def insert(self, obj):
"""Insert a new API.
Parameters
----------
obj : dict
The new API
"""
try:
self.logger.debug("bin.db: Inserting API.")
kvstoreUri = self.kvstoreUri + '?output_mode=json'
result = self.session.post(kvstoreUri,
data=obj,
headers={
"Authorization":
"Splunk %s" %
splunk.getSessionKey(),
"Content-Type":
"application/json"
},
verify=False).json()
if not '_key' in result:
raise Exception('Format error when inserting object.')
key = result['_key']
return key
except Exception as e:
self.logger.error("Error inserting in DB module: %s" % (e))
raise e
def open(hostname=None,
source=None,
sourcetype=None,
index=None,
type='http',
sessionKey=None,
host_regex=None,
host_segment=None):
"""
the interface to the 'stream' receivers endpoint
"""
#construct the uri to POST to
base_uri = splunk.mergeHostPath()
postargs = {'source': source, 'sourcetype': sourcetype, 'index': index}
if host_regex:
postargs['host_regex'] = host_regex
elif host_segment:
postargs['host_segment'] = host_segment
elif hostname:
postargs['host'] = hostname
endpoint = '/services/receivers/stream?%s' % urlencode(postargs)
#get default session key. If none exists, the rest call will raise a splunk.AuthenticationFailed exception
if not sessionKey:
sessionKey = splunk.getSessionKey()
(proto, host_colon_port) = base_uri.split("://", 1)
return StreamHandler(host_colon_port, endpoint, sessionKey, type,
proto != 'http')
def remove(self, _key):
"""Remove an API.
Parameters
----------
obj : dict
The API to be removed.
"""
try:
self.logger.debug("bin.db: Removing API.")
if not _key:
raise Exception('Missing ID in remove DB module')
kvstoreUri = self.kvstoreUri + '/' + str(
_key) + '?output_mode=json'
result = self.session.delete(kvstoreUri,
headers={
"Authorization":
"Splunk %s" %
splunk.getSessionKey(),
"Content-Type":
"application/json"
},
verify=False)
if result.status_code == 200:
parsed_result = jsonbak.dumps({'data': 'API removed.'})
else:
msg = jsonbak.loads(result.text)
text = msg['messages'][0]['text']
raise Exception(text)
return parsed_result
except Exception as e:
self.logger.error("Error removing an API in DB module: %s" % (e))
raise e
def update_job(self, job, session_key=False):
"""Update an already inserted API.
Parameters
----------
obj : dict
The API to edit.
"""
try:
self.logger.debug("bin.jobs_queue: Updating job.")
if not '_key' in job:
raise Exception('Missing Key')
id = job['_key']
del job['_key']
job = jsonbak.dumps(job)
kvstoreUri = self.kvstoreUri+'/'+id+'?output_mode=json'
auth_key = session_key if session_key else splunk.getSessionKey()
result = self.session.post(kvstoreUri, data=job, headers={
"Authorization": "Splunk %s" % auth_key, "Content-Type": "application/json"}, verify=False).json()
if '_key' in result.keys() and result['_key'] == id:
return 'Job updated.'
else:
raise Exception('Job cannot be updated.')
except Exception as e:
self.logger.error("bin.jobs_queu: Error updating in JobsQueue module: %s" % (e))
raise e
def remove_job(self, _key, session_key=False):
"""Remove an API.
Parameters
----------
obj : dict
The API to be removed.
"""
try:
self.logger.debug("bin.jobs_queue: Removing job.")
if not _key:
raise Exception('Missing ID in remove JobQueue module')
kvstoreUri = self.kvstoreUri+'/'+str(_key)+'?output_mode=json'
auth_key = session_key if session_key else splunk.getSessionKey()
result = self.session.delete(kvstoreUri, headers={
"Authorization": "Splunk %s" % auth_key, "Content-Type": "application/json"}, verify=False)
if result.status_code == 200:
return 'Job removed.'
else:
msg = jsonbak.loads(result.text)
text = msg['messages'][0]['text']
raise Exception(text)
except Exception as e:
self.logger.error("bin.jobs_queu: Error removing a Job in JobsQueue module: %s" % (e))
raise e
def update(self, obj):
"""Update an already inserted API.
