Getting Data In

How to edit authentication.conf via Rest (round 2)?

juniormint
Communicator

I am trying to edit etc/system/local/authentication.conf via the rest API. I was advised to look at
Edit Configs via Rest; which seems to suggest something like the following should work

curl -k -u admin:changeme https://localhost:8089/servicesNS/admin/search/properties/authentication/roleMap_MyDomain/app1role -d value="groupA;groupB"

This does not work though. Instead it creates a second authentication.conf.

After running the curl command above, I get the following from grep -r "app1role" ./*

./system/local/authentication.conf: app1role = groupA
./users/admin/search/local/authentication.conf:app1role = groupA;groupB

1) What does "user/admin/search" mapping even mean?
2) If my goal is to edit the system/local version, what am I doing wrong?

0 Karma
1 Solution

juniormint
Communicator

This seems to change system/local/authentication.conf

curl -k -u admin:changeme https://localhost:8089/services/properties/authentication/roleMap_MyDomain/app1role - d value="groupA;groupB" 

Still not clear on #1

View solution in original post

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

$SPLUNK_HOME/etc/users/myusername/myappname/local/configfile.conf files are created when you set or modify a config in the "myappname" context, and the config change is scoped to be private to the user "myusername". This is what you did with you original call. If you changed the config to have app or global scope, it would move out of the /users/ folder to the app directory.

it's generally not preferred to edit config files via the REST API. it's better to make the proper API call to make the change.

juniormint
Communicator

Thanks for your response. What would be an example of using the proper API call? What other way would you accomplish something like the above?

0 Karma

juniormint
Communicator

This seems to change system/local/authentication.conf

curl -k -u admin:changeme https://localhost:8089/services/properties/authentication/roleMap_MyDomain/app1role - d value="groupA;groupB" 

Still not clear on #1

0 Karma

usd0872
Path Finder

Just a note if somebody runs into the same problem we did:
... -d value="groupA;groupB;groupC"
everything after the first semicolon is cut and ignored, even though properly quoted in the command line.

We could get around that by using the hex code representation for the semicolon:
... -d value="groupA%3bgroupB&3bgroupC"

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...