You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
74 lines
3.5 KiB
74 lines
3.5 KiB
|
|
# Copyright (C) 2005-2024 Splunk Inc. All Rights Reserved.
|
|
|
|
import json
|
|
from requests.status_codes import codes
|
|
from httplib2 import Response
|
|
import time
|
|
import splunk
|
|
import splunk.rest as rest
|
|
from .constants import SPLUNKD_SCS_TOKEN_ENDPOINT
|
|
|
|
|
|
class SCSToken:
|
|
"""Get SCS token to nake REST API calls to SCS services.
|
|
"""
|
|
def __init__(self, logger, session_key, splunkd_scs_token_endpoint=SPLUNKD_SCS_TOKEN_ENDPOINT):
|
|
self.logger = logger
|
|
self.session_key = session_key
|
|
self.scs_token = None
|
|
self.splunkd_scs_token_endpoint = splunkd_scs_token_endpoint
|
|
|
|
def get_token(self, principal_id, scope):
|
|
"""Get SCS token
|
|
|
|
Args:
|
|
logger: Logger
|
|
session_key: Valid Splunkd session key.
|
|
principal_id: The principal ID to get the scs token for. Defaults to "sc4mc".
|
|
scope: Defaults to "system". Use "tenant" to get tenant scoped token.
|
|
splunkd_scs_token_endpoint: The endpoint to make the call. Defaults to SPLUNKD_SCS_TOKEN_ENDPOINT.
|
|
"""
|
|
|
|
try:
|
|
self.logger.info("Getting scs token..")
|
|
response, content = self._get_token( principal_id, scope)
|
|
if response.status == codes.ok:
|
|
self.scs_token = json.loads(content)["entry"][0]["content"]["scs_token"]
|
|
self.logger.info("Successfully retrieved scs token. status=%s, principal_id=%s, scope=%s", response.status, principal_id, scope)
|
|
return self.scs_token
|
|
else:
|
|
self.logger.error("Error getting scs token. principal_id=%s, scope=%s, status=%s, error=%s", principal_id, scope, response.status, content)
|
|
except Exception as e:
|
|
self.logger.exception("Exception getting scs token. principal_id=%s, scope=%s, error=%s", principal_id, scope, e)
|
|
return None
|
|
|
|
def _get_token(self, principal_id, scope):
|
|
""" Get SCS tokens via REST: /services/authorization/scs_token
|
|
Cronjob runs /usr/local/bin/get_scs_tokens.sh every 30m to fetch SCS tokens and write them to disk (encrypted)
|
|
Tokens are stored in $SPLUNK_HOME/etc/auth/scs/{principal_name}-token.json
|
|
When splunkd receives a GET request for /services/authorization/scs_token,
|
|
it will read/decrypt and then return the SCS token that matches the principalId and scope GET params
|
|
|
|
Args:
|
|
logger: Logger
|
|
session_key: Valid Splunkd session key.
|
|
principal_id (str, optional): The principal ID to get the scs token for.
|
|
scope (str, optional): Use "system" for system scope token and "tenant" for tenant scope token.
|
|
splunkd_scs_token_endpoint: The endpoint to make the call.
|
|
"""
|
|
self.logger.info("Getting scs token with scope=%s, principal_id=%s", scope, principal_id)
|
|
self.logger.info("Getting scs token from splunkd_scs_token_endpoint=%s", self.splunkd_scs_token_endpoint)
|
|
try:
|
|
response, content = rest.simpleRequest(
|
|
self.splunkd_scs_token_endpoint,
|
|
getargs={"output_mode": "json", "principalId": principal_id, "scope": scope},
|
|
sessionKey=self.session_key)
|
|
if response.status != 503 and response.status != 404:
|
|
self.logger.info('SCS Token service is unavailable.')
|
|
|
|
except splunk.ResourceNotFound:
|
|
self.logger.error("scs_tokens endpoint not found on the stack")
|
|
return Response({"status": codes.not_found}), None
|
|
return response, content
|