From 86236505ab734005484be08db9356ca254ff5abc Mon Sep 17 00:00:00 2001 From: sgoral Date: Tue, 5 Mar 2024 16:37:54 +0100 Subject: [PATCH 1/2] feat: add scheme calculation based on hec global settings --- solnlib/modular_input/event_writer.py | 32 ++++++++++++++++--- solnlib/modular_input/modular_input.py | 2 ++ solnlib/splunkenv.py | 25 +++++++++++++++ tests/unit/common.py | 7 ++++ .../apps/splunk_httpinput/local/inputs.conf | 3 ++ tests/unit/test_modular_input_event_writer.py | 23 ++++++++++--- 6 files changed, 84 insertions(+), 8 deletions(-) create mode 100644 tests/unit/data/mock_splunk/etc/apps/splunk_httpinput/local/inputs.conf diff --git a/solnlib/modular_input/event_writer.py b/solnlib/modular_input/event_writer.py index 788de75c..3d14a4c3 100644 --- a/solnlib/modular_input/event_writer.py +++ b/solnlib/modular_input/event_writer.py @@ -32,7 +32,7 @@ from .. import splunk_rest_client as rest_client from .. import utils from ..hec_config import HECConfig -from ..splunkenv import get_splunkd_access_info +from ..splunkenv import get_splunkd_access_info, get_scheme_from_hec_settings from ..utils import retry from .event import HECEvent, XMLEvent @@ -203,6 +203,7 @@ def __init__( port: int = None, hec_uri: str = None, hec_token: str = None, + global_settings_schema: bool = True, logger: logging.Logger = None, **context: dict ): @@ -217,6 +218,7 @@ def __init__( hec_uri: (optional) If hec_uri and hec_token are provided, they will higher precedence than hec_input_name. hec_token: (optional) HEC token. + global_settings_schema: (optional) if True, scheme will be set based on HEC global settings, default False. logger: Logger object. context: Other configurations for Splunk rest client. """ @@ -237,6 +239,9 @@ def __init__( hec_input_name, session_key, scheme, host, port, **context ) + if global_settings_schema: + scheme = get_scheme_from_hec_settings() + if not context.get("pool_connections"): context["pool_connections"] = 10 @@ -249,7 +254,10 @@ def __init__( @staticmethod def create_from_token( - hec_uri: str, hec_token: str, **context: dict + hec_uri: str, + hec_token: str, + global_settings_schema: bool = False, + **context: dict ) -> "HECEventWriter": """Given HEC URI and HEC token, create HECEventWriter object. This function simplifies the standalone mode HECEventWriter usage (not in a @@ -258,6 +266,7 @@ def create_from_token( Arguments: hec_uri: HTTP Event Collector URI, like https://localhost:8088. hec_token: HTTP Event Collector token. + global_settings_schema: (optional) if True, scheme will be set based on HEC global settings, default False. context: Other configurations. Returns: @@ -272,12 +281,17 @@ def create_from_token( None, hec_uri=hec_uri, hec_token=hec_token, + global_settings_schema=global_settings_schema, **context ) @staticmethod def create_from_input( - hec_input_name: str, splunkd_uri: str, session_key: str, **context: dict + hec_input_name: str, + splunkd_uri: str, + session_key: str, + global_settings_schema: bool = False, + **context: dict ) -> "HECEventWriter": """Given HEC input stanza name, splunkd URI and splunkd session key, create HECEventWriter object. HEC URI and token etc will be discovered @@ -289,6 +303,7 @@ def create_from_input( hec_input_name: Splunk HEC input name. splunkd_uri: Splunkd URI, like https://localhost:8089 session_key: Splunkd access token. + global_settings_schema: (optional) if True, scheme will be set based on HEC global settings, default False. context: Other configurations. Returns: @@ -297,7 +312,13 @@ def create_from_input( scheme, host, port = utils.extract_http_scheme_host_port(splunkd_uri) return HECEventWriter( - hec_input_name, session_key, scheme, host, port, **context + hec_input_name, + session_key, + scheme, + host, + port, + global_settings_schema=global_settings_schema, + **context ) @staticmethod @@ -306,6 +327,7 @@ def create_from_token_with_session_key( session_key: str, hec_uri: str, hec_token: str, + global_settings_schema: bool = False, **context: dict ) -> "HECEventWriter": """Given Splunkd URI, Splunkd session key, HEC URI and HEC token, @@ -318,6 +340,7 @@ def create_from_token_with_session_key( session_key: Splunkd access token. hec_uri: Http Event Collector URI, like https://localhost:8088. hec_token: Http Event Collector token. + global_settings_schema: (optional) if True, scheme will be set based on HEC global settings, default False. context: Other configurations. Returns: @@ -333,6 +356,7 @@ def create_from_token_with_session_key( port, hec_uri=hec_uri, hec_token=hec_token, + global_settings_schema=global_settings_schema, **context ) diff --git a/solnlib/modular_input/modular_input.py b/solnlib/modular_input/modular_input.py index c93b0365..959fe772 100644 --- a/solnlib/modular_input/modular_input.py +++ b/solnlib/modular_input/modular_input.py @@ -107,6 +107,7 @@ class ModularInput(metaclass=ABCMeta): # Input name of Splunk HEC, must be overridden if use_hec_event_writer # is True hec_input_name = None + hec_global_settings_schema = False def __init__(self): # Validate properties @@ -230,6 +231,7 @@ def _create_event_writer(self): scheme=self.server_scheme, host=self.server_host, port=self.server_port, + global_settings_schema=self.hec_global_settings_schema, ) except binding.HTTPError: logging.error( diff --git a/solnlib/splunkenv.py b/solnlib/splunkenv.py index da98a473..95fcc487 100644 --- a/solnlib/splunkenv.py +++ b/solnlib/splunkenv.py @@ -31,6 +31,7 @@ "get_splunk_host_info", "get_splunk_bin", "get_splunkd_access_info", + "get_scheme_from_hec_settings", "get_splunkd_uri", "get_conf_key_value", "get_conf_stanza", @@ -198,6 +199,30 @@ def get_splunkd_access_info() -> Tuple[str, str, int]: return scheme, host, port +def get_scheme_from_hec_settings() -> str: + """Get scheme from HEC global settings. + + Returns: + scheme (str) + """ + try: + ssl_enabled = get_conf_key_value("inputs", "http", "enableSSL") + except KeyError: + raise KeyError( + "Cannot get enableSSL setting form conf: 'inputs' and stanza: '[http]'. " + "Verify that your splunk instance has the inputs.conf file with the correct [http] stanza. " + "For more information see: " + "https://docs.splunk.com/Documentation/Splunk/9.2.0/Data/UseHECusingconffiles" + ) + + if is_true(ssl_enabled): + scheme = "https" + else: + scheme = "http" + + return scheme + + def get_splunkd_uri() -> str: """Get splunkd uri. diff --git a/tests/unit/common.py b/tests/unit/common.py index 30f5e56b..fa79619f 100644 --- a/tests/unit/common.py +++ b/tests/unit/common.py @@ -57,6 +57,13 @@ def communicate(self, input=None): file_path = op.sep.join( [cur_dir, "data/mock_splunk/etc/system/default/server.conf"] ) + elif self._conf == "inputs": + file_path = op.sep.join( + [ + cur_dir, + "data/mock_splunk/etc/apps/splunk_httpinput/local/inputs.conf", + ] + ) else: file_path = op.sep.join( [cur_dir, "data/mock_splunk/etc/system/default/web.conf"] diff --git a/tests/unit/data/mock_splunk/etc/apps/splunk_httpinput/local/inputs.conf b/tests/unit/data/mock_splunk/etc/apps/splunk_httpinput/local/inputs.conf new file mode 100644 index 00000000..6e74c6dc --- /dev/null +++ b/tests/unit/data/mock_splunk/etc/apps/splunk_httpinput/local/inputs.conf @@ -0,0 +1,3 @@ +[http] +disabled = 0 +enableSSL = 0 diff --git a/tests/unit/test_modular_input_event_writer.py b/tests/unit/test_modular_input_event_writer.py index 1bfcdabf..5eddbae8 100644 --- a/tests/unit/test_modular_input_event_writer.py +++ b/tests/unit/test_modular_input_event_writer.py @@ -207,11 +207,21 @@ def mock_post_2( # test that post is called 2 times assert len(times_post_called) == 2 + for i in range(4): + ev = create_hec_event_writer(i) + assert ev._rest_client.scheme == "https" + for i in range(4): + ev = create_hec_event_writer(i, hec=True) + assert ev._rest_client.scheme == "http" -def create_hec_event_writer(i): + +def create_hec_event_writer(i, hec=False): if i == 1: return HECEventWriter.create_from_input( - "HECTestInput", "https://localhost:8089", common.SESSION_KEY + "HECTestInput", + "https://localhost:8089", + common.SESSION_KEY, + global_settings_schema=hec, ) elif i == 2: return HECEventWriter.create_from_token_with_session_key( @@ -219,8 +229,13 @@ def create_hec_event_writer(i): common.SESSION_KEY, "https://localhost:8090", "test_token", + global_settings_schema=hec, ) elif i == 3: - return HECEventWriter.create_from_token("https://localhost:8090", "test_token") + return HECEventWriter.create_from_token( + "https://localhost:8090", "test_token", global_settings_schema=hec + ) else: - return HECEventWriter("HECTestInput", common.SESSION_KEY) + return HECEventWriter( + "HECTestInput", common.SESSION_KEY, global_settings_schema=hec + ) From 20bc0ecaf3cfd2307976f7bb22bf374492649cc1 Mon Sep 17 00:00:00 2001 From: Artem Rys Date: Thu, 7 Mar 2024 15:40:51 +0100 Subject: [PATCH 2/2] chore: splunk -> Splunk --- solnlib/splunkenv.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solnlib/splunkenv.py b/solnlib/splunkenv.py index 95fcc487..20484072 100644 --- a/solnlib/splunkenv.py +++ b/solnlib/splunkenv.py @@ -210,7 +210,7 @@ def get_scheme_from_hec_settings() -> str: except KeyError: raise KeyError( "Cannot get enableSSL setting form conf: 'inputs' and stanza: '[http]'. " - "Verify that your splunk instance has the inputs.conf file with the correct [http] stanza. " + "Verify that your Splunk instance has the inputs.conf file with the correct [http] stanza. " "For more information see: " "https://docs.splunk.com/Documentation/Splunk/9.2.0/Data/UseHECusingconffiles" )