def _get_collection_data(self, collection_name, session_key, app, owner, scheme, host, port, **context): if not context.get('pool_connections'): context['pool_connections'] = 5 if not context.get('pool_maxsize'): context['pool_maxsize'] = 5 kvstore = rest_client.SplunkRestClient(session_key, app, owner=owner, scheme=scheme, host=host, port=port, **context).kvstore collection_name = re.sub(r'[^\w]+', '_', collection_name) try: kvstore.get(name=collection_name) except binding.HTTPError as e: if e.status != 404: raise fields = {'state': 'string'} kvstore.create(collection_name, fields=fields) collections = kvstore.list(search=collection_name) for collection in collections: if collection.name == collection_name: return collection.data else: raise KeyError('Get collection data: %s failed.' % collection_name)
def __init__(self, hec_input_name, session_key, scheme=None, host=None, port=None, hec_uri=None, hec_token=None, **context): super(HECEventWriter, self).__init__() self._session_key = session_key if not all([scheme, host, port]): scheme, host, port = get_splunkd_access_info() if hec_uri and hec_token: scheme, host, hec_port = utils.extract_http_scheme_host_port( hec_uri) else: hec_port, hec_token = self._get_hec_config(hec_input_name, session_key, scheme, host, port, **context) if not context.get('pool_connections'): context['pool_connections'] = 10 if not context.get('pool_maxsize'): context['pool_maxsize'] = 10 self._rest_client = rest_client.SplunkRestClient(hec_token, app='-', scheme=scheme, host=host, port=hec_port, **context)
def _get_collection_data(collection_name, session_key, app, owner, scheme, host, port, **context): kvstore = rest_client.SplunkRestClient(session_key, app, owner=owner, scheme=scheme, host=host, port=port, **context).kvstore collection_name = re.sub(r'[^\w]+', '_', collection_name) try: kvstore.get(name=collection_name) except binding.HTTPError as e: if e.status != 404: raise kvstore.create(collection_name) collections = kvstore.list(search=collection_name) for collection in collections: if collection.name == collection_name: return collection.data else: raise KeyError('Get collection data: %s failed.' % collection_name)
def get_collection_data( collection_name: str, session_key: str, app: str, owner: Optional[str] = None, scheme: Optional[str] = None, host: Optional[str] = None, port: Optional[Union[str, int]] = None, fields: Optional[Dict] = None, **context: Any, ) -> client.KVStoreCollectionData: """Get collection data, if there is no such collection - creates one. Arguments: collection_name: Collection name of KV Store checkpointer. session_key: Splunk access token. app: App name of namespace. owner: Owner of namespace, default is `nobody`. scheme: The access scheme, default is None. host: The host name, default is None. port: The port number, default is None. fields: Fields used to initialize the collection if it's missing. context: Other configurations for Splunk rest client. Raises: binding.HTTPError: HTTP error different from 404, for example 503 when KV Store is initializing and not ready to serve requests. KeyError: KV Store did not get collection_name. Returns: KV Store collections data instance. """ kvstore = splunk_rest_client.SplunkRestClient(session_key, app, owner=owner, scheme=scheme, host=host, port=port, **context).kvstore collection_name = re.sub(r"[^\w]+", "_", collection_name) try: kvstore.get(name=collection_name) except binding.HTTPError as e: if e.status != 404: raise fields = fields if fields is not None else {} kvstore.create(collection_name, fields=fields) collections = kvstore.list(search=collection_name) for collection in collections: if collection.name == collection_name: return collection.data else: raise KeyError(f"Get collection data: {collection_name} failed.")
def __init__(self, session_key, scheme=None, host=None, port=None, **context): self._rest_client = rest_client.SplunkRestClient(session_key, 'splunk_httpinput', scheme=scheme, host=host, port=port, **context)
def collect_events(helper, ew): helper.set_log_level("info") config_username = '******' splunk_session_key = helper.context_meta['session_key'] rest_client = src.SplunkRestClient(session_key=splunk_session_key, app='Splunk_TA_aws', owner='nobody', scheme='https', host='localhost', port=8089) aws = aws_helper(helper, rest_client) ta_creds = list( aws.get_app_credentials(splunk_session_key, "*", "Splunk_TA_aws")) incremental_sqs_definitions = aws.get_incremental_sqs_definitions() helper.log_info("Retrieved count={} credentials".format(len(ta_creds))) config_role_arn = helper.get_arg('aws_config_role_arn') aws.configure_ta_cred(config_username, config_role_arn, ta_creds) service_definition = aws.find_in_dict(incremental_sqs_definitions, 'name', 'config_audit_snapshot') service_endpoint = 'splunk_ta_aws_aws_sqs_based_s3' service_config = { "name": 'config_audit_snapshot', "aws_account": "SplunkLoader-AWS", "aws_iam_role": config_username, "interval": "60", "sqs_batch_size": "10", "s3_file_decoder": "Config", "sqs_queue_url": helper.get_arg('aws_config_sqs_url'), "sqs_queue_region": helper.get_arg('aws_config_sqs_region'), "sourcetype": "aws:config", "index": helper.get_output_index() } aws.configure_service(service_config, service_endpoint, service_definition) input_type = helper.get_input_type() event = helper.new_event(source=input_type, index=helper.get_output_index(), sourcetype=helper.get_sourcetype(), data="Finished configuring IAM Roles and inputs") ew.write_event(event) helper.log_warning("END") exit(0)
def get_session_key(username, password, scheme=None, host=None, port=None, **context): '''Get splunkd access token. :param username: The Splunk account username, which is used to authenticate the Splunk instance. :type username: ``string`` :param password: The Splunk account password. :type password: ``string`` :param scheme: (optional) The access scheme, default is None. :type scheme: ``string`` :param host: (optional) The host name, default is None. :type host: ``string`` :param port: (optional) The port number, default is None. :type port: ``integer`` :returns: Splunk session key. :rtype: ``string`` :param context: Other configurations for Splunk rest client. :type context: ``dict`` :raises CredentialException: If username/password are Invalid. Usage:: >>> credentials.get_session_key('user', 'password') ''' if any([scheme is None, host is None, port is None]): scheme, host, port = get_splunkd_access_info() uri = '{scheme}://{host}:{port}/{endpoint}'.format( scheme=scheme, host=host, port=port, endpoint='services/auth/login') _rest_client = rest_client.SplunkRestClient(None, '-', 'nobody', scheme, host, port, **context) try: response = _rest_client.http.post(uri, username=username, password=password, output_mode='json') except binding.HTTPError as e: if e.status != 401: raise raise CredentialException('Invalid username/password.') return json.loads(response.body.read())['sessionKey']
def __init__(self, session_key, app, owner='nobody', scheme=None, host=None, port=None, **context): self._rest_client = rest_client.SplunkRestClient(session_key, app, owner=owner, scheme=scheme, host=host, port=port, **context)
def get_user_capabilities(session_key, username, scheme=None, host=None, port=None, **context): '''Get user capabilities. :param session_key: Splunk access token. :type session_key: ``string`` :param username: User name of capabilities to get. :type username: ``string`` :param scheme: (optional) The access scheme, default is None. :type scheme: ``string`` :param host: (optional) The host name, default is None. :type host: ``string`` :param port: (optional) The port number, default is None. :type port: ``integer`` :param context: Other configurations for Splunk rest client. :type context: ``dict`` :returns: User capabilities. :rtype: ``list`` :raises UserNotExistException: If `username` does not exist. Usage:: >>> from solnlib import user_access >>> user_capabilities = user_access.get_user_capabilities( >>> session_key, 'test_user') ''' _rest_client = rest_client.SplunkRestClient(session_key, '-', scheme=scheme, host=host, port=port, **context) url = '/services/authentication/users/{username}'.format(username=username) try: response = _rest_client.get(url, output_mode='json').body.read() except binding.HTTPError as e: if e.status != 404: raise raise UserNotExistException('User: %s does not exist.' % username) return json.loads(response)['entry'][0]['content']['capabilities']
