I am building a custom Splunk application. The app leverages custom python scripts to query an external API and present data in a dashboard directly in the Splunk UI. Using the setup.xml, I am able to successfully store the external API credentials in a passwords.conf file.
When I invoke the scripts and API calls with the admin user, everything works perfectly without any issues. However, when I try to do the same with a non-admin user, I get the following error:
Error: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/nobody/my-app/admin/passwords
How can I successfully pull out the credentials from passwords.conf with a user that isn't an admin?
My getCredentials() method is as follows:
def getCredentials(sessionKey, targetUsername, logger):
try:
# list all credentials
entities = entity.getEntities(['admin', 'passwords'], namespace=myapp, owner='nobody', sessionKey=sessionKey)
except Exception, e:
logger.error("Could not get %s credentials from splunk. Error: %s" % (myapp, str(e)))
raise Exception("Could not get %s credentials from splunk. Error: %s" % (myapp, str(e)))
credentials = []
# return credentials
for i, c in entities.items():
if c['username'] == targetUsername:
credentials.append((c['username'], c['clear_password']))
return credentials
logger.error("No credentials have been found")
raise Exception("No credentials have been found")
My password.conf file looks like this (encrypted password string obfuscated):
[credential::api_user:]
password = $1234abcd=
... View more