Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: pass modular input script as parameter to input helper stream_e… #1342

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

feat: pass modular input script as parameter to input helper stream_e… #1342

wants to merge 1 commit into from

Conversation

Benni0
Copy link
Contributor

@Benni0 Benni0 commented Sep 16, 2024
edited
Loading

Summary

Change input helper templates to also pass the modular_input instance (smi.Script) to the stream_events function. This makes it easier to interact with Splunk, because the Splunk service of the modular_input instance can be used.

Changes

Added a additional parameter modular_input to the stream_events function of the input helper. Within the input itself, it is checked, if the stream_events function expects three parameters or not. If three parameters are expected, self will be passed as modular_input.
This is the least intrusive approach to implement this feature, but it has the overhead to check the amount of function parameters on each execution. Due to that, all prior implementation which doesn't have the parameter also work and no additional config parameter is necessary.
If you think an additional config parameter would be the better approach, I can implement this as well.

User experience

The user can access the modular_input within the input helper as well.

Checklist

If your change doesn't seem to apply, please leave them unchecked.

@Benni0 Benni0 marked this pull request as ready for review September 17, 2024 05:14
@Benni0 Benni0 requested review from a team as code owners September 17, 2024 05:14
@hetangmodi-crest
Copy link
Contributor

hetangmodi-crest commented Sep 17, 2024
edited
Loading

The changes are neat, however, can you share the use cases where an add-on developer would require the smi.Script object for?
The existing implementation gives you all the knowledge of inputs and an event_writer to write the events.
Moreover, do we need this parameter for both validate_input and stream_events or just stream_events?

@Benni0
Copy link
Contributor Author

Benni0 commented Sep 17, 2024
edited
Loading

My usecase is an input, which fetches items from MS using securitycenter and graph API. The authentication response is a bearer token which is valid for a specific time. As I want to reuse the token, I want to store it as secret. To achieve this, I use storage_passwords of the splunklib.client. But for this I need a client instance which the smi.Script instance provides (input.service).
The reason why I've added it to validate_input is, that i execute a test request, which requires authentication, during validation.

@hetangmodi-crest
Copy link
Contributor

hetangmodi-crest commented Sep 17, 2024
edited
Loading

To achieve the above-mentioned use case, have you tried using ConfManager from solnlib library? It has CRUD methods supported. Perhaps, using this, you can achieve your use case?

@Benni0
Copy link
Contributor Author

Benni0 commented Sep 17, 2024

Sure, it would be possible to use ConfManager, but in my opinion I think it is easier to use the already existing client instance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Benni0 @hetangmodi-crest