[Zowe Explorer API] Problem in sharing credentials via a base profile --> reassigned to the service profile used

[FALLAI-Denis]

Describe the bug

A base profile is created and is referenced by service profiles that share the same RACF database.
The credentials (user, password) are declared on the base profile.
But when used (via Zowe Explorer), the credentials are automatically repositioned on the service profile used.
This is not the expected behavior.

Since documentation on profile management at Zowe CLI level since Zowe V2 is non-existent or very difficult to find, I implemented what is described here:
https://medium.com/zowe/password-management-for-zowe-cli-profiles-c57f64d1fe88

Please note that since the upgrade to Zowe V3 at Zowe Explorer level we are facing a problem of password synchronization after a modification at TSO level when using in Zowe Explorer and IBM Z Open Editor.
Our users are experiencing account revocations in a loop... This is very badly experienced.

See: Profile validation - Revoking user when starting IBM Z Open Editor with COBOL sources already opened

To Reproduce

1. create a team zowe.config.json file with base profile and service profiles
2. user and password are defined to be managed at base profile level
3. use a service profile
4. user and password management are duplicated at service profile level

Expected behavior

No replication of user / password at service profile level

Screenshots

Desktop (please complete the following information):

• OS: Windows
• Zowe Explorer Version:
• (Optional) Zowe CLI Version: 3.1.1
• (Optional) Are you using Secure Credential Store? don't know... use standard installation

Additional context

[github-actions]

Thank you for creating a bug report.
We will investigate the bug and evaluate its impact on the product.
If you haven't already, please ensure you have provided steps to reproduce the bug and as much context as possible.

[traeok]

Hi @FALLAI-Denis,

I noticed that you have a baseProfile property defined in the GMVS layer of your Zowe config. This property is not supported by Zowe CLI or Zowe Explorer, and since Zowe Explorer cannot find a base profile, it stores the credentials on the profile directly.

If you set this GMVS-EMVS-RACF base profile as your default base profile, Zowe Explorer stores the credentials on the base profile:

{
    "profiles": {
        // profiles defined here
    },
    "defaults": {
        "base": "GMVS-EMVS-RACF"
    }
}

Or, you can re-structure the configuration to use a nested profile, for example:

"GMVS": {
    "properties": {
        // base profile properties here
    },
    "zosmf": {
        "type": "zosmf",
        "properties": {
            // z/OSMF properties here
        }
    },
    "secure": [
        "user",
        "password"
    ]
}

Hope this helps to clear up any confusion regarding the baseProfile property.

[FALLAI-Denis]

Hi,

I can't declare a default base profile because we have more than one RACF sysplex.

I don't want to use nested profile because this impact naming profile at runtime: parent.child... GMVS.zosmf in your sample.

I need to have a credential management at RACF sysplex level (to avoid revocation of users) without impact on reference naming for profile.

[FALLAI-Denis]

See:

• Zowe CLI V2 - Independence between profile name and internal organization of the zowe.config[.user].json file zowe-cli#1413
• Zowe CLI V2 - Need a technical note / whitepaper for the implementation of the profiles zowe-cli#1407

[github-actions]

Thank you for raising this enhancement request.
The community has 90 days to vote on it.
If the enhancement receives at least 10 upvotes, it is added to our development backlog.
If it receives fewer votes, the issue is closed.