search

cloudfoundry / cli

The official command line client for Cloud Foundry
https://docs.cloudfoundry.org/cf-cli
Apache License 2.0
1.75k stars 929 forks source link

cf org-users and space-users shows nothing for cli created users #421

Closed wgu-zz closed 9 years ago

wgu-zz commented 9 years ago

Not sure #361 is talking about the same but it looks like this happens for both UAA and cli created users.

Issue reproducible against PCF 1.4.0.0, CF cli 6.10.0 and 6.11.0.

sgu-home:~ sgu$ cf create-user sgu-test sgu-test Creating user sgu-test as admin... OK

TIP: Assign roles with 'cf set-org-role' and 'cf set-space-role'

sgu-home:~ sgu$ sgu-home:~ sgu$ cf set-org-role sgu-test app OrgManager Assigning role OrgManager to user sgu-test in org app as admin... OK sgu-home:~ sgu$ cf org-users app Getting users in org app as admin...

ORG MANAGER

BILLING MANAGER

ORG AUDITOR

sgu-home:~ sgu$ cf set-space-role sgu-test app development SpaceManager Assigning role SpaceManager to user sgu-test in org app / space development as admin... OK sgu-home:~ sgu$ sgu-home:~ sgu$ cf space-users app development Getting users in org app / space development as admin

SPACE MANAGER

SPACE DEVELOPER

SPACE AUDITOR

cf-gitbot commented 9 years ago

We have created an issue in Pivotal Tracker to manage this. You can view the current status of your issue at: https://www.pivotaltracker.com/story/show/92887900.

goehmen commented 9 years ago

@wgu I replied in the support ticket. I cannot reproduce this.

goehmen commented 9 years ago

I can't reproduce with: cf version 6.10.0-a411bc2-2015-04-10T16:20:14+00:00 ○ → cf curl /v2/info { "name": "vcap", "build": "2222", "support": "http://support.cloudfoundry.com", "version": 2, "description": "Cloud Foundry sponsored by Pivotal", "authorization_endpoint": "https://login.a1.cf-app.com", "token_endpoint": "https://uaa.a1.cf-app.com", "min_cli_version": null, "min_recommended_cli_version": null, "api_version": "2.25.0", "logging_endpoint": "wss://loggregator.a1.cf-app.com:4443" } 2.25.0 = cf release 207 ○ → cf target -o 1space API endpoint: https://api.a1.cf-app.com (API version: 2.25.0) User: admin Org: 1space Space: 1space ○ → cf create-user go-test1 go-test1 Creating user go-test1 as admin... OK TIP: Assign roles with 'cf set-org-role' and 'cf set-space-role' ○ → cf set-org-role go-test1 1spaace OrgManager FAILED Organization 1spaace not found ○ → cf set-org-role go-test1 1space OrgManager Assigning role OrgManager to user go-test1 in org 1space as admin... OK ○ → cf org-users 1space Getting users in org 1space as admin... ORG MANAGER go-test1 BILLING MANAGER ORG AUDITOR

Same thing afterj updating CLI

Previous Version: cf version 6.10.0-a411bc2-2015-04-10T16:20:14+00:00 New Version: cf version 6.11.1-4ef66f6-2015-04-20T21:15:38+00:00

|1.9.3-p484| london in ~ ○ → cf create-user go-test2 go-test1 Creating user go-test2 as admin... OK

TIP: Assign roles with 'cf set-org-role' and 'cf set-space-role'

|1.9.3-p484| london in ~ ○ → cf set-org-role go-test2 1space OrgManager Assigning role OrgManager to user go-test2 in org 1space as admin... OK

|1.9.3-p484| london in ~ ○ → cf org-users 1space Getting users in org 1space as admin...

ORG MANAGER go-test1 go-test2

BILLING MANAGER

ORG AUDITOR

wgu-zz commented 9 years ago

Hi Greg,

Just in case the zendesk ticket does not send a notification, I have verified the issue does exist for 2.23.0 on vSphere with cf cli v6.11.1, v6.11.0 and v6.10.0. Same env v6.9.0 just worked fine. Since v2.23.0 is the current PCF 1.4.0.0 release version, is this explicitly been fixed in v2.25.0?

sgu-home:~ sgu$ cf -v
cf version 6.11.1-4ef66f6-2015-04-20T21:15:38+00:00
sgu-home:~ sgu$ cf org-users sgu-org
Getting users in org sgu-org as admin...

ORG MANAGER

BILLING MANAGER

ORG AUDITOR
sgu-home:~ sgu$ ~/Downloads/cf -v
/Users/sgu/Downloads/cf version 6.9.0-620f841-2015-01-20T18:22:58+00:00
sgu-home:~ sgu$ ~/Downloads/cf org-users sgu-org
Getting users in org sgu-org as admin...

