security_content icon indicating copy to clipboard operation
security_content copied to clipboard

Published 20 hours ago verified publisher icon splunk

macros.j2 not compatible with macros with two or more arguments

Open andsovik opened this issue 2 years ago • 1 comments

Description

If you create a macro with two or more arguments in the macros folder, it will not compile correctly. The reason for this is due to the jinja definition in macros.j2.

How to recreate:

Paste the following content in a file under security_content/macros/test.yml

arguments:
- foo
- bar
definition: a=$foo$ b=$bar$
description: just for testing
name: test_macro

If this is compiled, you will end up with the following macros.conf under the dist folder:

[test_macro(2)]
args = foo,
bar
definition: a=$foo$ b=$bar$
description: just for testing

To fix this you need to change the macros.j2 file with the following code:

{% for macro in objects %}
[{{ macro.name }}{% if macro.arguments is not none %}({{ macro.arguments|length }}){% endif %}]
{% if macro.arguments is not none %}
args = {% for arg in macro.arguments -%}{{ arg }}{{ ", " if not loop.last }}{% endfor %}

{% endif %}
{% if macro.definition is not none %}
definition = {{ macro.definition }}
{% else %}
definition =
{% endif %}
description = {{ macro.description }}

{% endfor %}

Changes made above can be seen at the end of the "macro.arguments -%" where I added a dash. And also moving the endfor up one line, and also adding a new line in between the endfor and the endif.

This will result in the macros.conf being compiled correctly like this:

[test_macro(2)]
args = foo, bar
definition: a=$foo$ b=$bar$
description: just for testing

Version

Latest: v3.55.0

andsovik avatar Dec 22 '22 20:12 andsovik

@pyth0n1c : We should add this to contentctl

patel-bhavin avatar Aug 02 '23 23:08 patel-bhavin

Thank you for the issue @andsovik !

This has been fixed in the following commit to an open PR to contentctl: https://github.com/splunk/contentctl/commit/35fc10b3b28c7a0289e805316b25d13e5e58861a

Note this template has some other small changes, because macros can no longer be None, just a list of any length (including 0).

macro for testing:

arguments:
  - field
  - another
definition: 'convert timeformat="%Y-%m-%dT%H:%M:%S" ctime($field$) ctime($another$)'
description: convert epoch time to string
name: two_arguments_example

See below that the file is properly generated: image

pyth0n1c avatar Apr 23 '24 22:04 pyth0n1c