Add saas profile to pam rotation edit command.

keepercommander/commands/discoveryrotation.py

@@ -394,9 +394,11 @@ class PAMCreateRecordRotationCommand(Command):
     parser.add_argument('--iam-aad-config', '-iac', dest='iam_aad_config_uid', action='store',
                         help='UID of a PAM Configuration. Used for an IAM or Azure AD user in place of --resource.')
     parser.add_argument('--rotation-profile', '-rp', dest='rotation_profile', action='store',
-                        choices=['general', 'iam_user', 'scripts_only'],
+                        choices=['general', 'iam_user', 'scripts_only', 'saas'],
                         help='Rotation profile type: general (resource-based), iam_user (IAM/Azure user), '
-                             'scripts_only (run PAM scripts only)')
+                             'scripts_only (run PAM scripts only), saas (SaaS only)')
+    parser.add_argument('--saas-config-uid', dest='saas_config_uid', action='store',
+                        help='For saas rotation profile, the SaaS configuration UID')
     parser.add_argument('--resource', '-rs', dest='resource', action='store',
                         help='UID or path of the resource record.')
     schedule_group = parser.add_mutually_exclusive_group()
@@ -1181,6 +1183,17 @@ def add_folders(sub_folder):  # type: (BaseFolderNode) -> None
                         if not resource_uid:
                             raise CommandError('', 'General rotation profile requires --resource to be specified.')
                         config_user(tmp_dag, _record, resource_uid, config_uid, silent=kwargs.get('silent'))
+                    elif rotation_profile == 'saas':
+                        saas_config_uid = kwargs.get("saas_config_uid")  # type: Optional[str]
+                        if saas_config_uid is None:
+                            raise CommandError('', 'SaaS rotation profile requires '
+                                                   '--saas-config-uid to be specified.')
+                        saas_command = PAMActionSaasSetCommand()
+                        saas_command.execute(params,
+                                             user_uid=_record.record_uid,
+                                             pam_config_uid=config_uid,
+                                             config_record_uid=saas_config_uid)
+
                 # NB! --folder=UID without --iam-aad-config, or --schedule-only converts to General rotation
                 elif iam_aad_config_uid:
                     config_iam_aad_user(tmp_dag, _record, iam_aad_config_uid)

keepercommander/commands/pam_saas/set.py

@@ -91,7 +91,8 @@ def execute(self, params: KeeperParams, **kwargs):
             return
 
         if plugin_name not in plugins:
-            print(self._f("The SaaS configuration record's custom field label 'SaaS Type' is not supported by the "
+            print(self._f(f"The SaaS configuration record's custom field label 'SaaS Type', {plugin_name}, "
+                          "is not supported by the "
                           "gateway or the value is not correct."))
             return
 

keepercommander/sync_down.py

@@ -589,6 +589,22 @@ def convert_user_folder_shared_folder(ufsf):
             params.user_cache[account_uid] = params.user
 
         if len(response.recordRotations) > 0:
+            # Stuff still uses record_rotation_cache; it cannot just be removed.
+            for rr in response.recordRotations:
+                record_uid = utils.base64_url_encode(rr.recordUid)
+                rr_obj = {
+                    'record_uid': record_uid,
+                    'revision': rr.revision,
+                    'configuration_uid': utils.base64_url_encode(rr.configurationUid),
+                    'schedule': rr.schedule,
+                    'pwd_complexity': utils.base64_url_encode(rr.pwdComplexity),
+                    'disabled': rr.disabled,
+                    'resource_uid': utils.base64_url_encode(rr.resourceUid),
+                    'last_rotation': rr.lastRotation,
+                    'last_rotation_status': rr.lastRotationStatus,
+                }
+                params.record_rotation_cache[record_uid] = rr_obj
+
             record_rotation_items.extend(response.recordRotations)
 
         params.sync_down_token = response.continuationToken