Parameters
----------
obj : dict
The API to edit.
"""
try:
self.logger.debug("bin.db: Updating API.")
if not '_key' in obj:
raise Exception('Missing Key')
id = obj['_key']
del obj['_key']
obj = jsonbak.dumps(obj)
kvstoreUri = self.kvstoreUri + '/' + id + '?output_mode=json'
result = self.session.post(kvstoreUri,
data=obj,
headers={
"Authorization":
"Splunk %s" %
splunk.getSessionKey(),
"Content-Type":
"application/json"
},
verify=False).json()
parsed_result = jsonbak.dumps({'data': result})
return parsed_result
except Exception as e:
self.logger.error("Error updating in DB module: %s" % (e))
raise e
def rulethresholds(self, **kwargs):
try:
if cherrypy.request.method == 'POST':
localServerInfo = urlparse(splunk.getLocalServerInfo())
host, port = localServerInfo.netloc.split(':')
splunk_url = localServerInfo.scheme + host + ':' + port
user_id = cherrypy.session['user']['id']
username = cherrypy.session['user']['name']
session_key = splunk.getSessionKey()
rule = json.loads(cherrypy.request.body.read())
rule_definitions = read_file_contents(LOOKUP_FILE_PATH)
try:
check_rule_threshold_types(rule, rule_definitions)
except Exception as exc:
raise Exception(
"Error checking rule (rule: '{rule}') (cause: '{cause}')"
.format(rule=repr(rule), cause=str(exc)))
try:
write_threshold_macro_values(rule)
except Exception as exc:
raise Exception(
"Error updating macros.conf file (cause: '{cause}')".
format(cause=str(exc)))
try:
written_rule = write_threshold_lookup_values(
rule, rule_definitions)
except Exception as exc:
raise Exception(
"Error updating rule_thresholds.csv file (cause: '{cause}')"
.format(cause=str(exc)))
if len(written_rule['thresholds']) > 0:
try:
write_user_actions_values(written_rule, user_id,
username)
except Exception as exc:
raise Exception(
"Error writing user action parameters to file (cause: '{cause}')"
.format(cause=str(exc)))
try:
run_saved_searches(written_rule, splunk_url, username,
session_key)
except Exception as exc:
raise Exception(
"Error running saved searches (cause: '{cause}')".
format(cause=str(exc)))
cherrypy.response.status = 200
return json.dumps({'status': 'OK'})
except Exception as exc:
cherrypy.response.status = 500
logger.exception("Error (traceback.format_exc() = '%s')",
traceback.format_exc())
return json.dumps({'status': 'error', 'message': str(exc)})
def get_service():
localServerInfo = urlparse(splunk.getLocalServerInfo())
host, port = localServerInfo.netloc.split(':')
return splunklib.client.Service(host=host,
port=port,
scheme=localServerInfo.scheme,
owner='-',
app=SPLUNK_APP,
token=splunk.getSessionKey())
def __init__(self):
self.logger = log()
self.session = requestsbak.Session()
self.session.trust_env = False
self.kvstoreUri = entity.buildEndpoint(
entityClass=["storage", "collections", "data"],
entityName="credentials",
owner="nobody",
namespace="SplunkAppForWazuh",
hostPath=rest.makeSplunkdUri().strip("/"))
self.sessionKey = splunk.getSessionKey()
def __get_session_key__(session_key=None, thrown_exception=True):
# Try to get the session key if not provided
if session_key is None:
import splunk
session_key, sessionSource = splunk.getSessionKey(return_source=True)
# Do not continue if we could not get a session key and the caller wants us to thrown an exception
if session_key is None and thrown_exception:
raise splunk.AuthenticationFailed("Could not obtain a session key")
# Return the session key
return session_key
def __init__(self):
"""Constructor."""
