Solved: Issue creating user with management API

externpinilla-o · 05-20-2019 09:36 AM

Hello everyone,

I´m trying to create a User using the Management API, but I´ve found some issues on our Private Cloud Installation 4.19.01:

First I created the User using the POST call:

https://apidocs.apigee.com/management/apis/post/users

{ 
   "firstName" : "myName", 
   "lastName" : "myLastname", 
   "password" : "not_used", 
   "emailId" : "myMail@my.domain.de" 
}

After that, I can query the users with

https://apidocs.apigee.com/management/apis/get/users

and I get the users listed (including the new one)

{
    "user": [
        {
            "name": "someUser@my.domain.de"
        },
        {
            "name": "myMail@my.domain.de"
        }
    ]
}

But when I query the User Info, I get an Error saying that the user does not exists.

https://apidocs.apigee.com/management/apis/get/users/%7Buser_email%7D

{
    "code": "usersandroles.UserDoesNotExist",
    "message": "User myMail@my.domain.de does not exist",
    "contexts": []
}

Also I cannot delete the user, because it says the user does not exists.

Anyone had such an Issue?

Thanks in advance

externpinilla-o

The issue was in the user definition:

You can create a User globally or for an specific Org.

If the user is created for an specific Org using "v1/org/myOrg/users", then it won´t be listed in the Edge-UI until you add it to any role in the Org. BUT you won´t be able to login in the Edge UI and you won´t see the user details either.
In this case, you should make any interactions (for example DELETE) also using "v1/org/myOrg/users", because you won´t get any details using GET "v1/users"
Also even if "v1/users" doesn´t find the user, you won´t be able to create one there, because there is actually a user, but it´s just not reacheable as global, but only on the org.

Therefore better create the user globally using "v1/users", so that they can login, you can view the Info in the Edge UI and so on.

Thanks @Nagashree B for your help

View solution in original post

nagashree_b

@EXTERNPINILLAOSCAR

The user creation with management API is a two step process. You create a user and then link a role to that username. Check reference below -

https://apidocs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/userroles/%7Brole_name%...

The error you are seeing is because - the user info provides the user's role as well.

The docs for Create Users mentions this

After you create the user in an organization, you must assign the user to a role in an organization. Roles determine the access rights of the user on Edge. SeeAdd a user to a rolefor more.

externpinilla-o

Thanks for your answer.

I have already verified that.

I added my user to the "readonly" Custom Role but I still get the same error by querying the User.

Also this Custom Role is being used by another User, and you can get the Info of the other one without any problem

nagashree_b

@EXTERNPINILLAOSCAR

1. Can you check by listing the roles in the Admin menu, does the user show up there?

2. Can you try creating a new user and assigning the role - does that work?

3. Did you delete the user (the one that's not working) with the email id at some point?

4. Does updating the same user with a PUT request work? (http://<mgmt server:port>/v1/users/<user email>)

externpinilla-o

1. Can you check by listing the roles in the Admin menu, does the user show up there?

The user is showing up

2. Can you try creating a new user and assigning the role - does that work?

By creating a new user, everything went well and it did worked.

I guess you have to give it some time to replicate the data, before you can assign the user to a role.

3. Did you delete the user (the one that's not working) with the email id at some point?

I´ve been trying to do it, but using the DELETE doesn´t seems to work.

4. Does updating the same user with a PUT request work? (http://<mgmt server:port>/v1/users/<user email>)

Here I get the same error as by DELETE:

externpinilla-o

The issue was in the user definition:

You can create a User globally or for an specific Org.

If the user is created for an specific Org using "v1/org/myOrg/users", then it won´t be listed in the Edge-UI until you add it to any role in the Org. BUT you won´t be able to login in the Edge UI and you won´t see the user details either.
In this case, you should make any interactions (for example DELETE) also using "v1/org/myOrg/users", because you won´t get any details using GET "v1/users"
Also even if "v1/users" doesn´t find the user, you won´t be able to create one there, because there is actually a user, but it´s just not reacheable as global, but only on the org.

Therefore better create the user globally using "v1/users", so that they can login, you can view the Info in the Edge UI and so on.

Thanks @Nagashree B for your help

nagashree_b

Glad you figured it out. I surely didn't know you can create users for a specific ORG using

"v1/org/myOrg/users". Did you get that from the docs?

externpinilla-o

Not really, it just "happened" after configuring lots of roles and stuff from the Org.

https://apidocs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/userroles/%7Brole_name%...

You can use "v1/org/myOrg/users" to get the list of users from that Org, and somehow I started using this path for the other calls (and sadly also creating a user).

I guess that´s an unwanted use of the API ...