https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304681#M3942 <P>Just to recap.</P> <P>Make sure you are getting the valid session key. Print it out. You could also test your code by substituting a connect by a static username/password combo temporarily </P> <P>You might try changing your sessions to the following. Since you are getting the storage password list, app is going to be irrelvant.</P> <PRE><CODE>service = client.connect(token=session_key) </CODE></PRE> <P>Confirm what user context the knowledge object is running under (input/alert etc), I suspect that nobody or your session key is causing you the issue.<BR /> <A href="http://dev.splunk.com/view/python-sdk/SP-CAAAEJ6#currentuser" target="_blank">http://dev.splunk.com/view/python-sdk/SP-CAAAEJ6#currentuser</A></P> <P>Ensure that user has the list_storage_passwords capability.</P> <P>Use something like this to grab just the credential that matches the desired realm and username</P> <PRE><CODE> retrievedCredential = [k for k in storage_passwords if k.content.get('realm')==realm and k.content.get('username')==username][0] </CODE></PRE> Tue, 29 Sep 2020 12:52:30 GMT starcher 2020-09-29T12:52:30Z https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304670#M3931 <P>Hi There,</P> <P>We are getting reports that the Mimecast for Splunk app is failing to return our credentials from splunk secure storage using Splunk version 6.5.1. The app uses the Splunk Python SDK for this function.</P> <P>The exception that we are getting is:</P> <PRE><CODE>&lt;class 'xml.etree.ElementTree.ParseError'&gt; </CODE></PRE> <P>Here is a sample of the code we use here:</P> <PRE><CODE> try: import splunklib.client as client service = client.connect(token=params["session_key"], app="mimecast_for_splunk", owner="nobody") storage_passwords = service.storage_passwords for storage_password in storage_passwords: if storage_password.realm == "mimecast_for_splunk": -----truncated------ except: # code to add the exception to a log file on disk </CODE></PRE> <P>Any help or guidance on this would be greatly appreciated.</P> Wed, 15 Feb 2017 13:40:21 GMT https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304670#M3931 alevy 2017-02-15T13:40:21Z https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304671#M3932 <P>Looks like some xml parsing issues... do you parse xml in the code? Are there any other errors? </P> Wed, 15 Feb 2017 15:22:33 GMT https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304671#M3932 jkat54 2017-02-15T15:22:33Z https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304672#M3933 <P>Thank you for your reply. I don;t do any parsing myself, I leave that to SDK. I'm expecting an array back from:</P> <P>storage_passwords = service.storage_passwords</P> <P>What do you think?</P> Tue, 29 Sep 2020 12:53:47 GMT https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304672#M3933 alevy 2020-09-29T12:53:47Z https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304673#M3934 <P>does service even work?</P> <P>curious how you're getting the session key, if youre passing auth in commands.conf or not.</P> Wed, 15 Feb 2017 15:29:41 GMT https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304673#M3934 jkat54 2017-02-15T15:29:41Z https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304674#M3935 <P>It does, we are only seeing this with 1 or 2 customers. </P> <P>The script runs as a modular input so I get the session key from std in on script startup.</P> Wed, 15 Feb 2017 15:31:57 GMT https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304674#M3935 alevy 2017-02-15T15:31:57Z https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304675#M3936 <P>Does the user firing the alert have the capability: list_storage_passwords ?</P> Tue, 29 Sep 2020 12:52:12 GMT https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304675#M3936 starcher 2020-09-29T12:52:12Z https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304676#M3937 <P>You might also want to do something more like the following to get a specific credential matching the desired realm and username. just a little more compact that the typical for loop structure.</P> <PRE><CODE>retrievedCredential = [k for k in storage_passwords if k.content.get('realm')==realm and k.content.get('username')==username][0] </CODE></PRE> Wed, 15 Feb 2017 16:15:34 GMT https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304676#M3937 starcher 2017-02-15T16:15:34Z https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304677#M3938 <P>Thanks for that, wouldn't Modular Inputs run as the user running the splunk service?</P> <P>How would we check what user context this is being run under and if they have that permission?</P> Wed, 15 Feb 2017 18:29:50 GMT https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304677#M3938 alevy 2017-02-15T18:29:50Z https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304678#M3939 <P>It runs as whomever (splunk user) owns the search that fired. That is not the same thing as what splunkd runs as. You are confusing OS vs Application users.</P> Wed, 15 Feb 2017 18:32:56 GMT https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304678#M3939 starcher 2017-02-15T18:32:56Z https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304679#M3940 <P>OK, I would understand that if this was triggered by a search but this is triggered as a Data Input.</P> <P>Apologies if I am misunderstanding.</P> Wed, 15 Feb 2017 18:43:49 GMT https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304679#M3940 alevy 2017-02-15T18:43:49Z https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304680#M3941 <P>All knowledge objects still have owners. The session key is going to auth as whomever that is. That will determine the permissions/capability by role.</P> <P>This shows you how in your code to tell which user you are.<BR /> <A href="http://dev.splunk.com/view/python-sdk/SP-CAAAEJ6#currentuser">http://dev.splunk.com/view/python-sdk/SP-CAAAEJ6#currentuser</A></P> Wed, 15 Feb 2017 18:48:07 GMT https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304680#M3941 starcher 2017-02-15T18:48:07Z https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304681#M3942 <P>Just to recap.</P> <P>Make sure you are getting the valid session key. Print it out. You could also test your code by substituting a connect by a static username/password combo temporarily </P> <P>You might try changing your sessions to the following. Since you are getting the storage password list, app is going to be irrelvant.</P> <PRE><CODE>service = client.connect(token=session_key) </CODE></PRE> <P>Confirm what user context the knowledge object is running under (input/alert etc), I suspect that nobody or your session key is causing you the issue.<BR /> <A href="http://dev.splunk.com/view/python-sdk/SP-CAAAEJ6#currentuser" target="_blank">http://dev.splunk.com/view/python-sdk/SP-CAAAEJ6#currentuser</A></P> <P>Ensure that user has the list_storage_passwords capability.</P> <P>Use something like this to grab just the credential that matches the desired realm and username</P> <PRE><CODE> retrievedCredential = [k for k in storage_passwords if k.content.get('realm')==realm and k.content.get('username')==username][0] </CODE></PRE> Tue, 29 Sep 2020 12:52:30 GMT https://community.splunk.com/t5/Splunk-Dev/getting-storage-passwords-using-python-sdk/m-p/304681#M3942 starcher 2020-09-29T12:52:30Z