def content_request(uri, session_key, method, payload, err_msg):
"""
:return: response content if successful otherwise raise
ConfRequestException
"""
resp, content = rest.splunkd_request(uri,
session_key,
method,
data=payload,
retry=3)
if resp is None and content is None:
return None
if resp.status >= 200 and resp.status <= 204:
return content
else:
msg = "{}, status={}, reason={}, detail={}".format(
err_msg, resp.status, resp.reason, content)
logger.error(msg)
if resp.status == 404:
raise ConfNotExistsException(msg)
if resp.status == 409:
raise ConfExistsException(msg)
else:
if content and "already exists" in content:
raise ConfExistsException(msg)
raise ConfRequestException(msg)
def _get_credentials(self, prop, name=None):
"""
:return: clear or encrypted password for specified realm, user
"""
endpoint = self._get_endpoint(name, True)
response, content = rest.splunkd_request(endpoint,
self._session_key,
method="GET")
if response is None and content is None:
raise CredException("Failed to get clear credentials")
results = {}
if response and response.status in (200, 201) and content:
passwords = xdp.parse_conf_xml_dom(content)
for password in passwords:
if password.get("realm") == self._realm:
values = password[prop].split(self._sep)
if len(values) % 2 == 1:
continue
result = {
values[i]: values[i + 1]
for i in range(0, len(values), 2)
}
results[password.get("username")] = result
return results
def get_session_key(username,
password,
splunkd_uri="https://localhost:8089"):
"""
Get session key by using login username and passwrod
:return: session_key if successful, None if failed
"""
eid = "".join((splunkd_uri, "/services/auth/login"))
postargs = {
"username": username,
"password": password,
}
response, content = rest.splunkd_request(eid,
None,
method="POST",
data=postargs)
if response is None and content is None:
raise CredException("Get session key failed.")
xml_obj = xdm.parseString(content)
session_nodes = xml_obj.getElementsByTagName("sessionKey")
if not session_nodes:
raise CredException("Invalid username or password.")
session_key = session_nodes[0].firstChild.nodeValue
if not session_key:
raise CredException("Get session key failed.")
return session_key
def get_session_key(username,
password,
splunkd_uri="https://localhost:8089"):
"""
Get session key by using login username and passwrod
:return: session_key if successful, None if failed
"""
eid = "".join((splunkd_uri, "/services/auth/login"))
postargs = {"username": username, "password": password, }
response, content = rest.splunkd_request(
eid,
None,
method="POST",
data=postargs)
if response is None and content is None:
raise CredException("Get session key failed.")
xml_obj = xdm.parseString(content)
session_nodes = xml_obj.getElementsByTagName("sessionKey")
if not session_nodes:
raise CredException("Invalid username or password.")
session_key = session_nodes[0].firstChild.nodeValue
if not session_key:
raise CredException("Get session key failed.")
return session_key
def _get_credentials(self, prop, name=None):
"""
:return: clear or encrypted password for specified realm, user
"""
endpoint = self._get_endpoint(name, True)
response, content = rest.splunkd_request(
endpoint,
self._session_key,
method="GET")
if response is None and content is None:
raise CredException("Failed to get clear credentials")
results = {}
if response and response.status in (200, 201) and content:
passwords = xdp.parse_conf_xml_dom(content)
for password in passwords:
if password.get("realm") == self._realm:
values = password[prop].split(self._sep)
if len(values) % 2 == 1:
continue
result = {
values[i]: values[i + 1]
for i in range(0, len(values), 2)
}
results[password.get("username")] = result
return results
def _do_rest(uri, session_key):
resp, content = rest.splunkd_request(uri, session_key)
if resp is None:
return None
if resp.status not in (200, 201):
return None
stanza_objs = xdp.parse_conf_xml_dom(content)
if not stanza_objs:
return None
return stanza_objs[0]
def _do_rest(uri, session_key):
resp, content = rest.splunkd_request(uri, session_key)
if resp is None:
return None
if resp.status not in (200, 201):
return None
stanza_objs = xdp.parse_conf_xml_dom(content)
if not stanza_objs:
return None
return stanza_objs[0]
def delete(self, name, throw=False):
"""
Delete the encrypted entry
"""
endpoint = self._get_endpoint(name)
response, content = rest.splunkd_request(endpoint,
self._session_key,
method="DELETE")
if not response or response not in (200, 201):
if throw:
raise CredException(
"Failed to delete credential stanza {}".format(name))
def delete(self, name, throw=False):
"""
Delete the encrypted entry
"""
endpoint = self._get_endpoint(name)
response, content = rest.splunkd_request(
endpoint,
self._session_key,
method="DELETE")
if not response or response not in (200, 201):
if throw:
raise CredException(
"Failed to delete credential stanza {}".format(name))
def get_all_passwords(self):
"""
:return: a list of dict when successful, None when failed.
the dict at least contains
{
"realm": xxx,
"username": yyy,
"clear_password": zzz,
}
"""
endpoint = "{}/services/storage/passwords".format(self._splunkd_uri)
response, content = rest.splunkd_request(endpoint,
self._session_key,
method="GET")
if response and response.status in (200, 201) and content:
return xdp.parse_conf_xml_dom(content)
raise CredException("Failed to get credentials")
def _create(self, name, str_to_encrypt):
"""
Create a new stored credential.
:return: raise on failure
"""
payload = {
"name": name,
"password": str_to_encrypt,
"realm": self._realm,
}
endpoint = self._get_endpoint(name)
resp, content = rest.splunkd_request(endpoint,
self._session_key,
method="POST",
data=payload)
if not resp or resp.status not in (200, 201):
raise CredException("Failed to encrypt username {}".format(name))
def get_all_passwords(self):
"""
:return: a list of dict when successful, None when failed.
the dict at least contains
{
"realm": xxx,
"username": yyy,
"clear_password": zzz,
}
"""
endpoint = "{}/services/storage/passwords".format(self._splunkd_uri)
response, content = rest.splunkd_request(
endpoint,
self._session_key,
method="GET")
if response and response.status in (200, 201) and content:
return xdp.parse_conf_xml_dom(content)
raise CredException("Failed to get credentials")
def _create(self, name, str_to_encrypt):
"""
Create a new stored credential.
:return: raise on failure
"""
payload = {
"name": name,
"password": str_to_encrypt,
"realm": self._realm,
}
endpoint = self._get_endpoint(name)
resp, content = rest.splunkd_request(endpoint,
self._session_key,
method="POST",
data=payload)
if not resp or resp.status not in (200, 201):
raise CredException("Failed to encrypt username {}".format(name))
def _do_request(self,
uri,
method,
data=None,
content_type="application/x-www-form-urlencoded"):
headers = {"Content-Type": content_type}
resp, content = rest.splunkd_request(uri, self._session_key, method,
headers, data)
if resp is None and content is None:
raise KVException("Failed uri={0}, data={1}".format(uri, data))
if resp.status in (200, 201):
return content
elif resp.status == 409:
raise KVAlreadyExists("{0}-{1} already exists".format(uri, data))
elif resp.status == 404:
raise KVNotExists("{0}-{1} not exists".format(uri, data))
else:
raise KVException("Failed to {0} {1}, reason={2}".format(
method, uri, resp.reason))
