User property role_entites does not check if role exist

[seiimonn]

Describe the bug
As Splunk allows users to have non existent roles, calling role_entites on a user with roles assigned that are not existent leads to exceptions.

Defective code:

class User(Entity):
    """This class represents a Splunk user.
    """
    @property
    def role_entities(self):
       """Returns a list of roles assigned to this user.

       :return: The list of roles.
       :rtype: 
       """
       return [self.service.roles[name] for name in self.content.roles]

Possible solution:

class User(Entity):
    """This class represents a Splunk user.
    """
    @property
    def role_entities(self):
        """Returns a list of roles assigned to this user.

        :return: The list of roles.
        :rtype: 
        """
        all_role_names = [r.name for r in self.service.roles.list()]
        return [self.service.roles[name] for name in self.content.roles if name in all_role_names]

Or with (I suppose more calls to the API)
return [self.service.roles[name] for name in self.content.roles if name in self.content.roles]

Splunk (please complete the following information):

• Version: 9.0.1
• OS: Ubuntu
• Deployment: all

SDK (please complete the following information):

• Version: 1.7.3
• Language Runtime Version: Python 3.7
• OS: Ubuntu

[akaila-splunk]

Hi @seiimonn , Sorry for the delay in response. We are unable to reproduce the issue on our end with similar environment. Also can you please elaborate more on how Splunk allows users to have non existent roles, which may help us to reproduce the issue.

[seiimonn]

Hi @akaila-splunk
It's a bit tricky to reproduce. I was only able to get this situation once and I think the order was the following.

• Map existing role using LDAP
• Login using user with the given role
• Remove the role from Splunk

Somehow the role is still in the users roles even though it does not exist anymore in the system.
But in general I think it makes sense to check if an object is existing before getting it from the API.

[akaila-splunk]

Hi @seiimonn ,
we have tried the below steps, but couldn't reproduce the issue.

1. Setup the LDAP server with the couple of test user and assign them to group.
2. Configured Splunk with LDAP using UI, Settings>Authentication method> set it to LDAP.
3. Created new roles and added it into to user group, which mapped the roles with the LDAP users
4. After that, deleted the roles from the UI.

Note - When we verified the user roles through code and UI, the deleted role was not present.
So please let us know if we have missed any step while reproducing the issue.

[ashah-splunk]

Hi @seiimonn , sorry for the delay but we have published a new version of Python SDK v2.0.1 with the suggested change. Request you to test with the latest SDK and let us know if the issue is resolved. Thanks

[ashah-splunk]

Closing the Issue as we haven't received any response. @seiimonn please reopen the Issue if you are still facing the issue.