Logged error when HTTP Proxy settings are blank: get_password failed

[Alexis-I]

After installing sigsci_TA_for_splunk the app writes logs when the HTTP proxy is disabled / not in use. The errors are resolved by entering a fake value into the HTTP proxy password field.

07-01-2024 22:04:30.474 +0000 ERROR PersistentScript [161185 PersistentScriptIo] - From {/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/sigsci_TA_for_splunk/bin/sigsci_TA_for_splunk_rh_settings.py persistent}: WARNING:root:Run function: get_password failed: Traceback (most recent call last):
07-01-2024 22:04:30.474 +0000 ERROR PersistentScript [161185 PersistentScriptIo] - From {/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/sigsci_TA_for_splunk/bin/sigsci_TA_for_splunk_rh_settings.py persistent}:   File "/opt/splunk/etc/apps/sigsci_TA_for_splunk/bin/sigsci_ta_for_splunk/aob_py3/solnlib/utils.py", line 153, in wrapper
07-01-2024 22:04:30.474 +0000 ERROR PersistentScript [161185 PersistentScriptIo] - From {/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/sigsci_TA_for_splunk/bin/sigsci_TA_for_splunk_rh_settings.py persistent}:     return func(*args, **kwargs)
07-01-2024 22:04:30.474 +0000 ERROR PersistentScript [161185 PersistentScriptIo] - From {/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/sigsci_TA_for_splunk/bin/sigsci_TA_for_splunk_rh_settings.py persistent}:   File "/opt/splunk/etc/apps/sigsci_TA_for_splunk/bin/sigsci_ta_for_splunk/aob_py3/solnlib/credentials.py", line 137, in get_password
07-01-2024 22:04:30.474 +0000 ERROR PersistentScript [161185 PersistentScriptIo] - From {/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/sigsci_TA_for_splunk/bin/sigsci_TA_for_splunk_rh_settings.py persistent}:     f"Failed to get password of realm={self._realm}, user={user}."
07-01-2024 22:04:30.474 +0000 ERROR PersistentScript [161185 PersistentScriptIo] - From {/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/sigsci_TA_for_splunk/bin/sigsci_TA_for_splunk_rh_settings.py persistent}: solnlib.credentials.CredentialNotExistException: Failed to get password of realm=__REST_CREDENTIAL__#sigsci_TA_for_splunk#configs/conf-sigsci_ta_for_splunk_settings, user=proxy.

[jeremy-cxf]

Hello @Alexis-I !

Hope you are well. Appears this is less a bug with the addon, but an issue with the lib bundled in by addons that are built using Splunk Addon Builder that implements the proxy: https://docs.splunk.com/Documentation/AddonBuilder/4.2.0/UserGuide/Overview

Looking at this thread:
https://community.splunk.com/t5/All-Apps-and-Add-ons/Errors-after-Microsoft-Azure-Add-on-for-Splunk-upgrade/m-p/574571

This error is caused by a library used by add-ons built with add-on builder (a.k.a. AoB) that implement a proxy. In a nutshell, the REST handler settings code generated by AoB (in this case TA_MS_AAD_rh_settings.py) defines the proxy fields. Here is what it looks like for proxy_password:

field.RestField(
'proxy_password',
required=False,
encrypted=True,
default=None,
validator=validator.String(
min_len=0,
max_len=8192,
)
)

The proxy_password settings specify that the field is not required, but the field is encrypted. Now, getting back to the library code. The library is trying to decrypt proxy settings even if you haven't specified any. An internal bug has been filed, but the workaround should stop the (erroneous) error messages.

Solution here is fairly similar to what you're doing, which would be modifying: https://github.com/fastly/sigsci-splunk-app/blob/main/sigsci_TA_for_splunk/default/sigsci_ta_for_splunk_settings.conf

To have a password of None, however these configs typically auto generated (and less accessible in splunk cloud) to do manually.

I'll see if I can check the status upstream. I don't particular want to change defaults if the upstream lib is causing an issue, and should be doing that by default anyway, but can keep this public.