Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issues while listing and creating SFCC Users Through sfcc -ci #164

Closed
ngaddipati33 opened this issue Jun 24, 2020 · 13 comments
Closed

Issues while listing and creating SFCC Users Through sfcc -ci #164

ngaddipati33 opened this issue Jun 24, 2020 · 13 comments

Comments

@ngaddipati33
Copy link

Issues while trying to list and create Users Through API

Any help on this would be very useful

./sfcc-ci-macos org:list - This is working fine

Listing Users failing

  1. List of users in Account Manager (in org not in instance) seems to fail:
    $ ./sfcc-ci-macos user:list --org (Org Id XXX)

Error: Authentication invalid. Please (re-)authenticate by running ´sfcc-ci auth:login´ or ´sfcc-ci client:auth´

  1. $ ./sfcc-ci-macos user:list --org "(Org Name)"

Error: Authentication invalid. Please (re-)authenticate by running ´sfcc-ci auth:login´ or ´sfcc-ci client:auth´

User Creation failing:

  1. User Create in Account Manager seems to fail:
    $ ./sfcc-ci-macos user:create --org "(Org Id)" --login Email id(xxx@xx.com) --user '{"email": "XXXXXX", "first_name": "XXXXX", "last_name": "XX, "roles": ["xchange-user"]}'

Error: Authentication invalid. Please (re-)authenticate by running ´sfcc-ci auth:login´ or ´sfcc-ci client:auth´

Any help on this would be very helpful. Thanks in advance
@taehyunlim
Copy link

Expired auth tokens cause validation to fail. As the error message suggests, you will need to re-authenticate by running sfcc-ci auth:login or sfcc-ci client:auth depending on your auth method.

@sftschaerff
Copy link
Collaborator

Hi @ngaddipati33,

as written by taehyunlim, please try to re-authenticate first and then run sfcc-ci user:list.

Best regards
Tobias

@makayez
Copy link

makayez commented Jul 1, 2020

It doesn't seem to be a expired auth as I can continue getting a user list - just user:create at the Account Manager / Org level seems to trigger the message. I can add at the instance level too.

@sftschaerff
Copy link
Collaborator

Hi @makayez,

to get a deeper understanding of the problem, I need more informations. Please answer the following questions:

  • What authentication method have you used sfcc-ci client:auth or sfcc-ci auth:login ?
  • In Account Manager do you have the permissions to create a user in the org or in the instance?

Thank you and Best regards
Tobias

@walter-foulkes
Copy link

walter-foulkes commented Jul 21, 2020
edited
Loading

I have this same issue using client:auth
GL-xxxxxxx-ML1:sfcc-ci xxxxxxx$ sfcc-ci client:auth
Authentication succeeded
GL-xxxxxxx-ML1:sfcc-ci xxxxxxx$ sfcc-ci org:list xxxxxxxxxxxxxxxxxxxxxxx
╔══════════════════════════════════════╤═════════════════════════════════════════╤════════╤════════════╗
║ id │ name │ realms │ twoFARoles ║
╟──────────────────────────────────────┼─────────────────────────────────────────┼────────┼────────────╢
║ xxxxxxxxxxxxxxxxxxxxxxx │ xxxxxxxxxxxxxxxxxxxxxxx │ 4 │ false ║
╚══════════════════════════════════════╧═════════════════════════════════════════╧════════╧════════════╝

GL-xxxxxxx-ML1:sfcc-ci xxxxxxx$ sfcc-ci user:list -o xxxxxxxxxxxxxxxxxxxxxxx
Error: Authentication invalid. Please (re-)authenticate by running ´sfcc-ci auth:login´ or ´sfcc-ci client:auth´
GL-xxxxxxx-ML1:sfcc-ci xxxxxxx$ sfcc-ci org:list xxxxxxxxxxxxxxxxxxxxxxx
╔══════════════════════════════════════╤═════════════════════════════════════════╤════════╤════════════╗
║ id │ name │ realms │ twoFARoles ║
╟──────────────────────────────────────┼─────────────────────────────────────────┼────────┼────────────╢
║ xxxxxxxxxxxxxxxxxxxxxxx │ xxxxxxxxxxxxxxxxxxxxxxx │ 4 │ false ║
╚══════════════════════════════════════╧═════════════════════════════════════════╧════════╧════════════╝

Help is kindly appreciated.

