Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Profile validation - Revoking user when starting IBM Z Open Editor with COBOL sources already opened #465

Open
1 of 5 tasks
FALLAI-Denis opened this issue Dec 20, 2024 · 2 comments
Open
1 of 5 tasks

Profile validation - Revoking user when starting IBM Z Open Editor with COBOL sources already opened #465

FALLAI-Denis opened this issue Dec 20, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@FALLAI-Denis
Copy link

FALLAI-Denis commented Dec 20, 2024
edited
Loading

Development environment used

  • Z Open Editor version: 5.1.0
  • Editor Platform
    • Visual Studio Code
    • Red Hat CodeReady Workspaces
    • Eclipse Che
    • Standalone Theia
  • Editor Platform Version: 1.96.0
  • Operating System: Windows 10 22H2
  • Java Version: Java 17
  • Related to RSE API?
    • RSE API Plugin version:
    • Zowe CLI version:
    • Node.js version:
  • Logs attached: no

Problem Description

We may have identified a new case of RACF revocation of user accounts.

The problem would be related to the presence of editor(s) open on a COBOL source when starting VS Code and that the RACF password was changed before opening VS Code. The case occurred even with only one COBOL editor/source open.

The problems seem to have started with the upgrade to Zowe Explorer 3.x.x / IBM Z Open Editor 5.x.x.
Before this date, password modification management did not pose any particular problem.
Several users have had the same problem, which seems to rule out improper handling.

Observed behavior

  1. VS Code is closed on the user's workstation.
  2. The user changes his RACF password with 3270 emulator.
  3. The user starts VS Code.
  4. The last use of VS Code was made with a Workspace corresponding to a Git repository, and editors on COBOL sources remained open during the previous shutdown of VS Code.
  5. IBM Z Open Editor detects that the password has been changed and asks to change it.
  6. But the requests to retrieve the Copybooks are still launched in parallel.
  7. The password used by IBM Z Open Editor to access the copybooks is not valid, the RACF account is revoked.

The number of parallel requests has its default value: 5.
I analyzed the TSU/IZUFPROC logs, see attachment: CASE465.zip

  • first task launched TSU28549: no access to SYS1.PROCLIB
  • second task launched TSU28550: access to SYS1.PROCLIB occurs at 07:54:15 after the frst access to a copybook at 07:50:30, probably when validating the user's password entry in VS Code
  • third task launched TSU28551: no access to SYS1.PROCLIB
  • fourth task launched TSU28552: access to SYS1.PROCLIB occurs at 07:53:34 after the first access to a copybook at 07:50:30, probably when validating the user's password entry in VS Code
  • fith task launched TSU28553: no access to SYS1.PROCLIB

See also the z/OSMF log and the problem that seems to correspond to the first access to the Copybook.

See also the sequence in which requests are sent for downloading copybooks:

  • from 07:50:30 to 07:53:33: direct access to members, without requesting the list of members
  • at 07:53:33: request for the list of members

I have not been able to reproduce the problem with a well-synchronized password: the password validation by searching the SYS1.PROCLIB file is triggered as expected...
@FALLAI-Denis
Copy link
Author

FALLAI-Denis commented Dec 20, 2024
edited
Loading

PS: IBM Z Open Editor and Zowe Explorer don't use same versions of Zowe SDK modules.

IBM Z Open Editor 5.1.0: use forced versions

"@zowe/core-for-zowe-sdk": "8.0.0",
"@zowe/zos-files-for-zowe-sdk": "8.0.0",
"@zowe/zos-jobs-for-zowe-sdk": "8.0.0",
"@zowe/zos-tso-for-zowe-sdk": "8.0.0",
"@zowe/zos-uss-for-zowe-sdk": "8.0.0",
"@zowe/zos-console-for-zowe-sdk": "8.0.0",
"@zowe/secrets-for-zowe-sdk": "8.0.0",
"@zowe/zowe-explorer-api": "3.0.0",

Zowe Explorer 3.0.3: use min versions

"@zowe/core-for-zowe-sdk": "^8.1.1",
"@zowe/secrets-for-zowe-sdk": "^8.1.0",
"@zowe/zos-files-for-zowe-sdk": "^8.1.1",
"@zowe/zos-jobs-for-zowe-sdk": "^8.1.1",
"@zowe/zosmf-for-zowe-sdk": "^8.1.1",
"@zowe/zowe-explorer-api": "3.0.3",

Some authentication issues seem to have been fixed in Zowe SDK and Zowe Explorer API modules since the release of version 8.0.0 / 3.0.0.

@phaumer phaumer added the bug Something isn't working label Dec 28, 2024
@benjamin-t-santos
Copy link
Collaborator

Hi @FALLAI-Denis,
I have not been able to reproduce this problem. I have been testing by closing VS Code with a COBOL source open, changing my password externally, and re-opening the same workspace. For me, copybook resolution does not proceed until I update the credentials via the prompt.

I will continue investigating the issue. In the meantime:

  • If one of your users experiences this issue again, try to copy the Z Open Editor output log and attach it to this issue.
  • Attaching the ID of the password prompt would be helpful too (does it match the ID of the prompt in the image attached below?).
Screenshot 2025-01-06 at 4 36 07 PM
  • Can you share the overall structure of your Zowe Team config? It is unlikely that this is the source of the issue, but I can use this information to assess if there is an issue with how Z Open Editor selects a profile for copybook resolution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@phaumer @FALLAI-Denis @benjamin-t-santos