Merge pull request #212 from splunk/ACD-4534-pytest-splunk-addon-Doc-Update

Updating documentation

Author: nariyanibhargav

docs/conf.py

@@ -43,6 +43,7 @@
     'sphinx.ext.coverage',
     'sphinx.ext.viewcode',
     'sphinx.ext.napoleon',
+    'sphinx_panels'
 ]
 
 # Add any paths that contain templates here, relative to this directory.

docs/how_to_use.rst

@@ -6,17 +6,19 @@ How To Use
 
 Create a test file in the tests folder
 
-.. code:: python3
+.. dropdown:: Example Test File
 
-    from pytest_splunk_addon.standard_lib.addon_basic import Basic
-    class Test_App(Basic):
-        def empty_method():
-            pass
+    .. code:: python3
+
+        from pytest_splunk_addon.standard_lib.addon_basic import Basic
+        class Test_App(Basic):
+            def empty_method():
+                pass
 
 
 .. _test_execution:
 
-There are two ways to execute the tests:
+There are three ways to execute the tests:
 
 **1. Running tests with an external Splunk instance**
 
@@ -28,39 +30,56 @@ There are two ways to execute the tests:
 
     .. code:: bash
 
-        pytest --splunk-type=external --splunk-app=<path-to-addon-package> --splunk-host=<hostname> --splunk-port=<splunk-management-port> --splunk-user=<username> --splunk-password=<password> --splunk-hec-token=<splunk_hec_token>
+        pytest --splunk-type=external --splunk-app=<path-to-addon-package> --splunk-data-generator=<path to pytest-splunk-addon-data.conf file> --splunk-host=<hostname> --splunk-port=<splunk-management-port> --splunk-user=<username> --splunk-password=<password> --splunk-hec-token=<splunk_hec_token>
 
 
 **2. Running tests with docker splunk**
 
     .. code:: bash
 
-        pip install pytest-splunk-addon[docker]
+        git clone [email protected]:splunk/pytest-splunk-addon.git
+        cd pytest-splunk-addon
+        pip install poetry
+        poetry install
+
+    Create a Dockerfile-splunk file
+
+    .. dropdown:: Example Dockerfile
 
-    Create a Dockerfile-splunk file 
+        .. code:: Dockerfile
 
-    .. literalinclude:: ../Dockerfile.splunk
-       :language: Dockerfile
+            ARG SPLUNK_VERSION=latest
+            FROM splunk/splunk:$SPLUNK_VERSION
+            ARG SPLUNK_VERSION=latest
+            ARG SPLUNK_APP_ID=TA_UNKNOWN
+            ARG SPLUNK_APP_PACKAGE=$SPLUNK_APP_PACKAGE
+            RUN echo Splunk VERSION=$SPLUNK_VERSION
+            COPY deps/apps /opt/splunk/etc/apps/
+            COPY $SPLUNK_APP_PACKAGE /opt/splunk/etc/apps/$SPLUNK_APP_ID
 
     Create docker-compose.yml
 
-    .. literalinclude:: ../docker-compose.yml
-       :language: YAML
-       :lines: 9-
+    .. dropdown:: Example docker-compose file
+
+        .. literalinclude:: ../docker-compose.yml
+            :language: YAML
+            :lines: 9-
 
 .. _conftest_file:
 
     Create conftest.py in the test folder along with :ref:`the test file <test_file>`
 
-    .. literalinclude:: ../tests/conftest.py
-       :language: python
-       :lines: 2,12-
+    .. dropdown:: Example conftest file
+
+        .. literalinclude:: ../tests/conftest.py
+            :language: python
+            :lines: 1-2,12-
 
     Run pytest with the add-on, using the following command:
 
     .. code:: bash
 
-        pytest --splunk-type=docker --splunk-password=Changed@11
+        pytest --splunk-type=docker --splunk-data-generator=<path to pytest-splunk-addon-data.conf file>
 
 The tool assumes the Splunk Add-on is located in a folder "package" in the project root.
 
