In my fairly large environment, we need to be able to accept REST API requests from any IP on the Internet. Instead of opening up the entirety of our Splunk API to 0.0.0.0/0, we instead front the requests with an nginx reverse proxy with a whitelist of allowed API users (which simply does a lookup in an htpasswd file).
This actually works quite well for most of our applications, but unfortunately is incompatible with the Splunk SDK for Python. It seems that in all cases, the SDK prefers to get and use an auth token. And this probably does make sense as a default behavior - my guess is that checking the user/pass on each request isn't particularly efficient. But there are cases (and we're one of them!) where this is needed.
Anyway, this wouldn't be a big issue if I could just pass in an Authorization header, but unfortunately Splunk nukes any Authorization headers that don't start with 'Splunk':
In my opinion, it should only add 'Splunk' if the Authorization header doesn't already have 'Basic' present.
If I make a PR to change this behavior, would such a modification be acceptable? In the future, I think the SDK could also benefit from simply having an option which disables using token auth on every request - I doubt I'm the first or last person to run into this issue.
Thanks!
In my fairly large environment, we need to be able to accept REST API requests from any IP on the Internet. Instead of opening up the entirety of our Splunk API to 0.0.0.0/0, we instead front the requests with an nginx reverse proxy with a whitelist of allowed API users (which simply does a lookup in an htpasswd file).
This actually works quite well for most of our applications, but unfortunately is incompatible with the Splunk SDK for Python. It seems that in all cases, the SDK prefers to get and use an auth token. And this probably does make sense as a default behavior - my guess is that checking the user/pass on each request isn't particularly efficient. But there are cases (and we're one of them!) where this is needed.
Anyway, this wouldn't be a big issue if I could just pass in an Authorization header, but unfortunately Splunk nukes any Authorization headers that don't start with 'Splunk':
splunk-sdk-python/splunklib/binding.py
Line 516 in ac66072
In my opinion, it should only add 'Splunk' if the Authorization header doesn't already have 'Basic' present.
If I make a PR to change this behavior, would such a modification be acceptable? In the future, I think the SDK could also benefit from simply having an option which disables using token auth on every request - I doubt I'm the first or last person to run into this issue.
Thanks!