Developing for Splunk Enterprise

get_global_setting returns api_key as "undefined"

KeaganJ
Path Finder

Reposting this in the correct area of the forum.

I have made a Tech add on that polls an API. In order to perform requests against the API, an API key is required.

I have used the following as the example in order to get the URL and the API key for the request saved onto Splunk:
https://github.com/splunk/Developer_Guidance_Setup_View_Example

The setup page is working as expected from that example, and am able to correctly populate data with it. After that, when I look at the app specific conf files ( ie /opt/splunk/etc/apps/TA-eg/local/ta_eg_settings.conf)

Then I see that the api_key is starred out, ie encrypted at rest:

 

[additional_parameters]
api_key = ********
eg_domain = <correct_plaintext_domain>
disabled = 0

 

The following files are also present in /opt/splunk/etc/apps/TA-eg/local/:
app.conf

inputs.conf

passwords.conf

However if I attempt to use the python helper function get_global_setting("api_key"as defined in:

https://docs.splunk.com/Documentation/AddonBuilder/3.0.2/UserGuide/PythonHelperFunctions

Then it is always returning the string "undefined" as opposed to the correct API key that I added.

In TA-eg/bin/TA_eg_rh_settings.py  I have also set encrypted = True for the correct field:

 

fields_additional_parameters = [
    field.RestField(
        'eg_domain',
        required=True,
        encrypted=False,
        default='',
        validator=validator.String(
            min_len=0, 
            max_len=8192, 
        )
    ), 
    field.RestField(
        'api_key',
        required=True,
        encrypted=True,
        default='',
        validator=validator.String(
            min_len=0, 
            max_len=8192, 
        )
    )
]

 

Please help me figure out how to get the correct output of this encrypted at rest API key using the Splunk helper functions.

 
Labels (2)
1 Solution

KeaganJ
Path Finder

I figured out how to do it using the helper function.

`helper.service.storage_passwords` gives you the correct data that you then just need to parse correctly. 

View solution in original post

KeaganJ
Path Finder

I figured out how to do it using the helper function.

`helper.service.storage_passwords` gives you the correct data that you then just need to parse correctly. 

View solution in original post

thellmann
Splunk Employee
Splunk Employee

Hi @KeaganJ - let me refer you to the weather_app_example in this repo: https://github.com/splunk/splunk-app-examples (make sure to perform setup with make before running the specific example) 

A specific example of retrieving a credential from the storage/passwords endpoint is right here: https://github.com/splunk/splunk-app-examples/blob/master/case_studies/weather_app_example/bin/weath...

To actually answer your question, I suspect that get_global_setting is not able to retrieve information stored via the storage/passwords endpoint 

KeaganJ
Path Finder

Hi @thellmann 

Thanks for pointing me to that weather app example. Though using that method in the link you sent me using:
`secrets = search_command.service.storage_passwords`

Does not work and every time I try to run the above command I get that `search_command.service` returns a None type variable.
Diving deeper down into the code I track down that the `
def service(self):` function in `splunklib/searchcommands/search_command.py` is returning None because no metadata can be found.

I am not sure how or why the metadata is not getting created correctly here?

thellmann
Splunk Employee
Splunk Employee

Interesting... this is on the read of the password in the custom search command after it has been configured? Are you running the search from the context of the weather example, or from the search and reporting app? 

One additional app that might help you debug issues with secret storage is REST storage/passwords Manager for Splunk. This app is a great example of how to work with the storage/passwords endpoint and is useful for troubleshooting permissions mismatches between apps. 

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!