You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

182 lines
4.9 KiB

5 months ago
from __future__ import absolute_import
import splunk.safe_lxml_etree as et
import logging
import platform
import time
import splunk
import splunk.clilib.cli_common as comm
import splunk.entity as en
import splunk.rest as rest
import splunk.util as util
logger = logging.getLogger('splunk.auth')
import __main__
def getSessionKey(username, password, hostPath=None, newPassword=None):
'''
Get a session key from the auth system
'''
uri = '/services/auth/login'
if hostPath:
uri = splunk.mergeHostPath(hostPath) + uri
args = {'username': username, 'password': password }
if newPassword:
args['new_password'] = newPassword
# To prove the theory of timing issue of Splunkd not in running state
# in Windows Bamboo tests, sleep for 10 seconds
# An attempt to fix SPL-37413
# if platform.system() == 'Windows':
# time.sleep(10)
serverResponse, serverContent = rest.simpleRequest(uri, postargs=args)
if serverResponse.status != 200:
logger.error('getSessionKey - unable to login; check credentials')
rest.extractMessages(et.fromstring(serverContent))
return None
root = et.fromstring(serverContent)
sessionKey = root.findtext('sessionKey')
splunk.setDefault('username', username)
splunk.setDefault('sessionKey', sessionKey)
return sessionKey
def getSessionKeyForTrustedUser(username, hostPath=None):
'''
Get a session key from the auth system
'''
uri = '/services/auth/trustedlogin'
if hostPath:
uri = splunk.mergeHostPath(hostPath) + uri
args = {'username': username}
serverResponse, serverContent = rest.simpleRequest(uri, postargs=args)
if serverResponse.status != 200:
logger.error('getSessionKey - unable to login; check credentials')
rest.extractMessages(et.fromstring(serverContent))
return None
root = et.fromstring(serverContent)
sessionKey = root.findtext('sessionKey')
splunk.setDefault('username', username)
splunk.setDefault('sessionKey', sessionKey)
return sessionKey
def getUserPrefs(key):
'''
obtain the user specific preference
'''
return en.getEntities('data/user-prefs').get('general').get(key)
def getUserPrefsGeneral(key):
'''
obtain the global preference
'''
return en.getEntities('data/user-prefs').get('general_default').get(key)
def ping(hostPath=None, sessionKey=None):
'''
Pings services server and returns a bool for a users session. This method is useful for
synchronizing an applications authentication with Splunk's services authentication.
'''
uri = '/services'
if hostPath:
uri = splunk.mergeHostPath(hostPath) + uri
try:
serverResponse, serverContent = rest.simpleRequest(uri, sessionKey=sessionKey)
return True
except:
return False
def listUsers(**kwargs):
'''
Returns a list of users.
'''
uri = 'authentication/users'
return en.getEntities(uri, **kwargs)
def getUser(name=None, id=None, **kwargs):
'''
Returns a dictionary of user info for a specific user ID.
'''
uri = 'authentication/users'
if name:
try:
info = en.getEntity(uri, name, **kwargs)
info['name'] = name
return info
except splunk.ResourceNotFound:
return None
elif id:
raise Exception('User IDs are no longer available; all users must be identified by name')
else:
raise TypeError('No arguments specified')
def getCurrentUser():
'''
Retrieves current user info from cherrypy session
'''
cherryname = None
if hasattr(__main__, 'IS_CHERRYPY'):
import cherrypy
cherryname = cherrypy.session.get('user', {}).get('name')
if cherryname:
cherryname = cherryname.strip().lower()
return {
'userid': '-1',
'name': cherryname or splunk.getDefault('username') or 'UNDEFINED_USERNAME',
'realname': 'UNDEFINED_REALNAME',
'roles': ['UNDEFINED_ROLES']
}
def listRoles(**kwargs):
'''
Returns a list of roles.
'''
uri = 'authorization/roles'
return en.getEntities(uri, **kwargs)
def getRole(name, **kwargs):
'''
Returns a dictionary of role info.
'''
if not name:
raise TypeError('Name argument is missing')
uri = 'authorization/roles'
try:
return en.getEntity(uri, name, **kwargs)
except splunk.ResourceNotFound:
return {}
def is_current_user_admin():
current_user = getCurrentUser().get('name')
current_user_info = en.getEntity('authentication/users', current_user)
current_user_capabilities = None
if current_user_info and hasattr(current_user_info, 'properties'):
current_user_capabilities = current_user_info.properties.get('capabilities')
return current_user_capabilities and 'admin_all_objects' in current_user_capabilities

Powered by BW's shoe-string budget.