try:
self.logger = log()
self.session = requestsbak.Session()
self.session.trust_env = False
self.kvstoreUri = entity.buildEndpoint(
entityClass=["storage", "collections", "data"],
entityName="jobs",
owner="nobody",
namespace="SplunkAppForWazuh",
hostPath=rest.makeSplunkdUri().strip("/")
)
self.sessionKey = splunk.getSessionKey()
except Exception as e:
self.logger.error("bin.jobs_queu: Error in queue module constructor: %s" % (e))
def all(self, session_key=False):
try:
self.logger.debug("bin.db: Getting all APIs .")
kvstoreUri = self.kvstoreUri + '?output_mode=json'
auth_key = session_key if session_key else splunk.getSessionKey()
result = self.session.get(kvstoreUri,
headers={
"Authorization":
"Splunk %s" % auth_key,
"Content-Type": "application/json"
},
verify=False).json()
return jsonbak.dumps(result)
except Exception as e:
self.logger.error(
'Error returning all API rows in DB module: %s ' % (e))
return jsonbak.dumps({"error": str(e)})
def rulethresholds(self, **kwargs):
try:
if cherrypy.request.method == 'POST':
localServerInfo = urlparse(splunk.getLocalServerInfo())
host, port = localServerInfo.netloc.split(':')
splunk_url = localServerInfo.scheme + host + ':' + port
user_id = cherrypy.session['user']['id']
username = cherrypy.session['user']['name']
session_key = splunk.getSessionKey()
rule = json.loads(cherrypy.request.body.read())
rule_definitions = read_file_contents(LOOKUP_FILE_PATH)
try:
check_rule_threshold_types(rule, rule_definitions)
except Exception as exc:
raise Exception("Error checking rule (rule: '{rule}') (cause: '{cause}')".format(rule = repr(rule), cause = str(exc)))
try:
write_threshold_macro_values(rule)
except Exception as exc:
raise Exception("Error updating macros.conf file (cause: '{cause}')".format(cause = str(exc)))
try:
written_rule = write_threshold_lookup_values(rule, rule_definitions)
except Exception as exc:
raise Exception("Error updating rule_thresholds.csv file (cause: '{cause}')".format(cause = str(exc)))
if len(written_rule['thresholds']) > 0:
try:
write_user_actions_values(written_rule, user_id, username)
except Exception as exc:
raise Exception("Error writing user action parameters to file (cause: '{cause}')".format(cause = str(exc)))
try:
run_saved_searches(written_rule, splunk_url, username, session_key)
except Exception as exc:
raise Exception("Error running saved searches (cause: '{cause}')".format(cause = str(exc)))
cherrypy.response.status = 200
return json.dumps({'status': 'OK'})
except Exception as exc:
cherrypy.response.status = 500
logger.exception("Error (traceback.format_exc() = '%s')", traceback.format_exc())
return json.dumps({'status': 'error', 'message': str(exc)})
def get(self, id, session_key=False):
try:
self.logger.debug("bin.db: Getting an API.")
if not id:
raise Exception('Missing ID')
kvstoreUri = self.kvstoreUri + '/' + id + '?output_mode=json'
auth_key = session_key if session_key else splunk.getSessionKey()
result = self.session.get(kvstoreUri,
headers={
"Authorization":
"Splunk %s" % auth_key,
"Content-Type": "application/json"
},
verify=False).json()
parsed_result = jsonbak.dumps({'data': result})
except Exception as e:
self.logger.error("Error getting an API in DB module : %s" % (e))
raise e
return parsed_result
def open(hostname=None, source=None, sourcetype=None, index=None, type='http', sessionKey=None, host_regex=None, host_segment=None):
"""
the interface to the 'stream' receivers endpoint
"""
#construct the uri to POST to
base_uri = splunk.mergeHostPath()
postargs = {'source': source, 'sourcetype' : sourcetype, 'index':index}
if host_regex:
postargs['host_regex'] = host_regex
elif host_segment:
postargs['host_segment'] = host_segment
elif hostname:
postargs['host'] = hostname
endpoint = '/services/receivers/stream?%s' % urlencode(postargs)
#get default session key. If none exists, the rest call will raise a splunk.AuthenticationFailed exception
if not sessionKey:
sessionKey = splunk.getSessionKey()
( proto, host_colon_port ) = base_uri.split("://", 1);
return StreamHandler(host_colon_port, endpoint, sessionKey, type, proto != 'http')
def insert_job(self, job, session_key=False):
"""Insert a job.
Parameters
----------
dic : job
The job information
str : session_key
The authorized session key
"""
try:
self.logger.debug("bin.jobs_queu: Inserting job.")
kvstoreUri = self.kvstoreUri+'?output_mode=json'
auth_key = session_key if session_key else splunk.getSessionKey()
job = jsonbak.dumps(job)
result = self.session.post(kvstoreUri, data=job, headers={
"Authorization": "Splunk %s" % auth_key, "Content-Type": "application/json"}, verify=False).json()
return jsonbak.dumps(result)
except Exception as e:
self.logger.error('bin.jobs_queu: Error inserting a job in JobsQueue module: %s ' % (e))
return jsonbak.dumps({"error": str(e)})
def get_jobs(self, session_key=False):
"""Get all jobs.
Parameters
----------
str : session_key
The authorized session key
"""
try:
self.logger.debug("bin.jobs_queue: Getting all jobs.")
kvstoreUri = self.kvstoreUri+'?output_mode=json'
auth_key = session_key if session_key else splunk.getSessionKey()
result = self.session.get(kvstoreUri, headers={
"Authorization": "Splunk %s" % auth_key, "Content-Type": "application/json"}, verify=False).json()
if 'messages' in result:
r = result['messages'][0]
if r['type'] == 'ERROR' and r['text'] == 'KV Store is initializing. Please try again later.':
result = []
return jsonbak.dumps(result)
except Exception as e:
self.logger.error('bin.jobs_queu: Error getting the jobs queue in JobsQueue module: %s ' % (e))
raise e
def get_service():
localServerInfo = urlparse(splunk.getLocalServerInfo())
host, port = localServerInfo.netloc.split(':')
return splunklib.client.Service(host = host, port = port, scheme = localServerInfo.scheme, owner = '-', app = SPLUNK_APP, token = splunk.getSessionKey())
def simpleRequest(path, sessionKey=None, getargs=None, postargs=None, method='GET', raiseAllErrors=False,
proxyMode=False, rawResult=False,
timeout=None, jsonargs=None):
"""
Makes an HTTP call to the main splunk REST endpoint
path: the URI to fetch
If given a relative URI, then the method will normalize to the splunkd
default of "/services/...".
If given an absolute HTTP(S) URI, then the method will use as-is.
If given a 'file://' URI, then the method will attempt to read the file
from the local filesystem. Only files under $SPLUNK_HOME are supported,
so paths are 'chrooted' from $SPLUNK_HOME.
getargs: dict of k/v pairs that are always appended to the URL
postargs: dict of k/v pairs that get placed into the body of the
request. If postargs is provided, then the HTTP method is auto
assigned to POST.
