Splunk Dev

Is the StoragePasswords Python SDK support broken?

snargleplax
Explorer

I've been trying to convert some Python code from using bare REST to using the Splunk Python SDK. I've been successful with every endpoint I'm hitting except for /storage/passwords -- for some reason, that one seems to be hitting invalid URIs rather than those I expect. I don't see any example code for this endpoint either, and I'm wondering if it's just broken.

I've monitored splunkd_access.log to see what URIs it's actually hitting, and the ones hit by the SDK code appear ill-formed. Here's what I'm hitting in my manual REST version:

/servicesNS/nobody/my_addon_name/storage/passwords/my_password_name

And here's what it hits when calling service.storage_passwords.list():

/services/storage/passwords/?count=-1&offset=0

This responds with 200, but I get an empty list of passwords even though there are definitely passwords in the store (as confirmed via direct REST as above). I've also tried calling get(), to no avail. With no args, it hits the exact same URL as list(). If I pass in a param (e.g. get('foo')), it builds a nonsense URL:

/services/storage/passwords/foo

and this yields 404.

There is a documented parameter called path_segment, but when I specify it, I get an error:

File "/Library/Python/2.7/site-packages/splunklib/client.py", line 1640, in get
return super(Collection, self).get(name, owner, app, sharing, **query)
TypeError: get() got multiple values for keyword argument 'path_segment'

I'd appreciate knowing if I'm missing something here, or if this is just broken (and if so, please fix it -- and the docs).

0 Karma

starcher
SplunkTrust
SplunkTrust

I've posted some examples of using the storage endpoint for different types of knowledge objects and scripts.
http://www.georgestarcher.com/splunk-stored-encrypted-credentials/

0 Karma

snargleplax
Explorer

I think there must be something else I'm missing. The REST API doc examples for this endpoint actually show the URIs hit by the SDK:

curl -k -u admin:changeme https://localhost:8089/services/storage/passwords

But the sample XML response shows the "serviceNS" endpoints that I've been (successfully) hitting via direct REST:

https://localhost:8089/servicesNS/nobody/search/storage/passwords/%3Atestuser%3A
(etc)

What exactly is the deal here?

0 Karma

snargleplax
Explorer

(XML didn't show up right when pasted into the above comment)

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...