-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/splunk observability scaler #6192
base: main
Are you sure you want to change the base?
Feature/splunk observability scaler #6192
Conversation
… in hindsight Signed-off-by: Sebastian Schimper <[email protected]>
Signed-off-by: Sebastian Schimper <[email protected]>
tests/scalers/splunk_observability_test/splunk_observability_test.go
Outdated
Show resolved
Hide resolved
Signed-off-by: Sebastian Schimper <[email protected]>
The only files we should be changing under |
tests/scalers/splunk_observability_test/splunk_observability_test.go
Outdated
Show resolved
Hide resolved
tests/scalers/splunk_observability_test/splunk_observability_test.go
Outdated
Show resolved
Hide resolved
We should probably set this PR to WIP/Draft state |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the contribution! could of points
- helm update is not needed
- please fix DCO
tests/scalers/splunk_observability_test/splunk_observability_test.go
Outdated
Show resolved
Hide resolved
Thank you for reviewing, @zroubalik. I will work during the next days on fixing the things pointed out. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for reviewing, @zroubalik. I will work during the next days on fixing the things pointed out.
@sschimper-splunk any updates here please? We will cut a new release Nov 7, so if you want this included in KEDA 2.16 we should resolve this asap. If you don't have we can release this in the following release, not a problem :)
Hi @zroubalik, |
Signed-off-by: Sebastian Schimper <[email protected]>
password = fmt.Sprintf("%s-password", testName) | ||
vhost = "/" | ||
NoAuthConnectionString = fmt.Sprintf("http://rabbitmq.%s.svc.cluster.local", rmqNamespace) | ||
connectionString = fmt.Sprintf("amqp://%s:%s@rabbitmq.%s.svc.cluster.local", user, password, rmqNamespace) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Semgrep identified an issue in your code:
Semgrep found a possible database connection string built with string concatenation. Check for proper encoding/escaping of components to prevent parse errors and injection vulnerabilities.
To resolve this comment:
No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Leave a nosemgrep comment directly above or at the end of line 38 like so // nosemgrep: kedacore.db-connection-string
Take care to validate that this is not a true positive finding before ignoring it.
Learn more about ignoring code, files and folders here.
You can view more details about this finding in the Semgrep AppSec Platform.
password = fmt.Sprintf("%s-password", testName) | ||
vhost = "/" | ||
NoAuthConnectionString = fmt.Sprintf("amqp://rabbitmq.%s.svc.cluster.local", rmqNamespace) | ||
connectionString = fmt.Sprintf("amqp://%s:%s@rabbitmq.%s.svc.cluster.local", user, password, rmqNamespace) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Semgrep identified an issue in your code:
Semgrep found a possible database connection string built with string concatenation. Check for proper encoding/escaping of components to prevent parse errors and injection vulnerabilities.
To resolve this comment:
No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Leave a nosemgrep comment directly above or at the end of line 38 like so // nosemgrep: kedacore.db-connection-string
Take care to validate that this is not a true positive finding before ignoring it.
Learn more about ignoring code, files and folders here.
You can view more details about this finding in the Semgrep AppSec Platform.
@@ -186,7 +195,7 @@ func apiStubHandler(hasRateLeft bool, exceeds30Repos bool) *httptest.Server { | |||
w.WriteHeader(http.StatusForbidden) | |||
} | |||
if strings.HasSuffix(r.URL.String(), "jobs") { | |||
_, _ = w.Write([]byte(testGhWFJobResponse)) | |||
_, _ = w.Write([]byte(jobResponse)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Semgrep identified a blocking 🔴 issue in your code:
Detected directly writing or similar in 'http.ResponseWriter.write()'. This bypasses HTML escaping that prevents cross-site scripting vulnerabilities. Instead, use the 'html/template' package and render data using 'template.Execute()'.
To resolve this comment:
No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Leave a nosemgrep comment directly above or at the end of line 198 like so // nosemgrep: go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter
Take care to validate that this is not a true positive finding before ignoring it.
Learn more about ignoring code, files and folders here.
You can view more details about this finding in the Semgrep AppSec Platform.
Semgrep found 1 Detected directly writing or similar in 'http.ResponseWriter.write()'. This bypasses HTML escaping that prevents cross-site scripting vulnerabilities. Instead, use the 'html/template' package and render data using 'template.Execute()'. |
Somehow the diff now shows 4400+ files changed |
With this pull request, I would like to add a new custom KEDA scaler that interacts with the Splunk Observability Cloud Platform. It is able to query metrics from Splunk Observability Cloud and scale a deployment according to a predefined target value.
As for now, I do not have the created a pull request to update the Helm chart, becasue I did not think it necessary. However, my knowledge about Helm charts is admittedly limited, and I am happy to fix this in hindsight if that is necessary.
Thank you.
Checklist
Relates to: