Hello,
Been suck trying to figure out what type of object needs to be passed along with my key/value pair, in PowerShell, to update the 'srchIndexesAllowed' setting for a user role. Below is the code I've been using but the updates haven't applied correctly. What I'm attempting to do is remove a specific index from the values, then apply the remaining values back to 'srchIndexesAllowed'.
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization","Splunk $sessionKey")
$UserRole_Get_Response = Invoke-RestMethod -Method Get -Uri "$base_url/services/authorization/roles/test_user_role" -Headers $headers
$UserRole_Get_Response_List = $UserRole_Get_Response.content.dict | ForEach-Object {$_.key} | Where-Object {$_.name -contains "srchIndexesAllowed"}
$arrUserRole_srchIndexesAllowed = @($UserRole_Get_Response_List.list.item)
# Remove index from role
$arrUserRole_srchIndexesAllowed = $arrUserRole_srchIndexesAllowed | Where-Object {$_ -ne "index2remove"}
$body_post = @{
srchIndexesAllowed="$arrUserRole_srchIndexesAllowed"
}
# Apply update
$UserRole_Post_Response = Invoke-RestMethod -Method Post -Uri "$base_url/services/authorization/roles/test_user_role" -Headers $headers -Body $body_post
Unfortunately it ends up applying the remaining values as a single long string which doesn't work. This can be seen via https://splunk_server:8089/services/authorization/roles/test_user_role
Before:
1. main
2. test
3. index2remove
After:
1. main test
Checking to see if anyone else in the community has successfully passed multiple values for a key to Splunk's API via PowerShell.
Thanks!
So I figured out the solution.
I basically remove the '$body_post' portion of the script and replaced with a for-loop to create a single string with the following pattern, srchIndexesAllowed=main&srchIndexesAllowed=test and saved it to a new variable. Then updated the Invoke-RestMethod call to include the new variable and everything updated successfully. 🙂
So I figured out the solution.
I basically remove the '$body_post' portion of the script and replaced with a for-loop to create a single string with the following pattern, srchIndexesAllowed=main&srchIndexesAllowed=test and saved it to a new variable. Then updated the Invoke-RestMethod call to include the new variable and everything updated successfully. 🙂
I converted your comment to an answer so that you get internet points. 🙂
Thanks! 🙂
Comment because I haven't tried it out yet, but are you passing the remaining indexes back as a semicolon delineated list? That's the format of that property in authorize.conf
Great thought. I did try, not per the code about, to pass in a string object where the values were delimited by a semicolon and while the authorize.conf did update per the normal format, it didn't quite apply correctly. Via the web-service the new setting looked like: 1. main;test
Any reason you are using System.Collections.Generic.Dictionary[[String],[String]]? I've not tried this before, but the first thing I'd do is to see if a regular array works. The problem is likely related to the magic array unrolling that PowerShell likes to do, bit I'm not certain.
That particular line of code was just for the headers to pass in the session authentication key. The -headers parameter, for Invoke-RestMethod cmdlet, requires a hash key or dictionary object. It can be replaced with a @{} to accomplish the same thing.