Salesforce CLI And API Setup

Cloudaware is built on force.com, meaning a customer gets a dedicated Salesforce instance when a Cloudaware account is registered. This guide explains how to set up the Salesforce CLI, a powerful command-line interface that simplifies development and build automation.

Install Salesforce CLI

1. Download and install the Salesforce CLI.

2. Open Terminal (macOS/Linux) or Command Prompt (Windows) and run the sfdx command.
   
   Ensure that the Salesforce CLI is installed successfully.

Create a Private Key and Self-Signed Digital Certificate

The JWT-based authorization flow requires a digital certificate and a private key to sign the certificate. The digital certificate is uploaded to the custom connected app used for JWT-based authorization.

This process creates two files:

• server.key – Private key. Used when authorizing an org with the force:auth:jwt:grant command.

• server.crt – Digital certificate. Uploaded when creating the connected app.
  

Steps:

1. Install OpenSSL if it is not already installed. To check, run which openssl.

2. In Terminal, create a directory to store the files and navigate to it:
   mkdir /Users/jdoe/JWT
cd /Users/jdoe/JWT

3. Generate a private key and store it in the server.key file:

   CODE

   openssl genrsa -des3 -passout pass:xxxx -out server.pass.key 2048
   openssl rsa -passin pass:xxxx -in server.pass.key -out server.key

   WHERE xxxx – a password with a minimum of 4 characters. Newer versions of OpenSSL may require more complex passwords.
   You can delete the server.pass.key file if it is no longer needed.

4. Generate a certificate signing request using server.key. Store the certificate signing request in the server.csr file.

   CODE

   openssl req -new -key server.key -out server.csr

   Enter the information about your company when prompted.

5. Generate a self-signed digital certificate:

   CODE

   openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt

Create a Connected App in Salesforce

1. Log in to Cloudaware → Setup.

2. Search for Apps in the Quick Find bar. Under External Client Apps, select Settings → New Connected App.

3. Set a name and a contact email for the connected app. The API name will be auto-populated.

4. Expand the ‘API (Enable OAuth Settings)' section and check the box 'Enable OAuth Settings’.

5. For Callback URL, use http://localhost:1717/OauthRedirect. 
   
   Check the box Use digital signatures. Click Choose File and upload the server.crt file that contains your digital certificate.
   
   Under ‘Selected OAuth Scopes’, choose the following:
   - Access and manage your data (api)
   - Perform requests at any time (refresh_token, offline_access)
   - Provide access to your data via the Web (web)
   
   Click Save → Continue.

6. Review Connected App details. Click Manage.

7. Click Edit Policies. Under 'OAuth Policies', select 'Admin approved users are pre-authorized' in Permitted Users. Click OK in the popup message. Click Save.

8. Go back to the section 'Build' on the left → under 'Create', select Apps → select the created app. Under 'Profiles', click Manage Profiles and select the profiles that will have access to the app. By default, CloudAware Collector Only and CloudAware Administrator should be selected. Click Save.

9. Optional: to allow all users access the app using their credentials in CLI: select the app → Edit policies → in the 'OAuth Policies' section, select 'All users may self-authorize'.

To authorize user access for an existing app, contact the app creator and request a certificate.

Read more about Connected Apps

Authorize a Salesforce Org for Use with Salesforce CLI

Run the following command in Terminal (remove the single quotes):

sfdx force:auth:jwt:grant -u 'username' -f 'path_to_key' -i 'consumer_key' -a 'alias'

WHERE

-u – authentication username (go to Setup → under ADMINISTRATION on the left, select Users → Users → select the user → copy Username)

-f – path to the private key file created earlier

-i – consumer key of the connected app created earlier (go to Setup → under PLATFORM TOOLS on the left, select Apps → select the app → copy the value from 'Consumer Key')

-a – alias for the authenticated org (simple string)

Your Salesforce org is now authorized for use with the Salesforce CLI.

Execute a SOQL Query

SOQL queries against Cloudaware objects and fields require using API names.

To find API names: go to Setup → Object Manager → select the object and check API Name in ‘Details’.

To find field API names, select the object → click the ‘Fields & Relationships’ tab. Find the field and check its API Name in the ‘FIELD NAME’ column:

Here is an example query to return AWS EC2 instances that are not deleted from AWS, including AWS Accounts, Private IPs, and Public IPs:

sfdx force:data:soql:query -q "SELECT CA10__account__r.Name, CA10__instanceId__c, CA10__privateIpAddress__c, CA10__publicIpAddress__c FROM CA10__CaAwsInstance__c WHERE CA10__disappearanceTime__c = null" -u 'alias

WHERE the value of -u parameter should be replaced by -a value which was set before (remove the single quotes)

More information on Salesforce CLI is available here.

Set up API

1. Get your access token:

   CODE

    sfdx force:org:display -u orgAlias

   This is your Authorization Bearer token. Make curl and rest API calls using this token.
   

2. Note your Instance URL. You can see examples here.

   

3. Here is a Cloudaware-specific example to retrieve the list of IP addresses:

   CODE

   curl https://cloudaware-0000.cloudforce.com/services/data/v20.0/query/?q=SELECT+CA10__privateIpAddress__c%2C+CA10__associationPublicIp__c+from+CA10__CaAwsNetworkInterface__c -H 'Authorization: Bearer 00D1U00000130CD/!AQwAQN7gCP78KDezrjUpFMsEIOTsTEItsL53UkLa5ZvrU6bENuT2Jj5oSWzKGD4IopBsrX0p1pv0wRczXK.'

   WHERE cloudaware-0000 is a placeholder for your Salesforce Org Id
   
   Tips:
   Avoid ! in the access token with /.
   Use single quotes around the -H value.
   Use a URL-encoded request URL.
   
   For more information, see Salesforce documentation on Working with Records and Working with Searches and Queries.

Load Custom Data to CMDB Using CLI

Assume we have a two-column dataset containing the EC2 instance IDs and a custom attribute ‘Demo Version’:

1. Extract instanceID and Salesforce ID using CLI.
   
   To create a Salesforce-side dataset, run the following CLI command:

   CODE

   sfdx force:data:soql:query -q "SELECT Id, CA10__instanceID__c CA10__CaAwsInstance__c WHERE CA10__disappearanceTime__c = null" -u 'username'

   WHERE username is your Salesforce username (remove the single quotes)
   
   If you are not sure how to create a custom field on an existing object (for example, AWS EC2 Instance or CloudAware Physical Server), see Create a Custom Field.
   

2. View CMDB current data.
   
   Here is an example:

3. Use sorting and merging commands to create the final dataset.

   
   In the merged dataset, records are matched by instanceID. The instanceID itself does not need to be re-imported.

4. Run the following command to upload the merged dataset:

 sfdx force:data:bulk:upsert -s EC2_Instances -f ./path/to/file.csv -i Salesforce ID