Пример #1
0
    def insert(self, obj):
        """Insert a new API.

        Parameters
        ----------
        obj : dict
            The new API

        """
        try:
            self.logger.debug("bin.db: Inserting API.")
            kvstoreUri = self.kvstoreUri + '?output_mode=json'
            result = self.session.post(kvstoreUri,
                                       data=obj,
                                       headers={
                                           "Authorization":
                                           "Splunk %s" %
                                           splunk.getSessionKey(),
                                           "Content-Type":
                                           "application/json"
                                       },
                                       verify=False).json()
            if not '_key' in result:
                raise Exception('Format error when inserting object.')
            key = result['_key']
            return key
        except Exception as e:
            self.logger.error("Error inserting in DB module: %s" % (e))
            raise e
Пример #2
0
def open(hostname=None,
         source=None,
         sourcetype=None,
         index=None,
         type='http',
         sessionKey=None,
         host_regex=None,
         host_segment=None):
    """
    the interface to the 'stream' receivers endpoint
    """

    #construct the uri to POST to
    base_uri = splunk.mergeHostPath()
    postargs = {'source': source, 'sourcetype': sourcetype, 'index': index}
    if host_regex:
        postargs['host_regex'] = host_regex
    elif host_segment:
        postargs['host_segment'] = host_segment
    elif hostname:
        postargs['host'] = hostname
    endpoint = '/services/receivers/stream?%s' % urlencode(postargs)

    #get default session key. If none exists, the rest call will raise a splunk.AuthenticationFailed exception
    if not sessionKey:
        sessionKey = splunk.getSessionKey()

    (proto, host_colon_port) = base_uri.split("://", 1)
    return StreamHandler(host_colon_port, endpoint, sessionKey, type,
                         proto != 'http')
Пример #3
0
    def remove(self, _key):
        """Remove an API.

        Parameters
        ----------
        obj : dict
            The API to be removed.

        """
        try:
            self.logger.debug("bin.db: Removing API.")
            if not _key:
                raise Exception('Missing ID in remove DB module')
            kvstoreUri = self.kvstoreUri + '/' + str(
                _key) + '?output_mode=json'
            result = self.session.delete(kvstoreUri,
                                         headers={
                                             "Authorization":
                                             "Splunk %s" %
                                             splunk.getSessionKey(),
                                             "Content-Type":
                                             "application/json"
                                         },
                                         verify=False)
            if result.status_code == 200:
                parsed_result = jsonbak.dumps({'data': 'API removed.'})
            else:
                msg = jsonbak.loads(result.text)
                text = msg['messages'][0]['text']
                raise Exception(text)
            return parsed_result
        except Exception as e:
            self.logger.error("Error removing an API in DB module: %s" % (e))
            raise e
Пример #4
0
    def update_job(self, job, session_key=False):
        """Update an already inserted API.

        Parameters
        ----------
        obj : dict
            The API to edit.

        """
        try:
            self.logger.debug("bin.jobs_queue: Updating job.")
            if not '_key' in job:
                raise Exception('Missing Key')
            id = job['_key']
            del job['_key']
            job = jsonbak.dumps(job)
            kvstoreUri = self.kvstoreUri+'/'+id+'?output_mode=json'
            auth_key = session_key if session_key else splunk.getSessionKey()
            result = self.session.post(kvstoreUri, data=job, headers={
                                       "Authorization": "Splunk %s" % auth_key, "Content-Type": "application/json"}, verify=False).json()
            if '_key' in result.keys() and result['_key'] == id:
                return 'Job updated.'
            else:
                raise Exception('Job cannot be updated.')
        except Exception as e:
            self.logger.error("bin.jobs_queu: Error updating in JobsQueue module: %s" % (e))
            raise e
Пример #5
0
    def remove_job(self, _key, session_key=False):
        """Remove an API.

        Parameters
        ----------
        obj : dict
            The API to be removed.

        """
        try:
            self.logger.debug("bin.jobs_queue: Removing job.")
            if not _key:
                raise Exception('Missing ID in remove JobQueue module')
            kvstoreUri = self.kvstoreUri+'/'+str(_key)+'?output_mode=json'
            auth_key = session_key if session_key else splunk.getSessionKey()
            result = self.session.delete(kvstoreUri, headers={
                                         "Authorization": "Splunk %s" % auth_key, "Content-Type": "application/json"}, verify=False)
            if result.status_code == 200:
                return 'Job removed.'
            else:
                msg = jsonbak.loads(result.text)
                text = msg['messages'][0]['text']
                raise Exception(text)
        except Exception as e:
            self.logger.error("bin.jobs_queu: Error removing a Job in JobsQueue module: %s" % (e))
            raise e
Пример #6
0
    def update(self, obj):
        """Update an already inserted API.

        Parameters
        ----------
        obj : dict
            The API to edit.

        """
        try:
            self.logger.debug("bin.db: Updating API.")
            if not '_key' in obj:
                raise Exception('Missing Key')
            id = obj['_key']
            del obj['_key']
            obj = jsonbak.dumps(obj)
            kvstoreUri = self.kvstoreUri + '/' + id + '?output_mode=json'
            result = self.session.post(kvstoreUri,
                                       data=obj,
                                       headers={
                                           "Authorization":
                                           "Splunk %s" %
                                           splunk.getSessionKey(),
                                           "Content-Type":
                                           "application/json"
                                       },
                                       verify=False).json()
            parsed_result = jsonbak.dumps({'data': result})
            return parsed_result
        except Exception as e:
            self.logger.error("Error updating in DB module: %s" % (e))
            raise e
Пример #7
0
    def rulethresholds(self, **kwargs):
        try:
            if cherrypy.request.method == 'POST':
                localServerInfo = urlparse(splunk.getLocalServerInfo())
                host, port = localServerInfo.netloc.split(':')
                splunk_url = localServerInfo.scheme + host + ':' + port
                user_id = cherrypy.session['user']['id']
                username = cherrypy.session['user']['name']
                session_key = splunk.getSessionKey()

                rule = json.loads(cherrypy.request.body.read())

                rule_definitions = read_file_contents(LOOKUP_FILE_PATH)
                try:
                    check_rule_threshold_types(rule, rule_definitions)
                except Exception as exc:
                    raise Exception(
                        "Error checking rule (rule: '{rule}') (cause: '{cause}')"
                        .format(rule=repr(rule), cause=str(exc)))

                try:
                    write_threshold_macro_values(rule)
                except Exception as exc:
                    raise Exception(
                        "Error updating macros.conf file (cause: '{cause}')".
                        format(cause=str(exc)))

                try:
                    written_rule = write_threshold_lookup_values(
                        rule, rule_definitions)
                except Exception as exc:
                    raise Exception(
                        "Error updating rule_thresholds.csv file (cause: '{cause}')"
                        .format(cause=str(exc)))

                if len(written_rule['thresholds']) > 0:
                    try:
                        write_user_actions_values(written_rule, user_id,
                                                  username)
                    except Exception as exc:
                        raise Exception(
                            "Error writing user action parameters to file (cause: '{cause}')"
                            .format(cause=str(exc)))

                    try:
                        run_saved_searches(written_rule, splunk_url, username,
                                           session_key)
                    except Exception as exc:
                        raise Exception(
                            "Error running saved searches (cause: '{cause}')".
                            format(cause=str(exc)))

                cherrypy.response.status = 200
                return json.dumps({'status': 'OK'})
        except Exception as exc:
            cherrypy.response.status = 500
            logger.exception("Error (traceback.format_exc() = '%s')",
                             traceback.format_exc())
            return json.dumps({'status': 'error', 'message': str(exc)})
Пример #8
0
def get_service():
    localServerInfo = urlparse(splunk.getLocalServerInfo())
    host, port = localServerInfo.netloc.split(':')
    return splunklib.client.Service(host=host,
                                    port=port,
                                    scheme=localServerInfo.scheme,
                                    owner='-',
                                    app=SPLUNK_APP,
                                    token=splunk.getSessionKey())
Пример #9
0
 def __init__(self):
     self.logger = log()
     self.session = requestsbak.Session()
     self.session.trust_env = False
     self.kvstoreUri = entity.buildEndpoint(
         entityClass=["storage", "collections", "data"],
         entityName="credentials",
         owner="nobody",
         namespace="SplunkAppForWazuh",
         hostPath=rest.makeSplunkdUri().strip("/"))
     self.sessionKey = splunk.getSessionKey()
Пример #10
0
 def __get_session_key__(session_key=None, thrown_exception=True):
     
     # Try to get the session key if not provided
     if session_key is None:
         import splunk
         session_key, sessionSource = splunk.getSessionKey(return_source=True)
     
     # Do not continue if we could not get a session key and the caller wants us to thrown an exception
     if session_key is None and thrown_exception:
         raise splunk.AuthenticationFailed("Could not obtain a session key")
     
     # Return the session key
     return session_key
Пример #11
0
 def __init__(self):
     """Constructor."""
     try:
         self.logger = log()
         self.session = requestsbak.Session()
         self.session.trust_env = False
         self.kvstoreUri = entity.buildEndpoint(
             entityClass=["storage", "collections", "data"],
             entityName="jobs",
             owner="nobody",
             namespace="SplunkAppForWazuh",
             hostPath=rest.makeSplunkdUri().strip("/")
         )
         self.sessionKey = splunk.getSessionKey()
     except Exception as e:
         self.logger.error("bin.jobs_queu: Error in queue module constructor: %s" % (e))
Пример #12
0
 def all(self, session_key=False):
     try:
         self.logger.debug("bin.db: Getting all APIs .")
         kvstoreUri = self.kvstoreUri + '?output_mode=json'
         auth_key = session_key if session_key else splunk.getSessionKey()
         result = self.session.get(kvstoreUri,
                                   headers={
                                       "Authorization":
                                       "Splunk %s" % auth_key,
                                       "Content-Type": "application/json"
                                   },
                                   verify=False).json()
         return jsonbak.dumps(result)
     except Exception as e:
         self.logger.error(
             'Error returning all API rows in DB module: %s ' % (e))
         return jsonbak.dumps({"error": str(e)})
	def rulethresholds(self, **kwargs):
		try:
			if cherrypy.request.method == 'POST':
				localServerInfo = urlparse(splunk.getLocalServerInfo())
				host, port = localServerInfo.netloc.split(':')
				splunk_url = localServerInfo.scheme + host + ':' + port
				user_id = cherrypy.session['user']['id']
				username = cherrypy.session['user']['name']
				session_key = splunk.getSessionKey()

				rule = json.loads(cherrypy.request.body.read())

				rule_definitions = read_file_contents(LOOKUP_FILE_PATH)
				try:
					check_rule_threshold_types(rule, rule_definitions)
				except Exception as exc:
					raise Exception("Error checking rule (rule: '{rule}') (cause: '{cause}')".format(rule = repr(rule), cause = str(exc)))

				try:
					write_threshold_macro_values(rule)
				except Exception as exc:
					raise Exception("Error updating macros.conf file (cause: '{cause}')".format(cause = str(exc)))

				try:
					written_rule = write_threshold_lookup_values(rule, rule_definitions)
				except Exception as exc:
					raise Exception("Error updating rule_thresholds.csv file (cause: '{cause}')".format(cause = str(exc)))

				if len(written_rule['thresholds']) > 0:
					try:
						write_user_actions_values(written_rule, user_id, username)
					except Exception as exc:
						raise Exception("Error writing user action parameters to file (cause: '{cause}')".format(cause = str(exc)))

					try:
						run_saved_searches(written_rule, splunk_url, username, session_key)
					except Exception as exc:
						raise Exception("Error running saved searches (cause: '{cause}')".format(cause = str(exc)))

				cherrypy.response.status = 200
				return json.dumps({'status': 'OK'})
		except Exception as exc:
			cherrypy.response.status = 500
			logger.exception("Error (traceback.format_exc() = '%s')", traceback.format_exc())
			return json.dumps({'status': 'error', 'message': str(exc)})
Пример #14
0
 def get(self, id, session_key=False):
     try:
         self.logger.debug("bin.db: Getting an API.")
         if not id:
             raise Exception('Missing ID')
         kvstoreUri = self.kvstoreUri + '/' + id + '?output_mode=json'
         auth_key = session_key if session_key else splunk.getSessionKey()
         result = self.session.get(kvstoreUri,
                                   headers={
                                       "Authorization":
                                       "Splunk %s" % auth_key,
                                       "Content-Type": "application/json"
                                   },
                                   verify=False).json()
         parsed_result = jsonbak.dumps({'data': result})
     except Exception as e:
         self.logger.error("Error getting an API in DB module : %s" % (e))
         raise e
     return parsed_result
Пример #15
0
def open(hostname=None, source=None, sourcetype=None, index=None, type='http', sessionKey=None, host_regex=None, host_segment=None):
    """
    the interface to the 'stream' receivers endpoint
    """

    #construct the uri to POST to
    base_uri = splunk.mergeHostPath()
    postargs = {'source': source, 'sourcetype' : sourcetype, 'index':index}
    if host_regex:
        postargs['host_regex'] = host_regex
    elif host_segment:
        postargs['host_segment'] = host_segment
    elif hostname:
        postargs['host'] = hostname
    endpoint = '/services/receivers/stream?%s' % urlencode(postargs)

    #get default session key. If none exists, the rest call will raise a splunk.AuthenticationFailed exception
    if not sessionKey:
        sessionKey = splunk.getSessionKey()

    ( proto, host_colon_port ) = base_uri.split("://", 1);
    return StreamHandler(host_colon_port, endpoint, sessionKey, type, proto != 'http')
Пример #16
0
    def insert_job(self, job, session_key=False):
        """Insert a job.

        Parameters
        ----------
        dic : job
            The job information
        str : session_key
            The authorized session key

        """
        try:
            self.logger.debug("bin.jobs_queu: Inserting job.")
            kvstoreUri = self.kvstoreUri+'?output_mode=json'
            auth_key = session_key if session_key else splunk.getSessionKey()
            job = jsonbak.dumps(job)
            result = self.session.post(kvstoreUri, data=job, headers={
                                       "Authorization": "Splunk %s" % auth_key, "Content-Type": "application/json"}, verify=False).json()
            return jsonbak.dumps(result)
        except Exception as e:
            self.logger.error('bin.jobs_queu: Error inserting a job in JobsQueue module: %s ' % (e))
            return jsonbak.dumps({"error": str(e)})
Пример #17
0
    def get_jobs(self, session_key=False):
        """Get all jobs.

        Parameters
        ----------
        str : session_key
            The authorized session key

        """
        try:
            self.logger.debug("bin.jobs_queue: Getting all jobs.")
            kvstoreUri = self.kvstoreUri+'?output_mode=json'
            auth_key = session_key if session_key else splunk.getSessionKey()
            result = self.session.get(kvstoreUri, headers={
                                      "Authorization": "Splunk %s" % auth_key, "Content-Type": "application/json"}, verify=False).json()
            if 'messages' in result:
                r = result['messages'][0]
                if r['type'] == 'ERROR' and r['text'] == 'KV Store is initializing. Please try again later.':
                    result = []
            return jsonbak.dumps(result)
        except Exception as e:
            self.logger.error('bin.jobs_queu: Error getting the jobs queue in JobsQueue module: %s ' % (e))
            raise e
def get_service():
	localServerInfo = urlparse(splunk.getLocalServerInfo())
	host, port = localServerInfo.netloc.split(':')
	return splunklib.client.Service(host = host, port = port, scheme = localServerInfo.scheme, owner = '-', app = SPLUNK_APP, token = splunk.getSessionKey())
Пример #19
0
def simpleRequest(path, sessionKey=None, getargs=None, postargs=None, method='GET', raiseAllErrors=False,
                  proxyMode=False, rawResult=False, 
                  timeout=None, jsonargs=None):
    """
    Makes an HTTP call to the main splunk REST endpoint
    
    path: the URI to fetch
        If given a relative URI, then the method will normalize to the splunkd
        default of "/services/...".
        If given an absolute HTTP(S) URI, then the method will use as-is.
        If given a 'file://' URI, then the method will attempt to read the file
        from the local filesystem.  Only files under $SPLUNK_HOME are supported,
        so paths are 'chrooted' from $SPLUNK_HOME.
        
    getargs: dict of k/v pairs that are always appended to the URL
    
    postargs: dict of k/v pairs that get placed into the body of the 
        request. If postargs is provided, then the HTTP method is auto
        assigned to POST.
        
    method: the HTTP verb - [GET | POST | DELETE | PUT]
    
    raiseAllErrors: indicates if the method should raise an exception
        if the server HTTP response code is >= 400

    rawResult: don't raise an exception if a non 200 response is received;
        return the actual response

    timeout: if not set, will default to SPLUNKD_CONNECTION_TIMEOUT

    forceContentType: optionally supply the value for the Content-Type header
        to be set when sending the request to splunkd

    Return:
    
        This method will return a tuple of (serverResponse, serverContent)
        
        serverResponse: a dict of HTTP status information
        serverContent: the body content
    """
  
    if timeout is None:
        timeout = SPLUNKD_CONNECTION_TIMEOUT

    # if absolute URI, pass along as-is
    if path.startswith('http'):
        uri = path
        
    # if file:// protocol, try to read file and return
    # the serverStatus is just an empty dict; file contents are in serverResponse
    # TODO: this probably doesn't work in windows
    elif path.startswith('file://'):
        workingPath = path[7:].strip(os.sep)
        lines = util.readSplunkFile(workingPath)
        return ({}, ''.join(lines))
            
    else:
        # prepend convenience root path
        if not path.startswith(REST_ROOT_PATH): path = REST_ROOT_PATH + '/' + path.strip('/')
        
        # setup args
        host = splunk.getDefault('host')
        if ':' in host:
            host = '[%s]' % host
            
        uri = '%s://%s:%s/%s' % \
            (splunk.getDefault('protocol'), host, splunk.getDefault('port'), path.strip('/'))

    if getargs:
        getargs = dict([(k,v) for (k,v) in getargs.items() if v != None])
        uri += '?' + util.urlencodeDict(getargs)
    
    payload = ''
    if postargs or jsonargs and method in ('GET', 'POST', 'PUT'):
        if method == 'GET':
            method = 'POST'
        if jsonargs:
            # if a JSON body was given, use it for the payload and ignore the postargs
            payload = jsonargs
        else:
            payload = util.urlencodeDict(postargs)

    # proxy mode bypasses all header passing
    headers = {}
    sessionSource = 'direct'
    if not proxyMode:
        headers['Content-Type'] = 'application/x-www-form-urlencoded'
        headers['Content-Length'] = str(len(payload))
        
        # get session key from known places: first the appserver session, then
        # the default instance cache
        if not sessionKey:
            sessionKey, sessionSource = splunk.getSessionKey(return_source=True)
        headers['Authorization'] = 'Splunk %s' % sessionKey

    #
    # make request
    #
    if logger.level <= logging.DEBUG:
        if uri.lower().find('login') > -1:
            logpayload = '[REDACTED]'
        else:
            logpayload = payload
        #logger.debug('simpleRequest >>>\n\tmethod=%s\n\turi=%s\n\tbody=%s' % (method, uri, logpayload))
        logger.debug('simpleRequest > %s %s [%s] sessionSource=%s timeout=%s' % (method, uri, logpayload, sessionSource, timeout))
        t1 = time.time()

    # Add wait and tries to check if the HTTP server is up and running
    tries = 4
    wait = 10
    try:
        import httplib2
        for aTry in range(tries):
            h = httplib2.Http(timeout=timeout, disable_ssl_certificate_validation=True)
            if getWebKeyFile() and getWebCertFile():
                h.add_certificate(getWebKeyFile(), getWebCertFile(), '')
            serverResponse, serverContent = h.request(uri, method, headers=headers, body=payload)
            if serverResponse == None:
                if aTry < tries:
                    time.sleep(wait)
            else:
                break
    except socket.error, e:
        logger.error('Socket error communicating with splunkd (error=%s), path = %s' % (str(e), path))
        raise splunk.SplunkdConnectionException, 'Error connecting to %s: %s' % (path, str(e))
Пример #20
0
def streamingRequest(path, sessionKey=None, getargs=None, postargs=None, method='GET', timeout=None):
    """
    A streaming counterpart to simpleRequest
    Returns an instance of StreamingResponse which has a readall() method
    that will return a generator to stream a response from splundk rather than buffering
    it in memory
    """
    if timeout is None:
        timeout = SPLUNKD_CONNECTION_TIMEOUT

    # if absolute URI, pass along as-is
    if path.startswith('http'):
        uri = path
        parsedUri = urlsplit(uri)
        host = parsedUri.hostname
        path = parsedUri.path
        port = parsedUri.port

    else:
        # prepend convenience root path
        if not path.startswith(REST_ROOT_PATH): path = REST_ROOT_PATH + '/' + path.strip('/')
        
        # setup args
        host = splunk.getDefault('host')
        port = splunk.getDefault('port')
        urihost = '[%s]' % host if ':' in host else host
            
        uri = '%s://%s:%s/%s' % \
            (splunk.getDefault('protocol'), urihost, port, path.strip('/'))

    if getargs:
        getargs = dict([(k,v) for (k,v) in getargs.items() if v != None])
        querystring = '?' + util.urlencodeDict(getargs)
        uri += querystring
        path += querystring

    isssl = uri.startswith('https:')
    
    headers = {}
    sessionSource = 'direct'
    # get session key from known places: first the appserver session, then
    # the default instance cache
    if not sessionKey:
        sessionKey, sessionSource = splunk.getSessionKey(return_source=True)
    headers['Authorization'] = 'Splunk %s' % sessionKey

    payload = ''
    if postargs and method in ('GET', 'POST', 'PUT'):
        if method == 'GET':
            method = 'POST'
        payload = util.urlencodeDict(postargs)

    #
    # make request
    #
    if logger.level <= logging.DEBUG:
        if uri.lower().find('login') > -1:
            logpayload = '[REDACTED]'
        else:
            logpayload = payload
        logger.debug('streamingRequest > %s %s [%s] sessionSource=%s' % (method, uri, logpayload, sessionSource))
        t1 = time.time()

    logger.debug('streamingRequest opening connection to host=%s path=%s method=%s postargs=%s payload=%s' % (host, path, method, postargs, payload))

    try:
        conn = httplib.HTTPSConnection(host, port, getWebKeyFile(), getWebCertFile(), False, timeout) if isssl else httplib.HTTPConnection(host, port, False, timeout)
        conn.connect()
        conn.putrequest(method, path)
        for key, val in headers.items():
            conn.putheader(key, val)
        if payload:
            conn.putheader('Content-Type', 'application/x-www-form-urlencoded')
            conn.putheader('Content-Length', str(len(payload)))
            conn.endheaders()
            conn.send(payload)
        else:
            conn.endheaders()
        
        response = conn.getresponse()
    except socket.error, e:
        logger.error('Socket error communicating with splunkd (error=%s), path = %s' % (str(e), path))
        raise splunk.SplunkdConnectionException, 'Error connecting to %s: %s' % (path, str(e))
Пример #21
0
def simpleRequest(path, sessionKey=None, getargs=None, postargs=None, method='GET', raiseAllErrors=False, proxyMode=False, rawResult=False, timeout=SPLUNKD_CONNECTION_TIMEOUT):
    """
    Makes an HTTP call to the main splunk REST endpoint
    
    path: the URI to fetch
        If given a relative URI, then the method will normalize to the splunkd
        default of "/services/...".
        If given an absolute HTTP(S) URI, then the method will use as-is.
        If given a 'file://' URI, then the method will attempt to read the file
        from the local filesystem.  Only files under $SPLUNK_HOME are supported,
        so paths are 'chrooted' from $SPLUNK_HOME.
        
    getargs: dict of k/v pairs that are always appended to the URL
    
    postargs: dict of k/v pairs that get placed into the body of the 
        request. If postargs is provided, then the HTTP method is auto
        assigned to POST.
        
    method: the HTTP verb - [GET | POST | DELETE | PUT]
    
    raiseAllErrors: indicates if the method should raise an exception
        if the server HTTP response code is >= 400

    rawResult: don't raise an exception if a non 200 response is received;
        return the actual response
    
    Return:
    
        This method will return a tuple of (serverResponse, serverContent)
        
        serverResponse: a dict of HTTP status information
        serverContent: the body content
    """
    
    # if absolute URI, pass along as-is
    if path.startswith('http'):
        uri = path
        
    # if file:// protocol, try to read file and return
    # the serverStatus is just an empty dict; file contents are in serverResponse
    # TODO: this probably doesn't work in windows
    elif path.startswith('file://'):
        workingPath = path[7:].strip(os.sep)
        lines = util.readSplunkFile(workingPath)
        return ({}, ''.join(lines))
            
    else:
        # prepend convenience root path
        if not path.startswith(REST_ROOT_PATH): path = REST_ROOT_PATH + '/' + path.strip('/')
        
        # setup args
        host = splunk.getDefault('host')
        if ':' in host:
            host = '[%s]' % host
            
        uri = '%s://%s:%s/%s' % \
            (splunk.getDefault('protocol'), host, splunk.getDefault('port'), path.strip('/'))

    if getargs:
        getargs = dict([(k,v) for (k,v) in getargs.items() if v != None])
        uri += '?' + util.urlencodeDict(getargs)

    
    # proxy mode bypasses all header passing
    headers = {}
    sessionSource = 'direct'
    if not proxyMode:
        
        # get session key from known places: first the appserver session, then
        # the default instance cache
        if not sessionKey:
            sessionKey, sessionSource = splunk.getSessionKey(return_source=True)
        headers['Authorization'] = 'Splunk %s' % sessionKey

    payload = ''
    if postargs and method in ('GET', 'POST', 'PUT'):
        if method == 'GET':
            method = 'POST'
        payload = util.urlencodeDict(postargs)
        
    #
    # make request
    #
    if logger.level <= logging.DEBUG:
        if uri.lower().find('login') > -1:
            logpayload = '[REDACTED]'
        else:
            logpayload = payload
        #logger.debug('simpleRequest >>>\n\tmethod=%s\n\turi=%s\n\tbody=%s' % (method, uri, logpayload))
        logger.debug('simpleRequest > %s %s [%s] sessionSource=%s' % (method, uri, logpayload, sessionSource))
        t1 = time.time()

    # Add wait and tries to check if the HTTP server is up and running
    tries = 4
    wait = 10
    try:
        for aTry in range(tries):
            h = httplib2.Http(timeout=timeout, disable_ssl_certificate_validation=True)
            if WEB_KEYFILE and WEB_CERTFILE:
                h.add_certificate(WEB_KEYFILE, WEB_CERTFILE, '')
            serverResponse, serverContent = h.request(uri, method, headers=headers, body=payload)
            if serverResponse == None:
                if aTry < tries:
                    time.sleep(wait)
            else:
                break
    except socket.error, e:
        raise splunk.SplunkdConnectionException, str(e)
Пример #22
0
def streamingRequest(path, sessionKey=None, getargs=None, postargs=None, method='GET', timeout=SPLUNKD_CONNECTION_TIMEOUT):
    """
    A streaming counterpart to simpleRequest
    Returns an instance of StreamingResponse which has a readall() method
    that will return a generator to stream a response from splundk rather than buffering
    it in memory
    """
    # if absolute URI, pass along as-is
    if path.startswith('http'):
        uri = path
        pasrsedUri = urlsplit(uri)
        host = parsedUri.hostname
        path = parsedUri.path
        port = parsedUri.port

    else:
        # prepend convenience root path
        if not path.startswith(REST_ROOT_PATH): path = REST_ROOT_PATH + '/' + path.strip('/')
        
        # setup args
        host = splunk.getDefault('host')
        port = splunk.getDefault('port')
        urihost = '[%s]' % host if ':' in host else host
            
        uri = '%s://%s:%s/%s' % \
            (splunk.getDefault('protocol'), urihost, port, path.strip('/'))

    if getargs:
        getargs = dict([(k,v) for (k,v) in getargs.items() if v != None])
        querystring = '?' + util.urlencodeDict(getargs)
        uri += querystring
        path += querystring

    isssl = uri.startswith('https:')
    
    headers = {}
    sessionSource = 'direct'
    # get session key from known places: first the appserver session, then
    # the default instance cache
    if not sessionKey:
        sessionKey, sessionSource = splunk.getSessionKey(return_source=True)
    headers['Authorization'] = 'Splunk %s' % sessionKey

    payload = ''
    if postargs and method in ('GET', 'POST', 'PUT'):
        if method == 'GET':
            method = 'POST'
        payload = util.urlencodeDict(postargs)

    #
    # make request
    #
    if logger.level <= logging.DEBUG:
        if uri.lower().find('login') > -1:
            logpayload = '[REDACTED]'
        else:
            logpayload = payload
        logger.debug('streamingRequest > %s %s [%s] sessionSource=%s' % (method, uri, logpayload, sessionSource))
        t1 = time.time()

    logger.debug('streamingRequest opening connection to host=%s path=%s method=%s postargs=%s payload=%s' % (host, path, method, postargs, payload))

    try:
        conn = httplib.HTTPSConnection(host, port, WEB_KEYFILE, WEB_CERTFILE, False, timeout) if isssl else httplib.HTTPConnection(host, port, False, timeout)
        conn.connect()
        conn.putrequest(method, path)
        for key, val in headers.items():
            conn.putheader(key, val)
        if payload:
            conn.putheader('Content-Type', 'application/x-www-form-urlencoded')
            conn.putheader('Content-Length', str(len(payload)))
            conn.endheaders()
            conn.send(payload)
        else:
            conn.endheaders()
        
        response = conn.getresponse()
    except socket.error, e:
        raise splunk.SplunkdConnectionException, str(e)