All Apps and Add-ons

Why is the Rest API to uCMDB is throwing error in REST API Modular Input?

Motivator

Getting below error for custom Authentication:

 04-19-2018 14:10:40.506 +0200 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/rest_ta/bin/rest.py" Exception performing request: 'token'

Input:

alt text

Authhandlers.py:

from requests.auth import AuthBase
import hmac
import base64
import hashlib
import urlparse
import urllib
import requests,json
#add your custom auth handler class to this module
class SessionKeyAuth(AuthBase):
        def __init__(self,**args):
                self.auth_url = args['auth_url']
                pass

        def __call__(self, r):
                if not 'X-HP3PAR-WSAPI-SessionKey' in r.headers:
                #perform auth
                        credentials = {'user':'xxxxx','password':'xxxxxx'}
                        req_args = {"verify" : False}
                        headers = {'content-type': 'application/json'}
                        auth_response = requests.post(self.auth_url,data=json.dumps(credentials),headers=headers,**req_args)
                        response_json = json.loads(auth_response.text)
                        session_key = response_json["key"]
                        r.headers['X-HP3PAR-WSAPI-SessionKey'] = session_key
                        return r

class TokenKeyAuth(AuthBase):
        def __init__(self,**args):
                self.auth_url = args['auth_url']
                pass

        def __call__(self, r):
                if not 'Authorization' in r.headers:
                #perform auth
                        credentials = {'username':'xxxxx','password':'xxxxxx'}
                        req_args = {"verify" : False}
                        headers = {'content-type': 'application/json'}
                        auth_response = requests.post(self.auth_url,data=json.dumps(credentials),headers=headers,**req_args)
                        response_json = json.loads(auth_response.text)
                        token_key = response_json["token"]
                        r.headers['Authorization'] = "Bearer "+token_key
                        return r

Class SessionKeyAuth is for 3PAR storage and Class TokenKeyAuth is for HP uCMDB

HP uCMDB REST API :

http://cmshelpcenter.saas.hp.com/CMS/10.33/ucmdb-docs/docs/eng/doc_lib/Content/REST_API/REST_API_Que...

HP 3PAR is working but not uCMDB REST API class. Please help.

0 Karma
1 Solution

Motivator

Issue Resolved:

class TokenKeyAuth(AuthBase):
        def __init__(self,**args):
                self.auth_url = args['auth_url']
                pass

        def __call__(self, r):
                if not 'Authorization' in r.headers:
                #perform auth
                        data = {'username':'xxxxx','password':'xxxxxxx','clientContext':'1'}
                        req_args = {"verify" : False}
                        headers = {'Content-Type': 'application/json'}
                        auth_response = requests.post(self.auth_url,data=json.dumps(data),headers=headers,**req_args)
                        response_json = json.loads(auth_response.text)
                        token_key = response_json["token"]
                        r.headers['Authorization'] = "Bearer "+token_key
                        return r

'clientContext':'1' should be included in the message body. And a splunk service restart is required since the script checks header "Authorization" and uses the old token to communicate.

The funny part is ,it returns token even if it is not included with content context but unusable.

And thanks @damien for the mental support 🙂 . Atleast I have a person to discuss about Splunk REST API.

View solution in original post

0 Karma

Motivator

Issue Resolved:

class TokenKeyAuth(AuthBase):
        def __init__(self,**args):
                self.auth_url = args['auth_url']
                pass

        def __call__(self, r):
                if not 'Authorization' in r.headers:
                #perform auth
                        data = {'username':'xxxxx','password':'xxxxxxx','clientContext':'1'}
                        req_args = {"verify" : False}
                        headers = {'Content-Type': 'application/json'}
                        auth_response = requests.post(self.auth_url,data=json.dumps(data),headers=headers,**req_args)
                        response_json = json.loads(auth_response.text)
                        token_key = response_json["token"]
                        r.headers['Authorization'] = "Bearer "+token_key
                        return r

'clientContext':'1' should be included in the message body. And a splunk service restart is required since the script checks header "Authorization" and uses the old token to communicate.

The funny part is ,it returns token even if it is not included with content context but unusable.

And thanks @damien for the mental support 🙂 . Atleast I have a person to discuss about Splunk REST API.

View solution in original post

0 Karma

Ultra Champion

Well done 🙂

Also, FYI , our company provide formal commercial support for our offerings , www.baboonbones.com

0 Karma

Motivator

I knew this and I am following your answers silently 🙂

0 Karma

Ultra Champion

Nothing immediately comes to mind , are there any more log error lines after the example you showed ?
Perhaps the auth POST failed and hence the "token" JSON key was not present in the response , and an error was thrown trying to access it.

Motivator

Thanks for your response. I am eagerly waiting for you.

After restarting the splunk service now I am getting 401 unauthorized error.

04-20-2018 07:25:08.155 +0200 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/rest_ta/bin/rest.py" HTTP Request error: 401 Client Error: Unauthorized

I took the returned token and tried REST API call on SOAP UI, the returned token seems to be not working in SOAP UI as well.

{"error": "The following error has occurred:  Token is invalid or was tampered with. Please consult logs for more details"}

But when I try to get token using SOAP UI, that token is valid and working.

Both token (one returned in splunk rest api python and SOAP UI) format seems to be same with 177 characters and starting letters are similar in nature.

I think I need to check on HP uCMDB wsapi logs on why the token returned using the script is not working.

Any suggestions?

0 Karma

Ultra Champion

I know nothing about uCMDB sorry.
Perhaps trying tracing the requests on the network (wireshark etc..) and comparing what soapui sends vs what the rest mod input sends ie: compare the auth headers.

0 Karma

Motivator

@damien ,pelase help

0 Karma

Builder

add some logging to your script and it'll give you more visibility to the error.

0 Karma

Motivator

I am new to python,can you help me with few lines?

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!