@@ -84,8 +103,8 @@ The tool assumes the Splunk Add-on is located in a folder "package" in the proje
 
     .. code:: bash
 
-        pytest --splunk-type=external 
-            --splunk-app=<path-to-addon-package> 
+        pytest --splunk-type=external                                   # Whether you want to run the addon with docker or an external Splunk instance
+            --splunk-app=<path-to-addon-package>                        # Path to Splunk app package. The package should have the configuration files in the default folder.
             --splunk-host=<hostname>                                    # Receiver Splunk instance where events are searchable.
             --splunk-port=<splunk_management_port>                      # default 8089
             --splunk-user=<username>                                    # default admin     
@@ -247,9 +266,11 @@ Extending pytest-splunk-addon
 
     The following snippet shows an example in which the setup fixture is used to enable a saved search.
 
-    .. literalinclude:: ../tests/enable_saved_search_conftest.py
-       :language: python
-       :lines: 2,31-
+    .. dropdown:: enable_saved_search_conftest.py
+
+        .. literalinclude:: ../tests/enable_saved_search_conftest.py
+            :language: python
+            :lines: 2,31-
 
 
 **4. Check mapping of an add-on with custom data models**
@@ -266,4 +287,4 @@ Extending pytest-splunk-addon
 
    <hr width=100%>
 
-.. [#] xfail indicates that you expect a test to fail for some reason. A common example is a test for a feature not yet implemented, or a bug not yet fixed. When a test passes despite being expected to fail, it's an xpass and will be reported in the test summary.
+.. [#] xfail indicates that you expect a test to fail for some reason. A common example is a test for a feature not yet implemented, or a bug not yet fixed. When a test passes despite being expected to fail, it's an xpass and will be reported in the test summary.

docs/overview.rst

@@ -23,40 +23,7 @@ Features
 Release notes
 -------------
 
-1.3.0
-""""""""""""""""""""""""""
-
-    **New Features:**
-
-    * Removed dependency on SA-Eventgen to generate data for testing.
-    * pytest-splunk-addon now generates data independently, which is required for testing.
-    * pytest-splunk-addon generates tests for testing index-time properties in Splunk Technology Add-ons.
-
-    **Bugfixes:**
-
-    * Enhanced requirements for the following CIM data models:
-
-    +-----------------------+-----------------------------------------------------------+
-    | CIM Data Model        |                   Field Name                              | 
-    +=======================+===========================================================+
-    | IDS                   | src, dest, src_port, dest_port, user                      |
-    +-----------------------+-----------------------------------------------------------+
-    | Network Resolution    | src, dest                                                 |
-    +-----------------------+-----------------------------------------------------------+
-    | Network Traffic       | bytes, bytes_in, bytes_out, icmp_code                     |
-    |                       |                                                           |
-    |                       | packets, packets_in, packets_out                          |
-    |                       |                                                           |    
-    |                       | src, src_translated_port, src_port                        |
-    |                       |                                                           |
-    |                       | dest, dest_translated_port, dest_port                     |
-    +-----------------------+-----------------------------------------------------------+
-    | Web                   | app, uri_path, url_length                                 |
-    +-----------------------+-----------------------------------------------------------+
-
-    **Known Issues:**
-
-    * Fields for modular regular expressions are not extracted in the plugin.
+Find details about all the releases here: :ref:`Release History Page<release_history>`
 
 Installation
 ------------
@@ -72,4 +39,5 @@ Or, in any case, if pip is unavailable:
     
     1. git clone https://github.com/splunk/pytest-splunk-addon.git
     2. cd pytest-splunk-addon
-    3. python3 setup.py install
+    3. pip install poetry
+    4. poetry install

docs/release_history.rst

@@ -1,10 +1,165 @@
+.. _release_history:
+
+=================
 Release History
 =================
 
 **GitHub**
 
 The best way to track the development of pytest-splunk-addon is through `the GitHub Repo <https://github.com/splunk/pytest-splunk-addon/>`_.
 
+1.3.12 (2020-11-09)
+""""""""""""""""""""""""""
+    **Changes:**
+ 
+    * Added ``--ignore-addon-errors`` pytest param to suppress Splunk Addon internal errors.
+    * Updated ``--no-splunk-cleanup`` pytest param to ``--splunk-cleanup`` which is used to clean the data on the Splunk instance before testing.
+
+    **Known Issues:**
+
+    * Event ingestion through SC4S via UDP port
+    * Fields for modular regular expressions are not extracted in the plugin.
+
+1.3.11 (2020-10-27)
+""""""""""""""""""""""""""
+    **Changes:**
+
+    * Fixed string literal causing SyntaxError within helmut lib.
+    * Added ``--no-splunk-cleanup`` CLI param, which disables the cleanup of Splunk environment before the tests execute.
+    * Added ``--splunk-web-scheme`` pytest argument which can be used to set the web scheme (http/https) of the Splunk instance.
+    * Updated pytest-splunk-addon package to remove static fixtures that are now installed as part of the environment.
+
+    **Known Issues:**
+
+    * Event ingestion through SC4S via UDP port
+    * Fields for modular regular expressions are not extracted in the plugin.
+
+1.3.9 (2020-10-15)
+""""""""""""""""""""""""""
+    **Changes:**
+
+    * Updated build process which uses python's poetry to install dependencies.
+    * Added support in pytest-splunk-addon to test with on-prem forwarder configured to a standalone or SH of  cloud stack by providing SH in --splunk-host and forwarder in --splunk-forwarder-host and other appropriate params.
+
+    **Known Issues:**
+
+    * Event ingestion through SC4S via UDP port
+    * Fields for modular regular expressions are not extracted in the plugin.
+
+1.3.6 (2020-9-25)
+""""""""""""""""""""""""""
+    **Changes:**
+
+    * Added support for ingestion of data via pytest-splunk-addon with a user-defined index ``index = <index_name>``.
+
+    **Known Issues:**
+
+    * Event ingestion through SC4S via UDP port
+    * Fields for modular regular expressions are not extracted in the plugin.
+
+1.3.5 (2020-9-14)
+""""""""""""""""""""""""""
+    **Changes:**
+
+    * Updated the host pattern from using ``_`` to using ``-``.
+    * Updated host generation logic to fix an issue for unique IP based hosts from being duplicated due to a limit. Now hosts are getting generated uniquely.
+
+    **Known Issues:**
+
+    * Event ingestion through SC4S via UDP port
+    * Fields for modular regular expressions are not extracted in the plugin.
+
+
+1.3.4 (2020-9-11)
+""""""""""""""""""""""""""
+    **Changes:**
+
+    * Removed threading mechanism while sending data using SC4S as SC4S expects sequential ingestion of data rather than parallel ingestion. 
+
+    **Known Issues:**
+
+    * Event ingestion through SC4S via UDP port
+    * Fields for modular regular expressions are not extracted in the plugin.
+
+1.3.3 (2020-9-09)
+""""""""""""""""""""""""""
+    **Changes:**
+
+    * Added log messages to our tests to help debug issues.
+
+    **Known Issues:**
+
+    * Event ingestion through SC4S via UDP port
+    * Fields for modular regular expressions are not extracted in the plugin.
+
+1.3.2 (2020-8-26)
+""""""""""""""""""""""""""
+    **Changes:**
+
+    * Enhanced requirements for the following CIM data models:
+
+    +-----------------------+-----------------------------------------------------------+
+    | CIM Data Model        |                   Field Name                              | 
+    +=======================+===========================================================+
+    | Change                | action, object_category, object_id, object_path,          |
+    |                       | object_attrs                                              |
+    +-----------------------+-----------------------------------------------------------+
+
+    * Now, the tokenised events can be stored in json files in the *.tokenized_events* folder. If these files are not required, use the ``--discard-eventlogs`` option when executing the tests.
+
+    **Known Issues:**
+
+    * Event ingestion through SC4S via UDP port
+    * Fields for modular regular expressions are not extracted in the plugin.
+
+1.3.1 (2020-8-24)
+""""""""""""""""""""""""""
+    **Changes:**
+
+    * Now handles situations where TRANSFORMS REGEX uses _VAL in transforms.conf.
+    * pytest-splunk-addon now handles eval functions using NULL more efficiently. 
+
+    **Known Issues:**
+
+    * Event ingestion through SC4S via UDP port
+    * Fields for modular regular expressions are not extracted in the plugin.
+
+1.3.0 (2020-8-21)
+""""""""""""""""""""""""""
+    **Features:**
+
+    * pytest-splunk-addon now generates data with it's own data generator feature which replaces SA-Eventgen for accuracy. This feature can ingest data using HEC event, HEC Raw and SC4S (TCP).
+    * pytest-splunk-addon now generates Index Time test cases for your Splunk Technology Add-ons. 
+    * Added a utility to create a new pytest-splunk-addon-data.conf file from existing eventgen.conf file.
+    * Backward compatibility for search time tests using existing eventgen.conf.
+
+    **Bugfixes:**
+
+    * Enhanced requirements for the following CIM data models:
+
+    +-----------------------+-----------------------------------------------------------+
+    | CIM Data Model        |                   Field Name                              | 
+    +=======================+===========================================================+
+    | IDS                   | src, dest, src_port, dest_port, user                      |
+    +-----------------------+-----------------------------------------------------------+
+    | Network Resolution    | src, dest                                                 |
+    +-----------------------+-----------------------------------------------------------+
+    | Network Traffic       | bytes, bytes_in, bytes_out, icmp_code                     |
+    |                       |                                                           |
+    |                       | packets, packets_in, packets_out                          |
+    |                       |                                                           |    
+    |                       | src, src_translated_port, src_port                        |
+    |                       |                                                           |
+    |                       | dest, dest_translated_port, dest_port                     |
+    +-----------------------+-----------------------------------------------------------+
+    | Web                   | app, uri_path, url_length                                 |
+    +-----------------------+-----------------------------------------------------------+
+
+    **Known Issues:**
+
+    * Event ingestion through SC4S via UDP port
+    * Fields for modular regular expressions are not extracted in the plugin.
+
 1.2.0 (2020-06-04)
 """"""""""""""""""""""""""
     **Features:**
@@ -17,6 +172,7 @@ The best way to track the development of pytest-splunk-addon is through `the Git
     **Bugfixes:**
 
