Skip to content

[patch] Fix initial user creation facilities support #154

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
durera merged 3 commits into from
Dec 16, 2025
Merged

[patch] Fix initial user creation facilities support #154

durera merged 3 commits into from
Dec 16, 2025

Conversation

@tomklapiscak
Copy link
Contributor

@tomklapiscak tomklapiscak commented Dec 16, 2025
edited
Loading

Description

Fixes support for facilities in the mas-devops-create-initial-users-for-saas script run by the ibm-create-initial-users. Gitops Job. See walkthrough for details.

Fix issues causing the script to fail when facilities app is installed

When facilities app installed, users created by the script would fail to sync with facilities due to:

AIUI1101E: Internal user agent error. Details: [main <email>] synched: status_code: 500 r.text {"message":"Cannot invoke \"com.ibm.tririga.platform.usf.mascore.model.MasCoreUserData.getPhoneNumbers()\" because \"userData\" is null"}

AIUI1101E: Internal user agent error. Details: [main <email>] synched: status_code: 500 r.text {"message":"Cannot invoke \"com.ibm.tririga.platform.usf.mascore.model.MasCoreUserData.getAddresses()\" because \"userData\" is null"}

and with manage due to:

AIUI1101E: Internal user agent error. Details: [main <email>] synched: status_code: 400 r.text Error 400: BMXAA4190E - Real estate and facilities ADMIN is not in the value list.

This PR fixes these issues by ensuring:

  • addresses and phoneNumbers are set (to an empty list) when the user is created.
  • a valid role is used when assigning user access to facilities (PREMIUM for primary users and BASE for secondary users)

Allow user_id to be (optionally) specified, otherwise default to using email (as before)

There is also a need to be able to use this script to create the special FACILITIESADMIN user. To support this, the assumption that created user emails and ids are always the same has been removed by adding an additional id field to the inputs. This field is optional. If absent, email will continue to be used as the id for backwards compatibility.

In the initial users secret JSON, the new id field is a fourth optional element, e.g.:

{
  "user1@email.com": "primary,john,smith"
}

Will use user1@email.com as the user's ID and email (as before)

{
  "facilitiesadmin@email.com": "primary,john,smith, facilitiesadmin"
}

Will use facilitiesadmin@email.com as the user's email, but facilitiesadmin as their ID.

Testing

Unit tests updated

Verified manually by running the script from my laptop against a MAS 9.1.5 (Manage 9.1.5, Facilities 9.1.4) instance:

initial user secret:

{
   "initialusertest1@suite.maximo.com":"primary,f1,l1",
   "initialusertest2@suite.maximo.com":"primary,f2,l2,initialusertest2"
}

$ mas-devops-create-initial-users-for-saas \
    --mas-instance-id masaudit \
    --mas-workspace-id main \
    --log-level INFO \
    --initial-users-secret-name initialusertest \
    --manage-api-port 8443 \
    --coreapi-port 8444 \
    --admin-dashboard-port 8445

