PM-947 privileged cloud management#1909
Closed
erinlewis-keeper wants to merge 36 commits intoreleasefrom
Closed
Conversation
Bugfix: jit/ai encryption settings
Records created via Commander were missing field label metadata because the record-add command used an empty string as default when the schema field had no explicit label override. This caused blank field names when records were retrieved via KSM. Use the field $ref type as the default label when no explicit label is defined in the record type schema, matching the behavior of the web vault which consistently populates labels for all schema-defined fields. Affected paths: - RecordAddCommand.execute() in commands/record_edit.py - prepare_record_add_or_update() in importer/imp_exp.py Refs: KC-1163
…1849) * Create kcm_export.py Add folder and script to convert KCM resources to PAM Project Extend template * Create KCM_mappings.json Add mapping dictionary of KCM parameters, to use in conjunction with the kcm_export.py script * Added comment about KCM_mappings * Fixed syntax for f strings with older python version Older versions of python don't support using the same quote characters on f strings - fixed * Updated naming scheme for resource
…ements (#1854) * Create kcm_export.py Add folder and script to convert KCM resources to PAM Project Extend template * Create KCM_mappings.json Add mapping dictionary of KCM parameters, to use in conjunction with the kcm_export.py script * Added comment about KCM_mappings * Fixed syntax for f strings with older python version Older versions of python don't support using the same quote characters on f strings - fixed * Updated naming scheme for resource * Add support for template file to PAM KCM import script + general improvements - A prompt now exists to collect a template JSON file. - Added deepcopies to ensure no reference problem - Improved nested dictionary function - Support for adding file path encapsulated in quotes
initial implementation of credential request, notifications not working
* KC-1116: Bugfix changes * Kepm Pr review changes
…key' (#1862) # Conflicts: # keepercommander/commands/enterprise_api_keys.py # unit-tests/test_command_enterprise_api_keys.py
Change List: - Added GatewayActionIdpInputs and 5 GatewayAction subclasses for IdP operations in pam_dto.py - Added pam_idp.py with resolve_idp_config helper and full command hierarchy (pam idp user/group) - Added PAMIdpCommand registration in discoveryrotation.py under PAMControllerCommand - Added 27 unit tests for DTOs, config resolution, and command structure in test_pam_idp.py
…om/Keeper-Security/Commander into PM-947-privileged-cloud-management
Change List: - Added GatewayActionIdpValidateDomain DTO for rm-validate-domain action - Updated pam request-access to validate user domain against IdP before sending approval notification - Uncommented notification API call in pam request-access
Change List: - Added field encryption for user/meta fields sent to gateway using record key - Added gateway response decryption for group list and provision commands - Added --domain flag to provision with validation for username format - Added --save-record flag to save provisioned user as pamUser record with Azure User ID - Added --delete-record flag to deprovision to remove associated pamUser record - Added friendly error message parsing for Azure API errors - Updated all IdP commands to check data.success in gateway responses
Change List: - Fix GCP user provisioning response parsing (handle dict name field) - Add dynamic IdP User ID labels based on provider type (Azure, GCP, Okta, AWS, Domain) - Fix pamUser record lookup to support prefix login matching (username without domain) - Generalize IdP User ID custom field labels in deprovision flow
Change List: - Rewrote pam request-access to use krouter workflow API instead of keeperapp notifications - Added workflow_pb2.py protobuf definitions for workflow messages - Added pam access-state command to list active access requests - Added pam approval-requests command to list pending approvals - Added pam approve-access command to approve or deny workflow requests - Added pam revoke-access command to end active access sessions - Added pam workflow-config command to read and configure workflow settings - Registered all new commands in discoveryrotation.py
Change List: - Add pam access-state command with optional record UID and time remaining display - Add pam workflow-config command for reading and setting workflow configuration - Fix accessLength to use milliseconds (proto field is in ms, CLI accepts seconds) - Update workflow_pb2.py with full WorkflowStatus fields (startedOn, expiresOn, approvedBy)
erinlewis-keeper
changed the title
Contributor
Author
|
closed as we have the changes in #1920 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
10 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a full suite of Privileged Cloud Management commands to Keeper Commander, covering two major areas: