search

ambitus / pyracf

Python interface to the RACF Command interface.
https://ambitus.github.io/pyracf/
Apache License 2.0
10 stars 4 forks source link

Run as UserID and Error handling changes #57

Closed ElijahSwiftIBM closed 6 months ago

ElijahSwiftIBM commented 7 months ago

:bulb: Issue Reference

Issue: #44 #48 #45 #43

:computer: What does this address?

Addresses listed issues in pyRACF's error handling and associated processing.

  1. Adds new error for Null Response from IRRSMO00
  2. Standardizes SecurityRequestError structure
  3. Adds "install script" to define/check authorizations for IRR.IRRSMO00.PRECHECK

Adds entirely new feature to run commands as another user. This requires specific RACF authorizations.

:pager: Implementation Details

  1. Checked for null string response from IRRSMO00 and throw new error if so
  2. Define new methods of SecurityRequestError to restructure IRRSMO00 response XML with IRRSMO00 error to more closely align with RACF-error structure
  3. Added "Scripts" folder and defined externally available function that checks active user's access to IRR.IRRSMO00.PRECHECK and creates the resource if possible.

Changed call to IRRSMO00 to pass in optional userid parameter which is set at the SecurityAdmin structure level. This can be set at object creation or with public access methods. The "running userid" when it exists is added to the securityResult dictionary for logging/tracking purposes.

Also changed call to IRRSMO00 to return more information than just xml string. With full return and reason codes, NullResponseErrors can be differentiated by their causes. This is also why this PR contains code from #53 and makes it redundant.

:clipboard: Is there a test case?

Designed new test cases for new error, install script, and run as userid functions under "common" test cases. Tested new SecurityRequestError functions with existing user and group error tests