Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run as UserID and Error handling changes #57

Merged
merged 31 commits into from
Jan 4, 2024
Merged

Run as UserID and Error handling changes #57

merged 31 commits into from
Jan 4, 2024

Conversation

ElijahSwiftIBM
Copy link
Collaborator

💡 Issue Reference

Issue: #44 #48 #45 #43

💻 What does this address?

Addresses listed issues in pyRACF's error handling and associated processing.

  1. Adds new error for Null Response from IRRSMO00
  2. Standardizes SecurityRequestError structure
  3. Adds "install script" to define/check authorizations for IRR.IRRSMO00.PRECHECK

Adds entirely new feature to run commands as another user. This requires specific RACF authorizations.

📟 Implementation Details

  1. Checked for null string response from IRRSMO00 and throw new error if so
  2. Define new methods of SecurityRequestError to restructure IRRSMO00 response XML with IRRSMO00 error to more closely align with RACF-error structure
  3. Added "Scripts" folder and defined externally available function that checks active user's access to IRR.IRRSMO00.PRECHECK and creates the resource if possible.

Changed call to IRRSMO00 to pass in optional userid parameter which is set at the SecurityAdmin structure level. This can be set at object creation or with public access methods. The "running userid" when it exists is added to the securityResult dictionary for logging/tracking purposes.

Also changed call to IRRSMO00 to return more information than just xml string. With full return and reason codes, NullResponseErrors can be differentiated by their causes. This is also why this PR contains code from #53 and makes it redundant.

📋 Is there a test case?

Designed new test cases for new error, install script, and run as userid functions under "common" test cases. Tested new SecurityRequestError functions with existing user and group error tests

@ElijahSwiftIBM
Error and Error Handling Changes
12cd2b0 
-Standardize SecurityRequestError Structure, merging IRRSMO00 Errors and that of RACF Errors with the smae internal structure in the result dictionary
-Add an install script that defines IRR.IRRSMO00.PRECHECK with UACC of none and/or checks if the profile exists and the current user's access
-Added NullResponseError
-Added Unit Testing for Install script and null response error

Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
@ElijahSwiftIBM
Add base functionality to run as another user
f5754c2 
-Add parameters to irrsmo00.c for userid and userid_len
-Add code in irrsmo00 that can process a userid and pass it and length to c code
-Add methods to security admin object that allow for changing executing userID
-Add ImproperUSerIDError to enforce userid changes to theoretically valid ids

Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
@ElijahSwiftIBM
Typing changes
721e878 
Make changes to be compatible with 3.10 typing library

Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
@ElijahSwiftIBM
Update irrsmo00.py
a6e53c4 
Change type of default userid parm passed to irrsmo00.

Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
@ElijahSwiftIBM
Surface IRRSMO00 Return and Reason Codes
f4756c7 
Also allow for run as userid to be specified in object creation

Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
@ElijahSwiftIBM
Merge branch 'feature/handle-empty-return' into feature/run_as_userid
f261c44
@ElijahSwiftIBM
Fold Surrogat Error into Null Response
85e7109 
-Fold Surrogat error (run as userid attempted with no access defined) that yields no response into Null Response Error
-Use surfaced return and reason codes from IRRSMO00 to differentiate null response errors
-Add get_user_access to resource admin
-Add unit testing for all of it
-move custom traits testing under common folder

Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
This was referenced Nov 26, 2023
Closed
Merged
@ElijahSwiftIBM
Minor changes for doc
a6e927d 
-Update type hints and error message to bring in line with doc

Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
@lcarcaramo lcarcaramo added the enhancement New feature or request label Nov 29, 2023
@lcarcaramo lcarcaramo added this to the Beta 1.0b3 milestone Nov 29, 2023
@ElijahSwiftIBM
Refactoring and Standardization Changes
723a381 
Change UserID to UserId
refactor call_racf
change error text strings

Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
@ElijahSwiftIBM
Updates
a1b9be1 
-Change ImproperUserIdError to UserIdError
-Move security request error restructuring to security result
-doc and minor updates.

Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
@ElijahSwiftIBM
Complete Transition to UserIdError
eda3184 
Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
@ElijahSwiftIBM
Update test_setup_precheck.py
2d7c512 
Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
@ElijahSwiftIBM
Update security_admin.py
588449f 
Change comment string for DownstreamFatalError

Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
@ElijahSwiftIBM
Change DownstreamFatalError Test Constants
07c92cc 
Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
@ElijahSwiftIBM
Update irrsmo00.py
f9db7fc 
Function testing revealed a couple of bugs in how the response value from the c code was parsed in python. This resolves that issue.

Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
@ElijahSwiftIBM ElijahSwiftIBM force-pushed the feature/run_as_userid branch 5 times, most recently from f9ed423 to 9faf205 Compare December 20, 2023 18:08
@ElijahSwiftIBM
Update irrsmo00.c
37b2214 
pass pointers to return codes rather than values.

Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
@ElijahSwiftIBM
Function and Unit Test Changes
0baee16 
Add Function Test for DownstreamFatalError (Null Response checking is based off something unit testing does not fully check)
Add real error messages to tests in Add operations that surface error from initial extract.

Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
@ElijahSwiftIBM
Change docstrings and version number
19c5df0 
Changed docstring for DownstreamFatalError
Update version number to 1.0b3 for next release

Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
ElijahSwiftIBM added a commit that referenced this pull request Dec 26, 2023
@ElijahSwiftIBM
Slight documentation changes
fa81809 
Make documentation wording adjustments in accordance to code changes of PR #57

Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
@ElijahSwiftIBM
Drive userid on get_running_userid to lowercase
af81fc7 
Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
@ElijahSwiftIBM
Update security_admin.py
f4171c2 
Change type hints for get_running_userid to Union[str, None]

Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
@lcarcaramo lcarcaramo merged commit fd9d7aa into dev Jan 4, 2024
4 checks passed
@lcarcaramo lcarcaramo deleted the feature/run_as_userid branch January 4, 2024 17:46
This was referenced Jan 4, 2024
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lcarcaramo lcarcaramo lcarcaramo approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
Beta 1.0b3
Development

Successfully merging this pull request may close these issues.
2 participants
@ElijahSwiftIBM @lcarcaramo