Deployment & Requirements
#########################

Deployment matrix
=================

+----------------------+---------------------+
| Splunk roles         | required            |
+======================+=====================+
| Search head          |   yes               |
+----------------------+---------------------+
| Indexer tiers        |   no                |
+----------------------+---------------------+

If Splunk search heads are running in Search Head Cluster (SHC), the Splunk application must be deployed by the SHC deployer.

Dependencies
============

There are currently no dependencies for the application, but as with any Splunk modular action, the Splunk CIM application should be installed on the search heads. (``Splunk_SA_CIM``)

Make sure you have declared the ``cim_modactions`` index as the Add-on logs would automatically be directed to this index is the SA CIM application is installed on the search heads.

If the Splunk_SA_CIM is not installed, the Add-on logs will be generated in the ``_internal`` index. (This is a normal behaviour for Add-on developped with the Splunk Add-on builder that provide adaptive response capabilities)

Role Based Access Control (RBAC)
================================

Since the release 2.1.0, the JIRA application leverages a least privilege approach using its internal REST API, this allows you to allow users to access and use the alert actions with no other capabilities than the builtin capability ``jira_service_desk``.

**How things work:**

- The application defines a capability called ``jira_service_desk``.
- This capability is enabled in the builtin role ``jira_alert_action``.
- The builtin role ``jira_alert_action`` is automatically inherited for the ``admin`` and ``sc_admin`` roles.
- When calling the action, the backend underneath automatically call the JIRA App REST endpoints which access is constrained by the ``jira_service_desk`` capability.
- These endpoints provide the necessary information to the JIRA App to allow the alert actions to work.

**How to allow normal users to use the alert actions:**

- To allow normal users to use the alert actions, you can directly inherit the ``jira_alert_action`` role in their role definition.
- Alertnatively, You can also natively add the ``jira_service_desk`` capability to the existing roles.
- Both approaches are equivalent.

**What does provide the builtin jira_service_desk capability and the jira_alert_action role:**

- The capability ``jira_service_desk`` and the associated role provide **nothing** except the access to the JIRA App REST endpoints, allowing the alert actions to work.


Initial deployment
==================

**The deployment of the Splunk application is very straight forward:**

- Using the application manager in Splunk Web (Settings / Manages apps)

- Extracting the content of the tgz archive in the "apps" directory of Splunk

- For SHC configurations (Search Head Cluster), extract the tgz content in the SHC deployer and publish the SHC bundle

Upgrades
========

Upgrading the Splunk application is pretty much the same operation than the initial deployment.