Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

We are getting error (UnboundlocalError: local variable 'conf_values' refenced before assignment) pulling the data from twistlock #8

Open
sryedudo1 opened this issue Jan 14, 2022 · 3 comments
Open

We are getting error (UnboundlocalError: local variable 'conf_values' refenced before assignment) pulling the data from twistlock #8

sryedudo1 opened this issue Jan 14, 2022 · 3 comments
Labels
bug Something isn't working

Comments

@sryedudo1
Copy link

Describe the bug

We are getting error (UnboundlocalError: local variable 'conf_values' refenced before assignment) pulling the data from twistlock

We received both pcc:incidents and pcc:forensics for some time and stopped after few days

ERROR ExecProcessor - message from"/usr/splunk/bin/phthon3.7 /usr/splunk/etc/apps/twistlock/bin/poll_incidents.py" UnboundlocalError: local variable 'conf_values' refenced before assignment.

Expected behavior

Current behavior

Here is the error messages that we get from splunk:
1/14/228:25:00.307 AM | 01-14-2022 08:25:00.307 -0500 ERROR ExecProcessor - message from "/usr/splunk/bin/python3.7 /usr/splunk/etc/apps/twistlock/bin/poll_incidents.py" UnboundLocalError: local variable 'conf_values' referenced before assignment
 1/14/228:25:00.307 AM | 01-14-2022 08:25:00.307 -0500 ERROR ExecProcessor - message from "/usr/splunk/bin/python3.7 /usr/splunk/etc/apps/twistlock/bin/poll_incidents.py" "console_addr": conf_values["console_addr"],
1/14/228:25:00.307 AM | 01-14-2022 08:25:00.307 -0500 ERROR ExecProcessor - message from "/usr/splunk/bin/python3.7 /usr/splunk/etc/apps/twistlock/bin/poll_incidents.py" File "/usr/splunk/etc/apps/twistlock/bin/utils/splunk_sdk.py", line 44, in get_config_stanza
1/14/228:25:00.307 AM | 01-14-2022 08:25:00.307 -0500 ERROR ExecProcessor - message from "/usr/splunk/bin/python3.7 /usr/splunk/etc/apps/twistlock/bin/poll_incidents.py" stanza = get_config_stanza(credential["realm"], session_key)
1/14/228:25:00.307 AM | 01-14-2022 08:25:00.307 -0500 ERROR ExecProcessor - message from "/usr/splunk/bin/python3.7 /usr/splunk/etc/apps/twistlock/bin/poll_incidents.py" File "/usr/splunk/etc/apps/twistlock/bin/utils/splunk_sdk.py", line 60, in generate_configs
 1/14/228:25:00.307 AM | 01-14-2022 08:25:00.307 -0500 ERROR ExecProcessor - message from "/usr/splunk/bin/python3.7 /usr/splunk/etc/apps/twistlock/bin/poll_incidents.py" configs = generate_configs(session_key)
 1/14/228:25:00.307 AM | 01-14-2022 08:25:00.307 -0500 ERROR ExecProcessor - message from "/usr/splunk/bin/python3.7 /usr/splunk/etc/apps/twistlock/bin/poll_incidents.py" File "/usr/splunk/etc/apps/twistlock/bin/poll_incidents.py", line 198, in main
 1/14/228:25:00.307 AM | 01-14-2022 08:25:00.307 -0500 ERROR ExecProcessor - message from "/usr/splunk/bin/python3.7 /usr/splunk/etc/apps/twistlock/bin/poll_incidents.py" main()
1/14/228:25:00.307 AM | 01-14-2022 08:25:00.307 -0500 ERROR ExecProcessor - message from "/usr/splunk/bin/python3.7 /usr/splunk/etc/apps/twistlock/bin/poll_incidents.py" File "/usr/splunk/etc/apps/twistlock/bin/poll_incidents.py", line 233, in
1/14/228:25:00.307 AM | 01-14-2022 08:25:00.307 -0500 ERROR ExecProcessor - message from "/usr/splunk/bin/python3.7 /usr/splunk/etc/apps/twistlock/bin/poll_incidents.py" Traceback (most recent call last):
1/14/228:25:00.306 AM | 01-14-2022 08:25:00.306 -0500 ERROR ExecProcessor - message from "/usr/splunk/bin/python3.7 /usr/splunk/etc/apps/twistlock/bin/poll_incidents.py" Failed getting configuration from Splunk: ResourceNotFound('https://127.0.0.1:8089/servicesNS/nobody/twistlock/configs/conf-twistlock/None')
1/14/228:25:00.180 AM | 01-14-2022 08:25:00.180 -0500 INFO ExecProcessor - message from "/usr/splunk/bin/python3.7 /usr/splunk/etc/apps/twistlock/bin/poll_incidents.py" Prisma Cloud Compute poll_incidents script started.
1/14/228:25:00.003 AM | 01-14-2022 08:25:00.003 -0500 INFO ExecProcessor - setting reschedule_ms=299997, for command=/usr/splunk/bin/python3.7 /usr/splunk/etc/apps/twistlock/bin/poll_incidents.py

Possible solution

Steps to reproduce

Tried upgrading and reinstalling the app but no luck

Screenshots

Context

Trying to pull the twistlock incidents from console (hosted on-prem) to Splunk but getting error message

Your Environment

Splunk 8.1.3
Prisma Cloud Compute (Twistlock) App for Splunk - 4.1.1

$ cat inputs.conf
[script://./bin/poll_incidents.py]
disabled = 0
sourcetype = pcc:incident
interval = 00-59/5 * * * *
start_by_shell = 0
passAuth = splunk-system-user
index = twistlock

[script://./bin/poll_forensics.py]
disabled = 0
sourcetype = pcc:forensicdata
interval = 02-59/5 * * * *
start_by_shell = 0
passAuth = splunk-system-user
index = twistlock

$ cat passwords.conf
[credential:twsitlock_splunk:twistlock_splunk:]
password = xxxxxxxxxxxxxx

$ cat twistlock.conf
[twsitlock_splunk]
console_addr = https://xxxxxxxxxxxxxxx/
username = twistlock_splunk
@sryedudo1 sryedudo1 added the bug Something isn't working label Jan 14, 2022
@welcome-to-palo-alto-networks
Copy link

🎉 Thanks for opening your first issue here! Welcome to the community!

@darljed
Copy link

darljed commented Mar 10, 2022
edited
Loading

change the Splunk user in inputs.conf. It should be an existing user from your system.
passAuth = splunk-system-user
to
passAuth = <user>

@Nadia5132
Copy link

Hi,
Has this issue been fixed?
I found the same error and try to change passAuth user, but didn't work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@darljed @sryedudo1 @Nadia5132