DVPL-3313: splunklib | Improve the SDK to make it easier to talk back to Splunk's API from within a modular input or custom search command

David Noble · David Noble · commit 2c4fd04cb38f · 2014-02-04T11:01:37.000-08:00
Part 1: splunklib.searchcommands

Added SearchCommand.service property that returns a service object or None. Verified with automated unit tests and ad-hoc integration tests.

The service object is created from the Splunkd URI and the  authentication token passed to the command invocation in the search results info file. This data is not passed to a command invocation by default. You must request it by specifying this pair of configuration settings in commands.conf:

    enableheader=true
    requires_srinfo=true

The enableheader setting is true by default. Hence, you need not set it. The requires_srinfo setting is false by default.  Hence, you must set it. If either enable header or requires_srinfo are false, SearchCommand.service will return None.

The service object is instantiated with these arguments.

    Service(
            scheme=splunkd_protocol, host=splunkd_host,
            port=splunkd_port, token=auth_token,
            app=ppc_app)

The arguments are obtained from SearchCommand.search_results_info.

Signed-off-by: David Noble &lt;dnoble@splunk.com&gt;
diff --git a/splunklib/searchcommands/search_command.py b/splunklib/searchcommands/search_command.py
@@ -16,6 +16,8 @@
 
 # Absolute imports
 
+from splunklib.client import Service
+
 try:
     from collections import OrderedDict # python 2.7
 except ImportError:
@@ -25,6 +27,7 @@
 from logging import getLevelName
 from os import path
 from sys import argv, stdin, stdout
+from urlparse import urlsplit
 from xml.etree import ElementTree
 
 # Relative imports
@@ -57,6 +60,7 @@ def __init__(self):
         self._fieldnames = None
         self._option_view = None
         self._search_results_info = None
+        self._service = None
 
         self.parser = SearchCommandParser()
 
@@ -146,64 +150,113 @@ def options(self):
 
     @property
     def search_results_info(self):
-        """ Returns the search results info for this command invocation or None
+        """ Returns the search results info for this command invocation or None.
 
-        Splunk does not pass search results information by default. You must
-        request it by specifying these configuration settings in commands.conf:
+        The search results info object is created from the search results info
+        file associated with the command invocation. Splunk does not pass the
+        location of this file by default. You must request it by specifying
+        these configuration settings in commands.conf:
 
         .. code-block:: python
             enableheader=true
             requires_srinfo=true
 
-        Splunk will then pass the location of a search information file for
-        each command command invocation in :code:`SearchCommand.input_headers[
-        'infoPath']`. This property represents the contents of that file as a
-        :code:`SearchResultsInfo` object.
+        The :code:`enableheader` setting is :code:`true` by default. Hence, you
+        need not set it. The :code:`requires_srinfo` setting is false by
+        default. Hence, you must set it.
 
-        """
-        if self._search_results_info is None:
+        :return: :class:SearchResultsInfo, if :code:`enableheader` and
+        :code:`requires_srinfo` are both :code:`true`. Otherwise, if either
+        :code:`enableheader` or :code:`requires_srinfo` are :code:`false`,
+        a value of :code:`None` is returned.
 
-            try:
-                info_path = self.input_header['infoPath']
-            except KeyError:
-                return None
-
-            self.logger.debug('infoPath = %s' % info_path)
-
-            def convert_field(field):
-                return (field[1:] if field[0] == '_' else field).replace('.', '_')
-
-            def convert_value(field, value):
-
-                if field == 'countMap':
-                    split = value.split(';')
-                    value = {k: int(v) for k, v in zip(split[0::2], split[1::2])}
-                elif field == 'vix_families':
-                    value = ElementTree.fromstring(value)
-                elif value == '':
-                    value = None
-                else:
-                    try:
-                        value = float(value)
-                        if value.is_integer():
-                            value = int(value)
-                    except ValueError:
-                        pass
-
-                return value
-
-            with open(info_path, 'rb') as f:
-                from collections import namedtuple
-                import csv
-                reader = csv.reader(f, dialect='splunklib.searchcommands')
-                fields = [convert_field(x) for x in reader.next()]
-                values = [convert_value(f, v) for f, v in zip(fields,reader.next())]
-
-            search_results_info_type = namedtuple("SearchResultsInfo", fields)
-            self._search_results_info = search_results_info_type._make(values)
+        """
+        if self._search_results_info is not None:
+            return self._search_results_info
+
+        try:
+            info_path = self.input_header['infoPath']
+        except KeyError:
+            return None
+
+        def convert_field(field):
+            return (field[1:] if field[0] == '_' else field).replace('.', '_')
+
+        def convert_value(field, value):
+
+            if field == 'countMap':
+                split = value.split(';')
+                value = {k: int(v) for k, v in zip(split[0::2], split[1::2])}
+            elif field == 'vix_families':
+                value = ElementTree.fromstring(value)
+            elif value == '':
+                value = None
+            else:
+                try:
+                    value = float(value)
+                    if value.is_integer():
+                        value = int(value)
+                except ValueError:
+                    pass
+
+            return value
+
+        with open(info_path, 'rb') as f:
+            from collections import namedtuple
+            import csv
+            reader = csv.reader(f, dialect='splunklib.searchcommands')
+            fields = [convert_field(x) for x in reader.next()]
+            values = [convert_value(f, v) for f, v in zip(fields, reader.next())]
+
+        search_results_info_type = namedtuple("SearchResultsInfo", fields)
+        self._search_results_info = search_results_info_type._make(values)
 
         return self._search_results_info
 
+    @property
+    def service(self):
+        """ Returns a Splunk service object for this command invocation or None.
+
+        The service object is created from the Splunkd URI and authentication
+        token passed to the command invocation in the search results info file.
+        This data is not passed to a command invocation by default. You must
+        request it by specifying this pair of configuration settings in
+        commands.conf:
+
+           .. code-block:: python
+               enableheader=true
+               requires_srinfo=true
+
+        The :code:`enableheader` setting is :code:`true` by default. Hence, you
+        need not set it. The :code:`requires_srinfo` setting is false by
+        default. Hence, you must set it.
+
+        :return: :class:splunklib.client.Service, if :code:`enableheader` and
+        :code:`requires_srinfo` are both :code:`true`. Otherwise, if either
+        :code:`enableheader` or :code:`requires_srinfo` are :code:`false`,
+        a value of :code:`None` is returned.
+
+        """
+        if self._service is not None:
+            return self._service
+
+        info = self.search_results_info
+
+        if info is None:
+            return None
+
+        _, netloc, _, _, _ = urlsplit(
+            info.splunkd_uri, info.splunkd_protocol, allow_fragments=False)
+
+        splunkd_host, _ = netloc.split(':')
+
+        self._service = Service(
+            scheme=info.splunkd_protocol, host=splunkd_host,
+            port=info.splunkd_port, token=info.auth_token,
+            app=info.ppc_app)
+
+        return self._service
+
     #endregion
 
     #region Methods
@@ -255,14 +308,15 @@ def process(self, args=argv, input_file=stdin, output_file=stdout):
             self._configuration = ConfigurationSettings(self)
 
             if self.show_configuration:
-                self.messages.append('info_message',
-                                     '%s command configuration settings: %s' %
-                                     (self.name, self._configuration))
+                self.messages.append(
+                    'info_message', '%s command configuration settings: %s'
+                    % (self.name, self._configuration))
 
             writer = csv.DictWriter(output_file, self)
             self._execute(operation, reader, writer)
 
         else:
+
             file_name = path.basename(args[0])
             message = (
                 'Command {0} appears to be statically configured and static '
diff --git a/tests/test_searchcommands_command.py b/tests/test_searchcommands_command.py
@@ -20,6 +20,7 @@
     import unittest
 
 from splunklib.searchcommands import Configuration, StreamingCommand
+from splunklib.client import Service
 from cStringIO import StringIO
 import re
 
@@ -31,7 +32,7 @@ def stream(self, records):
         for record in records:
             action = record['Action']
             if action == 'access_search_results_info':
-                results = self.search_results_info
+                search_results_info = self.search_results_info
             if action == 'raise_error':
                 raise RuntimeError('Testing')
             yield {'Data': value}
@@ -133,11 +134,35 @@ def test_process(self):
             self.fail("Expected SystemExit, but no exception was raised")
 
         # Command.process should provide access to search results info
+
         expected = \
             '''SearchResultsInfo(sid=1391366014.3, timestamp=1391366014.757223, now=1391366014, setStart=1391366007, index_et=1391366011, index_lt=1391366011, startTime=1386621222, rt_earliest=None, rt_latest=None, rtspan=None, scan_count=0, drop_count=0, maxevents=0, countMap={'in_ct.command.fields': 76, 'duration.command.search': 13, 'invocations.startup.handoff': 1, 'duration.dispatch.results_combiner': 1, 'invocations.command.search.kv': 1, 'duration.dispatch.stream.local': 14, 'out_ct.command.head': 10, 'invocations.command.search.rawdata': 1, 'invocations.dispatch.results_combiner': 1, 'invocations.command.fields': 1, 'out_ct.command.search.typer': 76, 'invocations.dispatch.writeStatus': 3, 'invocations.command.search.index': 1, 'duration.command.head': 1, 'duration.dispatch.evaluate': 130, 'duration.dispatch.evaluate.search': 41, 'in_ct.command.search.calcfields': 76, 'duration.dispatch.writeStatus': 3, 'invocations.command.search.tags': 1, 'in_ct.command.search.lookups': 76, 'duration.command.search.tags': 1, 'duration.command.search.lookups': 1, 'invocations.dispatch.evaluate': 1, 'duration.command.fields': 1, 'invocations.command.search.summary': 1, 'duration.dispatch.evaluate.countmatches': 88, 'out_ct.command.prehead': 10, 'in_ct.command.search.typer': 76, 'out_ct.command.search.calcfields': 76, 'invocations.command.head': 1, 'duration.startup.handoff': 39, 'duration.command.search.rawdata': 2, 'duration.command.search.index.usec_1_8': 0, 'invocations.command.search.fieldalias': 1, 'duration.dispatch.createProviderQueue': 27, 'duration.dispatch.fetch': 14, 'out_ct.command.search.tags': 76, 'duration.command.search.typer': 4, 'in_ct.command.head': 10, 'invocations.dispatch.createProviderQueue': 1, 'out_ct.command.fields': 76, 'invocations.dispatch.evaluate.head': 1, 'out_ct.command.search.fieldalias': 76, 'invocations.command.search.typer': 1, 'duration.dispatch.check_disk_usage': 1, 'out_ct.command.search': 76, 'in_ct.command.search': 0, 'invocations.dispatch.fetch': 1, 'duration.command.search.index': 1, 'duration.command.search.summary': 1, 'in_ct.command.search.tags': 76, 'duration.dispatch.evaluate.head': 1, 'duration.command.search.kv': 7, 'invocations.command.search.calcfields': 1, 'duration.command.search.fieldalias': 1, 'invocations.dispatch.evaluate.countmatches': 1, 'in_ct.command.search.fieldalias': 76, 'invocations.command.search': 1, 'invocations.dispatch.stream.local': 1, 'duration.command.search.calcfields': 1, 'invocations.dispatch.check_disk_usage': 1, 'prereport_events': 0, 'invocations.dispatch.evaluate.search': 1, 'invocations.command.search.index.usec_1_8': 7, 'duration.command.prehead': 1, 'invocations.command.prehead': 1, 'invocations.command.search.lookups': 1, 'out_ct.command.search.lookups': 76, 'in_ct.command.prehead': 76}, columnOrder=None, keySet='index::_internal', remoteServers=None, is_remote_sorted=1, rt_backfill=0, read_raw=1, enable_event_stream=1, rtoptions=None, field_rendering=None, query_finished=1, request_finalization=0, auth_token='9ce2897f792c52a6ecdcd2e03aa4677c', splunkd_port=8089, splunkd_protocol='https', splunkd_uri='https://127.0.0.1:8089', internal_only=0, summary_mode='none', summary_maxtimespan=None, summary_stopped=0, is_batch_mode=0, root_sid=None, shp_id='A8797F6F-B6BF-43E9-9AFE-857D2FBC8534', search='search index=_internal | head 10 | countmatches fieldname=word_count pattern=\\\\\\\w+ uri', remote_search='litsearch index=_internal | fields  keepcolorder=t "*" "_bkt" "_cd" "_si" "host" "index" "linecount" "source" "sourcetype" "splunk_server" "uri,word_count" | prehead  limit=10 null=false keeplast=false', reduce_search=None, datamodel_map=None, tstats_reduce=None, normalized_search='litsearch index=_internal | fields keepcolorder=t "*" "_bkt" "_cd" "_si" "host" "index" "linecount" "source" "sourcetype" "splunk_server" "uri,word_count" | prehead limit=10 null=false keeplast=false', summary_id='A8797F6F-B6BF-43E9-9AFE-857D2FBC8534_searchcommands_app_admin_013dda14f276a384', normalized_summary_id='A8797F6F-B6BF-43E9-9AFE-857D2FBC8534_searchcommands_app_admin_NS91c147524d89ae5a', generation_id=0, label=None, is_saved_search=0, realtime=0, indexed_realtime=0, indexed_realtime_offset=0, ppc_app='searchcommands_app', ppc_user='admin', ppc_bs='$SPLUNK_HOME/etc', bundle_version=0, vix_families=<Element 'root' at 0x103a7e410>, tz='### SERIALIZED TIMEZONE FORMAT 1.0;Y-25200 YW 50 44 54;Y-28800 NW 50 53 54;Y-25200 YW 50 57 54;Y-25200 YG 50 50 54;@-1633269600 0;@-1615129200 1;@-1601820000 0;@-1583679600 1;@-880207200 2;@-769395600 3;@-765385200 1;@-687967200 0;@-662655600 1;@-620834400 0;@-608137200 1;@-589384800 0;@-576082800 1;@-557935200 0;@-544633200 1;@-526485600 0;@-513183600 1;@-495036000 0;@-481734000 1;@-463586400 0;@-450284400 1;@-431532000 0;@-418230000 1;@-400082400 0;@-386780400 1;@-368632800 0;@-355330800 1;@-337183200 0;@-323881200 1;@-305733600 0;@-292431600 1;@-273679200 0;@-260982000 1;@-242229600 0;@-226508400 1;@-210780000 0;@-195058800 1;@-179330400 0;@-163609200 1;@-147880800 0;@-131554800 1;@-116431200 0;@-100105200 1;@-84376800 0;@-68655600 1;@-52927200 0;@-37206000 1;@-21477600 0;@-5756400 1;@9972000 0;@25693200 1;@41421600 0;@57747600 1;@73476000 0;@89197200 1;@104925600 0;@120646800 1;@126698400 0;@152096400 1;@162381600 0;@183546000 1;@199274400 0;@215600400 1;@230724000 0;@247050000 1;@262778400 0;@278499600 1;@294228000 0;@309949200 1;@325677600 0;@341398800 1;@357127200 0;@372848400 1;@388576800 0;@404902800 1;@420026400 0;@436352400 1;@452080800 0;@467802000 1;@483530400 0;@499251600 1;@514980000 0;@530701200 1;@544615200 0;@562150800 1;@576064800 0;@594205200 1;@607514400 0;@625654800 1;@638964000 0;@657104400 1;@671018400 0;@688554000 1;@702468000 0;@720003600 1;@733917600 0;@752058000 1;@765367200 0;@783507600 1;@796816800 0;@814957200 1;@828871200 0;@846406800 1;@860320800 0;@877856400 1;@891770400 0;@909306000 1;@923220000 0;@941360400 1;@954669600 0;@972810000 1;@986119200 0;@1004259600 1;@1018173600 0;@1035709200 1;@1049623200 0;@1067158800 1;@1081072800 0;@1099213200 1;@1112522400 0;@1130662800 1;@1143972000 0;@1162112400 1;@1173607200 0;@1194166800 1;@1205056800 0;@1225616400 1;@1236506400 0;@1257066000 1;@1268560800 0;@1289120400 1;@1300010400 0;@1320570000 1;@1331460000 0;@1352019600 1;@1362909600 0;@1383469200 1;@1394359200 0;@1414918800 1;@1425808800 0;@1446368400 1;@1457863200 0;@1478422800 1;@1489312800 0;@1509872400 1;@1520762400 0;@1541322000 1;@1552212000 0;@1572771600 1;@1583661600 0;@1604221200 1;@1615716000 0;@1636275600 1;@1647165600 0;@1667725200 1;@1678615200 0;@1699174800 1;@1710064800 0;@1730624400 1;@1741514400 0;@1762074000 1;@1772964000 0;@1793523600 1;@1805018400 0;@1825578000 1;@1836468000 0;@1857027600 1;@1867917600 0;@1888477200 1;@1899367200 0;@1919926800 1;@1930816800 0;@1951376400 1;@1962871200 0;@1983430800 1;@1994320800 0;@2014880400 1;@2025770400 0;@2046330000 1;@2057220000 0;@2077779600 1;@2088669600 0;@2109229200 1;@2120119200 0;@2140678800 1;$', msgType=None, msg=None)'''
 
