Change the default permission

splunk · Dec 11, 2024 · 408bc18 · 408bc18
1 parent 3519ff7
commit 408bc18
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 7 deletions.
diff --git a/solnlib/alerts_rest_client.py b/solnlib/alerts_rest_client.py
@@ -49,13 +49,14 @@ class AlertComparator(Enum):
 class AlertsRestClient:
     """REST client for handling alerts."""
 
-    ENDPOINT = "/services/saved/searches"
+    ENDPOINT = "/servicesNS/{owner}/{app}/saved/searches"
     headers = [("Content-Type", "application/json")]
 
     def __init__(
         self,
         session_key: str,
         app: str,
+        owner: str = "nobody",
         **context: dict,
     ):
         """Initializes AlertsRestClient.
@@ -69,9 +70,14 @@ def __init__(
         self.app = app
 
         self._rest_client = rest_client.SplunkRestClient(
-            self.session_key, app=self.app, **context
+            self.session_key,
+            app=self.app,
+            owner=owner,
+            **context,
         )
 
+        self.endpoint = self.ENDPOINT.format(owner=owner, app=app)
+
     def create_search_alert(
         self,
         name: str,
@@ -130,15 +136,15 @@ def create_search_alert(
 
         params.update(kwargs)
 
-        self._rest_client.post(self.ENDPOINT, body=params, headers=self.headers)
+        self._rest_client.post(self.endpoint, body=params, headers=self.headers)
 
     def delete_search_alert(self, name: str):
         """Deletes a search alert in Splunk.
 
         Arguments:
             name: Name of the alert to delete.
         """
-        self._rest_client.delete(f"{self.ENDPOINT}/{name}")
+        self._rest_client.delete(f"{self.endpoint}/{name}")
 
     def get_search_alert(self, name: str):
         """Retrieves a specific search alert from Splunk.
@@ -150,7 +156,7 @@ def get_search_alert(self, name: str):
             A dictionary containing the alert details.
         """
         response = (
-            self._rest_client.get(f"{self.ENDPOINT}/{name}", output_mode="json")
+            self._rest_client.get(f"{self.endpoint}/{name}", output_mode="json")
             .body.read()
             .decode("utf-8")
         )
@@ -164,7 +170,7 @@ def get_all_search_alerts(self):
             A dictionary containing all search alerts.
         """
         response = (
-            self._rest_client.get(self.ENDPOINT, output_mode="json")
+            self._rest_client.get(self.endpoint, output_mode="json")
             .body.read()
             .decode("utf-8")
         )
@@ -248,5 +254,5 @@ def update_search_alert(
         params.update(kwargs)
 
         self._rest_client.post(
-            f"{self.ENDPOINT}/{name}", body=params, headers=self.headers
+            f"{self.endpoint}/{name}", body=params, headers=self.headers
         )
diff --git a/tests/integration/test_alerts_rest_client.py b/tests/integration/test_alerts_rest_client.py
@@ -181,6 +181,9 @@ def assert_alert_not_found():
     assert alert["name"] == example_name
     assert alert["content"]["search"] == search
 
+    # Check default permissions
+    assert alert["acl"]["sharing"] == "app"
+
     # Get all alerts
     alerts = get_alert_names_set()
     assert alerts - initial_alerts == {example_name}