def get_user_capabilities( session_key: str, username: str, scheme: str = None, host: str = None, port: int = None, **context: dict, ) -> List[dict]: """Get user capabilities. Arguments: session_key: Splunk access token. scheme: (optional) The access scheme, default is None. host: (optional) The host name, default is None. port: (optional) The port number, default is None. context: Other configurations for Splunk rest client. Returns: User capabilities. Raises: UserNotExistException: If `username` does not exist. Examples: >>> from solnlib import user_access >>> user_capabilities = user_access.get_user_capabilities( >>> session_key, 'test_user') """ _rest_client = rest_client.SplunkRestClient(session_key, "-", scheme=scheme, host=host, port=port, **context) url = f"/services/authentication/users/{username}" try: response = _rest_client.get(url, output_mode="json").body.read() except binding.HTTPError as e: if e.status != 404: raise raise UserNotExistException("User: %s does not exist." % username) return json.loads(response)["entry"][0]["content"]["capabilities"]
def __init__(self, conf_file, session_key, app, owner='nobody', scheme=None, host=None, port=None, **context): try: self._conf_mgr = rest_client.SplunkRestClient( session_key, app, owner=owner, scheme=scheme, host=host, port=port, **context).confs[conf_file] except KeyError: raise ConfManagerException( 'Config file: %s does not exist.' % conf_file) self._conf_file = conf_file self._cred_mgr = CredentialManager( session_key, app, owner=owner, realm=app, scheme=scheme, host=host, port=port, **context)
def __init__(self, session_key, app, owner='nobody', realm=None, scheme=None, host=None, port=None, **context): self._realm = realm self._storage_passwords = rest_client.SplunkRestClient( session_key, app, owner=owner, scheme=scheme, host=host, port=port, **context).storage_passwords
def get_current_username(session_key, scheme=None, host=None, port=None, **context): '''Get current user name from `session_key`. :param session_key: Splunk access token. :type session_key: ``string`` :param scheme: (optional) The access scheme, default is None. :type scheme: ``string`` :param host: (optional) The host name, default is None. :type host: ``string`` :param port: (optional) The port number, default is None. :type port: ``integer`` :param context: Other configurations for Splunk rest client. :type context: ``dict`` :returns: Current user name. :rtype: ``string`` :raises InvalidSessionKeyException: If `session_key` is invalid. Usage:: >>> from solnlib import user_access >>> user_name = user_access.get_current_username(session_key) ''' _rest_client = rest_client.SplunkRestClient(session_key, '-', scheme=scheme, host=host, port=port, **context) try: response = _rest_client.get('/services/authentication/current-context', output_mode='json').body.read() except binding.HTTPError as e: if e.status != 401: raise raise InvalidSessionKeyException('Invalid session key.') return json.loads(response)['entry'][0]['content']['username']
def get_current_username( session_key: str, scheme: str = None, host: str = None, port: int = None, **context: dict, ) -> str: """Get current user name from `session_key`. Arguments: session_key: Splunk access token. scheme: (optional) The access scheme, default is None. host: (optional) The host name, default is None. port: (optional) The port number, default is None. context: Other configurations for Splunk rest client. Returns: Current user name. Raises: InvalidSessionKeyException: If `session_key` is invalid. Examples: >>> from solnlib import user_access >>> user_name = user_access.get_current_username(session_key) """ _rest_client = rest_client.SplunkRestClient(session_key, "-", scheme=scheme, host=host, port=port, **context) try: response = _rest_client.get("/services/authentication/current-context", output_mode="json").body.read() except binding.HTTPError as e: if e.status != 401: raise raise InvalidSessionKeyException("Invalid session key.") return json.loads(response)["entry"][0]["content"]["username"]
