Open alan-morey opened 1 month ago
github-actions[bot]
commented
1 month ago Hello @alan-morey :wave: None of the versions of sf you shared match the latest release.
Shared: 2.60.13
Latest: 2.61.8
Update to the latest version of Salesforce CLI (docs) and confirm that you're still seeing your issue.
You can also try the rc and nightly releases! (docs)
After updating, share the full output of sf version --verbose --json
github-actions[bot]
commented
1 month ago Thank you for filing this issue. We appreciate your feedback and will review the issue as soon as possible. Remember, however, that GitHub isn't a mechanism for receiving support under any agreement or SLA. If you require immediate assistance, contact Salesforce Customer Support.
alan-morey
commented
1 month ago Updated to Latest: 2.61.8, issue still present.
{
"architecture": "linux-x64",
"cliVersion": "@salesforce/cli/2.61.8",
"nodeVersion": "node-v18.20.3",
"osVersion": "Linux 6.8.0-45-generic",
"rootPath": "/home/alan.morey/.volta/tools/image/packages/@salesforce/cli/lib/node_modules/@salesforce/cli",
"shell": "zsh",
"pluginVersions": [
"@oclif/plugin-autocomplete 3.2.5 (core)",
"@oclif/plugin-commands 4.0.16 (core)",
"@oclif/plugin-help 6.2.13 (core)",
"@oclif/plugin-not-found 3.2.22 (core)",
"@oclif/plugin-plugins 5.4.10 (core)",
"@oclif/plugin-search 1.2.10 (core)",
"@oclif/plugin-update 4.5.10 (core)",
"@oclif/plugin-version 2.2.14 (core)",
"@oclif/plugin-warn-if-update-available 3.1.18 (core)",
"@oclif/plugin-which 3.2.15 (core)",
"@salesforce/cli 2.61.8 (core)",
"apex 3.5.0 (core)",
"api 1.2.2 (core)",
"auth 3.6.65 (core)",
"community 3.2.32 (user) published 25 days ago (Sat Sep 14 2024) (latest is 3.2.33)",
"data 3.6.8 (core)",
"deploy-retrieve 3.12.15 (core)",
"dev 2.4.2 (user) published 43 days ago (Mon Aug 26 2024)",
"info 3.4.9 (core)",
"limits 3.3.32 (core)",
"marketplace 1.2.26 (core)",
"org 4.6.0 (core)",
"packaging 2.8.10 (core)",
"schema 3.3.34 (core)",
"settings 2.3.23 (core)",
"sobject 1.4.40 (core)",
"source 3.5.21 (core)",
"telemetry 3.6.15 (core)",
"templates 56.3.21 (core)",
"trust 3.7.32 (core)",
"user 3.5.32 (core)",
"cli-plugin 1.0.0 (link) /home/alan.morey/repos/salesforce/cli-plugin",
"gr-sfdx-plugin 0.0.0 (link) /home/alan.morey/repos/salesforce/gr-sfdx-plugin"
]
}
mdonnalley
commented
1 month ago Are you sure that you have the perms to access the metadata api? This might be a helpful thread from the trailblazer community: https://trailhead.salesforce.com/trailblazer-community/feed/0D54V00007T4L7RSAV
alan-morey
commented
1 month ago @mdonnalley I do not have those permissions:
My PROD Permissions:
Includes:
- Manage Sandboxes
- Manage Dev Sandboxes
Excludes:
- ModifyAllData
- ModifyMetadata
Are those permissions required for this command to function correctly? Are those permissions required in the new sandbox, or are they required in the PROD org?
In my situation, the ApexClassId specified in the sandbox definition I mentioned above, when executed during sandbox post copy actually changes my profile from a minimum access user in Production to a System Administrator in the sandbox. So eventually my user would have the Metadata API access permissions but it might be too late by time the commands finishes executing?
mdonnalley
commented
1 month ago The refresh command makes a request to the SandboxInfo endpoint, which presumably requires those perms. I'll confirm with the sandbox team that that's the case
If you provide debug output we should be able to track down the exact request that's failing. Use both the --dev-debug flag and JSFORCE_LOG_LEVEL=DEBUG environment variable
alan-morey
commented
1 month ago Ran as follows for debug output
JSFORCE_LOG_LEVEL=DEBUG sf org refresh sandbox -n alandev03 -f config/dev-sandbox-def.json -o PROD -w 99 --dev-debug --no-prompt &> refresh-debug-output.txtOutput attached: refresh-debug-output.txt.gz
Note: In the output file, I replaced my domain with "EXAMPLE" and replaced the access token values with "**REMOVED**".
mdonnalley
commented
1 month ago Thanks for that. Here you can see the http request that's failing
DEBUG [http-api] <request> method=POST, url=https://EXAMPLE.my.salesforce.com/services/Soap/m/61.0
DEBUG [http-api] elapsed time: 214 msec
DEBUG [http-api] <response> status=500, url=https://EXAMPLE.my.salesforce.com/services/Soap/m/61.0
Error (sf:INSUFFICIENT_ACCESS): INSUFFICIENT_ACCESS: use of the Metadata API requires a user with the ModifyAllData or ModifyMetadata permissionsI'm not 100% sure where that's coming from but, regardless, I think the solution here is to ensure that you have the correct perms
mdonnalley
commented
1 month ago After discussing this with a coworker, there might be a couple of things that we can do to improve the experience here including that particular API call. I'll mark this as a feature request since it's currently working as designed
git2gus[bot]
commented
1 month ago This issue has been linked to a new work item: W-16961973
github-actions[bot]
commented
1 month ago Thank you for filing this feature request. We appreciate your feedback and will review the feature at our next grooming or sprint planning session. We prioritize feature requests with more upvotes and comments.
Summary
While using the command
org refresh sandboxto refresh a sandbox, the command finishes with the following error:However, the sandbox was refreshed and I was able to login to the org after this error.
I noticed the same error occurred with
org resume sandbox, when I refreshed a sandbox but the wait timed out.Steps To Reproduce
Expected result
Sandbox should be refreshed without producing an error
Actual result
Command returns after sandbox has finished refreshing but ends with an error
Output:
Additional information
sandbox-def.json:
My PROD Permissions:
When I refresh a sandbox via the UI, I do not encounter any such errors.
System Information