Skip to main content
Skip table of contents

Salesforce CLI And API Setup

Cloudaware is built on force.com, meaning a customer gets a dedicated Salesforce instance when a Cloudaware account is registered. This guide explains how to set up the Salesforce CLI, a powerful command-line interface that simplifies development and build automation.

Install Salesforce CLI

  1. Download and install the Salesforce CLI.

  2. Open Terminal (macOS/Linux) or Command Prompt (Windows) and run the sfdx command.

    Ensure that the Salesforce CLI is installed successfully.

Create a Private Key and Self-Signed Digital Certificate

The JWT-based authorization flow requires a digital certificate and a private key to sign the certificate. The digital certificate is uploaded to the custom connected app used for JWT-based authorization.

This process creates two files:

  • server.key – Private key. Used when authorizing an org with the force:auth:jwt:grant command.

  • server.crt – Digital certificate. Uploaded when creating the connected app.

Steps:

  1. Install OpenSSL if it is not already installed. To check, run which openssl.

  2. In Terminal, create a directory to store the files and navigate to it:
    mkdir /Users/jdoe/JWT
    cd /Users/jdoe/JWT

  3. Generate a private key and store it in the server.key file:

    CODE
    openssl genrsa -des3 -passout pass:xxxx -out server.pass.key 2048
    openssl rsa -passin pass:xxxx -in server.pass.key -out server.key

    WHERE xxxx – a password with a minimum of 4 characters. Newer versions of OpenSSL may require more complex passwords.
    You can delete the server.pass.key file if it is no longer needed.

  4. Generate a certificate signing request using server.key. Store the certificate signing request in the server.csr file.

    CODE
    openssl req -new -key server.key -out server.csr

    Enter the information about your company when prompted.

  5. Generate a self-signed digital certificate:

    CODE
    openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt

Create a Connected App in Salesforce

  1. Log in to Cloudaware → Setup.

  2. Search for Apps in the Quick Find bar. Under External Client Apps, select Settings → New Connected App.

  3. Set a name and a contact email for the connected app. The API name will be auto-populated.

  4. Expand the ‘API (Enable OAuth Settings)' section and check the box 'Enable OAuth Settings’.

  5. For Callback URL, use http://localhost:1717/OauthRedirect

    Check the box Use digital signatures. Click Choose File and upload the server.crt file that contains your digital certificate.

    Under ‘Selected OAuth Scopes’, choose the following:
    - Access and manage your data (api)
    - Perform requests at any time (refresh_token, offline_access)
    - Provide access to your data via the Web (web)

    Click SaveContinue.

  6. Review Connected App details. Click Manage.

  7. Click Edit Policies. Under 'OAuth Policies', select 'Admin approved users are pre-authorized' in Permitted Users. Click OK in the popup message. Click Save.

  8. Go back to the section 'Build' on the left → under 'Create', select Apps → select the created app. Under 'Profiles', click Manage Profiles and select the profiles that will have access to the app. By default, CloudAware Collector Only and CloudAware Administrator should be selected. Click Save.

  9. Optional: to allow all users access the app using their credentials in CLI: select the app → Edit policies → in the 'OAuth Policies' section, select 'All users may self-authorize'.

To authorize user access for an existing app, contact the app creator and request a certificate.

Read more about Connected Apps

Authorize a Salesforce Org for Use with Salesforce CLI

Run the following command in Terminal (remove the single quotes):

CODE
sfdx force:auth:jwt:grant -u 'username' -f 'path_to_key' -i 'consumer_key' -a 'alias'

WHERE

-u – authentication username (go to Setup → under ADMINISTRATION on the left, select Users → Users → select the user → copy Username)

-f – path to the private key file created earlier

-i – consumer key of the connected app created earlier (go to Setup → under PLATFORM TOOLS on the left, select Apps → select the app → copy the value from 'Consumer Key')

-a – alias for the authenticated org (simple string)

Your Salesforce org is now authorized for use with the Salesforce CLI.

Execute a SOQL Query

SOQL queries against Cloudaware objects and fields require using API names.

To find API names: go to Setup → Object Manager → select the object and check API Name in ‘Details’.

Salesforce CLI & API setup - execute SOQL query - object API name.png


To find field API names, select the object → click the ‘Fields & Relationships’ tab. Find the field and check its API Name in the ‘FIELD NAME’ column:

Salesforce CLI & API setup - execute a SOQL query - field API name.png

Here is an example query to return AWS EC2 instances that are not deleted from AWS, including AWS Accounts, Private IPs, and Public IPs:

CODE
sfdx force:data:soql:query -q "SELECT CA10__account__r.Name, CA10__instanceId__c, CA10__privateIpAddress__c, CA10__publicIpAddress__c FROM CA10__CaAwsInstance__c WHERE CA10__disappearanceTime__c = null" -u 'alias

WHERE the value of -u parameter should be replaced by -a value which was set before (remove the single quotes)

More information on Salesforce CLI is available here.

Set up API

  1. Get your access token:

    CODE
     sfdx force:org:display -u orgAlias

    This is your Authorization Bearer token. Make curl and rest API calls using this token.

  2. Note your Instance URL. You can see examples here.

  3. Here is a Cloudaware-specific example to retrieve the list of IP addresses:

    CODE
    curl https://cloudaware-0000.cloudforce.com/services/data/v20.0/query/?q=SELECT+CA10__privateIpAddress__c%2C+CA10__associationPublicIp__c+from+CA10__CaAwsNetworkInterface__c -H 'Authorization: Bearer 00D1U00000130CD/!AQwAQN7gCP78KDezrjUpFMsEIOTsTEItsL53UkLa5ZvrU6bENuT2Jj5oSWzKGD4IopBsrX0p1pv0wRczXK.'

    WHERE cloudaware-0000 is a placeholder for your Salesforce Org Id

    Tips:
    Avoid ! in the access token with /.
    Use single quotes around the -H value.
    Use a URL-encoded request URL.

    For more information, see Salesforce documentation on Working with Records and Working with Searches and Queries.

Load Custom Data to CMDB Using CLI

Assume we have a two-column dataset containing the EC2 instance IDs and a custom attribute ‘Demo Version’:

instanceID

Demo Version

i-XXXXXXXXXXXXXXXXA

3.4

i-XXXXXXXXXXXXXXXXB

3.7

i-XXXXXXXXXXXXXXXXZ

3.2

  1. Extract instanceID and Salesforce ID using CLI.

    To create a Salesforce-side dataset, run the following CLI command:

    CODE
    sfdx force:data:soql:query -q "SELECT Id, CA10__instanceID__c CA10__CaAwsInstance__c WHERE CA10__disappearanceTime__c = null" -u 'username'

    WHERE username is your Salesforce username (remove the single quotes)

    If you are not sure how to create a custom field on an existing object (for example, AWS EC2 Instance or CloudAware Physical Server), see Create a Custom Field.

  2. View CMDB current data.

    Here is an example:

Salesforce ID

instanceID

a0X4P00000KUkVSUA1

3.4

a0X4P00000KUkUTUA1

3.7

a0X4P00000LJsniUAD

3.2

  1. Use sorting and merging commands to create the final dataset.


    In the merged dataset, records are matched by instanceID. The instanceID itself does not need to be re-imported.

Salesforce ID

Demo Version

a0X4P00000KUkVSUA1

3.4

a0X4P00000KUkUTUA1

3.7

a0X4P00000LJsniUAD

3.2

  1. Run the following command to upload the merged dataset:

CODE
 sfdx force:data:bulk:upsert -s EC2_Instances -f ./path/to/file.csv -i Salesforce ID

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.