Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User property role_entites does not check if role exist #527

Closed
seiimonn opened this issue Apr 27, 2023 · 5 comments
Closed

User property role_entites does not check if role exist #527

seiimonn opened this issue Apr 27, 2023 · 5 comments

Comments

@seiimonn
Copy link

Describe the bug
As Splunk allows users to have non existent roles, calling role_entites on a user with roles assigned that are not existent leads to exceptions.

Defective code:

class User(Entity):
    """This class represents a Splunk user.
    """
    @property
    def role_entities(self):
       """Returns a list of roles assigned to this user.

       :return: The list of roles.
       :rtype: 
       """
       return [self.service.roles[name] for name in self.content.roles]

Possible solution:

class User(Entity):
    """This class represents a Splunk user.
    """
    @property
    def role_entities(self):
        """Returns a list of roles assigned to this user.

        :return: The list of roles.
        :rtype: 
        """
        all_role_names = [r.name for r in self.service.roles.list()]
        return [self.service.roles[name] for name in self.content.roles if name in all_role_names]

Or with (I suppose more calls to the API)
return [self.service.roles[name] for name in self.content.roles if name in self.content.roles]

Splunk (please complete the following information):

  • Version: 9.0.1
  • OS: Ubuntu
  • Deployment: all

SDK (please complete the following information):

  • Version: 1.7.3
  • Language Runtime Version: Python 3.7
  • OS: Ubuntu
@akaila-splunk
Copy link
Contributor

Hi @seiimonn , Sorry for the delay in response. We are unable to reproduce the issue on our end with similar environment. Also can you please elaborate more on how Splunk allows users to have non existent roles, which may help us to reproduce the issue.

@seiimonn
Copy link
Author

Hi @akaila-splunk
It's a bit tricky to reproduce. I was only able to get this situation once and I think the order was the following.

  • Map existing role using LDAP
  • Login using user with the given role
  • Remove the role from Splunk

Somehow the role is still in the users roles even though it does not exist anymore in the system.
But in general I think it makes sense to check if an object is existing before getting it from the API.

@akaila-splunk
Copy link
Contributor

Hi @seiimonn ,
we have tried the below steps, but couldn't reproduce the issue.

  1. Setup the LDAP server with the couple of test user and assign them to group.
  2. Configured Splunk with LDAP using UI, Settings>Authentication method> set it to LDAP.
  3. Created new roles and added it into to user group, which mapped the roles with the LDAP users
  4. After that, deleted the roles from the UI.

Note - When we verified the user roles through code and UI, the deleted role was not present.
So please let us know if we have missed any step while reproducing the issue.

This was referenced Mar 11, 2024
Merged
Merged
@ashah-splunk
Copy link
Contributor

ashah-splunk commented Mar 21, 2024
edited

Hi @seiimonn , sorry for the delay but we have published a new version of Python SDK v2.0.1 with the suggested change. Request you to test with the latest SDK and let us know if the issue is resolved. Thanks

@ashah-splunk
Copy link
Contributor

Closing the Issue as we haven't received any response. @seiimonn please reopen the Issue if you are still facing the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@seiimonn @ashah-splunk @akaila-splunk