_context=None,
service_with_ta_context=None):
self.__appname = appname
self.__app_namespace = common_util.get_python_lib_dir_name(
self.__appname)
self.__logger = logger.get_alert_builder_logger()
self.__parent_dir = os.path.split(os.path.realpath(__file__))[0]
self.__resource_dir = os.path.join(self.__parent_dir, "resources")
self.__resource_lib_dir = os.path.join(self.__parent_dir,
"resources_lib")
self.__splunk_home = os.environ['SPLUNK_HOME']
self.__splunk_app_dir = os.path.join(self.__splunk_home, "etc", "apps")
self.__current_ta_dir = os.path.join(self.__splunk_app_dir,
self.__appname)
self.__asset_generator = ta_static_asset_generator.AssetGenerator(
self.__resource_dir,
self.__current_ta_dir,
self.__resource_lib_dir,
app_name=self.__appname)
self.__uri = uri
self.__session_key = session_key
if service_with_ta_context:
self.__service_with_ta_context = service_with_ta_context
else:
self.__service_with_ta_context = common_util.create_splunk_service(
session_key, uri, self.__appname)
self.__conf_mgr = common_util.create_conf_mgr(self.__session_key,
self.__uri,
app=self.__appname)
self.__conf_mgr_with_tab_context = common_util.create_conf_mgr(
self.__session_key, self.__uri)
if not service_with_tab_context:
service_with_tab_context = common_util.create_splunk_service(
session_key, uri)
self.__service_with_tab_context = service_with_tab_context
self.__meta_mgr = meta_manager.create_meta_manager(
session_key, uri, meta_const.ALERT_ACTION_BUILER, self.__appname)
self.required_meta_keys = ['name', 'type', 'sourcetype']
self.__global_vars = None
self.__basic_builder = TABasicBuilder(self.__appname, uri,
session_key,
self.__service_with_tab_context,
self.__service_with_ta_context)
def __init__(self, splunk_uri, session_key, app_name):
self.splunk_uri = splunk_uri
self.session_key = session_key
self.app_name = app_name
self.service = common_util.create_splunk_service(
session_key, splunk_uri, app_name)
self.meta_mgr = meta_manager.create_meta_manager(
session_key, splunk_uri, meta_const.TA_VALIDATION_NS, app_name)
self.conf_mgr = tab_conf_manager.create_tab_conf_manager(
session_key, splunk_uri, app_name)
self.tab_conf_mgr = tab_conf_manager.create_tab_conf_manager(
session_key, splunk_uri, builder_constant.ADDON_BUILDER_APP_NAME)
self.engine = Engine(splunk_uri, session_key)
self.engine.start()
self.ta_folder = None
def __init__(self, conf):
self.conf = conf
self.checkpoint_dir = conf.get("checkpoint_dir")
self.app_name = conf.get("name").replace("validation_mi://",
"").strip()
self.checkpoint_file = os.path.join(self.checkpoint_dir, self.app_name)
self.splunk_endpoint = conf.get("server_uri")
self.splunk_session_key = conf.get("session_key")
self.validators = re.split(r"\s*,\s*", conf.get("validators", ""))
self.vid = conf.get("validation_id")
self.validation_builder = TAValidationBuilder(self.splunk_endpoint,
self.splunk_session_key,
self.app_name)
self.meta_mgr = meta_manager.create_meta_manager(
conf.get("session_key"), conf.get("server_uri"),
meta_const.VALIDATION_BUILDER, self.app_name)
def __init__(self,
appname,
splunkd_uri,
session_key,
service_with_tab_context=None,
service_with_ta_context=None,
):
self.appname = appname
self.splunkd_uri = splunkd_uri
self.session_key = session_key
if service_with_ta_context:
self.service = service_with_ta_context
else:
self.service = common_util.create_splunk_service(session_key, splunkd_uri, appname)
if not service_with_tab_context:
service_with_tab_context = common_util.create_splunk_service(session_key, splunkd_uri)
self.meta_mgr = meta_manager.create_meta_manager(session_key, splunkd_uri, meta_const.CIM_MAPPING_BUILDER, appname)
self.conf_mgr = common_util.create_conf_mgr(session_key, splunkd_uri, self.appname)
self.tab_conf_mgr = tab_conf_manager.create_tab_conf_manager(session_key, splunkd_uri, appname)
self.tab_conf_mgr_with_tab_context = tab_conf_manager.create_tab_conf_manager(session_key, splunkd_uri, builder_constant.ADDON_BUILDER_APP_NAME)
def delete_app(service, app_name, splunk_uri, splunk_session):
if app_name in APP_BLACK_LIST:
emsg = "{} is in blacklist. It can not be deleted.".format(app_name)
_logger.warning(emsg)
raise builder_exception.CommonException(err_code=46,
e_message=emsg,
options={'app': app_name})
if not meta_manager.MetaManager.is_app_created_by_aob(service, app_name):
emsg = "{} is not created by add-on builder. It can not be deleted.".format(
app_name)
_logger.warning(emsg)
raise builder_exception.CommonException(err_code=47,
e_message=emsg,
options={'app': app_name})
app_dir = os.path.join(app_path, app_name)
if os.path.isdir(app_dir):
common_util.delete_app(service, app_name)
if os.path.isdir(app_dir):
shutil.rmtree(app_dir)
else:
_logger.info(
"app dir %s does not exist. Deleting this app just remove it from meta.",
app_name)
# remove all the events of sourcetypes
event_mgr = meta_manager_event.EventMetaManager(splunk_uri,
splunk_session,
service=service)
meta_mgr = meta_manager.create_meta_manager(
splunk_session, splunk_uri, meta_const.FIELD_EXTRACT_BUILDER, app_name)
meta = meta_mgr.get_app_meta_data() or {}
for sourcetype in list(meta.keys()):
event_mgr.remove_events(sourcetype)
success = meta_manager.MetaManager.delete_app(service, app_name)
return success
def __init__(self,
appname,
uri=None,
session_key=None,
service_with_tab_context=None):
if common_util.contain_reserved_chars(appname):
ce = CommonException()
ce.set_err_code(2015)
raise ce
self.__splunk_uri = uri
self.__splunk_session_key = session_key
self.__appname = appname
self.__logger = logger.get_generator_logger()
self.__parent_dir = os.path.split(os.path.realpath(__file__))[0]
self.__resource_dir = os.path.join(self.__parent_dir, "resources")
self.__resource_lib_dir = os.path.join(self.__parent_dir,
"resources_lib")
self.__splunk_home = os.environ['SPLUNK_HOME']
self.__splunk_app_dir = os.path.join(self.__splunk_home, "etc", "apps")
if service_with_tab_context:
self.__service_with_tab_context = service_with_tab_context
else:
self.__service_with_tab_context = common_util.create_splunk_service(
session_key, uri, builder_constant.ADDON_BUILDER_APP_NAME)
self.__service_with_ta_context = common_util.create_splunk_service(
session_key, uri, self.__appname)
self.__basic_builder = TABasicBuilder(self.__appname, uri, session_key,
self.__service_with_tab_context,
self.__service_with_ta_context)
self.__input_builder = TAInputBuilder(self.__appname, uri, session_key,
self.__service_with_tab_context,
self.__service_with_ta_context)
self.__cim_builder = TACIMBuilder(self.__appname, uri, session_key,
self.__service_with_tab_context,
self.__service_with_ta_context)
self.__st_builder = TASourcetypeBuilder(
appname, uri, session_key, self.__service_with_tab_context,
self.__service_with_ta_context)
self.__extraction_builder = TAExtractionBuilder(
uri, session_key, appname, self.__service_with_tab_context,
self.__service_with_ta_context)
self.__alert_builder = TAAlertBuilder(self.__appname, uri, session_key,
self.__service_with_tab_context,
self.__service_with_ta_context)
self.__ta_configuration_builder = TAConfigurationBuilder(
self.__appname, self.__service_with_tab_context,
self.__service_with_ta_context)
self.__tab_conf_mgr = tab_conf_manager.create_tab_conf_manager(
session_key, uri, appname)
self.__builder_name_const = {
'BASIC_BUILDER': 'BASIC_BUILDER',
'INPUT_BUILDER': 'INPUT_BUILDER',
'SETUP_BUILDER': 'SETUP_BUILDER',
'CIM_BUILDER': 'CIM_BUILDER'
}
self.__basic_builder_meta_mgr = meta_manager.create_meta_manager(
session_key, uri, meta_const.BASIC_BUILDER, self.__appname)
self.__inputs_builder_meta_mgr = meta_manager.create_meta_manager(
session_key, uri, meta_const.DATA_INPUT_BUILDER, self.__appname)
self.__field_extract_builder_meta_mgr = meta_manager.create_meta_manager(
session_key, uri, meta_const.FIELD_EXTRACT_BUILDER, self.__appname)
self.__input_builder.set_alert_builder(self.__alert_builder)
self.__upgrade_methods = {
'1.0.1': {
'function': 'upgrade_from_1_0_1_to_1_1_0',
'next': '1.1.0'
},
'1.1.0': {
'function': 'upgrade_from_1_1_0_to_2_0_0',
'next': '2.0.0'
},
'2.0.0': {
'function': 'upgrade_from_2_0_0_to_2_1_0',
'next': '2.1.0'
},
'2.1.0': {
'function': 'upgrade_from_2_1_0_to_2_1_1',
'next': '2.1.1'
},
'2.1.1': {
'function': 'upgrade_from_2_1_1_to_2_1_2',
'next': '2.1.2'
},
'2.1.2': {
'function': 'upgrade_from_2_1_2_to_2_2_0',
'next': '2.2.0'
},
'2.2.0': {
'function': 'upgrade_from_2_2_0_to_3_0_0',
'next': '3.0.0'
}
}
def __init__(self, appname, service_with_tab_context):
self._meta_mgr = meta_manager.create_meta_manager(
service_with_tab_context.token,
common_util.get_splunkd_uri(service_with_tab_context),
meta_const.BASIC_BUILDER, appname)
self._cached_meta = None
def app_meta_exist(splunk_uri, session_key, app_name):
mgr = meta_manager.create_meta_manager(session_key, splunk_uri, meta_const.BASIC_BUILDER, app_name)
