Description
In short:
splunklib expects any Set-Cookie to be an auth cookie from Splunk. This is a problem when authenticating with a bearer token.
When hosting Splunk behind a load balancer like F5, which sets its own Set-Cookie in the response for connection persistence (stickiness), the Set-Cookie in the response from F5 will be included in the request headers instead of the splunk bearer token due to the logic in splunklib/binding.py#L520
When authenticating with user/pass, this makes sense, since Splunk API responds with a Set-Cookie for the session token (splunkd_8089). With a bearer token, Splunk does not respond with a session token, however the _auth_headers function seems to expect any Set-Cookie to be a session token.
The result is that, with bearer token authentication, requests to the Splunk API after the initial request will fail with "Request failed: Session is not logged in"
To Reproduce
- Host Splunk behind F5 with stickiness enabled (Or any middleware that adds a Set-Cookie to the HTTP response)
- Create a
splunklib.client.Servicewith bearer token authentication - Perform a call that requires authentication and see that it fails
client = splunklib.client.Service(host='..', splunkToken='XXXX')
client.info()
Expected behavior
Authentication should work
Workaround
By passing the splunk token header manually, splunklib will include both the stickiness cookie as well as the splunk token in the requests.
client = splunklib.client.Service(host='..', splunkToken='XXXX', headers=[('Authorization', 'Splunk {}'.format('<token>'))])
client.info()
Splunk:
- Version: Any, presumably
SDK:
- Version: Tested with 1.6.16