def __init__(self,
hec_input_name,
session_key,
scheme=None,
host=None,
port=None,
hec_uri=None,
hec_token=None,
**context):
super(HECEventWriter, self).__init__()
self._session_key = session_key
if not all([scheme, host, port]):
scheme, host, port = get_splunkd_access_info()
if hec_uri and hec_token:
scheme, host, hec_port = utils.extract_http_scheme_host_port(
hec_uri)
else:
hec_port, hec_token = self._get_hec_config(hec_input_name,
session_key, scheme,
host, port, **context)
if not context.get('pool_connections'):
context['pool_connections'] = 10
if not context.get('pool_maxsize'):
context['pool_maxsize'] = 10
self._rest_client = rest_client.SplunkRestClient(hec_token,
app='-',
scheme=scheme,
host=host,
port=hec_port,
**context)
def test_get_splunkd_access_info(monkeypatch):
common.mock_splunkhome(monkeypatch)
scheme, host, port = splunkenv.get_splunkd_access_info()
assert scheme == "https"
assert host == "127.0.0.1"
assert port == 8089
def process_event(helper, *args, **kwargs):
"""Process events."""
# Using message() instead of log_info() to prevent the status of Adaptive action to be set
# before completion of Adaptive Response.
helper.message("Alert action launch_notebook started.", level=logging.INFO)
start_time = time.time()
notebook_path = helper.get_param("notebook_path")
revision_timestamp = helper.get_param("revision_timestamp")
notebook_parameters = helper.get_param("notebook_parameters")
cluster_name = helper.get_param("cluster_name")
if not (notebook_path and notebook_path.strip()):
helper.log_error(
"Notebook path is a required parameter which is not provided.")
exit(1)
search_string = "|databricksrun notebook_path=\"" + notebook_path.strip(
) + "\""
if revision_timestamp:
search_string = search_string + " revision_timestamp=\"" + revision_timestamp.strip(
) + "\""
if notebook_parameters:
search_string = search_string + " notebook_params=\"" + notebook_parameters.strip(
) + "\""
if cluster_name:
search_string = search_string + " cluster=\"" + cluster_name.strip(
) + "\""
try:
if helper.action_mode == "adhoc":
sid = helper.orig_sid
rid = helper.orig_rid
else:
sid = helper.sid
rid = helper.settings.get("rid")
identifier = "{}:{}".format(rid, sid)
search_string = search_string + " identifier=\"" + identifier + "\""
# Using message() instead of log_info() to prevent the status of Adaptive action to be set
# before completion of Adaptive Response.
helper.message("Search query: {}".format(search_string),
level=logging.INFO)
_, host, mgmt_port = get_splunkd_access_info()
service = client.connect(host=host,
port=mgmt_port,
app=APP_NAME,
token=helper.session_key)
search_kwargs = {"exec_mode": "blocking"}
search_job = service.jobs.create(search_string,
**search_kwargs) # noqa F841
except Exception as e:
helper.log_error(e)
helper.log_error(
"Error occured for launch_notebook alert action. {}".format(
traceback.format_exc()))
exit(1)
helper.log_info(
"Exiting alert action. Time taken: {} seconds.".format(time.time() -
start_time))
return 0
def generate(self):
"""Generate method of Generating Command."""
try:
_LOGGER.info("Initiating databricksretiredrun command.")
if False:
yield
current_time = datetime.utcnow()
if not any((self.days, self.run_id, self.user)):
msg = "No parameters provided. Please provide at least one of the parameters"
self.write_error(msg)
_LOGGER.error(msg)
exit(1)
conditions_list = []
if self.days:
lastcreatedtime = (
current_time
- timedelta(
days=self.days,
hours=current_time.hour,
minutes=current_time.minute,
seconds=current_time.second,
microseconds=current_time.microsecond,
)
).timestamp()
lastcreated_dict = {"created_time": {"$lt": lastcreatedtime}}
conditions_list.append(lastcreated_dict)
if self.run_id and self.run_id.strip():
run_id_dict = {"run_id": self.run_id.strip()}
conditions_list.append(run_id_dict)
if self.user and self.user.strip():
user_dict = {"user": self.user.strip()}
conditions_list.append(user_dict)
endpoint_query = {"$and": conditions_list}
_, host, mgmt_port = get_splunkd_access_info()
session_key = self.search_results_info.auth_token
service = connect(app=const.APP_NAME, owner="nobody",
port=mgmt_port, token=session_key)
if const.KV_COLLECTION_NAME_SUBMIT_RUN not in self.service.kvstore:
msg = "Could not find collection {}.".format(const.KV_COLLECTION_NAME_SUBMIT_RUN)
self.write_error(msg)
raise Exception(msg)
collection = service.kvstore[const.KV_COLLECTION_NAME_SUBMIT_RUN]
_LOGGER.info("Deleting retired run details from databricks_submit_run_log...")
