Security

Getting "Unauthorised" response from API - querying KV Store

himynamesdave
Contributor

Happy Monday everyone!

I am trying to query collections in my app using the API like so (note, I am using a different password for admin):

curl -k -u admin:changeme "https://0.0.0.0:8089/servicesNS/nobody/MYAPP/storage/collections/config"

I get the following response.

<?xml version="1.0" encoding="UTF-8"?>
<response>
  <messages>
    <msg type="ERROR">Unauthorized</msg>
  </messages>
</response>

I am using admin account which has read and write permissions for MYAPP.

UPDATE: I think this may be an API permission issue to MYAPP. So, if I run the same query on the search app (without any collections created) I get a valid response, i.e:

curl -k -u admin:changeme "https://0.0.0.0:8089/servicesNS/nobody/search/storage/collections/config"

As soon as I create a collection in the search app, I then get the unauthorised response again. Argh!

Then I thought it my be an issue running it as nobody, or admin on the collections. So I explicitly set owner=nobody in MYAPP/metadata/local for each collection. Still fail.

UPDATE: my collections.conf is very basic

[myfirstcollection]

[mysecondcollection]

In transforms I use these for a lookup for searching:

[kvstore_myfirst_lookup]
external_type = kvstore
collection = myfirstcollection
fields_list = _key, firstKV

[kvstore_second_lookup]
external_type = kvstore
collection = mysecondcollection
fields_list = _key, secondKV

I cannot find what permissions I need to set in my app to make this work 😞

Any ideas?

Tags (2)
0 Karma
1 Solution

himynamesdave
Contributor

I didn't manage to solve why that endpoint returned the "unauth" response, but for those who stumble upon this question with the same issue I did find a workaround that may be useful.

For my use-case I did not really need a list of all collections, as the endpoint (/servicesNS/nobody/MYAPP/storage/collections/config) gives.

What I needed was to print the contents of the collection. I could do this, by querying a different endpoint like so:

curl -k -u admin:changeme https://0.0.0.0:8089/servicesNS/nobody/MYAPP/storage/collections/data/MYCOLLECTION

View solution in original post

0 Karma

himynamesdave
Contributor

I didn't manage to solve why that endpoint returned the "unauth" response, but for those who stumble upon this question with the same issue I did find a workaround that may be useful.

For my use-case I did not really need a list of all collections, as the endpoint (/servicesNS/nobody/MYAPP/storage/collections/config) gives.

What I needed was to print the contents of the collection. I could do this, by querying a different endpoint like so:

curl -k -u admin:changeme https://0.0.0.0:8089/servicesNS/nobody/MYAPP/storage/collections/data/MYCOLLECTION
0 Karma

n00badmin
Communicator

make sure you escape special chars in your password!!!

for example:

admin:P@ssword$

this password would need a backslash in front of the @ and $

0 Karma

himynamesdave
Contributor

Valid point - however can confirm this is not the issue here. The password has only alpha-numeric chars

0 Karma

Damien_Dallimor
Ultra Champion

what does your collections.conf look like ?

0 Karma

himynamesdave
Contributor

I've added an update to the Q to include collections / transforms.conf info

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...