darrenjrobinson / powershell_module_identitynow

SailPoint IdentityNow PowerShell Module
https://blog.darrenjrobinson.com/sailpoint-identitynow/
MIT License
47 stars 15 forks source link

Get-IdentityNowTransform does not return list of transforms when back slashes are included in a transform #11

Closed bama19942000 closed 4 years ago

bama19942000 commented 4 years ago

This cmdlet does not seem to return a list of transforms when you have a transform in the list that has a backslash(s) in it- ( a transform that uses velocity scripting with backslashes for example). The JSON object is being populated with escape characters everywhere which prevent the code from traversing the object for id.

darrenjrobinson commented 4 years ago

Can you please provide me with an example transform so I can test with?

bama19942000 commented 4 years ago

It is not the backslashes. In my sandbox environment I removed each transform one at a time until I found the bad apple.

{ "attributes": { "input": { "attributes": { "values": [ { "attributes": { "name": "zlastcharacterofuid" }, "type": "identityAttribute" }, { "table": { "O": "LAST LETTER O", "default": "DEFAULT", "o": "LAST LETTER O" } } ] }, "type": "lookup" } }, "id": "bad apple", "type": "tolower" },

Matt Totty | Principal Consultant, IAM m. 205.215.4062

From: Darren Robinson notifications@github.com Sent: Monday, February 17, 2020 10:29 PM To: darrenjrobinson/powershell_module_identitynow powershell_module_identitynow@noreply.github.com Cc: Matt Totty Matt.Totty@optiv.com; Author author@noreply.github.com Subject: Re: [darrenjrobinson/powershell_module_identitynow] Get-IdentityNowTransform does not return list of transforms when back slashes are included in a transform (#11)

[External Email]


Can you please provide me with an example transform so I can test with?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_darrenjrobinson_powershell-5Fmodule-5Fidentitynow_issues_11-3Femail-5Fsource-3Dnotifications-26email-5Ftoken-3DAL7CIMDIH35R6ZG64PJPVP3RDNPYBA5CNFSM4KWX4BRKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEMARD5I-23issuecomment-2D587272693&d=DwMCaQ&c=UjmJbqZPMTat0o02F6csow&r=1HOrINlqeOBc1b3YlktFVWTHX8PAw0R1SYOgW_cuXFA&m=9nDtKVw19VOpdxlFnsWn3fVBvz7qjoctEhtFbJOrEto&s=rH3zeCLulcn_9VkftgkDPgi5mTFQRiDHHCSTcDbyN7A&e=, or unsubscribehttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AL7CIMH2PTP574A5NINOUSTRDNPYBANCNFSM4KWX4BRA&d=DwMCaQ&c=UjmJbqZPMTat0o02F6csow&r=1HOrINlqeOBc1b3YlktFVWTHX8PAw0R1SYOgW_cuXFA&m=9nDtKVw19VOpdxlFnsWn3fVBvz7qjoctEhtFbJOrEto&s=hUKgJiuD8FaPG00NEZ4eJLDfziOwMM0_npN_R71mcKQ&e=.

darrenjrobinson commented 4 years ago

Yes, it looks like this isn't valid

                    "table": {
                        "O": "LAST LETTER O",
                        "default": "DEFAULT",
                        "o": "LAST LETTER O"
                    }

Cannot convert the JSON string because a dictionary that was converted from the string contains the duplicated keys 'O' and 'o'.

bama19942000 commented 4 years ago

The transform itself in IDN is valid. Anytime we have a lookup table like that convert to json seems to insert escape characters everywhere in an attempt to distinguish the keys. Even though json is case sensitive power shell is not. So i believe that is what is going on.