2025-12-16 16:01:32,221   root                                               [MainThread] INFO     Configuration:
2025-12-16 16:01:32,221   root                                               [MainThread] INFO     --------------
2025-12-16 16:01:32,221   root                                               [MainThread] INFO     mas_instance_id:           masaudit
2025-12-16 16:01:32,221   root                                               [MainThread] INFO     mas_workspace_id:          main
2025-12-16 16:01:32,221   root                                               [MainThread] INFO     initial_users_yaml_file:   None
2025-12-16 16:01:32,221   root                                               [MainThread] INFO     initial_users_secret_name: initialusertest
2025-12-16 16:01:32,221   root                                               [MainThread] INFO     log_level:                 20
2025-12-16 16:01:32,221   root                                               [MainThread] INFO     coreapi_port:              8444
2025-12-16 16:01:32,221   root                                               [MainThread] INFO     admin_dashboard_port:      8445
2025-12-16 16:01:32,221   root                                               [MainThread] INFO     manage_api_port:           8443
2025-12-16 16:01:32,221   root                                               [MainThread] INFO
2025-12-16 16:01:32,226   root                                               [MainThread] INFO     Loading initial_users configuration from secret initialusertest
2025-12-16 16:01:32,233   botocore.credentials                               [MainThread] INFO     Found credentials in environment variables.
2025-12-16 16:01:37,529   mas.devops.users.MASUserUtils                      [MainThread] INFO     Waiting for manage to become ready and available: 600.00 seconds remaining
2025-12-16 16:01:39,019   mas.devops.users.MASUserUtils                      [MainThread] INFO     Waiting for facilities to become ready and available: 600.00 seconds remaining
2025-12-16 16:01:40,306   mas.devops.users.MASUserUtils                      [MainThread] INFO
2025-12-16 16:01:40,307   mas.devops.users.MASUserUtils                      [MainThread] INFO     Syncing primary user with email initialusertest1@suite.maximo.com
2025-12-16 16:01:41,756   mas.devops.users.MASUserUtils                      [MainThread] INFO     Creating new user initialusertest1@suite.maximo.com
2025-12-16 16:01:47,411   mas.devops.users.MASUserUtils                      [MainThread] INFO     Linking user initialusertest1@suite.maximo.com to local IDP (email_password: True)
2025-12-16 16:01:50,266   mas.devops.users.MASUserUtils                      [MainThread] INFO     Adding user initialusertest1@suite.maximo.com to main (is_workspace_admin: True)
2025-12-16 16:01:51,560   mas.devops.users.MASUserUtils                      [MainThread] INFO     Waiting for manage to become ready and available: 600.00 seconds remaining
2025-12-16 16:02:03,460   mas.devops.users.MASUserUtils                      [MainThread] INFO     Setting user initialusertest1@suite.maximo.com role for manage to MANAGEUSER
2025-12-16 16:02:05,093   mas.devops.users.MASUserUtils                      [MainThread] INFO     Waiting for facilities to become ready and available: 600.00 seconds remaining
2025-12-16 16:02:08,235   mas.devops.users.MASUserUtils                      [MainThread] INFO     Setting user initialusertest1@suite.maximo.com role for facilities to PREMIUM
2025-12-16 16:02:09,499   mas.devops.users.MASUserUtils                      [MainThread] INFO     Awaiting user initialusertest1@suite.maximo.com sync status "SUCCESS" for app manage: 600.00 seconds remaining
2025-12-16 16:02:35,599   mas.devops.users.MASUserUtils                      [MainThread] INFO     User initialusertest1@suite.maximo.com sync has not been completed yet for app manage (currrently PENDING): 573.90 seconds remaining
2025-12-16 16:02:41,757   mas.devops.users.MASUserUtils                      [MainThread] INFO     Awaiting user initialusertest1@suite.maximo.com sync status "SUCCESS" for app facilities: 600.00 seconds remaining
2025-12-16 16:02:45,265   mas.devops.users.MASUserUtils                      [MainThread] INFO     Reusing existing Manage API Key for user MAXADMIN
2025-12-16 16:02:52,203   mas.devops.users.MASUserUtils                      [MainThread] INFO     Adding user initialusertest1@suite.maximo.com to Manage group MAXADMIN
2025-12-16 16:02:55,422   mas.devops.users.MASUserUtils                      [MainThread] INFO     Completed sync of primary user initialusertest1@suite.maximo.com
2025-12-16 16:02:55,423   mas.devops.users.MASUserUtils                      [MainThread] INFO
2025-12-16 16:02:55,423   mas.devops.users.MASUserUtils                      [MainThread] INFO     Syncing primary user with email initialusertest2@suite.maximo.com
2025-12-16 16:02:56,727   mas.devops.users.MASUserUtils                      [MainThread] INFO     Creating new user initialusertest2
2025-12-16 16:03:01,765   mas.devops.users.MASUserUtils                      [MainThread] INFO     Linking user initialusertest2 to local IDP (email_password: True)
2025-12-16 16:03:04,814   mas.devops.users.MASUserUtils                      [MainThread] INFO     Adding user initialusertest2 to main (is_workspace_admin: True)
2025-12-16 16:03:05,997   mas.devops.users.MASUserUtils                      [MainThread] INFO     Waiting for manage to become ready and available: 600.00 seconds remaining
2025-12-16 16:03:17,487   mas.devops.users.MASUserUtils                      [MainThread] INFO     Setting user initialusertest2 role for manage to MANAGEUSER
2025-12-16 16:03:19,074   mas.devops.users.MASUserUtils                      [MainThread] INFO     Waiting for facilities to become ready and available: 600.00 seconds remaining
2025-12-16 16:03:21,940   mas.devops.users.MASUserUtils                      [MainThread] INFO     Setting user initialusertest2 role for facilities to PREMIUM
2025-12-16 16:03:23,326   mas.devops.users.MASUserUtils                      [MainThread] INFO     Awaiting user initialusertest2 sync status "SUCCESS" for app manage: 600.00 seconds remaining
2025-12-16 16:03:50,054   mas.devops.users.MASUserUtils                      [MainThread] INFO     User initialusertest2 sync has not been completed yet for app manage (currrently PENDING): 573.27 seconds remaining
2025-12-16 16:03:56,466   mas.devops.users.MASUserUtils                      [MainThread] INFO     Awaiting user initialusertest2 sync status "SUCCESS" for app facilities: 600.00 seconds remaining
2025-12-16 16:03:59,804   mas.devops.users.MASUserUtils                      [MainThread] INFO     Reusing existing Manage API Key for user MAXADMIN
2025-12-16 16:04:04,530   mas.devops.users.MASUserUtils                      [MainThread] INFO     Adding user initialusertest2 to Manage group MAXADMIN
2025-12-16 16:04:07,186   mas.devops.users.MASUserUtils                      [MainThread] INFO     Completed sync of primary user initialusertest2@suite.maximo.com
2025-12-16 16:04:07,186   root                                               [MainThread] INFO     Removing synced user initialusertest1@suite.maximo.com from initialusertest secret
2025-12-16 16:04:07,186   root                                               [MainThread] INFO     Removing synced user initialusertest2@suite.maximo.com from initialusertest secret
2025-12-16 16:04:07,186   root                                               [MainThread] INFO     Updating secret initialusertest

Both users were created successfully with expected access rights, and it was possible to login as them.

@tomklapiscak tomklapiscak requested a review from a team as a code owner December 16, 2025 15:47
@durera durera added this pull request to the merge queue Dec 16, 2025
Merged via the queue into stable with commit e93c898 Dec 16, 2025
2 checks passed
@durera durera deleted the init-users-fac-support branch December 16, 2025 16:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@durera durera durera approved these changes

@dushyantbangal dushyantbangal Awaiting requested review from dushyantbangal

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tomklapiscak @durera