Security

Why does setup.xml with encrypted credentials fail on re-run?

ssanborn
Engager

It's unclear to me how to allow users to change a stored password via setup.xml.

The "Setup page example with user credentials" (http://dev.splunk.com/view/SP-CAAAE9B#creds) works fine for initially configuring the app I'm developing; I can see that an entry gets created in /servicesNS/nobody/<appname>/storage/passwords.

However, upgrading the app ("Install app from file" / [x] Upgrade app) prompts me to enter Setup again after app upgrade. This time, the credential post fails with the error:

Encountered the following error while trying to update:
Error while posting to url=/servicesNS/nobody/<appname>/storage/passwords/

Meanwhile, splunkd.log displays the error:

SetupAdminHandler - Cannot find field='name' in url='/storage/passwords/_new/' setting value to empty string
SetupAdminHandler - Cannot find field='name' in url='/storage/passwords/_new/' setting value to empty string
SetupAdminHandler - Error while posting to url=/servicesNS/nobody/<appname>/storage/passwords/

I presume this is because a password has already been saved in the storage/passwords store, and my setup.xml block refers to the _new entity, i.e:

<block title="Script credentials" endpoint="storage/passwords" entity="_new">

I've seen suggestions about using a custom endpoint to accomplish this better, and advice that users should manually clear settings from local/passwords.conf files during an upgrade/before changing their username/password. The latter seems unideal (some users may not have filesystem access to their splunk instance), and the former feels like overkill.

What I'm basically looking for is "create or update" logic when using the storage/passwords endpoint. Is there a streamlined/best-practice way to accomplish this without having to implement this logic in conjunction with a custom endpoint? This feels like the type of thing that should be a pretty common occurrence, so I'm surprised that I haven't found anything in the documentation about it.

0 Karma

mkhan_splunk
New Member

I got one solution here,

If you know username then create 'passwords.conf' in default directory containing,

[credential::user_name:]

and in setup.xml use entity "user_name" instead of "_new"

<block title="Public Key" endpoint="storage/passwords" entity="user_name*" mode="iter" eai_strict="false">
0 Karma
Get Updates on the Splunk Community!

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...