This repository has been archived by the owner on Feb 3, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'version_1231' into testing
- Loading branch information
Showing
13 changed files
with
944 additions
and
10 deletions.
There are no files selected for viewing
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
#!/usr/bin/env python | ||
# coding=utf-8 | ||
|
||
# REST API SPL handler for TrackMe, allows interracting with the TrackMe API endpoints with get / post / delete calls | ||
# See: https://trackme.readthedocs.io/en/latest/rest_api_reference.html | ||
|
||
from __future__ import absolute_import, division, print_function, unicode_literals | ||
|
||
import os | ||
import sys | ||
import splunk | ||
import splunk.entity | ||
import requests | ||
import json | ||
import re | ||
import time | ||
|
||
splunkhome = os.environ['SPLUNK_HOME'] | ||
sys.path.append(os.path.join(splunkhome, 'etc', 'apps', 'trackme', 'lib')) | ||
|
||
from splunklib.searchcommands import dispatch, GeneratingCommand, Configuration, Option, validators | ||
import rest_handler | ||
import splunklib.client as client | ||
|
||
|
||
@Configuration(distributed=False) | ||
|
||
class TrackMeRestHandler(GeneratingCommand): | ||
|
||
# url and mode are required arguments of the SPL command | ||
url = Option(require=True) | ||
mode = Option(require=True) | ||
# body is optional and required for post and delete calls | ||
body = Option(require=False) | ||
|
||
def generate(self, **kwargs): | ||
|
||
if self.url and self.mode in ("get", "post", "delete"): | ||
|
||
# Get the session key | ||
session_key = self._metadata.searchinfo.session_key | ||
|
||
# Get splunkd port | ||
entity = splunk.entity.getEntity('/server', 'settings', | ||
namespace='trackme', sessionKey=session_key, owner='-') | ||
splunkd_port = entity['mgmtHostPort'] | ||
|
||
# build header and target | ||
header = 'Splunk ' + str(session_key) | ||
target_url = "https://localhost:" + str(splunkd_port) + str(self.url) | ||
|
||
# prepare the body data, if any | ||
json_data = None | ||
if self.body: | ||
json_data = json.dumps(json.loads(self.body.replace("\'", "\""), strict=False), indent=1) | ||
|
||
# Run http request | ||
response_data = None | ||
|
||
# Get | ||
if self.mode in ("get"): | ||
if self.body: | ||
response = requests.get(target_url, headers={'Authorization': header}, verify=False, data=json_data) | ||
else: | ||
response = requests.get(target_url, headers={'Authorization': header}, verify=False) | ||
|
||
# Post (body is required) | ||
elif self.mode in ("post"): | ||
response = requests.post(target_url, headers={'Authorization': header}, verify=False, data=json_data) | ||
|
||
# Delete (body is required) | ||
elif self.mode in ("delete"): | ||
response = requests.delete(target_url, headers={'Authorization': header}, verify=False, data=json_data) | ||
|
||
# yield data | ||
|
||
# parse if response is a proper json, otherwise returns as string | ||
try: | ||
response_data = json.loads(json.dumps(response.json(), indent=1)) | ||
except Exception as e: | ||
# Response is not json, let's parse and make it a json answer | ||
response_data = str(response.content) | ||
response_data = re.sub('^b\'', '', response_data) | ||
response_data = re.sub('\'$', '', response_data) | ||
response_data = "{\"response\": \"" + str(response_data.replace("\"", "\\\"")) + "\"}" | ||
|
||
# yield | ||
data = {'_time': time.time(), '_raw': response_data} | ||
yield data | ||
|
||
dispatch(TrackMeRestHandler, sys.argv, sys.stdin, sys.stdout, __name__) |
Oops, something went wrong.