fix: update field validation condition (#900)

This PR updates the condition for the object_category field of the
Change DataModel.
Added e2e tests to cover this check.

Author: dvarasani-crest

.github/workflows/build-test-release.yml

@@ -148,7 +148,7 @@ jobs:
           "splunk_setup_fixture",
           "splunk_app_req",
           "splunk_app_req_broken",
-          "splunk_cim_model_ipv6_regex",
+          "splunk_cim_model",
         ]
     steps:
       - uses: actions/checkout@v4

pytest_splunk_addon/CIM_Models/datamodel_definition.py

@@ -2396,5 +2396,7 @@
         },
     },
 }
-
-datamodels["latest"] = datamodels["6.0.0"]
+# No fields changes between v6.0.0 and v6.0.2
+datamodels["6.0.1"] = datamodels["6.0.0"]
+datamodels["6.0.2"] = datamodels["6.0.0"]
+datamodels["latest"] = datamodels["6.0.2"]

pytest_splunk_addon/data_models/Change.json

@@ -48,7 +48,7 @@
         },
         {
           "name": "object_category",
-          "validity": "if((tag==\"account\" AND object_category==\"user\") OR tag!=\"account\",object_category, null())",
+          "validity": "if((tag==\"account\" AND object_category==\"user\") OR (tag!=\"account\" AND object_category!=\"user\"),object_category, null())",
           "type": "required",
           "comment": "Generic name for the class of the updated resource object. Expected values may be specific to an app."
         },

tests/e2e/addons/TA_cim_addon/default/eventtypes.conf

@@ -1,2 +1,8 @@
 [test_ipv6]
-search = sourcetype=test:ipv6
+search = sourcetype=test:ipv6
+
+[test_change]
+search = sourcetype=test:change
+
+[test_change_account]
+search = sourcetype=test:change AND change_type=account

tests/e2e/addons/TA_cim_addon/default/props.conf

@@ -1,2 +1,13 @@
 [test:ipv6]
 FIELDALIAS-ipAddress_as_src_ip = ipAddress AS src_ip
+
+[test:change]
+FIELDALIAS-obj = object.name as object
+FIELDALIAS-obj_category = object.category as object_category
+FIELDALIAS-obj_attrs = object.attrs as object_attrs
+FIELDALIAS-obj_id = object.id as object_id
+FIELDALIAS-obj_path = object.path as object_path
+FIELDALIAS-usr = user.email as user
+FIELDALIAS-usr_name = user.name as user_name
+FIELDALIAS-usr_type = user.type as user_type
+EVAL-vendor_product = "PSA"

tests/e2e/addons/TA_cim_addon/default/pytest-splunk-addon-data.conf

@@ -13,4 +13,17 @@ expected_event_count = 34
 
 token.0.token = ##ip_address##
 token.0.replacementType = all
-token.0.replacement = list["1234::", "2001:db8::", "::1334", "::", "::1325", "2001:0db8::1:2:3456", "2001::1:2:3", "2001:db8::1:2", "::ffff:192.168.1.1", "::ffff:192.168.1.112", "::1", "2001:0db8::1:2:3", "ff02:0000:0000:0000:0000:0000:0000:0001", "fe80:0000:0000:0000:a299:9bff:fe18:50d1", "2001:0db8:1111:000a:00b0:0000:9000:0200", "2001:0db8:0000:0000:abcd:0000:0000:1234","2001:0db8:cafe:0001:0000:0000:0000:0100", "2001:0db8:cafe:0001:0000:0000:0000:0200", "1:2:3:4:5:6:7::", "fe80::a299:9bff:fe18:50d1", "::3212", "::1212", "2001:db80:1000:a000:0000:bc00:abcd:d0b0","2001::abcd", "2001:0000:0000:0000:abcd:0000:0000:1234", "2001:0000:0000:abcd:0000:0000:0000:1234", "2001:0000:abcd:0000:0000:0000:0000:1234", "2001:db8:1111:a:b0:0:9000:200", "fe80:0:0:0:a299:9bff:fe18:50d1", "0:0:0:0:0:0:0:1", "0000:0000:0000:0000:0000:0000:0000:0001","0:0:0:0:0:0:ffff:192.168.10.10", "2001:0000:0000:0000:0000:abcd:0000:1", "::ffff:192.168.10.10"]
+token.0.replacement = list["1234::", "2001:db8::", "::1334", "::", "::1325", "2001:0db8::1:2:3456", "2001::1:2:3", "2001:db8::1:2", "::ffff:192.168.1.1", "::ffff:192.168.1.112", "::1", "2001:0db8::1:2:3", "ff02:0000:0000:0000:0000:0000:0000:0001", "fe80:0000:0000:0000:a299:9bff:fe18:50d1", "2001:0db8:1111:000a:00b0:0000:9000:0200", "2001:0db8:0000:0000:abcd:0000:0000:1234","2001:0db8:cafe:0001:0000:0000:0000:0100", "2001:0db8:cafe:0001:0000:0000:0000:0200", "1:2:3:4:5:6:7::", "fe80::a299:9bff:fe18:50d1", "::3212", "::1212", "2001:db80:1000:a000:0000:bc00:abcd:d0b0","2001::abcd", "2001:0000:0000:0000:abcd:0000:0000:1234", "2001:0000:0000:abcd:0000:0000:0000:1234", "2001:0000:abcd:0000:0000:0000:0000:1234", "2001:db8:1111:a:b0:0:9000:200", "fe80:0:0:0:a299:9bff:fe18:50d1", "0:0:0:0:0:0:0:1", "0000:0000:0000:0000:0000:0000:0000:0001","0:0:0:0:0:0:ffff:192.168.10.10", "2001:0000:0000:0000:0000:abcd:0000:1", "::ffff:192.168.10.10"]
+
+[test_change.xml]
+interval = 30
+latest = now
+sourcetype = test:change
+source = psa
+maxIntervalsBeforeFlush = 1
+input_type = modinput
+host_type = plugin
+sourcetype_to_search = test:change
+timestamp_type = plugin
+expected_event_count = 3
+requirement_test_sample = 1

tests/e2e/addons/TA_cim_addon/default/tags.conf

@@ -1,3 +1,10 @@
 [eventtype=test_ipv6]
 network = enabled
-communicate = enabled
+communicate = enabled
+
+[eventtype=test_change]
+change = enabled
+
+[eventtype=test_change_account]
+change = enabled
+account = enabled

tests/e2e/addons/TA_cim_addon/samples/test_change.xml

@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<device>
+  <vendor>Splunk</vendor>
+  <product>PSA</product>
+  <version id="unknown" />
+  <event code="" name="" format="">
+    <transport type="modinput" sourcetype="test:change" source="test_data" host="so1" />
+    <source>
+      <jira id="" />
+      <comment>lab</comment>
+    </source>
+    <raw><![CDATA[{"action":"created","change_type":"resources","command":"test_command","dest":"dest-object","dvc":"object-dvc","object":{"name":"object1","attrs":"attr1","category":"Eventhub","id":"test_id","path":"/dummy/path"},"result":"BadRequest","src":"1.1.1.1","status":"failure","user":{"email":"user1@abc.com","name":"user1","type":"Admin"},"timestamp":"2025-02-12T12:00:00Z"}]]></raw>
+    <cim>
+      <models>
+        <model>Change</model>
+      </models>
+      <cim_fields>
+        <field name="action" value="created" />
+        <field name="change_type" value="resources" />
+        <field name="command" value="test_command" />
+        <field name="dest" value="dest-object" />
+        <field name="dvc" value="object-dvc" />
+        <field name="object" value="object1" />
+        <field name="object_attrs" value="attr1" />
+        <field name="object_category" value="Eventhub" />
+        <field name="object_id" value="test_id" />
+        <field name="object_path" value="/dummy/path" />
+        <field name="result" value="BadRequest" />
+        <field name="src" value="1.1.1.1" />
+        <field name="status" value="failure" />
+        <field name="user" value="user1@abc.com" />
+        <field name="user_name" value="user1" />
+        <field name="user_type" value="Admin" />
+        <field name="vendor_product" value="PSA" />
+      </cim_fields>
+      <missing_recommended_fields />
+    </cim>
+  </event>
+  <event code="" name="" format="">
+    <transport type="modinput" sourcetype="test:change" source="test_data" host="so1" />
+    <source>
+      <jira id="" />
+      <comment>lab</comment>
+    </source>
+    <raw><![CDATA[{"action":"created","change_type":"resources","command":"test_command","dest":"dest-object","dvc":"object-dvc","object":{"name":"object1","attrs":"attr1","category":"user","id":"test_id","path":"/dummy/path"},"result":"BadRequest","src":"1.1.1.1","status":"failure","user":{"email":"user1@abc.com","name":"user1","type":"Admin"},"timestamp":"2025-02-12T12:00:00Z"}]]></raw>
+    <cim>
+      <models>
+        <model>Change</model>
+      </models>
+      <cim_fields>
+        <field name="action" value="created" />
+        <field name="change_type" value="resources" />
+        <field name="command" value="test_command" />
+        <field name="dest" value="dest-object" />
+        <field name="dvc" value="object-dvc" />
+        <field name="object" value="object1" />
+        <field name="object_attrs" value="attr1" />
+        <field name="object_category" value="user" />
+        <field name="object_id" value="test_id" />
+        <field name="object_path" value="/dummy/path" />
+        <field name="result" value="BadRequest" />
+        <field name="src" value="1.1.1.1" />
+        <field name="status" value="failure" />
+        <field name="user" value="user1@abc.com" />
+        <field name="user_name" value="user1" />
+        <field name="user_type" value="Admin" />
+        <field name="vendor_product" value="PSA" />
+      </cim_fields>
+      <missing_recommended_fields />
+    </cim>
+  </event>
+  <event code="" name="" format="">
+    <transport type="modinput" sourcetype="test:change" source="test_data" host="so1" />
+    <source>
+      <jira id="" />
+      <comment>lab</comment>
+    </source>
+    <raw><![CDATA[{"action":"created","change_type":"account","command":"test_command","dest":"dest-object","dvc":"object-dvc","object":{"name":"object1","attrs":"attr1","category":"user","id":"test_id","path":"/dummy/path"},"src":"1.1.1.1","status":"success","user":{"email":"user1@abc.com","name":"user1","type":"Admin"},"timestamp":"2025-02-12T12:00:00Z"}]]></raw>
+    <cim>
+      <models>
+        <model>Change:Account_Management</model>
+      </models>
+      <cim_fields>
+        <field name="action" value="created" />
+        <field name="change_type" value="account" />
+        <field name="command" value="test_command" />
+        <field name="dest" value="dest-object" />
+        <field name="dvc" value="object-dvc" />
+        <field name="object" value="object1" />
+        <field name="object_attrs" value="attr1" />
+        <field name="object_category" value="user" />
+        <field name="object_id" value="test_id" />
+        <field name="object_path" value="/dummy/path" />
+        <field name="src" value="1.1.1.1" />
+        <field name="status" value="success" />
+        <field name="user" value="user1@abc.com" />
+        <field name="user_name" value="user1" />
+        <field name="user_type" value="Admin" />
+        <field name="vendor_product" value="PSA" />
+      </cim_fields>
+      <missing_recommended_fields>
+        <field>result</field>
+        <field>src_user</field>
+      </missing_recommended_fields>
+    </cim>
+  </event>
+</device>