Splunk REST API Modular Input
- for OAuth2 refreshtoken flows , you can now configure if the clientid/clientsecret is sent in the Base64 encoded Basic Authentication header (default) or in the request body. Previous versions of the App put the clientid/client_secret in BOTH the header and request body.
- some code checks to catch null passwords in environments with passwords.conf files that can't be decrypted
- option to use the default bundled "certifi" CA Bundle rather than having to declare your own path to a CA Bundle
- upgraded the Splunk Python SDK to v 1.6.18 to meet the latest App Inspect/Cloud Vetting rules.
- by default ,for refreshtoken flows, the clientid and clientsecret will get placed as parameters in the request body. Added some code so that the clientid and client_secret will also be included as a Base64 encoded Basic Auth header , https://www.oauth.com/oauth2-servers/access-tokens/refreshing-access-tokens/
- added a configuration option to select the grant type for OAuth2 flows
- updated the oauthlib backwards compatibility to python2.7
- upgraded the internal OAuth libraries
- ensure any http/https proxies are available for OAuth2 Refresh Token URL requests
- increase page size from 30 to unlimited for the list of encrypted keys.
- updated the custom response handler method signature.Added in backwards compatibility for your existing custom response handlers , or you can update your handlers to use the new
call method signature. Refer to
rest_ta/bin/responsehandlers.py for examples.
- upgraded logging functionality
- added a default response handler for oauth2
- upgraded logging functionality
- upgraded urllib3 library from 1.25.3 to 1.25.10
- removed some logging debug messages , which are actually disabled by default , but the Splunk cloud folks don't like them
- logging enhancements for default requests messages
- enforced Python3 for execution of the modular input script.If you require Python2.7 , then download a prior version (such as 1.9.1).
- python3 compatibility tweaks.
- general appinspect tidy ups
- removed setup.xml and replaced with a custom JS/HTML dashboard for app setup
- added code to prevent passwords from other apps that might have their sharing set to Global from being concatenated into the rest_ta namespace.
- minor fix to encryption logic
- improved the usability of the setup page for encrypting credentials
- can now pass oauth2 session through to a custom response handler
- added config field for oauth2 expires_in
- added a custom setup page if you require encryption of credentials
- bundled in python modules that are not packaged into Splunk versions pre 8 : urlib3 , certifi , chardet , idna
- updated the bundled version of the requests library to version 2.23.0
- stateful variables/settings used to get persisted back to inputs.conf , now they get persisted to a custom config file reststate.conf , which should solve any unwanted auto restarting of the app by splunkd.
- made error logging more verbose by adding stanza name
- minor tweak to authhandlers.py for python 2/3 dual compatibility
- no changes , changes for this build got pushed up to 1.8.2
- Python 2.7 and 3+ compatibility
- added support for Certificate verification using a supplied CA Bundle file
- fixed Splunk 8 compatibility for manager.xml file
- added client certificate config options
- added trial key functionality
- added a triggers stanza to app.conf to prevent reloading after saving state back to inputs.conf
- patched a bug to callbacks to Splunk for persisting state that required the activation key in the payload
- minor manager xml ui tweak for 7.1
- Corrected a build bug with responsehandlers
- Added an activation key requirement , visit http://www.baboonbones.com/#activation to obtain a non-expiring key
- Added support for HEAD requests
- Docs updated
- Splunk 7.1 compatible
- Can now declare a CRON pattern for your polling interval.
- Multiple requests spawned by tokenization can be declared to run in parallel or sequentially.
- Multiple sequential requests can optionally have a stagger time enforced between each request.
- Minor code bug with logging
- Added support for token replacement functions in the URL to be able to return a list
of values, that will cause multiple URL's to be formed and the requests for these
URL's will be executed in parallel in multiple threads. See tokens.py
- Added a custom response handler for rolling out generic JSON arrays
- Refactored key=value delimited string handling to only split on the first "=" delimiter
- Ensure that token substitution in the endpoint URL is dynamically applied for each
- Added support for dynamic token substitution in the endpoint URL
ie : /someurl/foo/$sometoken$/goo
$sometoken$ will get substituted with the output of the 'sometoken' function
- Added support to persist and retrieve cookies
- Changed the logic for persistence of state back to inputs.conf to occur directly after polling/event indexing has completed rather than waiting for the polling loop frequency sleep period to exit. This potentially deals with situations where you might terminate Splunk before the REST Mod Input has persisted state changes back to inputs.conf because it was in a sleep loop during shutdown.