ORG MANAGER
  sgu-test

BILLING MANAGER
  sgu-test

ORG AUDITOR

One thing noticed is that there is a blank line for both org manager and billing manager for v6.11.1.

goehmen commented 9 years ago

Please supply the following:

  1. The CF CLI version (cf -v)
  2. The CloudController API version (cf curl /v2/info)
  3. A trace of the command you are using (CF_TRACE=true cf )
wgu-zz commented 9 years ago

Here is the required output. Seems the missing part is querying for the actual user info after getting the user GUID.

sgu-home:~ sgu$ cf -v
cf version 6.11.1-4ef66f6-2015-04-20T21:15:38+00:00
sgu-home:~ sgu$ cf curl /v2/info
{
   "name": "vcap",
   "build": "2222",
   "support": "http://support.cloudfoundry.com",
   "version": 2,
   "description": "Cloud Foundry sponsored by Pivotal",
   "authorization_endpoint": "https://login.10.10.34.11.xip.io",
   "token_endpoint": "https://uaa.10.10.34.11.xip.io",
   "min_cli_version": null,
   "min_recommended_cli_version": null,
   "api_version": "2.23.0",
   "logging_endpoint": "wss://loggregator.10.10.34.11.xip.io:443",
   "user": "cf5c26b8-f648-473c-8015-cc431fa45911"
}

VERSION:
6.11.1-4ef66f6

REQUEST: [2015-04-30T09:55:00+08:00]
GET /v2/organizations?q=name%3Asgu-org&inline-relations-depth=1 HTTP/1.1
Host: api.10.10.34.11.xip.io
Accept: application/json
Authorization: [PRIVATE DATA HIDDEN]
Content-Type: application/json
User-Agent: go-cli 6.11.1-4ef66f6 / darwin

RESPONSE: [2015-04-30T09:55:02+08:00]
HTTP/1.1 200 OK
Content-Length: 6283
Content-Type: application/json;charset=utf-8
Date: Thu, 30 Apr 2015 01:55:02 GMT
Server: nginx
X-Cf-Requestid: 902d0f27-4b40-44fb-6265-9486e8092ba1
X-Content-Type-Options: nosniff
X-Vcap-Request-Id: 96de2a58-f222-44d1-7b49-b6a86bfbbd0e::a461549a-ba63-444b-a963-d52c0c70a0ac

{
  "total_results": 1,
  "total_pages": 1,
  "prev_url": null,
  "next_url": null,
  "resources": [
    {
      "metadata": {
        "guid": "931ebe92-bdc6-4876-9857-57c578704693",
        "url": "/v2/organizations/931ebe92-bdc6-4876-9857-57c578704693",
        "created_at": "2015-04-22T13:21:01Z",
        "updated_at": null
      },
      "entity": {
        "name": "sgu-org",
        "billing_enabled": false,
        "quota_definition_guid": "aa0fedae-1967-4bea-af4d-81e5d497d53b",
        "status": "active",
        "quota_definition_url": "/v2/quota_definitions/aa0fedae-1967-4bea-af4d-81e5d497d53b",
        "quota_definition": {
          "metadata": {
            "guid": "aa0fedae-1967-4bea-af4d-81e5d497d53b",
            "url": "/v2/quota_definitions/aa0fedae-1967-4bea-af4d-81e5d497d53b",
            "created_at": "2015-04-22T11:36:32Z",
            "updated_at": null
          },
          "entity": {
            "name": "default",
            "non_basic_services_allowed": true,
            "total_services": 100,
            "total_routes": 1000,
            "memory_limit": 10240,
            "trial_db_allowed": false,
            "instance_memory_limit": -1
          }
        },
        "spaces_url": "/v2/organizations/931ebe92-bdc6-4876-9857-57c578704693/spaces",
        "spaces": [

        ],
        "domains_url": "/v2/organizations/931ebe92-bdc6-4876-9857-57c578704693/domains",
        "domains": [
          {
            "metadata": {
              "guid": "286b44d1-c811-4a82-9ce2-2ed9c9eec331",
              "url": "/v2/domains/286b44d1-c811-4a82-9ce2-2ed9c9eec331",
              "created_at": "2015-04-22T11:36:32Z",
              "updated_at": "2015-04-22T11:36:46Z"
            },
            "entity": {
              "name": "10.10.34.11.xip.io"
            }
          }
        ],
        "private_domains_url": "/v2/organizations/931ebe92-bdc6-4876-9857-57c578704693/private_domains",
        "private_domains": [

        ],
        "users_url": "/v2/organizations/931ebe92-bdc6-4876-9857-57c578704693/users",
        "users": [
          {
            "metadata": {
              "guid": "30d38d95-9939-465f-b92d-aa0da67c3642",
              "url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642",
              "created_at": "2015-04-22T12:34:36Z",
              "updated_at": null
            },
            "entity": {
              "admin": false,
              "active": false,
              "default_space_guid": null,
              "spaces_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/spaces",
              "organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/organizations",
              "managed_organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/managed_organizations",
              "billing_managed_organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/billing_managed_organizations",
              "audited_organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/audited_organizations",
              "managed_spaces_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/managed_spaces",
              "audited_spaces_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/audited_spaces"
            }
          }
        ],
        "managers_url": "/v2/organizations/931ebe92-bdc6-4876-9857-57c578704693/managers",
        "managers": [
          {
            "metadata": {
              "guid": "30d38d95-9939-465f-b92d-aa0da67c3642",
              "url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642",
              "created_at": "2015-04-22T12:34:36Z",
              "updated_at": null
            },
            "entity": {
              "admin": false,
              "active": false,
              "default_space_guid": null,
              "spaces_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/spaces",
              "organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/organizations",
              "managed_organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/managed_organizations",
              "billing_managed_organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/billing_managed_organizations",
              "audited_organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/audited_organizations",
              "managed_spaces_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/managed_spaces",
              "audited_spaces_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/audited_spaces"
            }
          }
        ],
        "billing_managers_url": "/v2/organizations/931ebe92-bdc6-4876-9857-57c578704693/billing_managers",
        "billing_managers": [
          {
            "metadata": {
              "guid": "30d38d95-9939-465f-b92d-aa0da67c3642",
              "url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642",
              "created_at": "2015-04-22T12:34:36Z",
              "updated_at": null
            },
            "entity": {
              "admin": false,
              "active": false,
              "default_space_guid": null,
              "spaces_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/spaces",
              "organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/organizations",
              "managed_organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/managed_organizations",
              "billing_managed_organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/billing_managed_organizations",
              "audited_organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/audited_organizations",
              "managed_spaces_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/managed_spaces",
              "audited_spaces_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/audited_spaces"
            }
          }
        ],
        "auditors_url": "/v2/organizations/931ebe92-bdc6-4876-9857-57c578704693/auditors",
        "auditors": [

        ],
        "app_events_url": "/v2/organizations/931ebe92-bdc6-4876-9857-57c578704693/app_events",
        "space_quota_definitions_url": "/v2/organizations/931ebe92-bdc6-4876-9857-57c578704693/space_quota_definitions",
        "space_quota_definitions": [

        ]
      }
    }
  ]
}
Getting users in org sgu-org as admin...

REQUEST: [2015-04-30T09:55:02+08:00]
GET /v2/organizations/931ebe92-bdc6-4876-9857-57c578704693/managers HTTP/1.1
Host: api.10.10.34.11.xip.io
Accept: application/json
Authorization: [PRIVATE DATA HIDDEN]
Content-Type: application/json
User-Agent: go-cli 6.11.1-4ef66f6 / darwin

RESPONSE: [2015-04-30T09:55:03+08:00]
HTTP/1.1 200 OK
Content-Length: 1156
Content-Type: application/json;charset=utf-8
Date: Thu, 30 Apr 2015 01:55:03 GMT
Server: nginx
X-Cf-Requestid: 766262c0-fd5e-413c-5dec-fde981e6051f
X-Content-Type-Options: nosniff
X-Vcap-Request-Id: c829c4cf-1b29-405e-6869-4e5dc211167c::2e05840f-2a09-4b6b-ab4a-4261a5243452

{
  "total_results": 1,
  "total_pages": 1,
  "prev_url": null,
  "next_url": null,
  "resources": [
    {
      "metadata": {
        "guid": "30d38d95-9939-465f-b92d-aa0da67c3642",
        "url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642",
        "created_at": "2015-04-22T12:34:36Z",
        "updated_at": null
      },
      "entity": {
        "admin": false,
        "active": false,
        "default_space_guid": null,
        "spaces_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/spaces",
        "organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/organizations",
        "managed_organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/managed_organizations",
        "billing_managed_organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/billing_managed_organizations",
        "audited_organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/audited_organizations",
        "managed_spaces_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/managed_spaces",
        "audited_spaces_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/audited_spaces"
      }
    }
  ]
}

ORG MANAGER

REQUEST: [2015-04-30T09:55:03+08:00]
GET /v2/organizations/931ebe92-bdc6-4876-9857-57c578704693/billing_managers HTTP/1.1
Host: api.10.10.34.11.xip.io
Accept: application/json
Authorization: [PRIVATE DATA HIDDEN]
Content-Type: application/json
User-Agent: go-cli 6.11.1-4ef66f6 / darwin

RESPONSE: [2015-04-30T09:55:04+08:00]
HTTP/1.1 200 OK
Content-Length: 1156
Content-Type: application/json;charset=utf-8
Date: Thu, 30 Apr 2015 01:55:04 GMT
Server: nginx
X-Cf-Requestid: d00dadf8-54eb-4d6c-56c3-ebc373a9a2c4
X-Content-Type-Options: nosniff
X-Vcap-Request-Id: bf40802d-8a42-43d9-5070-8bfd0ac78b73::881c4ac4-40b5-489b-b1fa-856e71185ff4

{
  "total_results": 1,
  "total_pages": 1,
  "prev_url": null,
  "next_url": null,
  "resources": [
    {
      "metadata": {
        "guid": "30d38d95-9939-465f-b92d-aa0da67c3642",
        "url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642",
        "created_at": "2015-04-22T12:34:36Z",
        "updated_at": null
      },
      "entity": {
        "admin": false,
        "active": false,
        "default_space_guid": null,
        "spaces_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/spaces",
        "organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/organizations",
        "managed_organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/managed_organizations",
        "billing_managed_organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/billing_managed_organizations",
        "audited_organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/audited_organizations",
        "managed_spaces_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/managed_spaces",
        "audited_spaces_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/audited_spaces"
      }
    }
  ]
}

BILLING MANAGER

REQUEST: [2015-04-30T09:55:04+08:00]
GET /v2/organizations/931ebe92-bdc6-4876-9857-57c578704693/auditors HTTP/1.1
Host: api.10.10.34.11.xip.io
Accept: application/json
Authorization: [PRIVATE DATA HIDDEN]
Content-Type: application/json
User-Agent: go-cli 6.11.1-4ef66f6 / darwin

RESPONSE: [2015-04-30T09:55:05+08:00]
HTTP/1.1 200 OK
Content-Length: 107
Content-Type: application/json;charset=utf-8
Date: Thu, 30 Apr 2015 01:55:05 GMT
Server: nginx
X-Cf-Requestid: 375b8bf8-c537-4b3e-4019-374a1d1d13cd
X-Content-Type-Options: nosniff
X-Vcap-Request-Id: e4c65fec-ebb8-4db2-50d3-54f1ed304a0a::aaedabc7-2dc8-466e-abc0-0192b09ad3f8

{
  "total_results": 0,
  "total_pages": 1,
  "prev_url": null,
  "next_url": null,
  "resources": [

  ]
}

ORG AUDITOR
xchapter7x commented 9 years ago

I am seeing the same issue. It doesn't appear to be an issue with the cli, but more an issue with the cloudcontroller api response object. The response object doesn't seem to contain the username field in the user.entity object, which the cli depends on.

unless im missing something.

https://github.com/cloudfoundry/cli/blob/master/cf/commands/user/org_users.go#L98 https://github.com/cloudfoundry/cli/blob/master/cf/api/resources/users.go#L11

abbreviated response from GET /v2/organizations?q=name%3Asgu-org&inline-relations-depth=1 endpoint 

"users": [
          {
            "metadata": {
              "guid": "30d38d95-9939-465f-b92d-aa0da67c3642",
              "url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642",
              "created_at": "2015-04-22T12:34:36Z",
              "updated_at": null
            },
            "entity": {
              "admin": false,
              "active": false,
              "default_space_guid": null,
              "spaces_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/spaces",
              "organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/organizations",
              "managed_organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/managed_organizations",
              "billing_managed_organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/billing_managed_organizations",
              "audited_organizations_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/audited_organizations",
              "managed_spaces_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/managed_spaces",
              "audited_spaces_url": "/v2/users/30d38d95-9939-465f-b92d-aa0da67c3642/audited_spaces"
            }
          }
        ],
goehmen commented 9 years ago

OK. So, by default, this view is disabled. You need to do two things to enable it. Then you should get the list of usernames when you cf curl v2/users.

  1. Set this property to true: uaa.scim.userids_enabled
  2. uaa:clients should have a client that look like this (The authorities and authorized grant types keys are in addition to what's in there now): cloud_controller_username_lookup: authorities: scim.userids authorized-grant-types: client_credentials id: cloud_controller_username_lookup secret: asdfjkl;