def __init__(self, splunk_info, appname, owner='nobody'): ''' :param splunk_info: `SplunkInfo` object :param appname: application/addon name :param owner: owner of the configuration, 'nobody' means globally shared ''' self.appname = appname self.owner = owner self.splunk_info = splunk_info session_key = get_session_key(splunk_info) scheme, host, port = sutils.extract_http_scheme_host_port( splunk_info.mgmt_uri) self.rest_client = src.SplunkRestClient(session_key=session_key, app=appname, owner=owner, scheme=scheme, host=host, port=port)
def __init__(self, session_key: str, scheme: Optional[str] = None, host: Optional[str] = None, port: Optional[int] = None, **context: Any): """Initializes ServerInfo. Arguments: session_key: Splunk access token. scheme: The access scheme, default is None. host: The host name, default is None. port: The port number, default is None. context: Other configurations for Splunk rest client. """ self._rest_client = rest_client.SplunkRestClient(session_key, "-", scheme=scheme, host=host, port=port, **context)
def __init__(self, session_key, app, owner='nobody', scheme=None, host=None, port=None, **context): self._session_key = session_key self._app = app self._owner = owner self._scheme = scheme self._host = host self._port = port self._context = context self._rest_client = rest_client.SplunkRestClient(self._session_key, self._app, owner=self._owner, scheme=self._scheme, host=self._host, port=self._port, **self._context) self._confs = None
def collect_events(helper, ew): from pprint import pformat helper.set_log_level("info") # helper.rest_helper.send_http_request # splunk_session_key = helper.context_meta['session_key'] rest_client = src.SplunkRestClient( session_key=splunk_session_key, app='Splunk_TA_aws', owner='nobody', scheme='https', host='localhost', port=8089) aws = aws_helper(helper, rest_client) ta_creds = list(aws.get_app_credentials(splunk_session_key, "*", "Splunk_TA_aws")) description_definitions = get_description_definitions(helper, rest_client) helper.log_info("Retrieved count={} credentials".format(len(ta_creds))) assumed_session = aws.aws_session(role_arn=helper.get_global_setting("root_org_role_arn"), session_name='org_lookup') org_accounts = aws.get_orgs(assumed_session) #check for any configs that are no longer in the org list...to detect deleted roles/accounts for description_definition in description_definitions: description_name = description_definition['name'] if "_audit" in description_name: description_accountid = description_name.replace("_audit","") if not description_accountid in [org_account['Id'] for org_account in org_accounts]: helper.log_info("Account not found but description exists! account={}".format(description_accountid)) rest_client.delete("splunk_ta_aws_aws_description/{}".format("{}_audit".format(description_accountid)), owner='nobody', app='Splunk_TA_aws', output_mode='json') for org_account in org_accounts: role_name = helper.get_arg('aws_description_role_name') cred_arn = "arn:aws:iam::{}:role/{}".format(org_account['Id'], role_name) cred_name = "{}_audit".format(org_account['Id']) aws.configure_ta_cred(cred_name, cred_arn, ta_creds) helper.log_info("Checking if aws_account_id={} has role={} configured".format(org_account['Id'], role_name)) # Setup description service_definition = aws.find_in_dict(description_definitions, 'name', cred_name) service_endpoint = 'splunk_ta_aws_aws_description' # s3_buckets/42300, # cloudfront_distributions/42300, service_config = { "name": cred_name, "account": "SplunkLoader-AWS", "aws_iam_role": cred_name, "regions": "ap-northeast-1,ap-northeast-2,ap-south-1,ap-southeast-1,ap-southeast-2,ca-central-1,eu-central-1,eu-west-1,eu-west-2,sa-east-1,us-east-1,us-east-2,us-west-1,us-west-2", "apis": "ec2_volumes/42300,ec2_instances/42300,ec2_reserved_instances/42300,ebs_snapshots/42300,classic_load_balancers/42300,application_load_balancers/42300,vpcs/42300,vpc_network_acls/42300,vpc_subnets/42300,rds_instances/42300,ec2_key_pairs/42300,ec2_security_groups/42300,ec2_images/42300,ec2_addresses/42300,lambda_functions/42300,iam_users/3600", "sourcetype": "aws:description", "index": helper.get_output_index() } aws.configure_service(service_config, service_endpoint, service_definition) input_type = helper.get_input_type() event = helper.new_event(source=input_type, index=helper.get_output_index(), sourcetype=helper.get_sourcetype(), data="Finished configuring IAM Roles and description") ew.write_event(event) helper.log_warning("END") exit(0)