cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Flexera Policy Tool - '400 Bad Request' when trying to use configured account

I'm attempting to configure fpt to allow me upload policies as I work on them.

I've configured fpt as described in @https://github.com/rightscale/policy_sdk/tree/master/cmd/fpt

> fpt config account sbox3
Account ID: 133226
API endpoint host: us-4.rightscale.com
Refresh token: b0aaec366b0fc366df1336622dda366875b3660c
Flexera One (true if the refresh token is from the Flexera One platform, false if it is from the RightScale dashboard): false

(the actual account id / refresh token are not the ones shown above - I changed them for this post in the interest of security.)

When I now try use fpt to upload I get the following error:

> fpt upload test\listinstance.pt
ERROR: Authentication error: Authentication failed: 400 Bad Request - {"error":"invalid_grant","error_description":"Invalid grant"}

 

From the UI, using the same account, I am able to administer policies (upload, apply, terminate etc...)

Does anyone have any advice on what I am missing or where I can get further details that will help me get fpt working?

 

thanks,

Denis

(2) Solutions

One other thing I noticed that is incorrect with the config is the API endpoint host.
The valid API endpoints are listed in API Docs

In your case, the API endpoint host should be governance-4.rightscale.com

If you configured multiple accounts in the fpt config file make sure you are specifying the account name to use in the request
Ex: fpt -a sbox3 upload test\listinstance.pt

View solution in original post

Hi Abhashyam,
Thank you for your 2 responses.
The curl statement was successful.

> curl -i -H X-API-Version:1.5 -X POST
https://us-4.rightscale.com/api/oauth2 -d "grant_type=refresh_token" -d
"refresh_token="
HTTP/1.1 200 OK
Date: Wed, 04 Aug 2021 15:03:29 GMT

My issue is that I have configured multiple accounts - so I needed to use
the '-a' option.

> fpt -a sbox3 upload test\dvr_tag_checker.pt
Updated PolicyTemplate "dvr Untagged Resources"
(/api/governance/projects/122116/policy_templates/60fec730a0f7620001c874a7)
from test\dvr_tag_checker.pt

I don't see this option documented when I use fpt --help or review
https://github.com/rightscale/policy_sdk/tree/master/cmd/fpt#usage - is
there some more recent documentation that includes this option?
I have been able to cleanup the accounts
in C:\Users\\AppData\Roaming\RightScale\.fpt.yml

Thanks again - and apologies for delay in getting back to you, I was out of
the office for a few days.
--
Regards,
Denis





Denis Reynolds | Systems Engineer

QAD | Clive House, Plassey Tech Park, Limerick, Ireland

www.qad.com

View solution in original post

(5) Replies

The error you are seeing happens when the account_id, refresh_token combination you are using is incorrect. Can you please try making a curl request to Flexera Cloud Management API oauth2 endpoint using the refresh token and host in your fpt config to verify the parameters are correct?
Ex: 

curl -i -H X-API-Version:1.5 -X POST https://us-4.rightscale.com/api/oauth2 -d "grant_type=refresh_token" -d "refresh_token=b0aaec366b0fc366df1336622dda366875b3660c"

 

One other thing I noticed that is incorrect with the config is the API endpoint host.
The valid API endpoints are listed in API Docs

In your case, the API endpoint host should be governance-4.rightscale.com

If you configured multiple accounts in the fpt config file make sure you are specifying the account name to use in the request
Ex: fpt -a sbox3 upload test\listinstance.pt

Hi Abhashyam,
Thank you for your 2 responses.
The curl statement was successful.

> curl -i -H X-API-Version:1.5 -X POST
https://us-4.rightscale.com/api/oauth2 -d "grant_type=refresh_token" -d
"refresh_token="
HTTP/1.1 200 OK
Date: Wed, 04 Aug 2021 15:03:29 GMT

My issue is that I have configured multiple accounts - so I needed to use
the '-a' option.

> fpt -a sbox3 upload test\dvr_tag_checker.pt
Updated PolicyTemplate "dvr Untagged Resources"
(/api/governance/projects/122116/policy_templates/60fec730a0f7620001c874a7)
from test\dvr_tag_checker.pt

I don't see this option documented when I use fpt --help or review
https://github.com/rightscale/policy_sdk/tree/master/cmd/fpt#usage - is
there some more recent documentation that includes this option?
I have been able to cleanup the accounts
in C:\Users\\AppData\Roaming\RightScale\.fpt.yml

Thanks again - and apologies for delay in getting back to you, I was out of
the office for a few days.
--
Regards,
Denis





Denis Reynolds | Systems Engineer

QAD | Clive House, Plassey Tech Park, Limerick, Ireland

www.qad.com

Hi,
It is possible you are using an older version of the fpt tool.
You can check the version using 

fpt -v
fpt v1.3.0 - 2021-03-01 22:14:46 - 9cef5d487030b2a016d20238c8f04bd361a247dc

The latest version of the fpt tool does display the account option when using the help

fpt --help
usage: fpt [<flags>] <command> [<args> ...]

A command-line application for testing Flexera Policies. fpt contains a number of useful commands to help with development of Policies, including a syntax checker and policy
runner. Run fpt --help <command> for additional command specific help.

Flags:
  -h, --help             Show context-sensitive help (also try --help-long and --help-man).
  -d, --debug            Debug mode
  -c, --config="/Users/avinash/.fpt.yml"  
                         Config file path
  -a, --account=ACCOUNT  Config file account name to use
  -v, --version          Show application version.

 

Updated to latest version.
All good now.
Thanks.

--
Regards,
Denis





Denis Reynolds | Systems Engineer

QAD | Clive House, Plassey Tech Park, Limerick, Ireland

www.qad.com