rest-publish: Fix ACL writing bug & support -k

Kintyre · Oct 11, 2023 · f63963a · f63963a
1 parent 0341c62
commit f63963a
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 8 deletions.
diff --git a/docs/source/changelog.rst b/docs/source/changelog.rst
@@ -23,13 +23,21 @@ Renames:
 - ``ksconf/commands/__init__.py`` -> ``ksconf/command.py``
 
 
-Ksconf v0.13.2 (2023-10-10)
+Ksconf v0.13.3 (DRAFT)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-* Add ``--token`` to allow bearer authentication for rest-publish.
+* Changes for :ref:`ksconf_cmd_rest-publish`:
 
+   * Implement ``--insecure`` parameter.
+     Previously, SSL/TLS validation was not enforced as expected.
+   * Fix bug with ``acl`` endpoint URL.
 
 
+Ksconf v0.13.2 (2023-10-10)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* Add ``--token`` to allow bearer authentication for rest-publish.
+
 
 Ksconf v0.13.1 (2023-10-05)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~

diff --git a/docs/source/cmd_rest-publish.rst b/docs/source/cmd_rest-publish.rst
@@ -18,6 +18,10 @@ ksconf rest-publish
     :path: rest-publish
     :nodefault:
 
+    -m, --meta:
+        Note that ``mtime`` is ignored as that attribute is updated automatically every time a change occurs.
+        There is no known way to work around this without file system access.
+
 --------
 
 

diff --git a/ksconf/commands/restpublish.py b/ksconf/commands/restpublish.py
@@ -87,8 +87,8 @@ def register_args(self, parser: ArgumentParser):
         # add_splunkd_namespace(
         #    add_splunkd_access_args(parser.add_argument("Splunkd endpoint")))
 
-        add_splunkd_namespace(
-            add_splunkd_access_args(parser))
+        add_splunkd_namespace(parser)
+        add_splunkd_access_args(parser)
 
         parsg1 = parser.add_mutually_exclusive_group(required=False)
         '''
@@ -135,6 +135,7 @@ def connect_splunkd(self, args: Namespace):
             self._service = splunklib.client.connect(
                 host=up.hostname, port=up.port,
                 owner=args.owner, app=args.app, sharing=args.sharing,
+                verify=False if args.insecure else True,
                 **auth_args)
             # Sanity check to:
             #   (1) confirm that session key is good, and
@@ -313,8 +314,12 @@ def publish_conf(self,
 
             svc = config_file.service
             all_headers = svc.additional_headers + svc._auth_headers
+            prefix = stz.path
+            if not prefix.endswith("/"):
+                prefix += "/"
+
             resource = svc.authority + \
-                svc._abspath(stz.path + "acl",
+                svc._abspath(prefix + "acl",
                              owner=svc.namespace.owner, app=svc.namespace.app,
                              sharing=svc.namespace.sharing)
             # logger.debug("request to do the ACL THING!  (Round trip debugging)")
@@ -356,9 +361,6 @@ def delete_conf(self,
             return ("nochange", res)
 
     def run(self, args: Namespace):
-        if args.insecure:
-            raise NotImplementedError("Need to implement -k feature")
-
         if args.meta:
             self.meta = MetaData()
             for meta_file in args.meta: