fortify / fcli

fcli is a command-line utility for interacting with various Fortify products
https://fortify.github.io/fcli/
Other
31 stars 22 forks source link

fcli fod release/application creation #552

Closed LordBongio closed 4 months ago

LordBongio commented 5 months ago

Current Behavior

Somehow fcli doesn't work with some tenants. All the variables passed are right and it works with some tenant but not with others

COMMANDS:

.\fcli.exe fod session login -u="XXX" -p=XXXX --url=https://emea.fortify.com/ --tenant="XXX"

.\fcli.exe fod rel create 'pipeline:prova' '--sdlc-status=Development'

ERROR: com.fortify.cli.common.rest.unirest.UnexpectedHttpResponseException: Request: POST https://api.emea.fortify.com/api/v3/releases: Response: 400 Bad Request Response Body: {"errors":[{"errorCode":null,"message":"Error"}]} at com.fortify.cli.common.rest.unirest.config.UnirestUnexpectedHttpResponseConfigurer$UnexpectedHttpResponseInterceptor.onResponse(UnirestUnexpectedHttpResponseConfigurer.java:36) at kong.unirest.CompoundInterceptor.lambda$onResponse$1(CompoundInterceptor.java:48) at java.base@21.0.2/java.util.ArrayList.forEach(ArrayList.java:1596) at kong.unirest.CompoundInterceptor.onResponse(CompoundInterceptor.java:48) at kong.unirest.apache.ApacheClient.request(ApacheClient.java:134) at kong.unirest.Client.request(Client.java:57) at kong.unirest.BaseRequest.request(BaseRequest.java:365) at kong.unirest.BaseRequest.asObject(BaseRequest.java:266) at com.fortify.cli.fod.release.helper.FoDReleaseHelper.createRelease(FoDReleaseHelper.java:71) at com.fortify.cli.fod.release.cli.cmd.FoDReleaseCreateCommand.getJsonNode(FoDReleaseCreateCommand.java:85) at com.fortify.cli.fod._common.output.cli.cmd.AbstractFoDJsonNodeOutputCommand.getJsonNode(AbstractFoDJsonNodeOutputCommand.java:23) at com.fortify.cli.common.output.cli.cmd.AbstractOutputCommand.call(AbstractOutputCommand.java:33) at com.fortify.cli.common.output.cli.cmd.AbstractOutputCommand.call(AbstractOutputCommand.java:22) at picocli.CommandLine.executeUserObject(CommandLine.java:2118) at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2538) at picocli.CommandLine$RunLast.handle(CommandLine.java:2530) at picocli.CommandLine$RunLast.handle(CommandLine.java:2492) at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2350) at picocli.CommandLine$RunLast.execute(CommandLine.java:2494) at picocli.CommandLine.execute(CommandLine.java:2247) at com.fortify.cli.app.runner.DefaultFortifyCLIRunner.run(DefaultFortifyCLIRunner.java:49) at com.fortify.cli.app.FortifyCLI.execute(FortifyCLI.java:38) at com.fortify.cli.app.FortifyCLI.main(FortifyCLI.java:32) at java.base@21.0.2/java.lang.invoke.LambdaForm$DMH/sa346b79c.invokeStaticInit(LambdaForm$DMH)

Expected Behavior

No response

Steps To Reproduce

No response

Environment

No response

Anything else?

No response

rsenden commented 5 months ago

Hi, sorry for the delay. Are you still experiencing this issue?

If it's working with some tenants but not others, this is likely either user error or some issue on the FoD side. Can you please double-check that you're accessing the different tenants with user accounts that have similar access permissions (i.e., allowed to create apps/releases), and that you're not trying to create a non-microservice release on a microservices-application or vice versa?

If you've ruled out potential user error, you'd need to check with the FoD team to have them investigate any potential issues on the FoD side.

As the FoD team doesn't provide explicit support on fcli, you'd want to enable debug/trace logging on fcli and then extract the appropriate REST request & response data from the log file, i.e., collect one successful request/response pair for a tenant where fcli is able to create an app/release, and one unsuccessful request/response pair for a failing tenant.

You can then share these request/response pairs with FoD TAM/support to have them investigate why these REST requests are failing on one tenant but working on another.

rsenden commented 4 months ago

Hi @LordBongio, any updates on this issue?

LordBongio commented 4 months ago

Hi, we managed to bypass the problem using the authentication with the client token and so on. Authentication with user and password still grants the same error. Fod managers weren't able to identify any problem related to the tenant iteslf. (the error was reproduced even using the API provided by fortify and authenticating wiht user/password)

rsenden commented 4 months ago

@LordBongio, thanks for the update. As the issue can be reproduced with plain FoD API, I've marked this as a 3rd-party bug ('3rd-party' as in 'not an fcli bug') and will close this, as there's nothing that we can do from an fcli perspective.