Solved: Why is the Rest API to uCMDB is throwing error in ...

ansif · ‎04-19-2018

Getting below error for custom Authentication:

 04-19-2018 14:10:40.506 +0200 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/rest_ta/bin/rest.py" Exception performing request: 'token'

Input:

alt text

Authhandlers.py:

from requests.auth import AuthBase
import hmac
import base64
import hashlib
import urlparse
import urllib
import requests,json
#add your custom auth handler class to this module
class SessionKeyAuth(AuthBase):
        def __init__(self,**args):
                self.auth_url = args['auth_url']
                pass

        def __call__(self, r):
                if not 'X-HP3PAR-WSAPI-SessionKey' in r.headers:
                #perform auth
                        credentials = {'user':'xxxxx','password':'xxxxxx'}
                        req_args = {"verify" : False}
                        headers = {'content-type': 'application/json'}
                        auth_response = requests.post(self.auth_url,data=json.dumps(credentials),headers=headers,**req_args)
                        response_json = json.loads(auth_response.text)
                        session_key = response_json["key"]
                        r.headers['X-HP3PAR-WSAPI-SessionKey'] = session_key
                        return r

class TokenKeyAuth(AuthBase):
        def __init__(self,**args):
                self.auth_url = args['auth_url']
                pass

        def __call__(self, r):
                if not 'Authorization' in r.headers:
                #perform auth
                        credentials = {'username':'xxxxx','password':'xxxxxx'}
                        req_args = {"verify" : False}
                        headers = {'content-type': 'application/json'}
                        auth_response = requests.post(self.auth_url,data=json.dumps(credentials),headers=headers,**req_args)
                        response_json = json.loads(auth_response.text)
                        token_key = response_json["token"]
                        r.headers['Authorization'] = "Bearer "+token_key
                        return r

Class SessionKeyAuth is for 3PAR storage and Class TokenKeyAuth is for HP uCMDB

HP uCMDB REST API :

http://cmshelpcenter.saas.hp.com/CMS/10.33/ucmdb-docs/docs/eng/doc_lib/Content/REST_API/REST_API_Que...

HP 3PAR is working but not uCMDB REST API class. Please help.

ansif · ‎04-20-2018

Issue Resolved:

class TokenKeyAuth(AuthBase):
        def __init__(self,**args):
                self.auth_url = args['auth_url']
                pass

        def __call__(self, r):
                if not 'Authorization' in r.headers:
                #perform auth
                        data = {'username':'xxxxx','password':'xxxxxxx','clientContext':'1'}
                        req_args = {"verify" : False}
                        headers = {'Content-Type': 'application/json'}
                        auth_response = requests.post(self.auth_url,data=json.dumps(data),headers=headers,**req_args)
                        response_json = json.loads(auth_response.text)
                        token_key = response_json["token"]
                        r.headers['Authorization'] = "Bearer "+token_key
                        return r

'clientContext':'1' should be included in the message body. And a splunk service restart is required since the script checks header "Authorization" and uses the old token to communicate.

The funny part is ,it returns token even if it is not included with content context but unusable.

And thanks @damien for the mental support 🙂 . Atleast I have a person to discuss about Splunk REST API.

View solution in original post

ansif · ‎04-20-2018

Issue Resolved:

class TokenKeyAuth(AuthBase):
        def __init__(self,**args):
                self.auth_url = args['auth_url']
                pass

        def __call__(self, r):
                if not 'Authorization' in r.headers:
                #perform auth
                        data = {'username':'xxxxx','password':'xxxxxxx','clientContext':'1'}
                        req_args = {"verify" : False}
                        headers = {'Content-Type': 'application/json'}
                        auth_response = requests.post(self.auth_url,data=json.dumps(data),headers=headers,**req_args)
                        response_json = json.loads(auth_response.text)
                        token_key = response_json["token"]
                        r.headers['Authorization'] = "Bearer "+token_key
                        return r

'clientContext':'1' should be included in the message body. And a splunk service restart is required since the script checks header "Authorization" and uses the old token to communicate.

The funny part is ,it returns token even if it is not included with content context but unusable.

And thanks @damien for the mental support 🙂 . Atleast I have a person to discuss about Splunk REST API.

Damien_Dallimor · ‎04-20-2018

Well done 🙂

Also, FYI , our company provide formal commercial support for our offerings , www.baboonbones.com

ansif · ‎04-20-2018

I knew this and I am following your answers silently 🙂

Damien_Dallimor · ‎04-19-2018

Nothing immediately comes to mind , are there any more log error lines after the example you showed ?
Perhaps the auth POST failed and hence the "token" JSON key was not present in the response , and an error was thrown trying to access it.

ansif · ‎04-19-2018

Thanks for your response. I am eagerly waiting for you.

After restarting the splunk service now I am getting 401 unauthorized error.

04-20-2018 07:25:08.155 +0200 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/rest_ta/bin/rest.py" HTTP Request error: 401 Client Error: Unauthorized

I took the returned token and tried REST API call on SOAP UI, the returned token seems to be not working in SOAP UI as well.

{"error": "The following error has occurred:  Token is invalid or was tampered with. Please consult logs for more details"}

But when I try to get token using SOAP UI, that token is valid and working.

Both token (one returned in splunk rest api python and SOAP UI) format seems to be same with 177 characters and starting letters are similar in nature.

I think I need to check on HP uCMDB wsapi logs on why the token returned using the script is not working.

Any suggestions?

Damien_Dallimor · ‎04-20-2018

I know nothing about uCMDB sorry.
Perhaps trying tracing the requests on the network (wireshark etc..) and comparing what soapui sends vs what the rest mod input sends ie: compare the auth headers.

ansif · ‎04-19-2018

@damien ,pelase help

jangid · ‎04-19-2018

add some logging to your script and it'll give you more visibility to the error.

ansif · ‎04-19-2018

I am new to python,can you help me with few lines?

Why is the Rest API to uCMDB is throwing error in REST API Modular Input?

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...