Using the latest version (1.2.0) of WebTools, I am running into an issue where I can’t do a cURL against an API using authentication provided in the header itself. WebTools appears to be forcing Basic authentication (unless Splunk authentication is specified, in which case it builds a custom header).
To demonstrate the issue, here is a vanilla cURL:
In this case, the API is complaining that that I forgot the X-Sysdig-Product header.
If I do the same request in Web Tools, I get a 401 Unauthorized instead of a 400 Bad Request:
Based on what I see in this app's curl.py file, basic authentication is always going to be sent to the "request" library get() method (unless Splunk authorization is specified; then the get call in the 'else' block is selected). I would suggest that "def get(..." in curl.py is modified so that the requests.get() call does not send "auth=(user,password)", if both the user and password inputs are set to the default "None".
try:
if sessionKey == None:
if user ==None and password == None:
r = requests.get(uri,data=payload,verify=verifyssl, headers=headers, timeout=timeout)
else:
r = requests.get(uri,auth=(user,password),data=payload,verify=verifyssl, headers=headers, timeout=timeout)
else:
(…)
Any chance you can come back and confirm if the new version fixed the problem?
Yes, the new version fixed the problem. Thanks!
nice writeup, i'll work on this asap... note asap is not always fast in my case 🙂