Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When we calculate changes between two branches in order to run tests, we currently do not catch data source object changes as content dependencies. Following the same path in which we calculate macros and lookups as being content dependencies, this PR will attempt to change the diff calculation to include data source object changes.
Notably, this will then trigger the testing for each of these detections when we have an "Auto Update TA" PR like so: splunk/security_content#3154. (See Note at end)
This testing will provide the confidence and verification that such changes can be merged without issues.
Note:
Those PRs currently don't update contentctl.yml, which appears to still be used for testing, so until we decide how to reconcile those here, or update the code powering those PRs to also make those changes, this will trigger tests but still using the old TAs. We also don't really have any testing afaict to confirm that the TA version change does not alter sourcetypes or fields- those will hopefully become apparent via the actual testing, but that's not necessarily guaranteed depending on the original GDI mechanism