From 978fadc7ed094ef8a0d24714ca0b085df99a9668 Mon Sep 17 00:00:00 2001 From: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com> Date: Sat, 11 Jan 2025 21:28:24 -0600 Subject: [PATCH] Fixed pam action rotate command --- keepercommander/commands/discoveryrotation.py | 16 +++++++++----- keepercommander/commands/pam/router_helper.py | 22 +++++++++++++------ 2 files changed, 26 insertions(+), 12 deletions(-) diff --git a/keepercommander/commands/discoveryrotation.py b/keepercommander/commands/discoveryrotation.py index d09007681..00fc17333 100644 --- a/keepercommander/commands/discoveryrotation.py +++ b/keepercommander/commands/discoveryrotation.py @@ -2043,9 +2043,13 @@ def execute(self, params, **kwargs): tmp_dag = TunnelDAG(params, encrypted_session_token, encrypted_transmission_key, record.record_uid) resource_uid = tmp_dag.get_resource_uid(record_uid) if not resource_uid: - print(f'{bcolors.FAIL}Resource UID not found for record [{record_uid}]. please configure it ' - f'{bcolors.OKBLUE}"pam rotation user {record_uid} --resource RESOURCE_UID"{bcolors.ENDC}') - return + # NOOP records don't need resource_uid + noop_field = record.get_typed_field('text', 'NOOP') + noop = utils.value_to_boolean(noop_field.value[0]) if noop_field and noop_field.value else False + if not noop: + print(f'{bcolors.FAIL}Resource UID not found for record [{record_uid}]. please configure it ' + f'{bcolors.OKBLUE}"pam rotation user {record_uid} --resource RESOURCE_UID"{bcolors.ENDC}') + return controller = configuration_controller_get(params, url_safe_str_to_bytes(config_uid)) if not controller.controllerUid: @@ -2100,10 +2104,12 @@ def execute(self, params, **kwargs): router_response = router_send_action_to_gateway( params=params, gateway_action=GatewayActionRotate(inputs=action_inputs, conversation_id=conversation_id, gateway_destination=gateway_uid), - message_type=pam_pb2.CMT_ROTATE, is_streaming=False, encrypted_transmission_key=encrypted_transmission_key, + message_type=pam_pb2.CMT_ROTATE, is_streaming=False, + transmission_key=transmission_key, + encrypted_transmission_key=encrypted_transmission_key, encrypted_session_token=encrypted_session_token) - print_router_response(router_response, conversation_id) + print_router_response(router_response, 'job_info', conversation_id) class PAMGatewayActionServerInfoCommand(Command): diff --git a/keepercommander/commands/pam/router_helper.py b/keepercommander/commands/pam/router_helper.py index f49fda7c5..4ee40060c 100644 --- a/keepercommander/commands/pam/router_helper.py +++ b/keepercommander/commands/pam/router_helper.py @@ -434,18 +434,26 @@ def print_router_response(router_response, response_type, original_conversation_ router_response_response_payload_str = router_response_response.get('payload') router_response_response_payload_dict = json.loads(router_response_response_payload_str) - gateway_response_conversation_id = utils.base64_url_decode(router_response_response_payload_dict.get('conversation_id')).decode("utf-8") - if router_response_response_payload_dict.get('warnings'): for w in router_response_response_payload_dict.get('warnings'): if w: print(f'{bcolors.WARNING}{w}{bcolors.ENDC}') - - if original_conversation_id and original_conversation_id != gateway_response_conversation_id: - logging.error(f"Message ID that was sent to the server [{original_conversation_id}] and the conversation id " - f"received back is [{gateway_response_conversation_id}] were different. That probably means that " - f"the gateway sent a wrong response that was not associated with the reqeust.") + if original_conversation_id: + # gateway_response_conversation_id = utils.base64_url_decode(router_response_response_payload_dict.get('conversation_id')).decode("utf-8") + # IDs are either bytes or base64 encoded strings which may be padded + gateway_response_conversation_id = router_response_response_payload_dict.get('conversation_id', None) + oid = (utils.base64_url_decode(original_conversation_id) + if isinstance(original_conversation_id, str) + else original_conversation_id) + gid = (utils.base64_url_decode(gateway_response_conversation_id) + if isinstance(gateway_response_conversation_id, str) + else gateway_response_conversation_id) + + if oid != gid: + logging.error(f"Message ID that was sent to the server [{original_conversation_id}] and the conversation id " + f"received back [{gateway_response_conversation_id}] are different. That probably means that " + f"the gateway sent a wrong response that was not associated with the request.") if not (router_response_response_payload_dict.get('is_ok') or router_response_response_payload_dict.get('isOk')): print(f"{bcolors.FAIL}{json.dumps(router_response_response_payload_dict, indent=4)}{bcolors.ENDC}")