Skip to content

DR-1173 Add configuration UID param to pam action service commands. #1771

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jwalstra-keeper merged 1 commit into from
Jan 20, 2026
Merged

DR-1173 Add configuration UID param to pam action service commands. #1771

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion keepercommander/commands/discover/job_start.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,6 @@ def execute(self, params, **kwargs):

# Load the configuration record and get the gateway_uid from the facade.
gateway = kwargs.get('gateway')
gateway_context = None
try:
gateway_context = GatewayContext.from_gateway(params=params,
gateway=gateway,
Expand Down
16 changes: 12 additions & 4 deletions keepercommander/commands/pam_service/add.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
from __future__ import annotations
import argparse
from ..discover import PAMGatewayActionDiscoverCommandBase, GatewayContext
from ..discover import PAMGatewayActionDiscoverCommandBase, GatewayContext, MultiConfigurationException, multi_conf_msg
from ...display import bcolors
from ... import vault
from ...discovery_common.user_service import UserService
Expand All @@ -22,6 +22,8 @@ class PAMActionServiceAddCommand(PAMGatewayActionDiscoverCommandBase):
# The record to base everything on.
parser.add_argument('--gateway', '-g', required=True, dest='gateway', action='store',
help='Gateway name or UID')
parser.add_argument('--configuration-uid', '-c', required=False, dest='configuration_uid',
action='store', help='PAM configuration UID, if gateway has multiple.')

parser.add_argument('--machine-uid', '-m', required=True, dest='machine_uid', action='store',
help='The UID of the Windows Machine record')
Expand All @@ -42,9 +44,15 @@ def execute(self, params: KeeperParams, **kwargs):

print("")

gateway_context = GatewayContext.from_gateway(params, gateway)
if gateway_context is None:
print(f"{bcolors.FAIL}Could not find the gateway configuration for {gateway}.")
try:
gateway_context = GatewayContext.from_gateway(params=params,
gateway=gateway,
configuration_uid=kwargs.get('configuration_uid'))
if gateway_context is None:
print(f"{bcolors.FAIL}Could not find the gateway configuration for {gateway}.{bcolors.ENDC}")
return
except MultiConfigurationException as err:
multi_conf_msg(gateway, err)
return

if gateway_context is None:
Expand Down
32 changes: 19 additions & 13 deletions keepercommander/commands/pam_service/list.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
from __future__ import annotations
import argparse
from ..discover import PAMGatewayActionDiscoverCommandBase, GatewayContext
from ..discover import PAMGatewayActionDiscoverCommandBase, GatewayContext, MultiConfigurationException, multi_conf_msg
from ...display import bcolors
from ... import vault
from ...discovery_common.user_service import UserService
Expand All @@ -20,6 +20,8 @@ class PAMActionServiceListCommand(PAMGatewayActionDiscoverCommandBase):
# The record to base everything on.
parser.add_argument('--gateway', '-g', required=True, dest='gateway', action='store',
help='Gateway name or UID')
parser.add_argument('--configuration-uid', '-c', required=False, dest='configuration_uid',
action='store', help='PAM configuration UID, if gateway has multiple.')

def get_parser(self):
return PAMActionServiceListCommand.parser
Expand All @@ -28,13 +30,15 @@ def execute(self, params: KeeperParams, **kwargs):

gateway = kwargs.get("gateway")

gateway_context = GatewayContext.from_gateway(params, gateway)
if gateway_context is None:
print(f"{bcolors.FAIL}Could not find the gateway configuration for {gateway}.")
return

if gateway_context is None:
print(f" {self._f('Cannot get gateway information. Gateway may not be up.')}")
try:
gateway_context = GatewayContext.from_gateway(params=params,
gateway=gateway,
configuration_uid=kwargs.get('configuration_uid'))
if gateway_context is None:
print(f"{bcolors.FAIL}Could not find the gateway configuration for {gateway}.{bcolors.ENDC}")
return
except MultiConfigurationException as err:
multi_conf_msg(gateway, err)
return

user_service = UserService(record=gateway_context.configuration, params=params, fail_on_corrupt=False,
Expand All @@ -61,22 +65,24 @@ def execute(self, params: KeeperParams, **kwargs):
}
text = f"{resource_record.title} ({resource_record.record_uid}) :"
comma = ""
if acl.is_service is True:
if acl.is_service:
text += f" {bcolors.OKGREEN}Services{bcolors.ENDC}"
comma = ","
if acl.is_task is True:
if acl.is_task:
text += f"{comma} {bcolors.OKGREEN}Scheduled Tasks{bcolors.ENDC}"
if acl.is_iis_pool is True:
if acl.is_iis_pool:
text += f"{comma} {bcolors.OKGREEN}IIS Pools{bcolors.ENDC}"
comma = ","
service_map[user_record.record_uid]["machines"].append(text)

print("")
printed_something = False
print(self._h("User Mapping"))
for user_uid in service_map:
user = service_map[user_uid]
printed_something = True
print(f" {self._b(user['title'])} ({user_uid})")
for machine in user["machines"]:
print(f" * {machine}")
print("")

if not printed_something:
print(f" {bcolors.FAIL}There are no service mappings.{bcolors.ENDC}")
18 changes: 13 additions & 5 deletions keepercommander/commands/pam_service/remove.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
from __future__ import annotations
import argparse
from ..discover import PAMGatewayActionDiscoverCommandBase, GatewayContext
from ..discover import PAMGatewayActionDiscoverCommandBase, GatewayContext, MultiConfigurationException, multi_conf_msg
from ... import vault
from ...discovery_common.constants import PAM_USER, PAM_MACHINE
from ...discovery_common.user_service import UserService
Expand All @@ -19,6 +19,8 @@ class PAMActionServiceRemoveCommand(PAMGatewayActionDiscoverCommandBase):
# The record to base everything on.
parser.add_argument('--gateway', '-g', required=True, dest='gateway', action='store',
help='Gateway name or UID')
parser.add_argument('--configuration-uid', '-c', required=False, dest='configuration_uid',
action='store', help='PAM configuration UID, if gateway has multiple.')

parser.add_argument('--machine-uid', '-m', required=True, dest='machine_uid', action='store',
help='The UID of the Windows Machine record')
Expand All @@ -39,9 +41,15 @@ def execute(self, params: KeeperParams, **kwargs):

print("")

gateway_context = GatewayContext.from_gateway(params, gateway)
if gateway_context is None:
print(f"{bcolors.FAIL}Could not find the gateway configuration for {gateway}.")
try:
gateway_context = GatewayContext.from_gateway(params=params,
gateway=gateway,
configuration_uid=kwargs.get('configuration_uid'))
if gateway_context is None:
print(f"{bcolors.FAIL}Could not find the gateway configuration for {gateway}.{bcolors.ENDC}")
return
except MultiConfigurationException as err:
multi_conf_msg(gateway, err)
return

if gateway_context is None:
Expand Down Expand Up @@ -92,7 +100,7 @@ def execute(self, params: KeeperParams, **kwargs):
else:
acl.is_iis_pool = False

if user_service.dag.get_root.has(machine_vertex) is False:
if not user_service.dag.get_root.has(machine_vertex):
user_service.belongs_to(gateway_context.configuration_uid, machine_vertex.uid)

user_service.belongs_to(machine_vertex.uid, user_vertex.uid, acl=acl)
Expand Down