method: the HTTP verb - [GET | POST | DELETE | PUT]
raiseAllErrors: indicates if the method should raise an exception
if the server HTTP response code is >= 400
rawResult: don't raise an exception if a non 200 response is received;
return the actual response
timeout: if not set, will default to SPLUNKD_CONNECTION_TIMEOUT
forceContentType: optionally supply the value for the Content-Type header
to be set when sending the request to splunkd
Return:
This method will return a tuple of (serverResponse, serverContent)
serverResponse: a dict of HTTP status information
serverContent: the body content
"""
if timeout is None:
timeout = SPLUNKD_CONNECTION_TIMEOUT
# if absolute URI, pass along as-is
if path.startswith('http'):
uri = path
# if file:// protocol, try to read file and return
# the serverStatus is just an empty dict; file contents are in serverResponse
# TODO: this probably doesn't work in windows
elif path.startswith('file://'):
workingPath = path[7:].strip(os.sep)
lines = util.readSplunkFile(workingPath)
return ({}, ''.join(lines))
else:
# prepend convenience root path
if not path.startswith(REST_ROOT_PATH): path = REST_ROOT_PATH + '/' + path.strip('/')
# setup args
host = splunk.getDefault('host')
if ':' in host:
host = '[%s]' % host
uri = '%s://%s:%s/%s' % \
(splunk.getDefault('protocol'), host, splunk.getDefault('port'), path.strip('/'))
if getargs:
getargs = dict([(k,v) for (k,v) in getargs.items() if v != None])
uri += '?' + util.urlencodeDict(getargs)
payload = ''
if postargs or jsonargs and method in ('GET', 'POST', 'PUT'):
if method == 'GET':
method = 'POST'
if jsonargs:
# if a JSON body was given, use it for the payload and ignore the postargs
payload = jsonargs
else:
payload = util.urlencodeDict(postargs)
# proxy mode bypasses all header passing
headers = {}
sessionSource = 'direct'
if not proxyMode:
headers['Content-Type'] = 'application/x-www-form-urlencoded'
headers['Content-Length'] = str(len(payload))
# get session key from known places: first the appserver session, then
# the default instance cache
if not sessionKey:
sessionKey, sessionSource = splunk.getSessionKey(return_source=True)
headers['Authorization'] = 'Splunk %s' % sessionKey
#
# make request
#
if logger.level <= logging.DEBUG:
if uri.lower().find('login') > -1:
logpayload = '[REDACTED]'
else:
logpayload = payload
#logger.debug('simpleRequest >>>\n\tmethod=%s\n\turi=%s\n\tbody=%s' % (method, uri, logpayload))
logger.debug('simpleRequest > %s %s [%s] sessionSource=%s timeout=%s' % (method, uri, logpayload, sessionSource, timeout))
t1 = time.time()
# Add wait and tries to check if the HTTP server is up and running
tries = 4
wait = 10
try:
import httplib2
for aTry in range(tries):
h = httplib2.Http(timeout=timeout, disable_ssl_certificate_validation=True)
if getWebKeyFile() and getWebCertFile():
h.add_certificate(getWebKeyFile(), getWebCertFile(), '')
serverResponse, serverContent = h.request(uri, method, headers=headers, body=payload)
if serverResponse == None:
if aTry < tries:
time.sleep(wait)
else:
break
except socket.error, e:
logger.error('Socket error communicating with splunkd (error=%s), path = %s' % (str(e), path))
raise splunk.SplunkdConnectionException, 'Error connecting to %s: %s' % (path, str(e))
def streamingRequest(path, sessionKey=None, getargs=None, postargs=None, method='GET', timeout=None):
"""
A streaming counterpart to simpleRequest
Returns an instance of StreamingResponse which has a readall() method
that will return a generator to stream a response from splundk rather than buffering
it in memory
"""
if timeout is None:
timeout = SPLUNKD_CONNECTION_TIMEOUT
# if absolute URI, pass along as-is
if path.startswith('http'):
uri = path
parsedUri = urlsplit(uri)
host = parsedUri.hostname
path = parsedUri.path
port = parsedUri.port
else:
# prepend convenience root path
if not path.startswith(REST_ROOT_PATH): path = REST_ROOT_PATH + '/' + path.strip('/')
