-
Notifications
You must be signed in to change notification settings - Fork 93
Cheatsheet and Examples
This document provides useful example commands for the Commerce Cloud CLI. The latest release of the CLI can be downloaded at https://github.com/SalesforceCommerceCloud/sfcc-ci/releases.
Steps for installation see Installation Instructions.
$ sfcc-ci sandbox:create --realm <tenant> --sync
-
<tenant>is the customer specific tenant identifier (aka realm)
$ sfcc-ci role:grant --login <user> --role bm-admin --scope <tenant>_<sbx>
$ sfcc-ci role:grant --login <user> --role logcenter-user --scope <tenant>_<sbx>
$ sfcc-ci role:grant --login <user> --role ocapi-explorer-debug-user --scope <tenant>_<sbx>
-
<user>is the Account Manager user to grant access -
<tenant>is the customer specific tenant identifier (aka realm)
$ sfcc-ci sandbox:list --json | jq '. | max_by(.createdAt)
$ sfcc-ci sandbox:restart --sandbox <sandbox>
$ sfcc-ci sandbox:realm:list --realm <tenant> --json | jq '.configuration.sandbox.totalNumberOfSandboxes - .usage.activeSandboxes'
$ sfcc-ci code:list -i <instance> --json | jq '.data[] | select(.active) | .id' -r
- is the B2C Commerce instance
Assuming, you are in the project root and you have B2C Commerce cartridges under subfolder /cartridges, run:
# Package locally
$ mkdir -p tmp/code
$ cp -R cartridges/* tmp/code
$ cd tmp
$ zip -r -q code.zip code
$ rm -r code
# Deploy to instance
$ sfcc-ci code:deploy tmp/code.zip -i <instance>
$ sfcc-ci code:activate code -i <instance>
$ sfcc-ci job:run <job> --instance <instance> --sync --json | jq '.execution_status' -r
-
<job>is the job to run -
<instance>is the B2C Commerce instance
The commands below require special permission in Account Manager. Your user has to have role account-admin in order to run the commands.
To create a new user in Account Manager for your org run:
$ sfcc-ci user:create --org <org> --login <email> --user '{"firstName":"<firstName>", "lastName":"<lastName>", "roles": ["xchange-user","doc-user"]}'
-
<org>is the org in Account Manager the new user is created in -
<email>is the email address of the new user -
<firstName>is the first name of the new user -
<lastName>is the last name of the new user
To get details of an Account Manager user run:
$ sfcc-ci user:list --login <email>
-
<email>is the email address of the user
For batch user creation and assuming you have all users in a text file new_users.txt with email address, first name, last name (lines separated by \n and fields separated by \t)
e.g.
john.doe@org.com John Doe
jane.doe@org.com Jane Doe
run:
$ cat new_users.txt | while read email first last ; do sfcc-ci user:create --org <org> --login $email --user '{"firstName": "'$first'", "lastName": "'$last'"}' ; done
To get details of the local user on a B2C Commerce instance run:
$ sfcc-ci user:list --instance my-instance.demandware.net --login <login>
-
<login>is the login name of the user
To create a new local user on a B2C Commerce instance run:
$ sfcc-ci user:create --instance my-instance.demandware.net --login <login> --user '{"email":"<email>", "first_name":"<first>", "last_name":"<last>", "roles": ["<role>"]}'
-
<login>is the login name of the new user -
<email>is the email address of the new user -
<first>is the first name of the new user -
<last>is the last name of the new user -
<role>is a single role to grant to the user
To create a new local user on a B2C Commerce instance who uses Account Manager to authenticate run:
$ sfcc-ci user:create --instance my-instance.demandware.net --login <email> --user '{"external_id":"<user_id>", "email": "<email>", "last_name": "<last>"}'
-
<email>is the email address (user name) of the user in Account Manager -
<user_id>is the id of the user in Account Manager -
<last>is the last name of the user
To grant a role to an Account Manager user run:
$ sfcc-ci role:grant --login me@org --role doc-user
To grant a role with a specific scope to an Account Manager user run:
$ sfcc-ci role:grant --login me@org --role bm-user --scope zzzz_stg