+        command = SearchCommand()
+
         command.process(args=['foo.py', '__EXECUTE__'], input_file=StringIO('infoPath:searchcommands_data/input/externSearchResultsInfo.csv\n\nAction\r\naccess_search_results_info'), output_file=result)
         observed = re.sub('''vix_families=<Element 'root' at 0x[0-9a-f]+>''', '''vix_families=<Element 'root' at 0x103a7e410>''', repr(command.search_results_info))
         self.assertEqual(expected, observed)
 
+        # Command.process should provide access to a service object when search
+        # results info is available
+
+        self.assertIsInstance(command.service, Service)
+        self.assertEqual(command.service.authority, command.search_results_info.splunkd_uri)
+        self.assertEqual(command.service.scheme, command.search_results_info.splunkd_protocol)
+        self.assertEqual(command.service.port, command.search_results_info.splunkd_port)
+        self.assertEqual(command.service.token, command.search_results_info.auth_token)
+        self.assertEqual(command.service.namespace.app, command.search_results_info.ppc_app)
+        self.assertEqual(command.service.namespace.owner, None)
+        self.assertEqual(command.service.namespace.sharing, None)
+
+        # Command.process should not provide access to search results info or
+        # a service object when the 'infoPath' input header is unavailable
+
+        command = SearchCommand()
+
+        command.process(args=['foo.py', '__EXECUTE__'], input_file=StringIO('\nAction\r\naccess_search_results_info'), output_file=result)
+        self.assertEqual(command.search_results_info, None)
+        self.assertEqual(command.service, None)
+
         return
