All Apps and Add-ons

Splunk Addon Builder 4 package resetting password.conf entries to ******** ?

Ludvik
Explorer

All, 

I built a previous TA and upgrades worked fine in the past. My recent TA build with AOB 4.0 has an issue where the the modular input passwords in password.conf are all erased and set to ******** (exactly 8). I have tried to debug this every possible way I could. Has anyone seen an issue where passwords were reset with all asterisks? I know from the the logs that this occurs immediately after the upgrade but the logs don't shed light on why the reset occurs.    

 

clear_password {"api_key": "********"}

 

I am ripping my hair out and I can't seem to figure why this is happening. Once I upgrade and try to upgrade to different build issue no longer occurs. 

 

Labels (1)
0 Karma
1 Solution

Ludvik
Explorer

This issue is specifically related to the new credentials.py under /aob_py[23]/splunktaucclib/rest_handler/credentials.py

The old magic password format as 8 '*' (asterisks), but the new lib is matching the formatting constant to six '*' (asterisks) to make it consistent with solnlib but it ultimately breaks exiting installs. 

 

To fix this you must patch the credentials.py to recognize the legacy format (eight astrisks) and rewrite the inputs.conf with the new six asterisks format. 

I simply added an additional condition to the _merge_passwords function to check for the old format, and to rewrite the new magic password. This fixes the problem for upgrades and future releases. 

 

elif existed_model["content"][k] == "********":
# set existing as raw value, magic pattern is the old one so rewrite this item to fix it.
existed_model["content"][k] = v
need_write_magic_pwd = True

View solution in original post

Ludvik
Explorer

The issue is related to the following python file packaged with AOB. On older versions of AOB packages the credential.py is looking for 8 asterisks in inputs.conf. In later versions it's looking for 6  asterisks, and as a result they overwrite values in password.conf. Basically, your password.conf file will have  8 asterisks encrypted in the resulting password.conf file. 

 

/opt/splunk/etc/apps/TA-proofpoint-isolation/bin/ta_proofpoint_isolation/aob_py3/splunktaucclib/rest_handler/credentials.py: # if the field value is '********', keep the original value
/opt/splunk/etc/apps/TA-proofpoint-isolation/bin/ta_proofpoint_isolation/aob_py3/splunktaucclib/rest_handler/credentials.py: # original password does not exist, use '********' as password
/opt/splunk/etc/apps/TA-proofpoint-/opt/splunk/etc/apps/TA-proofpoint-isolation/bin/ta_proofpoint_isolation/aob_py3/splunktaucclib/rest_handler/credentials.py: # if the field value is '********', keep the original value
/opt/splunk/etc/apps/TA-proofpoint-isolation/bin/ta_proofpoint_isolation/aob_py3/splunktaucclib/rest_handler/credentials.py: # original password does not exist, use '********' as password
/opt/splunk/etc/apps/TA-proofpoint-isolation/bin/ta_proofpoint_isolation/aob_py3/splunktaucclib/rest_handler/credentials.py: # if the field value is '********', keep the original value
/opt/splunk/etc/apps/TA-proofpoint-isolation/bin/ta_proofpoint_isolation/aob_py3/splunktaucclib/rest_handler/credentials.py: # original password does not exist, use '********' as password
/opt/splunk/etc/apps/TA-proofpoint-isolation/bin/ta_proofpoint_isolation/aob_py3/splunktaucclib/rest_handler/credentials.py: # if the field value is '********', keep the original value
/opt/splunk/etc/apps/TA-proofpoint-isolation/bin/ta_proofpoint_isolation/aob_py3/splunktaucclib/rest_handler/credentials.py: # original password does not exist, use '********' as password

 

 

0 Karma

Ludvik
Explorer

This issue is specifically related to the new credentials.py under /aob_py[23]/splunktaucclib/rest_handler/credentials.py

The old magic password format as 8 '*' (asterisks), but the new lib is matching the formatting constant to six '*' (asterisks) to make it consistent with solnlib but it ultimately breaks exiting installs. 

 

To fix this you must patch the credentials.py to recognize the legacy format (eight astrisks) and rewrite the inputs.conf with the new six asterisks format. 

I simply added an additional condition to the _merge_passwords function to check for the old format, and to rewrite the new magic password. This fixes the problem for upgrades and future releases. 

 

elif existed_model["content"][k] == "********":
# set existing as raw value, magic pattern is the old one so rewrite this item to fix it.
existed_model["content"][k] = v
need_write_magic_pwd = True

joshiro
Communicator

We are currently trying to make an app upgrade seamlessly but the addon builder 4 version of the app doesnt like the inputs.conf from the older versions. The cause of this problem is this new password constant, but we need to make it work without the requirement to manually change the current password from six * to eight *.

We are testing a patch that modifies the PASSWORD constant directly so the entire lib uses the old constant, but we dont know if it breaks other stuff.

Anyone encountered this problem and managed to solve?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...