To revoke a role with a specific scope from an Account Manager user run:
$ sfcc-ci role:revoke --login me@org --role bm-user --scope zzzz_stg
To revoke a role completely from an Account Manager user run:
$ sfcc-ci role:revoke --login me@org --role bm-admin
To batch report the number of Business Manager users on a B2C Commerce instance run:
$ echo 'my-instance1.demandware.net
my-instance2.demandware.net
my-instance3.demandware.net' | while read i ; do echo $i" : "`sfcc-ci user:list --instance $i --query '{"term_query":{"fields":["external_id"],"operator":"is_null"}}' --json | jq '.total'`; done
Extract list of Business Manager users from a B2C instance into CSV:
$ sfcc-ci user:list --instance my-instance.demandware.net --json | jq '.hits' | jq -r '. | (map(keys) | add | unique | sort) as $cols | map(. as $row | $cols | map($row[.]|tostring)) as $rows | $cols, $rows[] | @csv'
Query the number of Business Manager users on a B2C Commerce instance (who are not linked into Account Manager), run:
$ sfcc-ci user:list --instance my-instance.demandware.net --query '{"term_query":{"fields":["external_id"],"operator":"is_null"}}' --json | jq '.total'
Check if user(s) have an Account Manager user profile:
$ echo 'user1@org
user2@org' | while read i ; do echo $i": "`sfcc-ci user:list --login $i --json | jq '.id' -r`; done
Query local users who are enabled and not linked to Account Manager:
$ sfcc-ci user:list --instance my-instance.demandware.net --query '{"bool_query":{"must":[{"term_query":{"fields":["external_id"],"operator":"is_null"}},{"term_query":{"fields":["disabled"],"operator":"is","values":["false"]}}]}}'
Query unique email hosts from all Account Manager users
$ sfcc-ci user:list --json -c 2500 | jq '.content[].mail' -r | awk -F\@ '{print $2}' | sort | uniq
Query duplicate email aliases from all Account Manager users
$ sfcc-ci user:list --json -c 2500 | jq '.content[].mail' -r | awk -F\@ '{print $1}' | sort --ignore-case | uniq -i -c | sort -r | grep -v ' 1'
Finding all users with Business Manager Administrator role on a B2C Commerce instance <realm>_<env>:
$ sfcc-ci user:list --json -c 2500 | jq '[ .content[] | select(.roleTenantFilterMap["ECOM_ADMIN"] | index("<realm>_<env>")) ]'
List users with only their email and user state:
$ sfcc-ci user:list --json | jq '[ .content[] | with_entries(select([.key] | inside(["mail","userState"]))) ]'
List users invited from other orgs into an org (my_org) having the Account Administrator role:
$ sfcc-ci user:list --org 'my_org' --role account-admin --json | jq '[ .content[] | select(.primaryOrganization != "my_org_id") ]'
(while my_org is the human readable name of the org, my_org_id is the UUID of the org. You can learn about the org UUID, by using the command sfcc-ci org:list)
Find all users created within a given date time range (given two date times):
$ sfcc-ci user:list --org 'my_org' --json | jq '.content[] | select(.createdAt > "YYYY-MM-DDTHH:ii:ssZ" and .createdAt < "YYYY-MM-DDTHH:ii:ssZ")'
(YYYY-MM-DDTHH:ii:ssZ is the date time in Zulu/GMT time, e.g. 2023-10-27T08:26:00Z for Oct 26, 2023 8:26:00 am GMT)
List users who are enabled for MFA (verifiers set):
$ sfcc-ci user:list --json | jq '.content[] | select(.verifiers != [])'
List users who are NOT enabled for MFA (verifiers not set, note that MFA verification may happen outside of Salesforce Account Manager in case a user is linked to a Salesforce user account via Salesforce Identity, in such a case the property linkedToSfIdentity is set to true):
$ sfcc-ci user:list --json | jq '.content[] | select(.verifiers == [])'
incl. users who are not authenticating via Salesforce Identity:
$ sfcc-ci user:list --json | jq '.content[] | select(.verifiers == [] and .linkedToSfIdentity == false)'
Fetch audit logs for changes made to a user:
$ sfcc-ci user:list --login someone@org --auditlogs
Fetch a user's creation date:
$ sfcc-ci user:list --login someone@org --auditlogs --json | jq '.content[] | select(.eventType == "USER_CREATED")'
Fetch audit logs for changes made to organization configuration:
$ sfcc-ci org:list --org myorg --auditlogs