You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After reviewing the implementation of check_detection_metadata() on the inspect action- we can extend this concept to include warning/errors on lookups changing without the filenames changing between two versions. This causes a big issue with Victoria Experience SplunkCloud deployments where lookup updates are handled differently. Implementing this in the inspect workflow allows us to better catch these, and allows customers utilizing contentctl to also benefit from this.
The text was updated successfully, but these errors were encountered:
Jotting down thoughts here as this is a bit more involved than at first glance- we already validate that lookup yml files point to lookup files that exist- so we can likely avoid parsing the the .conf to fetch those entirely, which saves a ton of work. We need to collect two pieces of information from each package- the filename of the CSV lookup on disk, and a hash of that file. Creating a set of tuples for these could represent each package, and then we simply need to compare based on the filename key- we specifically want to throw errors when the filename has not changed, but the file hash has. Things that are only in the new package are new lookups- whether we want to go back and add validation to enforce datestamping them is separate. Things that are only in the old package set are two things- "Lookups we don't ship anymore" or "old versions of lookups that have had their filename changed" - both of those are fine.
After reviewing the implementation of check_detection_metadata() on the
inspect
action- we can extend this concept to include warning/errors on lookups changing without the filenames changing between two versions. This causes a big issue with Victoria Experience SplunkCloud deployments where lookup updates are handled differently. Implementing this in the inspect workflow allows us to better catch these, and allows customers utilizingcontentctl
to also benefit from this.The text was updated successfully, but these errors were encountered: