Fixed pam action rotate command

Keeper-Security · Jan 12, 2025 · 978fadc · 978fadc
1 parent 8ca5f82
commit 978fadc
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 12 deletions.
diff --git a/keepercommander/commands/discoveryrotation.py b/keepercommander/commands/discoveryrotation.py
@@ -2043,9 +2043,13 @@ def execute(self, params, **kwargs):
             tmp_dag = TunnelDAG(params, encrypted_session_token, encrypted_transmission_key, record.record_uid)
             resource_uid = tmp_dag.get_resource_uid(record_uid)
             if not resource_uid:
-                print(f'{bcolors.FAIL}Resource UID not found for record [{record_uid}]. please configure it '
-                      f'{bcolors.OKBLUE}"pam rotation user {record_uid} --resource RESOURCE_UID"{bcolors.ENDC}')
-                return
+                # NOOP records don't need resource_uid
+                noop_field = record.get_typed_field('text', 'NOOP')
+                noop = utils.value_to_boolean(noop_field.value[0]) if noop_field and noop_field.value else False
+                if not noop:
+                    print(f'{bcolors.FAIL}Resource UID not found for record [{record_uid}]. please configure it '
+                          f'{bcolors.OKBLUE}"pam rotation user {record_uid} --resource RESOURCE_UID"{bcolors.ENDC}')
+                    return
 
         controller = configuration_controller_get(params, url_safe_str_to_bytes(config_uid))
         if not controller.controllerUid:
@@ -2100,10 +2104,12 @@ def execute(self, params, **kwargs):
         router_response = router_send_action_to_gateway(
             params=params, gateway_action=GatewayActionRotate(inputs=action_inputs, conversation_id=conversation_id,
                                                               gateway_destination=gateway_uid),
-            message_type=pam_pb2.CMT_ROTATE, is_streaming=False, encrypted_transmission_key=encrypted_transmission_key,
+            message_type=pam_pb2.CMT_ROTATE, is_streaming=False,
+            transmission_key=transmission_key,
+            encrypted_transmission_key=encrypted_transmission_key,
             encrypted_session_token=encrypted_session_token)
 
-        print_router_response(router_response, conversation_id)
+        print_router_response(router_response, 'job_info', conversation_id)
 
 
 class PAMGatewayActionServerInfoCommand(Command):

diff --git a/keepercommander/commands/pam/router_helper.py b/keepercommander/commands/pam/router_helper.py
@@ -434,18 +434,26 @@ def print_router_response(router_response, response_type, original_conversation_
     router_response_response_payload_str = router_response_response.get('payload')
     router_response_response_payload_dict = json.loads(router_response_response_payload_str)
 
-    gateway_response_conversation_id = utils.base64_url_decode(router_response_response_payload_dict.get('conversation_id')).decode("utf-8")
-
     if router_response_response_payload_dict.get('warnings'):
         for w in router_response_response_payload_dict.get('warnings'):
             if w:
                 print(f'{bcolors.WARNING}{w}{bcolors.ENDC}')
 
-
-    if original_conversation_id and original_conversation_id != gateway_response_conversation_id:
-        logging.error(f"Message ID that was sent to the server [{original_conversation_id}] and the conversation id "
-                      f"received back is [{gateway_response_conversation_id}] were different. That probably means that "
-                      f"the gateway sent a wrong response that was not associated with the reqeust.")
+    if original_conversation_id:
+        # gateway_response_conversation_id = utils.base64_url_decode(router_response_response_payload_dict.get('conversation_id')).decode("utf-8")
+        # IDs are either bytes or base64 encoded strings which may be padded
+        gateway_response_conversation_id = router_response_response_payload_dict.get('conversation_id', None)
+        oid = (utils.base64_url_decode(original_conversation_id)
+               if isinstance(original_conversation_id, str)
+               else original_conversation_id)
+        gid = (utils.base64_url_decode(gateway_response_conversation_id)
+               if isinstance(gateway_response_conversation_id, str)
+               else gateway_response_conversation_id)
+
+        if oid != gid:
+            logging.error(f"Message ID that was sent to the server [{original_conversation_id}] and the conversation id "
+                          f"received back [{gateway_response_conversation_id}] are different. That probably means that "
+                          f"the gateway sent a wrong response that was not associated with the request.")
 
     if not (router_response_response_payload_dict.get('is_ok') or router_response_response_payload_dict.get('isOk')):
         print(f"{bcolors.FAIL}{json.dumps(router_response_response_payload_dict, indent=4)}{bcolors.ENDC}")