meta = mgr.get_app_meta_data()
return meta is not None
def create(self, action, **params):
session_key = cherrypy.session.get("sessionKey")
splunkd_uri = scc.getMgmtUri()
if cherrypy.request.method == 'POST':
response_dict = {}
cl = cherrypy.request.headers["Content-Length"]
raw_body = cherrypy.request.body.read(int(cl))
meta = json.loads(raw_body)
err_code = 0
err_app = ''
try:
app_name = meta['projectName']
pre_app_name = meta['previousProjectName']
friendly_name = meta['friendlyName']
# construct the meta for builder
builder_meta = {
"appname": app_name,
"friendly_name": friendly_name,
"version": meta.get('projectVersion', ''),
"author": meta.get('projectAuthor', ''),
"description": meta.get('projectDescription', ''),
"theme": meta.get('themeColor', ''),
"large_icon": meta.get('largeIcon', ''),
"small_icon": meta.get('smallIcon', ''),
"visible": meta.get('visible', 0) == 1
}
if not pre_app_name:
logger.info("TA builder creates app with meta: %s",
builder_meta)
err_code = 2002
err_app = app_name
response_dict['resp_status'] = 'creation_fail'
app_builder = builder.TABuilder(app_name, splunkd_uri,
session_key)
app_builder.generate_TA(builder_meta)
response_dict['resp_status'] = 'creation_success'
else:
if pre_app_name == app_name:
logger.info("TA builder update app with meta: %s",
builder_meta)
err_code = 2003
err_app = app_name
response_dict['resp_status'] = 'update_fail'
app_builder = builder.TABuilder(app_name, splunkd_uri,
session_key)
app_builder.update_TA_basic(builder_meta)
response_dict['resp_status'] = 'update_success'
else:
# rename the app
err_code = 2004
err_app = pre_app_name
app_builder = builder.TABuilder(
pre_app_name, splunkd_uri, session_key)
response_dict['resp_status'] = 'rename_fail'
app_builder.update_TA_name(builder_meta)
response_dict['resp_status'] = 'rename_success'
# update the cookie if success
controller_util.set_current_ta_project(app_name)
controller_util.set_current_ta_display_name(friendly_name)
response_dict["cookies"] = controller_util.format_response_cookie()
mgr = meta_manager.create_meta_manager(session_key, splunkd_uri, meta_const.APP_CONTEXT, app_name)
return self.render_json(response_dict)
except CommonException as ce:
logger.error("Error when create app. %s",
traceback.format_exc())
response_dict['err_code'] = ce.get_err_code()
response_dict['err_args'] = ce.get_options()
response_dict['cookies'] = controller_util.format_response_cookie()
return self.render_json(response_dict)
except Exception as e:
logger.error("Error when create app. %s",
traceback.format_exc())
response_dict['err_code'] = err_code
response_dict['err_args'] = {'reason': str(e),
'app_name': err_app}
response_dict['cookies'] = controller_util.format_response_cookie()
return self.render_json(response_dict)
else:
try:
if 'app_name' in params:
app = params['app_name']
if app == "":
# return the empty json
return self.render_json({})
else:
app_builder = builder.TABuilder(app, splunkd_uri,
session_key)
meta = app_builder.get_TA_basic_meta()
if meta:
friendly_name = meta.get('friendly_name', '')
controller_util.set_current_ta_project(app)
controller_util.set_current_ta_display_name(friendly_name)
result = {
'previousProjectName': app,
'projectName': app,
'friendlyName': friendly_name,
'projectVersion': meta.get('version', ''),
'projectAuthor': meta.get('author', ''),
'projectDescription': meta.get('description', ''),
'visible': 1 if meta.get('visible', False) else 0
}
if meta.get('theme', None):
result['themeColor'] = meta['theme']
if meta.get('large_icon', None):
result['largeIcon'] = meta['large_icon']
if meta.get('small_icon', None):
result['smallIcon'] = meta['small_icon']
service = common_util.create_splunk_service(session_key, splunkd_uri)
globalsetting_meta = ta_configuration_meta.GlobalSettingMeta(app, service)
result['isSetupEnabled'] = globalsetting_meta.is_global_setting_enabled()
result['cookies'] = controller_util.format_response_cookie()
return self.render_json(result)
else:
controller_util.delete_current_ta_project()
controller_util.delete_current_ta_display_name()
return self.render_json({'cookies': controller_util.format_response_cookie()})
else:
logger.error("app_name is not in the params:%s.", params)
raise RuntimeError('app_name is not in the params')
except CommonException as ce:
logger.error("Can not get app basic info. %s", ce)
return self.render_json({'err_code': ce.get_err_code(),
'err_args': ce.get_options()})