Security

AppInspect API error: "Do not use `default/setup.xml` in the Cloud environment"

gsabhay77
Explorer

I ran the latest Splunk's AppInspect API 2.1.0 using the Postman for the Splunk app we are developing. We have a setup.xml file located inside the default folder of the app project.

After running the AppInspect recently, I got an issue "Do not use default/setup.xml in the Cloud environment. Please consider use Authorization Code Flow for server-side web applications that can securely store secrets.". This error was not shown when I ran the app a week before. I guess this rule should be recently introduced in the Splunk AppInspect.

Can someone please provide some info on where to place the setup.xml file for this to error to disappear and also work for Splunk Cloud as well?

Tags (2)
0 Karma

ravi
Loves-to-Learn Lots

Hi @gsabhay77  were you able to shift from setup.xml to setup_view

0 Karma

gsabhay77
Explorer

Yeah. It worked for me!

0 Karma

ravi
Loves-to-Learn Lots

@gsabhay77 

Is your App published in Splunkbase. I want to refer to something 

0 Karma

thellmann
Splunk Employee
Splunk Employee

I would recommend using a setup page instead of setup.xml to perform configuration. We released an updated manual on this topic here: https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/setuppage/

This code example might also be helpful: 

PavelP
Motivator

Hello @gsabhay77 ay77,

the appinspect 2.1.0 checks if there is a file setup.xml in the app default folder:

# setup.xml
# -------------------
@splunk_appinspect.tags("cloud")
@splunk_appinspect.cert_version(min="2.1.0")
def check_setup_xml_in_default(app, reporter):
    """Check that `setup.xml` does not exist in the app default folder
    """
    if app.file_exists("default", "setup.xml"):
        reporter_output = (
            "Do not use `default/setup.xml` in the Cloud environment. "
            "Please consider use Authorization Code Flow for server-side web applications "
            "that can securely store secrets. "
        )
        reporter.fail(reporter_output)

The setup.xml file, which should be located in $SPLUNK_HOME/etc/<your_app_name>/default/, defines the setup page that prompts users for configuration settings (i.e. credentials): https://dev.splunk.com/enterprise/docs/developapps/setuppage/setupxmlsyntax/

Apparently Splunk will move from local credentials to secure credential mechanism, https://dev.splunk.com/scs/docs/apps/plan/ : Use Authorization Code Flow to authorize in the system for server-side web applications that can securely store secrets. Authorization Code Flow uses a confidential setup.

where to place the setup.xml : you can place it outside of default to bypass the check, but the Setup Screen will not be triggered when the user first runs the app.

You can also bypass cloud checks completely by using --excluded-tags cloud, but you asked also work for Splunk Cloud as well

gsabhay77
Explorer

Hi PavelP,

Thanks for providing the info. I did try to place the setup.xml outside the default folder. But that seems to make the error go away but I cannot access the setup page as the "Set up" option doesn't appear for the Application.

Can you please provide any documentation on how to create "Authorization Code Flow" in Splunk app for authentication?

0 Karma

PavelP
Motivator

Hello @gsabhay77 ,

The setup.xml file should be located in $SPLUNK_HOME/etc//default/, else the Setup Screen will not be triggered when the user first runs the app.

I haven't done it before yet, the introduction is here: https://dev.splunk.com/scs/docs/apps/plan/

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...