@sftschaerff
Copy link
Collaborator

Hi @walter-foulkes,

can you please try to use the command
sfcc-ci user:list --org xxxxxxxxxxxxxxxxxxxxxxx

What is the result here?
Please keep in mind to use the exact same ID, which got returned from the command
sfcc-ci org:list xxxxxxxxxxxxxxxxxxxxxxx.

Best regards
Tobias

@walter-foulkes
Copy link

walter-foulkes commented Jul 22, 2020 via email
edited
Loading

@walter-foulkes
Copy link

is there any traction on this issue?

@sftschaerff
Copy link
Collaborator

sftschaerff commented Jul 24, 2020
edited
Loading

Hi @walter-foulkes,

I'm currently clarifying the issue internally and I will let you know, once I have an answer.

Regards
Tobias

@sftschaerff
Copy link
Collaborator

Hi @walter-foulkes,

does your account manager user have the role "account admin"? You need this role to perform user-related actions in account manager.

Regards
Tobias

@walter-foulkes
Copy link

I would like to take the time to post what I found to get past this issue.

  1. you need the API configured along with your user... these are completely sepererate but both required for the dw.json to auth properly to the org. Also if you have multiple instance leave out the hostname.
    {
    "client-id": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
    "client-secret": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
    "username": "user",
    "password": "password"
    }

  2. I found the TenantFIlters for the ream by looking at my users config and just testing what I found. This was a little difficult to understand.

Below is my script that will configure the user for the org and then assign them to the roles the need for the different instances. Here are the steps to set it up.
####Create a file on your desktop with all the users you want to add and their roles named <NEW_USERS>
FORMAT: (you can have as many Roles as you need)
name@emailaddress.com FirstName LastName Role Role Role Role

EXAMPLE FILE:
walt.doe@mycomp.com Walt Doe bm-admin logcenter-user bm-user
john.doe@mycomp.com John Doe bm-user om-user
jane.doe@mycomp.com Jane Doe om-user

ENVIRONMENT:
This is your TenantFilter = <realm_instance>

SCRIPT:
source ~/.bash_profile
ORG=$(sfcc-ci org:list --json |jq -r '.[]' |jq -r '.name')
length=$(awk '{ print NF}' NEW_USERS | awk -F' ' -v max=0 '{if($1>max){content=$0; max=$1}}END{print content}')

cd $WORKSPACE
sfcc-ci client:auth
echo "#### CREATING USERS AT THE ORG LEVEL"
cat NEW_USERS|awk '{print $1, $2, $3, $4}' | while read email first last role; do sfcc-ci user:create --org "$ORG" --login $email --user '{"firstName": "'$first'", "lastName": "'$last'", "roles": ["xchange-user","doc-user",'"${role}"']}'; done

echo "#### LOOKING FOR ROLES TO CONFIGURE"
for (( i=4; i<=$length; i++))
do
awk -v col=$i ' $col >= " " {print $1, $col}' NEW_USERS>> ROLES
done

echo "#### CONFIGURING ROLES"
cat ROLES| while read email role;do sfcc-ci role:grant --login $email --role $role --scope $ENVIRONMENTS; done

echo "#### LISTING NEW USERS CONFIG"
cat NEW_USERS |awk '{print $1}' | while read email;do sfcc-ci user:list -l $email --json|jq -r '.';done

@walter-foulkes
Copy link

thx Tobias

@sftschaerff
Copy link
Collaborator

Hi @walter-foulkes,

I'm glad to hear that the issue could be solved.
Thank you for your input and the script, you've provided.

As the issue is solved, I will close it. All comments and your script will still be accessible from the issue tab.

Regards
Tobias

@snyk-bot snyk-bot mentioned this issue Nov 9, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@taehyunlim @makayez @sftschaerff @ngaddipati33 @walter-foulkes