def get_data_input(splunkd_uri,
session_key,
owner,
app_name,
input_type,
name=None):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. "-", "nobody"
:param app_name: the app"s name, e.g. "Splunk_TA_aws"
:param input_type: name of the input type.
if it is a script input, the input is "script",
for modinput, say snow, the input is "snow"
:param name: The name of the input stanza to create.
i.e. stanza [<input_type>://<name>] will be deleted.
:return: a list of stanzas in the input type, including metadata
"""
uri = _input_endpoint_ns(splunkd_uri, owner, app_name, input_type)
if name:
uri += "/" + util.format_stanza_name(name)
# get all the stanzas at one time
uri += "?count=0&offset=0"
msg = "Failed to get data input in app={}: {}://{}".format(
app_name,
input_type,
name if name else name,
)
content = content_request(uri, session_key, "GET", None, msg)
return xdp.parse_conf_xml_dom(content)
def get_conf(splunkd_uri, session_key, owner, app_name, conf_name, stanza=None):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. "-", "nobody"
:param app_name: the app"s name, e.g. "Splunk_TA_aws"
:param conf_name: the name of the conf file, e.g. "props"
:param stanza: stanza name, e.g. "aws:cloudtrail"
:return: a list of stanzas in the conf file, including metadata
"""
uri = _conf_endpoint_ns(splunkd_uri, owner, app_name, conf_name)
if stanza:
uri += "/" + util.format_stanza_name(stanza)
# get all the stanzas at one time
uri += "?count=0&offset=0"
msg = "Failed to get stanza={} in conf={}".format(
stanza if stanza else stanza,
conf_name,
)
content = content_request(uri, session_key, "GET", None, msg)
return xdp.parse_conf_xml_dom(content)
def update_data_input(splunkd_uri, session_key, owner, app_name, input_type,
name, key_values):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. "-", "nobody"
:param app_name: the app"s name, e.g. "Splunk_TA_aws"
:param input_type: name of the input type.
if it is a script input, the input is "script",
for modinput, say snow, the input is "snow"
:param name: The name of the input stanza to create.
i.e. stanza [<input_type>://<name>] will be updated.
:param key_values: a K-V dict of details in the data input stanza.
:return: raise exception when failure
"""
if "name" in key_values:
del key_values["name"]
uri = _input_endpoint_ns(splunkd_uri, owner, app_name, input_type)
uri += "/" + util.format_stanza_name(name)
msg = "Failed to update data input in app={}: {}://{}".format(
app_name,
input_type,
name,
)
content_request(uri, session_key, "POST", key_values, msg)
def operate_data_input(splunkd_uri, session_key, owner, app_name, input_type,
name, operation):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. "-", "nobody"
:param app_name: the app"s name, e.g. "Splunk_TA_aws"
:param input_type: name of the input type.
if it is a script input, the input is "script",
for modinput, say snow, the input is "snow"
:param name: The name of the input stanza to create.
i.e. stanza [<input_type>://<name>] will be operated.
:param operation: must be "disable" or "enable"
"""
assert operation in ("disable", "enable")
uri = _input_endpoint_ns(splunkd_uri, owner, app_name, input_type)
uri += "/{}/{}".format(util.format_stanza_name(name), operation)
msg = "Failed to {} data input in app={}: {}://{}".format(
operation,
app_name,
input_type,
name,
)
content_request(uri, session_key, "POST", None, msg)
def update_properties(splunkd_uri, session_key, owner, app_name, conf_name,
stanza, key_values):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. "-", "nobody"
:param app_name: the app"s name, e.g. "Splunk_TA_aws"
:param conf_name: the name of the conf file, e.g. "props"
:param stanza: stanza name, e.g. "aws:cloudtrail"
:param key_values: the key-value dict of the stanza
:return: raise exception when failed
"""
uri = _property_endpoint_ns(splunkd_uri, owner, app_name, conf_name)
uri += "/" + util.format_stanza_name(stanza)
msg = "Properties: failed to update conf=%s, stanza=%s" % \
(conf_name, stanza)
has_name = False
if "name" in key_values:
has_name = True
name = key_values["name"]
del key_values["name"]
content_request(uri, session_key, "POST", key_values, msg)
if has_name:
key_values["name"] = name
def _build_name(realm, name):
return util.format_stanza_name("".join((
CredentialManager._escape_string(realm),
":",
CredentialManager._escape_string(name),
":",
)))
def update_properties(splunkd_uri, session_key, owner, app_name, conf_name,
stanza, key_values):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. "-", "nobody"
:param app_name: the app"s name, e.g. "Splunk_TA_aws"
:param conf_name: the name of the conf file, e.g. "props"
:param stanza: stanza name, e.g. "aws:cloudtrail"
:param key_values: the key-value dict of the stanza
:return: raise exception when failed
"""
uri = _property_endpoint_ns(splunkd_uri, owner, app_name, conf_name)
uri += "/" + util.format_stanza_name(stanza)
msg = "Properties: failed to update conf=%s, stanza=%s" % (conf_name,
stanza)
has_name = False
if "name" in key_values:
has_name = True
name = key_values["name"]
del key_values["name"]
content_request(uri, session_key, "POST", key_values, msg)
if has_name:
key_values["name"] = name
def operate_data_input(splunkd_uri, session_key, owner, app_name, input_type,
name, operation):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. '-', 'nobody'
:param app_name: the app's name, e.g. 'Splunk_TA_aws'
:param input_type: name of the input type.
if it is a script input, the input is 'script',
for modinput, say snow, the input is 'snow'
:param name: The name of the input stanza to create.
i.e. stanza [<input_type>://<name>] will be operated.
:param operation: must be "disable" or "enable"
:return: True on success
"""
if operation not in ("disable", "enable"):
raise Exception('operation must be "disable" or "enable"')
uri = _input_endpoint_ns(splunkd_uri, owner, app_name, input_type)
uri += "/%s/%s" % (util.format_stanza_name(name), operation)
msg = "Failed to %s data input in app=%s: %s://%s" % (operation, app_name,
input_type, name)
content = _content_request(uri, session_key, "POST", None, msg)
if content is None:
return False
return True
def get_data_input(splunkd_uri,
session_key,
owner,
app_name,
input_type,
name=None):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. '-', 'nobody'
:param app_name: the app's name, e.g. 'Splunk_TA_aws'
:param input_type: name of the input type.
if it is a script input, the input is 'script',
for modinput, say snow, the input is 'snow'
:param name: The name of the input stanza to create.
i.e. stanza [<input_type>://<name>] will be deleted.
:return: the key-value dict of the data input, or a list of stanzas in
the input type, including metadata
"""
uri = _input_endpoint_ns(splunkd_uri, owner, app_name, input_type)
if name:
uri += "/" + util.format_stanza_name(name)
msg = "Failed to get data input in app=%s: %s://%s" % (app_name,
input_type, name)
content = _content_request(uri, session_key, "GET", None, msg)
if content is not None:
result = xdp.parse_conf_xml_dom(content)
if name:
result = result[0]
return result
return None
def update_data_input(splunkd_uri, session_key, owner, app_name, input_type,
name, key_values):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. '-', 'nobody'
:param app_name: the app's name, e.g. 'Splunk_TA_aws'
:param input_type: name of the input type.
if it is a script input, the input is 'script',
for modinput, say snow, the input is 'snow'
:param name: The name of the input stanza to create.
i.e. stanza [<input_type>://<name>] will be updated.
:param key_values: a K-V dict of details in the data input stanza.
:return: True on success
"""
if 'name' in key_values:
del key_values['name']
uri = _input_endpoint_ns(splunkd_uri, owner, app_name, input_type)
uri += "/" + util.format_stanza_name(name)
msg = "Failed to update data input in app=%s: %s://%s" % (app_name,
input_type, name)
content = _content_request(uri, session_key, "POST", key_values, msg)
if content is None:
return False
return True
def delete_stanza(splunkd_uri, session_key, owner, app_name, conf_name,
stanza, throw=False):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. "-", "nobody"
:param app_name: the app"s name, e.g. "Splunk_TA_aws"
:param conf_name: the name of the conf file, e.g. "props"
:param stanza: stanza name, e.g. "aws:cloudtrail"
:return: None on success otherwise raise exception
"""
uri = _conf_endpoint_ns(splunkd_uri, owner, app_name, conf_name)
uri += "/" + util.format_stanza_name(stanza)
msg = "Failed to delete stanza=%s in conf=%s" % (stanza, conf_name)
content_request(uri, session_key, "DELETE", None, msg)
def delete_stanza(
splunkd_uri, session_key, owner, app_name, conf_name, stanza, throw=False
):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. "-", "nobody"
:param app_name: the app"s name, e.g. "Splunk_TA_aws"
:param conf_name: the name of the conf file, e.g. "props"
:param stanza: stanza name, e.g. "aws:cloudtrail"
:return: None on success otherwise raise exception
"""
uri = _conf_endpoint_ns(splunkd_uri, owner, app_name, conf_name)
uri += "/" + util.format_stanza_name(stanza)
msg = "Failed to delete stanza={} in conf={}".format(stanza, conf_name)
content_request(uri, session_key, "DELETE", None, msg)
def update_stanza(splunkd_uri, session_key, owner, app_name, conf_name, stanza,
key_values):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. "-", "nobody"
:param app_name: the app"s name, e.g. "Splunk_TA_aws"
:param conf_name: the name of the conf file, e.g. "props"
:param stanza: stanza name, e.g. "aws:cloudtrail"
:param key_values: the key-value dict of the stanza
:return: None on success otherwise raise exception
"""
uri = _conf_endpoint_ns(splunkd_uri, owner, app_name, conf_name)
uri += "/" + util.format_stanza_name(stanza)
msg = "Failed to update stanza=%s in conf=%s" % (stanza, conf_name)
return content_request(uri, session_key, "POST", key_values, msg)
def operate_conf(splunkd_uri, session_key, owner, app_name, conf_name, stanza,
operation):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. "-", "nobody"
:param app_name: the app"s name, e.g. "Splunk_TA_aws"
:param conf_name: the name of the conf file, e.g. "props"
:param stanza: stanza name, e.g. "aws:cloudtrail"
:param operation: must be "disable" or "enable"
"""
assert operation in ("disable", "enable")
uri = _conf_endpoint_ns(splunkd_uri, owner, app_name, conf_name)
uri += "/%s/%s" % (util.format_stanza_name(stanza), operation)
msg = "Failed to disable/enable stanza=%s in conf=%s" % (stanza, conf_name)
content_request(uri, session_key, "POST", None, msg)
def operate_conf(splunkd_uri, session_key, owner, app_name, conf_name,
stanza, operation):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. "-", "nobody"
:param app_name: the app"s name, e.g. "Splunk_TA_aws"
:param conf_name: the name of the conf file, e.g. "props"
:param stanza: stanza name, e.g. "aws:cloudtrail"
:param operation: must be "disable" or "enable"
"""
assert operation in ("disable", "enable")
uri = _conf_endpoint_ns(splunkd_uri, owner, app_name, conf_name)
uri += "/%s/%s" % (util.format_stanza_name(stanza), operation)
msg = "Failed to disable/enable stanza=%s in conf=%s" % (stanza, conf_name)
content_request(uri, session_key, "POST", None, msg)
def get_property(splunkd_uri, session_key, owner, app_name, conf_name, stanza,
key):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. "-", "nobody"
:param app_name: the app"s name, e.g. "Splunk_TA_aws"
:param conf_name: the name of the conf file, e.g. "props"
:param stanza: stanza name, e.g. "aws:cloudtrail"
:param key: the property name
:return: the property value
"""
uri = _property_endpoint_ns(splunkd_uri, owner, app_name, conf_name)
uri += "/%s/%s" % (util.format_stanza_name(stanza), key)
msg = "Properties: failed to get conf=%s, stanza=%s, key=%s" % \
(conf_name, stanza, key)
return content_request(uri, session_key, "GET", None, msg)
def delete_data_input(splunkd_uri, session_key, owner, app_name, input_type, name):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. "-", "nobody"
:param app_name: the app"s name, e.g. "Splunk_TA_aws"
:param input_type: name of the input type.
if it is a script input, the input is "script",
for modinput, say snow, the input is "snow"
:param name: The name of the input stanza to create.
i.e. stanza [<input_type>://<name>] will be deleted.
:return raise exception when failed
"""
uri = _input_endpoint_ns(splunkd_uri, owner, app_name, input_type)
uri += "/" + util.format_stanza_name(name)
msg = "Failed to delete data input in app=%s: %s://%s" % (app_name, input_type, name)
content_request(uri, session_key, "DELETE", None, msg)
def get_property(splunkd_uri, session_key, owner, app_name, conf_name,
stanza, key):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. "-", "nobody"
:param app_name: the app"s name, e.g. "Splunk_TA_aws"
:param conf_name: the name of the conf file, e.g. "props"
:param stanza: stanza name, e.g. "aws:cloudtrail"
:param key: the property name
:return: the property value
"""
uri = _property_endpoint_ns(splunkd_uri, owner, app_name, conf_name)
uri += "/%s/%s" % (util.format_stanza_name(stanza), key)
msg = "Properties: failed to get conf=%s, stanza=%s, key=%s" % \
(conf_name, stanza, key)
return content_request(uri, session_key, "GET", None, msg)
def operate_data_input(splunkd_uri, session_key, owner, app_name, input_type, name, operation):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. "-", "nobody"
:param app_name: the app"s name, e.g. "Splunk_TA_aws"
:param input_type: name of the input type.
if it is a script input, the input is "script",
for modinput, say snow, the input is "snow"
:param name: The name of the input stanza to create.
i.e. stanza [<input_type>://<name>] will be operated.
:param operation: must be "disable" or "enable"
"""
assert operation in ("disable", "enable")
uri = _input_endpoint_ns(splunkd_uri, owner, app_name, input_type)
uri += "/%s/%s" % (util.format_stanza_name(name), operation)
msg = "Failed to %s data input in app=%s: %s://%s" % (operation, app_name, input_type, name)
content_request(uri, session_key, "POST", None, msg)
def delete_data_input(splunkd_uri, session_key, owner, app_name, input_type,
name):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. "-", "nobody"
:param app_name: the app"s name, e.g. "Splunk_TA_aws"
:param input_type: name of the input type.
if it is a script input, the input is "script",
for modinput, say snow, the input is "snow"
:param name: The name of the input stanza to create.
i.e. stanza [<input_type>://<name>] will be deleted.
:return raise exception when failed
"""
uri = _input_endpoint_ns(splunkd_uri, owner, app_name, input_type)
uri += "/" + util.format_stanza_name(name)
msg = "Failed to delete data input in app=%s: %s://%s" % (app_name,
input_type, name)
content_request(uri, session_key, "DELETE", None, msg)
def update_data_input(splunkd_uri, session_key, owner, app_name, input_type, name, key_values):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. "-", "nobody"
:param app_name: the app"s name, e.g. "Splunk_TA_aws"
:param input_type: name of the input type.
if it is a script input, the input is "script",
for modinput, say snow, the input is "snow"
:param name: The name of the input stanza to create.
i.e. stanza [<input_type>://<name>] will be updated.
:param key_values: a K-V dict of details in the data input stanza.
:return: raise exception when failure
"""
if "name" in key_values:
del key_values["name"]
uri = _input_endpoint_ns(splunkd_uri, owner, app_name, input_type)
uri += "/" + util.format_stanza_name(name)
msg = "Failed to update data input in app=%s: %s://%s" % (app_name, input_type, name)
content_request(uri, session_key, "POST", key_values, msg)
def get_conf(splunkd_uri, session_key, owner, app_name, conf_name,
stanza=None):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. "-", "nobody"
:param app_name: the app"s name, e.g. "Splunk_TA_aws"
:param conf_name: the name of the conf file, e.g. "props"
:param stanza: stanza name, e.g. "aws:cloudtrail"
:return: a list of stanzas in the conf file, including metadata
"""
uri = _conf_endpoint_ns(splunkd_uri, owner, app_name, conf_name)
if stanza:
uri += "/" + util.format_stanza_name(stanza)
# get all the stanzas at one time
uri += "?count=0&offset=0"
msg = "Failed to get stanza=%s in conf=%s" % (stanza if stanza else stanza, conf_name)
content = content_request(uri, session_key, "GET", None, msg)
return xdp.parse_conf_xml_dom(content)
def get_data_input(splunkd_uri, session_key, owner, app_name, input_type, name=None):
"""
:param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089
:param session_key: splunkd session key
:param owner: the owner (ACL user), e.g. "-", "nobody"
:param app_name: the app"s name, e.g. "Splunk_TA_aws"
:param input_type: name of the input type.
if it is a script input, the input is "script",
for modinput, say snow, the input is "snow"
:param name: The name of the input stanza to create.
i.e. stanza [<input_type>://<name>] will be deleted.
:return: a list of stanzas in the input type, including metadata
"""
uri = _input_endpoint_ns(splunkd_uri, owner, app_name, input_type)
if name:
uri += "/" + util.format_stanza_name(name)
# get all the stanzas at one time
uri += "?count=0&offset=0"
msg = "Failed to get data input in app=%s: %s://%s" % (app_name, input_type, name if name else name)
content = content_request(uri, session_key, "GET", None, msg)
return xdp.parse_conf_xml_dom(content)
def _build_name(realm, name):
return util.format_stanza_name(
"".join((CredentialManager._escape_string(realm), ":",
CredentialManager._escape_string(name), ":")))