# Responsible to delete data from the databricks_submit_run_log lookup
query = json.dumps(endpoint_query)
collection.data.delete(query)
except Exception as e:
_LOGGER.error(e)
_LOGGER.error(traceback.format_exc())
_LOGGER.info("Time taken - {} seconds.".format((datetime.utcnow() - current_time).total_seconds()))
_LOGGER.info("Completed the execution of databricksretiredrun command")
def get_session_key(username,
password,
scheme=None,
host=None,
port=None,
**context):
'''Get splunkd access token.
:param username: The Splunk account username, which is used to
authenticate the Splunk instance.
:type username: ``string``
:param password: The Splunk account password.
:type password: ``string``
:param scheme: (optional) The access scheme, default is None.
:type scheme: ``string``
:param host: (optional) The host name, default is None.
:type host: ``string``
:param port: (optional) The port number, default is None.
:type port: ``integer``
:returns: Splunk session key.
:rtype: ``string``
:param context: Other configurations for Splunk rest client.
:type context: ``dict``
:raises CredentialException: If username/password are Invalid.
Usage::
>>> credentials.get_session_key('user', 'password')
'''
if any([scheme is None, host is None, port is None]):
scheme, host, port = get_splunkd_access_info()
uri = '{scheme}://{host}:{port}/{endpoint}'.format(
scheme=scheme, host=host, port=port, endpoint='services/auth/login')
_rest_client = rest_client.SplunkRestClient(None, '-', 'nobody', scheme,
host, port, **context)
try:
response = _rest_client.http.post(uri,
username=username,
password=password,
output_mode='json')
except binding.HTTPError as e:
if e.status != 401:
raise
raise CredentialException('Invalid username/password.')
return json.loads(response.body.read())['sessionKey']
def query_queue_attributes(
session_key,
aws_account,
aws_iam_role,
region_name,
sqs_queue_url,
):
scheme, host, port = get_splunkd_access_info()
service = Service(scheme=scheme, host=host, port=port, token=session_key)
config = ConfigManager(service)
factory = AWSCredentialsProviderFactory(config)
provider = factory.create(aws_account, aws_iam_role)
credentials_cache = AWSCredentialsCache(provider)
client = credentials_cache.client('sqs', region_name)
queue = SQSQueue(sqs_queue_url, region_name)
return queue.get_attributes(client)
def _list_rules(self, conf_info):
aws_account = self.callerArgs.data['aws_account'][0]
aws_iam_role = self.callerArgs.data.get('aws_iam_role', [None])[0]
region_name = self.callerArgs.data['aws_region'][0]
scheme, host, port = get_splunkd_access_info()
service = Service(scheme=scheme,
host=host,
port=port,
token=self.getSessionKey())
config = ConfigManager(service)
factory = AWSCredentialsProviderFactory(config)
provider = factory.create(aws_account, aws_iam_role)
credentials_cache = AWSCredentialsCache(provider)
client = credentials_cache.client('config', region_name)
all_rules = []
next_token = ""
while 1:
try:
response = client.describe_config_rules(NextToken=next_token)
except Exception as e:
logger.error('Failed to describe config rules')
msg = str(e.message)
logger.error(msg)
raise RestError(400, 'Failed to describe config rules: ' + msg)
if not tacommon.is_http_ok(response):
logger.error("Failed to describe config rules, errorcode=%s",
tacommon.http_code(response))
return
rules = response.get("ConfigRules")
if not rules:
break
all_rules.extend(rule["ConfigRuleName"] for rule in rules)
next_token = response.get("NextToken")
if not next_token:
break
for rule in all_rules:
conf_info[rule].append("rule_names", rule)
def __init__(self,
session_key,
app,
owner='nobody',
scheme=None,
host=None,
port=None,
**context):
if not all([scheme, host, port]):
scheme, host, port = get_splunkd_access_info()
handler = _request_handler(context)
super(SplunkRestClient, self).__init__(handler=handler,
scheme=scheme,
host=host,
port=port,
token=session_key,
app=app,
owner=owner,
autologin=True)
def _list_queues(self):
aws_account = self.callerArgs.data['aws_account'][0]
aws_iam_role = self.callerArgs.data.get('aws_iam_role', [None])[0]
region_name = self.callerArgs.data['aws_region'][0]
scheme, host, port = get_splunkd_access_info()
service = Service(scheme=scheme,
host=host,
port=port,
token=self.getSessionKey())
config = ConfigManager(service)
factory = AWSCredentialsProviderFactory(config)
provider = factory.create(aws_account, aws_iam_role)
credentials_cache = AWSCredentialsCache(provider)
client = credentials_cache.client('sqs', region_name)
try:
queues = client.list_queues()
if 'QueueUrls' in queues:
return queues['QueueUrls']
else:
return []
except ClientError as exc:
RestHandlerError.ctl(400, msgx=exc)
# SPDX-FileCopyrightText: 2020 2020 # # SPDX-License-Identifier: Apache-2.0 import sys import os.path as op sys.path.insert(0, op.dirname(op.dirname(op.abspath(__file__)))) from solnlib.splunkenv import get_splunkd_access_info owner = "nobody" app = "solnlib_demo" username = "******" password = "******" scheme, host, port = get_splunkd_access_info()