Since Cloudaware is built on force.com, address Salesforce CLI is a powerful command line interface that simplifies development and build automation when working with your Salesforce account.
Install Salesforce CLI application
1. Download and install the Salesforce CLI application for you OS using this link.
2. Open Terminal and run the command sfdx to make sure the application was successfully installed.
Create a private key and self-signed digital certificate
The JWT-based authorization flow requires a digital certificate and the private key used to sign the certificate. You upload the digital certificate to the custom connected app that is also required for JWT-based authorization. This process produces two files:
server.key - The private key. You specify this file when you authorize an org with the
force:auth:jwt:grantcommand.server.crt - The digital certification. You upload this file when you create the connected app required by the JWT-based flow.
1. If necessary, install OpenSSL on your computer. To check whether OpenSSL is installed on your computer, run this command: which openssl
2. In Terminal or Windows Command Prompt, create a directory to store the generated files, and change to the directory.
mkdir /Users/jdoe/JWT
cd /Users/jdoe/JWT
3. Generate a private key, and store it in a file called server.key.
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
openssl rsa -passin pass:x -in server.pass.key -out server.key
You can delete the server.pass.key file because you no longer need it.
4. Generate a certificate signing request using the server.key file. Store the certificate signing request in a file called server.csr. Enter information about your company when prompted.
openssl req -new -key server.key -out server.csr
5. Generate a self-signed digital certificate from the server.key and server.csr files. Store the certificate in a file called server.crt.
openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
Create a connected app in your Salesforce organization account
1. Log in to your Cloudaware account.
2. Open the main menu under your username. Go to Setup → Build: Create → Apps → section 'Connected Apps' → New.
3. Enter a meaningful connected app name and your email address.
4. Check the box Enable OAuth Settings.
5. For the Callback URL enter http://localhost:1717/OauthRedirect
5. Check the box Use digital signatures. Click Choose File and upload the server.crt file that contains your digital certificate.
6. In the 'Selected OAuth Scopes' section add the following OAuth scopes:
Access and manage your data (api)
Perform requests on your behalf at any time (refresh_token, offline_access)
Provide access to your data via the Web (web)
7. Click Save → Continue → Manage.
8. Click Edit Policies. In the 'OAuth Policies' section, select Admin approved users are pre-authorized for Permitted Users. Click OK.
9. Click Save.
Authorize a Salesforce org for use with the Salesforce CLI
Open Terminal and run the following command
1 | sfdx force:auth:jwt:grant -u ‘text’ -f ‘text’ -i ‘text’ -a ‘text’
WHERE
-u - The authentication username (Setup - Manage Users - Users - your user - copy your username)
-f - Path to a file containing the private key generated earlier
-i - The consumer key of the Salesforce connected app created earlier (Setup - Create - Apps - chose an app - copy Consumer Key)
-a - Sets an alias for the authenticated org
You have successfully authorized your Salesforce org for use with the Salesforce CLI!
Execute a sample SOQL query
You can find the API names of Cloudaware objects and fields if you go to Setup → Create → Objects → select an object.
Let's now execute a sample SOQL query that will return AWS EC2 instances that are not deleted from AWS with Accounts, private and public IPs.
1 | sfdx force:data:soql:query -q "Select CA10__account__r.Name, CA10__instanceId__c, CA10__privateIpAddress__c, CA10__publicIpAddress__c from CA10__CaAwsInstance__c where CA10__disappearanceTime__c =null" -u ‘text’
More information on Salesforce CLI is available here: https://developer.salesforce.com/docs/atlas.en-us.sfdx_cli_reference.meta/sfdx_cli_reference/cli_reference.htm
Setting Up API
Get your Access Token using sfdx CLI
1 | sfdx force:org:display -u orgAlias
This is your authorization bearer token. Now we can make curl and rest API calls using this token.
Also make not of your instance URL.
You can see examples here https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_usage_rest_resources.htm
Here is a Cloudaware specific example to retrieve list of IP addresses:
curl https://cloudaware-0000.cloudforce.com/services/data/v20.0/query/?q=SELECT+CA10__privateIpAddress__c%2C+CA10__associationPublicIp__c+from+CA10__CaAwsNetworkInterface__c -H 'Authorization: Bearer
If you encounter any errors, make sure to:
Escape ! in Access Token with / slash.
Use single quotes around -H value
Use URL encoded URL
More information about other API calls is available here.
Loading Custom Data To CMDB Using CLI
Let's assume we have a 2-column dataset made up of EC2 Instance ID and some custom attribute called ‘'Demo Version''.
Using CLI we will now need to extract instanceID and Salesforce ID in order to create a salesforce-side dataset that will look like this. For example,
sfdx force:data:soql:query -q "Select Id, CA10__instanceID__c CA10__CaAwsInstance__c where CA10__disappearanceTime__c =null" -u me
If you’re not sure how to create a custom field on an existing object such as EC2 Instance or Physical Server, follow the instructions here.
We will now use sort and merge commands to create a final dataset that will be used to upload merged dataset. In merged dataset records are matched by instanceID but the actual instanceID does not need to be re-imported.
sfdx force:data:bulk:upsert -s EC2_Instances -f ./path/to/file.csv -i Salesforce ID