Sent from my iPhone

On Feb 18, 2020, at 8:27 PM, Darren Robinson notifications@github.com<mailto:notifications@github.com> wrote:

[External Email]


Yes, it looks like this isn't valid

                "table": {
                    "O": "LAST LETTER O",
                    "default": "DEFAULT",
                    "o": "LAST LETTER O"
                }

Cannot convert the JSON string because a dictionary that was converted from the string contains the duplicated keys 'O' and 'o'.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_darrenjrobinson_powershell-5Fmodule-5Fidentitynow_issues_11-3Femail-5Fsource-3Dnotifications-26email-5Ftoken-3DAL7CIMCIIGR7F4JRMWBZWU3RDSKH7A5CNFSM4KWX4BRKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEMGDMPI-23issuecomment-2D588002877&d=DwMCaQ&c=UjmJbqZPMTat0o02F6csow&r=1HOrINlqeOBc1b3YlktFVWTHX8PAw0R1SYOgW_cuXFA&m=4ONXFH_NaxvKAomP1fLJv_56AEz_UwBNr4zqFANB00w&s=-T1KuZAGw0mHV_zCEU9e_p4mvLxLT2fYan15gXdvV40&e=, or unsubscribehttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AL7CIMCAOV4TNGQCTVYYBILRDSKH7ANCNFSM4KWX4BRA&d=DwMCaQ&c=UjmJbqZPMTat0o02F6csow&r=1HOrINlqeOBc1b3YlktFVWTHX8PAw0R1SYOgW_cuXFA&m=4ONXFH_NaxvKAomP1fLJv_56AEz_UwBNr4zqFANB00w&s=mmTN90zyoCCobmNnn1Mrxg41FdE6EQi6uv7hrpiqbbU&e=.

darrenjrobinson commented 4 years ago

The update I just pushed will now return all transforms. You will still have issues with duplicate keys if you try and convert a transform that contains two keys with the same name (PowerShell doesn't respect case, so O and o are seen as duplicates).

To overcome that try this;

$xForms = Get-IdentityNowTransform
[void][System.Reflection.Assembly]::LoadWithPartialName("System.Web.Extensions") 
$idnObj = (New-Object -TypeName System.Web.Script.Serialization.JavaScriptSerializer -Property @{MaxJsonLength=67108864}).DeserializeObject($xForms) 
$idnObj.items
bama19942000 commented 4 years ago

Thanks Darren, I will try it out!

Matt…

Matt Totty | Principal Consultant, IAM m. 205.215.4062

From: Darren Robinson notifications@github.com Sent: Wednesday, February 19, 2020 3:32 PM To: darrenjrobinson/powershell_module_identitynow powershell_module_identitynow@noreply.github.com Cc: Matt Totty Matt.Totty@optiv.com; Author author@noreply.github.com Subject: Re: [darrenjrobinson/powershell_module_identitynow] Get-IdentityNowTransform does not return list of transforms when back slashes are included in a transform (#11)

[External Email]


The update I just pushed will now return all transforms. You will still have issues with duplicate keys if you try and convert a transform that contains two keys with the same name (PowerShell doesn't respect case, so O and o are seen as duplicates).

To overcome that try this;

$xForms = Get-IdentityNowTransform

$idnObj = (New-Object -TypeName System.Web.Script.Serialization.JavaScriptSerializer -Property @{MaxJsonLength=67108864}).DeserializeObject($xForms)

$idnObj.items

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_darrenjrobinson_powershell-5Fmodule-5Fidentitynow_issues_11-3Femail-5Fsource-3Dnotifications-26email-5Ftoken-3DAL7CIMDK27O32PXNO6WL4S3RDWQNRA5CNFSM4KWX4BRKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEMJYJUI-23issuecomment-2D588481745&d=DwMCaQ&c=UjmJbqZPMTat0o02F6csow&r=1HOrINlqeOBc1b3YlktFVWTHX8PAw0R1SYOgW_cuXFA&m=YqS4maZWprF1ocXwWuWGUxzRolJjYCG_4dvOQXwD8BE&s=bJ5v6rDXRHY52msiAE-VFphoZQZryQznnK94zxEASg4&e=, or unsubscribehttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AL7CIMHM2TR2MUIALU3BTLDRDWQNRANCNFSM4KWX4BRA&d=DwMCaQ&c=UjmJbqZPMTat0o02F6csow&r=1HOrINlqeOBc1b3YlktFVWTHX8PAw0R1SYOgW_cuXFA&m=YqS4maZWprF1ocXwWuWGUxzRolJjYCG_4dvOQXwD8BE&s=NiGY4J2m0Z6Uju1anUnYgVtvoll8qtDpMFYZhXv_nKk&e=.