Feature #2701
Add ability to write to non-globally shared lookups
Start date:
04/29/2020
Due date:
% Done:
0%
Description
The lookup table has to be shared globally in order for the “modular input” to locate the files, otherwise if shared at app level, you will get the following:
2020-04-20 16:20:11,503 ERROR A general exception was thrown when executing the import Traceback (most recent call last): File "/opt/splunk/etc/apps/google_drive/bin/google_spreadsheet.py", line 223, in import_file last_updated = google_lookup_sync.import_to_lookup_file(lookup_name, None, None, spreadsheet_title, worksheet_name, session_key, create_if_non_existent=False) File "/opt/splunk/etc/apps/google_drive/bin/google_drive_app/__init__.py", line 362, in import_to_lookup_file splunk_lookup_table = lookupfiles.SplunkLookupTableFile.get(lookupfiles.SplunkLookupTableFile.build_id(lookup_name, namespace, owner), sessionKey=session_key) File "/opt/splunk/lib/python2.7/site-packages/splunk/models/base.py", line 548, in get return SplunkRESTManager(cls, sessionKey=sessionKey).get(id) File "/opt/splunk/lib/python2.7/site-packages/splunk/models/base.py", line 528, in get entity = self._get_entity(id, host_path=host_path) File "/opt/splunk/lib/python2.7/site-packages/splunk/models/base.py", line 444, in _get_entity return self._fix_entity(splunk.entity.getEntity(self.model.resource, None, sessionKey=self.sessionKey, uri=id)) File "/opt/splunk/lib/python2.7/site-packages/splunk/entity.py", line 265, in getEntity serverResponse, serverContent = rest.simpleRequest(uri, getargs=kwargs, sessionKey=sessionKey, raiseAllErrors=True) File "/opt/splunk/lib/python2.7/site-packages/splunk/rest/__init__.py", line 550, in simpleRequest raise splunk.ResourceNotFound(uri, extendedMessages=extractMessages(body)) ResourceNotFound: [HTTP 404] https://127.0.0.1:8089/services/data/lookup-table-files/foo.csv; [{'type': 'ERROR', 'code': None, 'text': 'Could not find object id=foo.csv'}]
My assumption is that your add-on uses the “services” endpoint, which has access to globally shared lookups. In order to solve for this, you may have something similar to that logic:
Find lookup file app location
Use “servicesNS/<user>/<app>/data/….”
The need we have here is simply to ensure the lookup tables follow the app permissions to avoid sharing globally with granular permissions. In the interim, the workaround works too, just need to maintain each individual ones.
History
#1 Updated by Luke Murphey over 4 years ago
- Description updated (diff)