Building for the Splunk Platform

Is the StoragePasswords Python SDK support broken?

snargleplax
Explorer

I've been trying to convert some Python code from using bare REST to using the Splunk Python SDK. I've been successful with every endpoint I'm hitting except for /storage/passwords -- for some reason, that one seems to be hitting invalid URIs rather than those I expect. I don't see any example code for this endpoint either, and I'm wondering if it's just broken.

I've monitored splunkd_access.log to see what URIs it's actually hitting, and the ones hit by the SDK code appear ill-formed. Here's what I'm hitting in my manual REST version:

/servicesNS/nobody/my_addon_name/storage/passwords/my_password_name

And here's what it hits when calling service.storage_passwords.list():

/services/storage/passwords/?count=-1&offset=0

This responds with 200, but I get an empty list of passwords even though there are definitely passwords in the store (as confirmed via direct REST as above). I've also tried calling get(), to no avail. With no args, it hits the exact same URL as list(). If I pass in a param (e.g. get('foo')), it builds a nonsense URL:

/services/storage/passwords/foo

and this yields 404.

There is a documented parameter called path_segment, but when I specify it, I get an error:

File "/Library/Python/2.7/site-packages/splunklib/client.py", line 1640, in get
return super(Collection, self).get(name, owner, app, sharing, **query)
TypeError: get() got multiple values for keyword argument 'path_segment'

I'd appreciate knowing if I'm missing something here, or if this is just broken (and if so, please fix it -- and the docs).

0 Karma

starcher
SplunkTrust
SplunkTrust

I've posted some examples of using the storage endpoint for different types of knowledge objects and scripts.
http://www.georgestarcher.com/splunk-stored-encrypted-credentials/

0 Karma

snargleplax
Explorer

I think there must be something else I'm missing. The REST API doc examples for this endpoint actually show the URIs hit by the SDK:

curl -k -u admin:changeme https://localhost:8089/services/storage/passwords

But the sample XML response shows the "serviceNS" endpoints that I've been (successfully) hitting via direct REST:

https://localhost:8089/servicesNS/nobody/search/storage/passwords/%3Atestuser%3A
(etc)

What exactly is the deal here?

0 Karma

snargleplax
Explorer

(XML didn't show up right when pasted into the above comment)

0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...