Using the latest version (1.2.0) of WebTools, I am running into an issue where I can’t do a cURL against an API using authentication provided in the header itself. WebTools appears to be forcing Basic authentication (unless Splunk authentication is specified, in which case it builds a custom header).
To demonstrate the issue, here is a vanilla cURL:
In this case, the API is complaining that that I forgot the X-Sysdig-Product header.
If I do the same request in Web Tools, I get a 401 Unauthorized instead of a 400 Bad Request:
Based on what I see in this app's curl.py file, basic authentication is always going to be sent to the "request" library get() method (unless Splunk authorization is specified; then the get call in the 'else' block is selected). I would suggest that "def get(..." in curl.py is modified so that the requests.get() call does not send "auth=(user,password)", if both the user and password inputs are set to the default "None".
if sessionKey == None:
if user ==None and password == None:
r = requests.get(uri,data=payload,verify=verifyssl, headers=headers, timeout=timeout)
r = requests.get(uri,auth=(user,password),data=payload,verify=verifyssl, headers=headers, timeout=timeout)