# setup args
host = splunk.getDefault('host')
port = splunk.getDefault('port')
urihost = '[%s]' % host if ':' in host else host
uri = '%s://%s:%s/%s' % \
(splunk.getDefault('protocol'), urihost, port, path.strip('/'))
if getargs:
getargs = dict([(k,v) for (k,v) in getargs.items() if v != None])
querystring = '?' + util.urlencodeDict(getargs)
uri += querystring
path += querystring
isssl = uri.startswith('https:')
headers = {}
sessionSource = 'direct'
# get session key from known places: first the appserver session, then
# the default instance cache
if not sessionKey:
sessionKey, sessionSource = splunk.getSessionKey(return_source=True)
headers['Authorization'] = 'Splunk %s' % sessionKey
payload = ''
if postargs and method in ('GET', 'POST', 'PUT'):
if method == 'GET':
method = 'POST'
payload = util.urlencodeDict(postargs)
#
# make request
#
if logger.level <= logging.DEBUG:
if uri.lower().find('login') > -1:
logpayload = '[REDACTED]'
else:
logpayload = payload
logger.debug('streamingRequest > %s %s [%s] sessionSource=%s' % (method, uri, logpayload, sessionSource))
t1 = time.time()
logger.debug('streamingRequest opening connection to host=%s path=%s method=%s postargs=%s payload=%s' % (host, path, method, postargs, payload))
try:
conn = httplib.HTTPSConnection(host, port, getWebKeyFile(), getWebCertFile(), False, timeout) if isssl else httplib.HTTPConnection(host, port, False, timeout)
conn.connect()
conn.putrequest(method, path)
for key, val in headers.items():
conn.putheader(key, val)
if payload:
conn.putheader('Content-Type', 'application/x-www-form-urlencoded')
conn.putheader('Content-Length', str(len(payload)))
conn.endheaders()
conn.send(payload)
else:
conn.endheaders()
response = conn.getresponse()
except socket.error, e:
logger.error('Socket error communicating with splunkd (error=%s), path = %s' % (str(e), path))
raise splunk.SplunkdConnectionException, 'Error connecting to %s: %s' % (path, str(e))
def simpleRequest(path, sessionKey=None, getargs=None, postargs=None, method='GET', raiseAllErrors=False, proxyMode=False, rawResult=False, timeout=SPLUNKD_CONNECTION_TIMEOUT):
"""
Makes an HTTP call to the main splunk REST endpoint
path: the URI to fetch
If given a relative URI, then the method will normalize to the splunkd
default of "/services/...".
If given an absolute HTTP(S) URI, then the method will use as-is.
If given a 'file://' URI, then the method will attempt to read the file
from the local filesystem. Only files under $SPLUNK_HOME are supported,
so paths are 'chrooted' from $SPLUNK_HOME.
getargs: dict of k/v pairs that are always appended to the URL
postargs: dict of k/v pairs that get placed into the body of the
request. If postargs is provided, then the HTTP method is auto
assigned to POST.
method: the HTTP verb - [GET | POST | DELETE | PUT]
raiseAllErrors: indicates if the method should raise an exception
if the server HTTP response code is >= 400
rawResult: don't raise an exception if a non 200 response is received;
return the actual response
Return:
This method will return a tuple of (serverResponse, serverContent)
serverResponse: a dict of HTTP status information
serverContent: the body content
"""
# if absolute URI, pass along as-is
if path.startswith('http'):
uri = path
# if file:// protocol, try to read file and return
# the serverStatus is just an empty dict; file contents are in serverResponse
# TODO: this probably doesn't work in windows
elif path.startswith('file://'):
workingPath = path[7:].strip(os.sep)
lines = util.readSplunkFile(workingPath)
return ({}, ''.join(lines))
else:
# prepend convenience root path
if not path.startswith(REST_ROOT_PATH): path = REST_ROOT_PATH + '/' + path.strip('/')
# setup args
host = splunk.getDefault('host')
if ':' in host:
host = '[%s]' % host
uri = '%s://%s:%s/%s' % \
(splunk.getDefault('protocol'), host, splunk.getDefault('port'), path.strip('/'))
