Advertisement
phoenixdigital

Splunk Setup Custom Endpoint

Jan 22nd, 2017
321
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 4.42 KB | None | 0 0
  1. import splunk
  2. import splunk.entity as en
  3. import splunk.auth
  4. import splunk.admin
  5. import csv
  6. import requests
  7. import logging
  8. import xml.dom.minidom, xml.sax.saxutils
  9. import xml.etree.ElementTree as ET
  10. import os, sys, json, time
  11. from datetime import datetime
  12.  
  13. ################################
  14. # Setup logging
  15. logging.root
  16. logging.root.setLevel(logging.DEBUG)
  17. formatter = logging.Formatter('%(levelname)s myapp=1,%(message)s')
  18. handler = logging.StreamHandler(stream=sys.stderr)
  19. handler.setFormatter(formatter)
  20. logging.root.addHandler(handler)
  21.  
  22. # Turn down requests from spamming Splunkd logs
  23. logging.getLogger("requests").setLevel(logging.WARNING)
  24.  
  25. ################################
  26.  
  27. class myappApiSettingsEndpoint(splunk.admin.MConfigHandler):
  28.  
  29.     def setup(self):
  30.         logging.info("type=setup,starting")
  31.         if self.requestedAction == splunk.admin.ACTION_EDIT:
  32.             for arg in [
  33.                 'proxy_address',
  34.                 'proxy_username',
  35.                 'proxy_password'
  36.             ]:
  37.  
  38.                 self.supportedArgs.addOptArg(arg)
  39.  
  40.     def handleList(self, confInfo):
  41. #        logging.info("type=handleList,starting")
  42.         try:
  43.             # Read Contents of myapp_traffic.conf
  44.             confDict = self.readConf("myapp_traffic")
  45.             if confDict:
  46.                 for stanza, settings in confDict.items():
  47.                     for key, val in settings.items():
  48.                         # Do not retrieve and display password
  49.                         if key == "proxy_password":
  50.                             val = ""
  51.                         confInfo[stanza].append(key, val)
  52.  
  53.         except:
  54.             logging.error("type=handleList,Failed to load from myapp_traffic.conf")
  55.  
  56.     def handleEdit(self, confInfo):
  57.         logging.info("type=handleEdit,starting")
  58.  
  59.         name = self.callerArgs.id
  60.         args = self.callerArgs
  61.         try:
  62.        
  63.             # Write changes to myapp_traffic.conf
  64.             # Ensure no null values are sent.
  65.             for arg in args :
  66. #               logging.error(arg)
  67.                 if args[arg][0] == None:
  68.                     args[arg][0] = ""
  69.  
  70.                 # Check if this is the password field
  71.                 if arg == "proxy_password":
  72.  
  73.                     # Write to password store if it is not blank
  74.                     if not (args["proxy_password"][0] == "" or args["proxy_password"][0] == None) :
  75.  
  76.                         # http://docs.splunk.com/Documentation/Splunk/6.5.1/RESTREF/RESTaccess#storage.2Fpasswords
  77.                        
  78.                         # Check if password exists
  79.                         url = splunk.getLocalServerInfo()+'/servicesNS/nobody/myapp_traffic/storage/passwords/myapp_traffic%3A' + args["proxy_username"][0] + '%3A?output_mode=json'
  80.                         r = requests.get(url=url,
  81.                             headers={'Authorization': 'Splunk ' + self.getSessionKey()},
  82.                             verify=False)
  83.                         logging.info("type=handleEdit,message=password storage query status %d" % r.status_code)
  84.                        
  85.                         if r.status_code == 200:
  86.                             # Update in password store via REST interface
  87.                             url = splunk.getLocalServerInfo()+'/servicesNS/nobody/myapp_traffic/storage/passwords/myapp_traffic%3A' + args["proxy_username"][0] + '%3A?output_mode=json'
  88.                             r = requests.post(url=url,
  89.                                 data={'password': args["proxy_password"][0]},
  90.                                 headers={'Authorization': 'Splunk ' + self.getSessionKey()},
  91.                                 verify=False)
  92.                                
  93.                             logging.info("type=handleEdit,message=password update status %d" % r.status_code)
  94.  
  95.                         else:
  96.                             # Create in password store via REST interface (Will have no effect if the user exists)
  97.                             url = splunk.getLocalServerInfo()+'/servicesNS/nobody/myapp_traffic/storage/passwords?output_mode=json'
  98.                             r = requests.post(url=url,
  99.                                 data={'name': args["proxy_username"][0], 'password': args["proxy_password"][0], 'realm': "myapp_traffic"},
  100.                                 headers={'Authorization': 'Splunk ' + self.getSessionKey()},
  101.                                 verify=False)
  102.  
  103.                             logging.info("type=handleEdit,message=password create status %d" % r.status_code)
  104.                            
  105.                     # Clear out password field so it doesn't get saved in .conf
  106.                     args["proxy_password"][0] = ""
  107.                    
  108.             # Write out data to conf file (If on a cluster this might need to talk directly to the REST endpoint instead http://docs.splunk.com/Documentation/Splunk/6.5.1/RESTREF/RESTconf)
  109.             logging.info("type=handleEdit,message=Writing conf file")
  110.             self.writeConf('myapp_traffic', 'myapp_traffic_proxy', self.callerArgs.data)                   
  111.             logging.info("type=handleEdit,message=Wrote conf file")
  112.            
  113.         except:
  114.             logging.error("type=handleEdit,Failed to load from myapp_traffic.conf")
  115.  
  116. try:
  117.     splunk.admin.init(myappApiSettingsEndpoint, splunk.admin.CONTEXT_APP_AND_USER)
  118. except Exception, e:
  119.     logging.error("type=baseCall,Unhandled exception reading configuring endpoint: %s" % detailed_exception())
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement