Closed naruraghavan closed 7 years ago
calebwashburn
commented
7 years ago @naruraghavan What are you using for authentication? UserId/password/client secret or following the latest guide
uaac client add cf-mgmt \
--name cf-mgmt \
--secret cf-mgmt-secret \
--authorized_grant_types client_credentials,refresh_token \
--authorities cloud_controller.admin,scim.read,scim.writeAlso what version of cf-mgmt are you running?
naruraghavan
commented
7 years ago I did the following:
uaac client add blahblah --secret "blahblah" --no-interactive --scope oauth.approvals,openid,scim.me,scim.userids,cloud_controller.read,cloud_controller.admin --authorities scim.me,oauth.login,scim.userids,cloud_controller.admin,uaa.admin,scim.read,scim.write --authorized_grant_types authorization_code,client_credentials,refresh_tokenI cloned yesterday and built cf-mgmt.
naruraghavan
commented
7 years ago I tried creating a cf-mgmt id as you mentioned, but that one failed with the same error message as well.
I used ./cf-mgmt as follows:
./cf-mgmt export-config --system-domain blah --user-id cf-mgmt --client-secret blah 2017/10/05 16:29:16 E1005 16:29:16.328995 20713 main.go:600] Unable to initialize cf-mgmt. Error : cannot get UAAC token, error 401: {"error":"invalid_client","error_description":"Given client ID does not match authenticated client"} cannot get UAAC token, error 401: {"error":"invalid_client","error_description":"Given client ID does not match authenticated client"}
calebwashburn
commented
7 years ago @naruraghavan Let me try to recreate. Can you enable debug logging to see if this adds any additional information.
LOG_LEVEL=debug ./cf-mgmt export-config --system-domain blah --user-id cf-mgmt --client-secret blahwith debug turned on:
cannot get UAAC token, error 401: {"error":"invalid_client","error_description":"Given client ID does not match authenticated client"}I re-ran the integration tests and export-config works just fine with my CF installation. Which version of CF are you running? UAA version? This error is coming from UAA so need to validate the correct client/client secret are being passed. Also, ensure you don't have any of the environment variables set. SYSTEM_DOMAIN, USER_ID, PASSWORD, CLIENT_SECRET
naruraghavan
commented
7 years ago UAA client 4.0.0 cf version 6.32.0+0191c33d9.2017-09-26
I don't see any env vars (printenv | grep ...).
BTW: cf-mgmt used to work like "magic" until I cloned the latest version of cf-mgmt last week (well, I had to reinstall all software on my macbook).
calebwashburn
commented
7 years ago ± |master ✓| → go run main.go export-config --system-domain local.pcfdev.io --user-id cf-mgmt --client-secret cf-mgmt-secret --config-dir test-export
2017/10/10 08:46:36 I1010 08:46:36.769248 3997 main.go:592] Orgs excluded from export by default: [system]
2017/10/10 08:46:36 I1010 08:46:36.769294 3997 main.go:593] Orgs excluded from export by user: []
2017/10/10 08:46:36 I1010 08:46:36.769313 3997 main.go:594] Spaces excluded from export by user: []
2017/10/10 08:46:36 I1010 08:46:36.769322 3997 uaac.go:64] Getting users from Cloud Foundry
2017/10/10 08:46:36 I1010 08:46:36.817919 3997 uaac.go:70] Found 2 users in the CF instance
2017/10/10 08:46:36 I1010 08:46:36.965316 3997 cloudcontroller.go:213] Total orgs returned : 2
2017/10/10 08:46:36 I1010 08:46:36.965352 3997 exportconfig.go:40] Trying to delete existing config directory
2017/10/10 08:46:36 I1010 08:46:36.96559 3997 config.go:206] test-export doesn't exists, nothing to delete
2017/10/10 08:46:36 I1010 08:46:36.965608 3997 exportconfig.go:47] Trying to create new config folder
2017/10/10 08:46:36 I1010 08:46:36.965615 3997 exportconfig.go:56] Using UAA user origin: uaa
2017/10/10 08:46:36 I1010 08:46:36.965888 3997 config.go:188] Config directory test-export created
2017/10/10 08:46:36 I1010 08:46:36.967228 3997 exportconfig.go:65] Skipping org: system as it is ignored from import
2017/10/10 08:46:36 I1010 08:46:36.967247 3997 exportconfig.go:68] Processing org: pcfdev-org
2017/10/10 08:46:37 I1010 08:46:37.206596 3997 cloudcontroller.go:281] Total users returned : 1
2017/10/10 08:46:37 I1010 08:46:37.225275 3997 cloudcontroller.go:281] Total users returned : 0
2017/10/10 08:46:37 I1010 08:46:37.240706 3997 cloudcontroller.go:281] Total users returned : 0
2017/10/10 08:46:37 I1010 08:46:37.257586 3997 config.go:93] Adding org: pcfdev-org
2017/10/10 08:46:37 I1010 08:46:37.258242 3997 exportconfig.go:78] Done creating org pcfdev-org
2017/10/10 08:46:37 I1010 08:46:37.258261 3997 exportconfig.go:79] Listing spaces for org pcfdev-org
2017/10/10 08:46:37 I1010 08:46:37.279545 3997 cloudcontroller.go:35] Total spaces returned : 1
2017/10/10 08:46:37 I1010 08:46:37.279585 3997 exportconfig.go:81] Found 1 Spaces for org pcfdev-org
2017/10/10 08:46:37 I1010 08:46:37.279605 3997 exportconfig.go:87] Processing space: pcfdev-space
2017/10/10 08:46:37 I1010 08:46:37.500857 3997 cloudcontroller.go:281] Total users returned : 2
2017/10/10 08:46:37 I1010 08:46:37.687977 3997 cloudcontroller.go:281] Total users returned : 2
2017/10/10 08:46:37 I1010 08:46:37.846599 3997 cloudcontroller.go:281] Total users returned : 1
2017/10/10 08:46:37 I1010 08:46:37.846729 3997 config.go:149] Adding space: pcfdev-space Closing this issue, if there are more details please reopen
Any ideas?
When I login with
uaac token client get id -s secret, I get backSuccessfully fetched token via client credentials grant.. Therefore, both id and secret must be ok.