How to set permissions on a custom conf file (or S...

alucarddjin · ‎07-29-2022

TL;DR;

I need to set a value on one SH in a cluster, and then tell the other SH what it is using Python. Tried using the RESTapi (see below) but any tips where someone has done it before would be great!

Full Version

I'm working on a clustered instance of Splunk. It talks to another tool using an access token which expires after so long (1 hour). When the user calls the tool and the token has expired a new token is generated and needs to be shared between the other SHs so they can use it until it expires again.

The token is set in Python and I looked to use the services.post command to update a custom conf file/stanza

service.post('/servicesNS/nobody/APP/configs/conf-app/session')

And when I run it under admin it works fine, but when I run it as a user I get an error:

HTTP 403 Forbidden -- You (user=barry) do not have permission to perform this operation (requires capability: admin_all_objects).

But I don't want the user to have admin_all_objects.

I have given the user a role which has write access to the conf file:

[APP/session]
owner = nobody
access = read : [ app_role ], write : [ app_role ]

Can anyone suggest how I can get the API to update the local conf without admin or come up with a better way to share the token between SHs?

How to set permissions on a custom conf file (or Share a value between clustered SH)?

add-on

app

python

rest API

SDK

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life