Solved: Splunk REST API calls using custom authentication

ansif · ‎11-26-2017

Hello,

I am trying to input data from 3PAR storage ,below are the steps I did:

Please find my authhandlers.py file below:

from requests.auth import AuthBase
import hmac
import base64
import hashlib
import urlparse
import urllib
**import requests,json1**
#add your custom auth handler class to this module
**class SessionKeyAuth(AuthBase):

def __init__(self,**args):
    self.auth_url = args['auth_url']
    pass

def __call__(self, r):
    if not 'X-HP3PAR-WSAPI-SessionKey' in r.headers:
    #perform auth
        credentials = {'user':'<username>','password':'<password>'}
        req_args = {"verify" : False}
        headers = {'content-type': 'application/json'}
        auth_response = requests.post(self.auth_url,data=json.dumps(credentials),headers=headers,**req_args)
        response_json = json.loads(auth_response.text)
        session_key = response_json["key"]
        r.headers['X-HP3PAR-WSAPI-SessionKey'] = session_key
        return r**

#template
class MyCustomAuth(AuthBase):
    def __init__(self,**args):
        # setup any auth-related data here
        #self.username = args['username']
        #self.password = args['password']
        pass

    def __call__(self, r):
        # modify and return the request
        #r.headers['foouser'] = self.username
        #r.headers['foopass'] = self.password
        return r


class MyUnifyAuth(AuthBase):
     def __init__(self,**args):
         self.username = args['username']
         self.password = args['password']
         self.url = args['url']
         pass

     def __call__(self, r):
         login_url = '%s?username=%s&login=login&password=%s' % self.url,self.username,self.password
         login_response = requests.get(login_url)
         cookies = login_response.cookies
         if cookies:
            r.cookies = cookies
         return r

#example of adding a client certificate
class MyAzureCertAuthHAndler(AuthBase):
    def __init__(self,**args):
        self.cert = args['certPath']
        pass

    def __call__(self, r):
        r.cert = self.cert
        return r

#example of adding a client certificate
class GoogleBigQueryCertAuthHandler(AuthBase):
    def __init__(self,**args):
        self.cert = args['certPath']
        pass

    def __call__(self, r):
        r.cert = self.cert
        return r

#cloudstack auth example
class CloudstackAuth(AuthBase):
    def __init__(self,**args):
        # setup any auth-related data here
        self.apikey = args['apikey']
        self.secretkey = args['secretkey']
        pass

    def __call__(self, r):
        # modify and return the request

        parsed = urlparse.urlparse(r.url)
        url = parsed.geturl().split('?',1)[0]
        url_params= urlparse.parse_qs(parsed.query)

        #normalize the list value
        for param in url_params:
            url_params[param] = url_params[param][0]

        url_params['apikey'] = self.apikey

        keys = sorted(url_params.keys())

        sig_params = []
        for k in keys:
            sig_params.append(k + '=' + urllib.quote_plus(url_params[k]).replace("+", "%20"))

        query = '&'.join(sig_params)

        signature = base64.b64encode(hmac.new(
            self.secretkey,
            msg=query.lower(),
            digestmod=hashlib.sha1
        ).digest())


        query += '&signature=' + urllib.quote_plus(signature)

        r.url = url + '?' + query

        return r

And REST API Modular Input setting below:

While running a search against sourcetype=3PAR (which is defined in the modular input,unable to get any data.Please help us in this.

Thanks

ansif · ‎12-05-2017

I have resolved the issue, the problem is with my python script which is mixed with spaces and tabs.I have used only tabs for sub statements and issue resolved:

class SessionKeyAuth(AuthBase):

 def __init__(self,**args):
     self.auth_url = args['auth_url']
     pass

     def __call__(self, r):
         if not 'X-HP3PAR-WSAPI-SessionKey' in r.headers:
         #perform auth
             credentials = {'user':'<username>','password':'<password>'}
             req_args = {"verify" : False}
             headers = {'content-type': 'application/json'}
             auth_response = requests.post(self.auth_url,data=json.dumps(credentials),headers=headers,**req_args)
             response_json = json.loads(auth_response.text)
             session_key = response_json["key"]
             r.headers['X-HP3PAR-WSAPI-SessionKey'] = session_key
             return r

Use only spaces or only tabs in python script.

View solution in original post

ansif · ‎12-05-2017

I have resolved the issue, the problem is with my python script which is mixed with spaces and tabs.I have used only tabs for sub statements and issue resolved:

class SessionKeyAuth(AuthBase):

 def __init__(self,**args):
     self.auth_url = args['auth_url']
     pass

     def __call__(self, r):
         if not 'X-HP3PAR-WSAPI-SessionKey' in r.headers:
         #perform auth
             credentials = {'user':'<username>','password':'<password>'}
             req_args = {"verify" : False}
             headers = {'content-type': 'application/json'}
             auth_response = requests.post(self.auth_url,data=json.dumps(credentials),headers=headers,**req_args)
             response_json = json.loads(auth_response.text)
             session_key = response_json["key"]
             r.headers['X-HP3PAR-WSAPI-SessionKey'] = session_key
             return r

Use only spaces or only tabs in python script.

Splunk REST API calls using custom authentication

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM