[next] Custom secure properties not loaded #1663

zFernand0 · 2022-02-09T13:50:14Z

Describe the bug

The ZE extension won't load a profile (i.e. fails to validate) when provided with a team config that has a profile required property (host, port) in the secure array.

To Reproduce

Copy the zowe.config.json (see below) into a new workspace
Open the Zowe Explorer on the above workspace
Profile gets automatically added, but it's practically unusable 😢

{
    "$schema": "./zowe.schema.json",
    "profiles": {
        "ibmzosmf": {
            "type": "zosmf",
            "properties": {
                "basePath": "/ibmzosmf/api/v1"
            }
        },
        "base": {
            "type": "base",
            "properties": {
                "port": 1234,
                "rejectUnauthorized": true,
                "tokenType": "apimlAuthenticationToken"
            },
            "secure": [
                "host",
                "tokenValue"
            ]
        }
    },
    "defaults": {
        "zosmf": "ibmzosmf",
        "base": "base"
    },
    "autoStore": true
}

Expected behavior

All properties are loaded regardless of whether or not they are stored securely

Screenshots

Desktop (please complete the following information):

OS: Windows
Zowe Explorer Version: [next] Login & Logout with config file #1637
(Optional) Zowe CLI Version:
(Optional) Are you using Secure Credential Store?

Additional context

Using a VSIX from #1637

The text was updated successfully, but these errors were encountered:

github-actions · 2022-02-09T13:50:39Z

Thank you for creating a bug report. If you haven't already, please ensure you have provided steps to reproduce it and as much context as possible.

JillieBeanSim · 2022-04-06T12:14:04Z

@zFernand0 without the host in the config you will receive the error shown for missing host. isn't that expected behavior?

zFernand0 · 2022-04-06T12:22:09Z

I guess I would expect Zowe Explorer to work the same way as the CLI here, and be able to look for the host in the vault.
And if it's not set (in the vault or in the config file) then it can ask for it, and store it back (depending on the config file)

JillieBeanSim · 2022-04-06T12:25:31Z

That could be a great enhancement to add after v2 goes out! 😁 In the past we have only prompted for user/pass but it would be cool to prompt for missing items other than that.

Maybe we can add the enhancement tag and add it to the PI Planning list?

zFernand0 · 2022-04-06T12:41:15Z

The prompting for missing properties I agree that it could be an enhancement after v2 (as a 2.1).
However, I do believe that storing port or host securely and not reading it from ZE could be a patch release (e.g. 2.0.1)

JillieBeanSim · 2022-04-06T12:44:00Z

@zFernand0 when you test my PR could you check again and see if it's grabbing the secure values? It should if stored securely.

zFernand0 · 2022-04-06T12:46:17Z

Will do! 😋

zFernand0 · 2022-04-06T15:27:24Z

I'm still seeing the host must not be blank issue in the PR
I'm fine if we want to do this as a patch release after v2 goes out 😋

JillieBeanSim · 2022-04-07T13:36:17Z

@zFernand0 we are using this snippet of code to get all knownArgs from imperative and checking for secure items to get the info

const mergedArgs = mProfileInfo.mergeArgsForProfile(profAttrs);
for (const arg of mergedArgs.knownArgs) {
      // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
      profile[arg.argName] = arg.secure ? await mProfileInfo.loadSecureArg(arg) : arg.argValue;
}

should we look into imperative to see why we aren't getting all of the secure items?

zFernand0 · 2022-04-08T12:22:42Z

FYI, there is a getSecureVals options that we can pass to the mergeArgsForProfile method to avoid the extra loop on our end 😋

In my testing, I was confused thinking it wasn't extracting values from the secure vault, but it was due to the CLI storing them under Zowe/secure_config_props and ZE storing things under Zowe-Plugin/secure_config_props.

I'll retest the host bit again. 😋
Thanks!

zFernand0 · 2022-04-08T14:12:42Z

This seems to be a problem.

Even though ZE is reading form the same Zowe/secure_config_props vault property, it can't find custom properties.

However, when using the ProfileInfo APIs outside of ZE (e.g. sample project, or small VSCE) it's able to load any custom properties.

That makes me believe that somewhere in ZE we are only considering the user and password as secure fields.

Same thing is happening with the APIML Token (#1713)

github-actions · 2022-07-13T04:17:24Z