Managing Updates to the Splunk Cloud Vetting Process

Before apps can be installed in a customer’s Splunk Cloud deployments, these apps have to go through Splunk’s cloud vetting process. Cloud vetting helps ensure that apps are safe and performant for our mutual customers to use in Splunk Cloud. It’s important for us to make regular updates to our cloud vetting requirements in order to ensure apps running on Splunk Cloud are “up to snuff”.

On the other hand, we here at Splunk understand that it can take time to respond to changing standards and that you, our app developers, will need time to adjust to any changes or additions we make to the cloud vetting process. That’s why I want to take a moment to walk through our new Cloud Vetting Change Policy.

What’s Changing?

In short: 

• New AppInspect checks will have a three-month introduction period
• Checks will initially return “warn” results instead of failures
• You can and should use the AppInspect API with the “future” tag to run these new checks
• Splunk will notify all Splunkbase app developers when checks that impact apps are announced, and again one month before promoting new checks from “warn” to “fail”
• If apps are still not updated after three months, they will begin to fail cloud vetting - and could lose their compatibility with Splunk Cloud!
   

Sometimes, we need to add new checks to the Cloud Vetting process that may cause an app to be rejected for installation in Splunk Cloud. Going forward, we will release these checks in stages over a three-month period. We will initially introduce checks as “warn-only”, meaning  they won’t prevent an app from passing cloud vetting. You should still see if your app is affected by the new check by looking for “warning” results using the Splunk AppInspect API, since this warning will eventually mature into a cloud vetting failure. These checks will be added to the “future” AppInspect tag to make it easy for you to run only these new checks.

At the same time, we’ll publish an announcement to the “What’s New” page for AppInspect and send an email with a brief description of the change to all developers with apps that are approved for Splunk Cloud on Splunkbase. This notification will make it clear why we’re changing the cloud vetting standards and what impact it will have on the user experience in Splunk Cloud. We’ll also describe how to use the AppInspect API on your apps to look for warnings of the newly-added checks - and how to update your app if necessary. We’ll also make sure to indicate the date by which you must update any affected apps. 

Two months later, we’ll re-run the new check on all apps published to Splunkbase and reach out to affected developers again to encourage them to update their apps. 

One more month later is when the change actually takes effect. We’ll update the check to return a “failure” or a “manual_check” result, which means that affected apps will no longer be installable in Splunk Cloud. We’ll re-run the check on all apps on Splunkbase again,  this time updating their compatibility with Splunk Cloud if they’re still affected. 

How-To

First, get an auth token from the Splunk.com API like so: 

curl -k -u username_goes_here \

     --url "https://api.splunk.com/2.0/rest/login/splunk"

You will be prompted for your password and, after a successful login, an auth token will be returned for use in the next step. To run only checks in the “future” tag with the AppInspect API, you can use this cURL command: 

curl -X POST -H "Authorization: bearer auth_token_here" \

-F  "app_package=@app_name_here.tar.gz" \

-F  "included_tags=future" \

--url "https://appinspect.splunk.com/v1/app/validate"

Of course, you can do the same steps using Postman or your favorite scripting language. 

Next Steps

Our action item for you is to use the AppInspect API to understand upcoming Cloud Policy changes, and pay attention to “warning” results. The first batch of checks covered by this new policy were released on April 29, 2021, meaning that they will be promoted to failures on July 29, 2021. Be ready! 

Our goal with this change management policy is to help you understand changes to the cloud vetting policy and give you enough time and visibility to update your app. You can always reach out to us for help understanding how to update your app:

• Through the Splunk AppHealth Team email alias
  
  OR
  
  
• Through the #appdev channel on the splunk-usergroups Slack workspace (where you can hit me up directly also — I’m @tedd and happy to chat!)