All Apps and Add-ons

Is it possible to obtain Session Keys to access a storage device REST API using the REST API Modular Input?

Communicator

I have a couple devices I need to access via REST that require a post operation to obtain a session key.

The process works like this:
post to url while authenticated to obtain session key

Response looks like this:

{
  "key": "0-f34t3ygg35t333344554-453f336"
}

Then I need to take that key value and include it in my header of the REST call, which in this instance, happens to be called X-HP3PAR-WSAPI-SessionKey.

Is there a way to accomplish this using the REST API Modular Input?

1 Solution

Ultra Champion

If my above assumption/guess is correct , then you could try a custom authentication handler like below.

Note , this is purely untested example code to refer to , tweak it as you see fit to make your flow work.

Add the code to rest_ta/bin/authhandlers.py. Then wire it up in your REST stanza.

import requests,json

class SessionKeyAuth(AuthBase):

    def __init__(self,**args):
        self.auth_url = args['auth_url']
        pass

    def __call__(self, r):
        if not 'X-HP3PAR-WSAPI-SessionKey' in r.headers:
            #perform auth
            auth_response = requests.post(self.auth_url)
            response_json = json.loads(auth_response.text)
            session_key = response_json["key"]
            r.headers['X-HP3PAR-WSAPI-SessionKey'] = session_key
        return r

alt text

View solution in original post

Motivator

Could you please tell me whether you are able to get 3PAR data using REST API ,if so please help us with the steps you did to achieve this.

0 Karma

Motivator

@David :: Could you please tell me whether you are able to get 3PAR data using REST API ,if so please help us with the steps you did to achieve this.

Thanks in advance

Ansif

0 Karma

Ultra Champion

If my above assumption/guess is correct , then you could try a custom authentication handler like below.

Note , this is purely untested example code to refer to , tweak it as you see fit to make your flow work.

Add the code to rest_ta/bin/authhandlers.py. Then wire it up in your REST stanza.

import requests,json

class SessionKeyAuth(AuthBase):

    def __init__(self,**args):
        self.auth_url = args['auth_url']
        pass

    def __call__(self, r):
        if not 'X-HP3PAR-WSAPI-SessionKey' in r.headers:
            #perform auth
            auth_response = requests.post(self.auth_url)
            response_json = json.loads(auth_response.text)
            session_key = response_json["key"]
            r.headers['X-HP3PAR-WSAPI-SessionKey'] = session_key
        return r

alt text

View solution in original post

Communicator

Thanks for your help Damien! I threw the response_json into a file and saw it was showing unsupported content. The following code works:

 def __call__(self, r):
                if not 'X-HP3PAR-WSAPI-SessionKey' in r.headers:
                #perform auth
                        credentials = {'user':'user','password':'password'}
                        req_args = {"verify" : False}
                        headers = {'content-type': 'application/json'}
                        auth_response = requests.post(self.auth_url,data=json.dumps(credentials),headers=headers,**req_args)
                        response_json = json.loads(auth_response.text)
                        session_key = response_json["key"]
                        r.headers['X-HP3PAR-WSAPI-SessionKey'] = session_key
                return r

Communicator

Thanks Damien.

Getting one error, It looks like it is failing the ssl check.

SSL routines:SSL3GETSERVER_CERTIFICATE:certificate verify failed

Where would I put verify=false in the sample code?

0 Karma

Ultra Champion

something like :

#perform auth
 req_args = {"verify" : False}
 auth_response = requests.post(self.auth_url,**req_args)
0 Karma

Communicator

Awesome. Thanks so much for your help. Got past the ssl error. Now I get this:

ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/rest_ta/bin/rest.py" Exception performing request: 'key'

I also noticed that it needed auth in the body of the post. So I did this hoping it would fix the issue with no luck:

req_args = {"verify" : False}
                        auth_response = requests.post(self.auth_url,{'user':'username','password':'pass'},**req_args)
                        response_json = json.loads(auth_response.text)
                        session_key = response_json["key"]
                        r.headers['X-HP3PAR-WSAPI-SessionKey'] = session_key
0 Karma

Ultra Champion

Please refer to the docs , http://www.python-requests.org/en/latest/ , for how to use the requests API correctly for sending your auth POST request.

Perhaps the "More complicated POST requests" section of the docs will lead you in the right direction.

0 Karma

Ultra Champion

Can you describe the "post to url while authenticated to obtain session key" ie: is this a separate authentication URL from the subsequent REST URL you need to call with the session key in the header ?

I can then give you an example custom authentication handler to play with.Should be very easy.

Splunk Employee
Splunk Employee

Hi @david.rose,
I'm a tech writer here at Splunk and I'd like to help. If I understand your question correctly, are you looking for an endpoint for obtaining a session key? This one might help, if so:
http://docs.splunk.com/Documentation/Splunk/6.2.5/RESTREF/RESTaccess#auth.2Flogin

Hope that helps! Let me know if that does not answer your question. We can continue discussing this.

All the best,
@frobinson_splunk

0 Karma

Communicator

Thanks frobinson, but what I am needing is not session keys for accessing the Splunk rest api.

In this specific case, I need to access a storage device REST API via the Rest API Modular Input. I have it working for some, but this particular one (3par) requires a session key, which I am not sure exactly how to do via the input.

0 Karma

Splunk Employee
Splunk Employee

Oh, thanks for clarifying, @david.rose. If I find something specific to setting this up via the input, I'll post it here!

@frobinson_splunk

0 Karma

Splunk Employee
Splunk Employee

In case it's of use and you haven't already tried it out, the documentation for the REST API Modular Input suggests that you can provide your own authentication handler:
https://splunkbase.splunk.com/app/1546/#/documentation
It links to this example of passing an auth token in a GET request:
http://docs.python-requests.org/en/latest/user/advanced/#custom-authentication

I'll defer to the REST API Modular Input experts here on Answers for further guidance.

All the best,
@frobinson_splunk