     * Invalid search query generation for Malware Data Model is now fixed.
+    * Invalid search query for clustered fields in CIM testing.
 
     **Known Issues:**
 
@@ -27,7 +183,7 @@ The best way to track the development of pytest-splunk-addon is through `the Git
 
     **Features:**
 
-    * The codebase was reformatted to an object-oriented approach to increase the readability, scalability and the reusability of the plugin. 
+    * The codebase was reformatted to an object-oriented approach to increase the readability, scalability, and the reusability of the plugin. 
     * pytest-splunk-addon now generates tests for checking CIM compatibility in your Splunk Technology Add-ons.
 
     **Bugfixes:**

docs/sample_generator.rst

@@ -28,6 +28,7 @@ pytest-splunk-addon-data.conf.spec
     latest = now
     timezone = 0000
     breaker = {{regex}}
+    host_prefix = {{host_prefix}}
 
 [<sample file name>]
     * The stanza can contain the sample File Name or Regex to match multiple sample files.
@@ -85,6 +86,9 @@ breaker = <regex>
     * This parameter is optional. If it is not provided by the user, the events will be ingested into Splunk,
       as per the *input_type* provided.
 
+host_prefix = <host_prefix>
+    * This param is used as an identification for the **host** field, for the events which are ingested using SC4S.
+
 Token replacement settings 
 -----------------------------
 The following replacementType -> replacement values are supported

docs/troubleshoot.rst

@@ -1,4 +1,4 @@
-Troubleshoot
+Troubleshooting
 ===================
 
 **1. Test Case takes forever to run when using splunk-type=external**