if getargs:
getargs = dict([(k,v) for (k,v) in getargs.items() if v != None])
uri += '?' + util.urlencodeDict(getargs)
# proxy mode bypasses all header passing
headers = {}
sessionSource = 'direct'
if not proxyMode:
# get session key from known places: first the appserver session, then
# the default instance cache
if not sessionKey:
sessionKey, sessionSource = splunk.getSessionKey(return_source=True)
headers['Authorization'] = 'Splunk %s' % sessionKey
payload = ''
if postargs and method in ('GET', 'POST', 'PUT'):
if method == 'GET':
method = 'POST'
payload = util.urlencodeDict(postargs)
#
# make request
#
if logger.level <= logging.DEBUG:
if uri.lower().find('login') > -1:
logpayload = '[REDACTED]'
else:
logpayload = payload
#logger.debug('simpleRequest >>>\n\tmethod=%s\n\turi=%s\n\tbody=%s' % (method, uri, logpayload))
logger.debug('simpleRequest > %s %s [%s] sessionSource=%s' % (method, uri, logpayload, sessionSource))
t1 = time.time()
# Add wait and tries to check if the HTTP server is up and running
tries = 4
wait = 10
try:
for aTry in range(tries):
h = httplib2.Http(timeout=timeout, disable_ssl_certificate_validation=True)
if WEB_KEYFILE and WEB_CERTFILE:
h.add_certificate(WEB_KEYFILE, WEB_CERTFILE, '')
serverResponse, serverContent = h.request(uri, method, headers=headers, body=payload)
if serverResponse == None:
if aTry < tries:
time.sleep(wait)
else:
break
except socket.error, e:
raise splunk.SplunkdConnectionException, str(e)
def streamingRequest(path, sessionKey=None, getargs=None, postargs=None, method='GET', timeout=SPLUNKD_CONNECTION_TIMEOUT):
"""
A streaming counterpart to simpleRequest
Returns an instance of StreamingResponse which has a readall() method
that will return a generator to stream a response from splundk rather than buffering
it in memory
"""
# if absolute URI, pass along as-is
if path.startswith('http'):
uri = path
pasrsedUri = urlsplit(uri)
host = parsedUri.hostname
path = parsedUri.path
port = parsedUri.port
else:
# prepend convenience root path
if not path.startswith(REST_ROOT_PATH): path = REST_ROOT_PATH + '/' + path.strip('/')
# setup args
host = splunk.getDefault('host')
port = splunk.getDefault('port')
urihost = '[%s]' % host if ':' in host else host
uri = '%s://%s:%s/%s' % \
(splunk.getDefault('protocol'), urihost, port, path.strip('/'))
if getargs:
getargs = dict([(k,v) for (k,v) in getargs.items() if v != None])
querystring = '?' + util.urlencodeDict(getargs)
uri += querystring
path += querystring
isssl = uri.startswith('https:')
headers = {}
sessionSource = 'direct'
# get session key from known places: first the appserver session, then
# the default instance cache
if not sessionKey:
sessionKey, sessionSource = splunk.getSessionKey(return_source=True)
headers['Authorization'] = 'Splunk %s' % sessionKey
payload = ''
if postargs and method in ('GET', 'POST', 'PUT'):
if method == 'GET':
method = 'POST'
payload = util.urlencodeDict(postargs)
#
# make request
#
if logger.level <= logging.DEBUG:
if uri.lower().find('login') > -1:
logpayload = '[REDACTED]'
else:
logpayload = payload
logger.debug('streamingRequest > %s %s [%s] sessionSource=%s' % (method, uri, logpayload, sessionSource))
t1 = time.time()
logger.debug('streamingRequest opening connection to host=%s path=%s method=%s postargs=%s payload=%s' % (host, path, method, postargs, payload))
try:
conn = httplib.HTTPSConnection(host, port, WEB_KEYFILE, WEB_CERTFILE, False, timeout) if isssl else httplib.HTTPConnection(host, port, False, timeout)
conn.connect()
conn.putrequest(method, path)
for key, val in headers.items():
conn.putheader(key, val)
if payload:
conn.putheader('Content-Type', 'application/x-www-form-urlencoded')
conn.putheader('Content-Length', str(len(payload)))
conn.endheaders()
conn.send(payload)
else:
conn.endheaders()
response = conn.getresponse()
except socket.error, e:
raise splunk.SplunkdConnectionException, str(e)