Adjustments for SSL support

Author: calesanz

bin/postversioncontrolrestore.py

@@ -10,7 +10,7 @@
 sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "lib"))
 
 from splunklib.searchcommands import dispatch, GeneratingCommand, Configuration, Option
-from splunklib.searchcommands.validators import Validator, Boolean, File
+from splunklib.searchcommands.validators import Validator, Boolean
 from splunklib.binding import HTTPError
 
 class OrValidator(Validator):
@@ -31,6 +31,13 @@ def format(self, value):
         except:
             return self.b.format(value)
 
+class Filename(Validator):
+    # TODO Validate file path
+    def __call__(self, value):
+        return value
+
+    def format(self, value):
+        return value
 
 splunkLogsDir = os.environ['SPLUNK_HOME'] + "/var/log/splunk"
 #Setup the logging
@@ -80,7 +87,8 @@ class SVCPostRestore(GeneratingCommand):
     restoreAsUser = Option(require=True)
     scope = Option(require=True)
     timeout = Option(require=True)
-    sslVerify = Option(require=False, default=False, validate=OrValidator(File(), Boolean()))
+    sslVerify = Option(require=False, default=False, validate=OrValidator(Boolean(), Filename()))
+    requestingAddress = Option(require=False, default=False)
 
     def generate(self):
         """
@@ -108,6 +116,7 @@ def generate(self):
         body['restoreAsUser'] = self.restoreAsUser
         body['scope'] = self.scope
         body['timeout'] = self.timeout
+        body['requestingAddress'] = self.requestingAddress
 
         logger.info("Attempting POST request to url=%s with body=\"%s\"" % (url, body))
 

bin/splunkversioncontrol_backup_class.py

@@ -1037,7 +1037,7 @@ def run_script(self):
         headers={'Authorization': 'Splunk %s' % config['session_key']}
 
         url = 'https://localhost:8089/services/shcluster/captain/info?output_mode=json'
-        res = requests.get(url, headers=headers, verify=self.sslVerify)
+        res = requests.get(url, headers=headers, verify=False)
         if (res.status_code == 503):
             logger.debug("i=\"%s\" Non-shcluster / standalone instance, safe to run on this node" % (self.stanzaName))
         elif (res.status_code != requests.codes.ok):

bin/splunkversioncontrol_rest_restore.py

@@ -59,12 +59,15 @@
 
 class SVCRestore(splunk.rest.BaseRestHandler):
 
-    def query_back_for_user_and_permissions(self, authorization_token, *, sslVerify):
+    def query_back_for_user_and_permissions(self, requestingAddress, authorization_token, *, sslVerify):
         headers = { "Authorization" : authorization_token }
 
         #Run a query back against the source system to check the username/role
-        remoteAddr = self.request['remoteAddr']
-        url = "https://" + remoteAddr + ":8089/services/authentication/current-context?output_mode=json"
+        if requestingAddress:
+            remoteAddr = requestingAddress
+        else:
+            remoteAddr = "https://" + self.request['remoteAddr'] + ":8089"
+        url = remoteAddr + "/services/authentication/current-context?output_mode=json"
         logger.info("Received remote request checking username and role related to the token on url=%s" % (url))
         logger.debug("token=%s" % (authorization_token))
 
@@ -160,7 +163,12 @@ def handle_POST(self):
         else:
             time_wait = 600
 
-        username, roles = self.query_back_for_user_and_permissions(payload['Authorization'][0], sslVerify=sslVerify)
+        if 'requestingAddress' in payload:
+            requestingAddress = payload['requestingAddress'][0]
+        else:
+            requestingAddress = None
+
+        username, roles = self.query_back_for_user_and_permissions(requestingAddress, payload['Authorization'][0], sslVerify=sslVerify)
         logger.info("username=%s roles=%s" % (username, roles))
 
         app = payload['app'][0]
@@ -207,7 +215,7 @@ def handle_POST(self):
             headers = { "Authorization" : "Splunk " + self.request['systemAuth'] }
             curtime = calendar.timegm(time.gmtime())
             url = "https://localhost:8089/servicesNS/nobody/SplunkVersionControl/storage/collections/data/splunkversioncontrol_rest_restore_status"
-            res = self.runHttpRequest(url, headers, None, "get", "checking kvstore collection splunkversioncontrol_rest_restore_status", sslVerify=sslVerify)
+            res = self.runHttpRequest(url, headers, None, "get", "checking kvstore collection splunkversioncontrol_rest_restore_status", sslVerify=False)
             if not res:
                 return
 
@@ -216,7 +224,7 @@ def handle_POST(self):
             if not len(res) == 0:
                 if not 'start_time' in res[0]:
                     logger.warn("Warning invalid kvstore data, will wipe it and continue in collection splunkversioncontrol_rest_restore_status on url=%s, value returned res=\"%s\"" % (url, payload))
-                    self.runHttpRequest(url, headers, None, 'delete', 'wiping kvstore splunkversioncontrol_rest_restore_status', sslVerify=sslVerify)
+                    self.runHttpRequest(url, headers, None, 'delete', 'wiping kvstore splunkversioncontrol_rest_restore_status', sslVerify=False)
                 else:
                     kvstore_start_time = res[0]['start_time']
                     target_time = curtime - time_wait

bin/splunkversioncontrol_utility.py

@@ -55,7 +55,7 @@ def get_password(password, session_key, logger, *, sslVerify=False):
     url = "https://localhost:8089/servicesNS/-/" + context + "/storage/passwords?output_mode=json&f=clear_password&search=" + password
     logger.debug("Trying url=%s with session_key to obtain name=%s" % (url, password))
     headers = {'Authorization': 'Splunk %s' % session_key}
-    res = requests.get(url, headers=headers, verify=sslVerify)
+    res = requests.get(url, headers=headers, verify=False)
     dict = json.loads(res.text)
     clear_password = False
     if not 'entry' in dict:
@@ -73,7 +73,7 @@ def get_password(password, session_key, logger, *, sslVerify=False):
 
     url = "https://localhost:8089/servicesNS/-/-/storage/passwords?output_mode=json&f=clear_password&count=0&search=" + password
     logger.debug("Trying url=%s with session_key to obtain name=%s" % (url, password))
-    res = requests.get(url, headers=headers, verify=sslVerify)
+    res = requests.get(url, headers=headers, verify=False)
     dict = json.loads(res.text)
     if not 'entry' in dict:
         logger.warn("dict=%s did not contain the entries expected on url=%s while looking for password=%s" % (dict, url, password))