Shotgrid event daemon error

Hello team,

We have migrated the shotgun website to Shotgrid and followed all the procedures mentioned. But the event daemon which we have created is not working with the same script and key which we were using before migration. I am getting the following error while running the same plugin. I tried to run an event daemon with username and password(which is risky) but that is also not working. Need solution urgently,

Aborted request with Autodesk Identity: Current user must be an Admin logged in with Identity

Also , Error getting while using login and password,

Unknown error: Can’t authenticate user

Thanks
Alam

OH, deamon. One more thing I need to check. But I know “things” about user-authenticated Shotgun instance.

from shotgun_api3 import Shotgun
sg = Shotgun(
    base_url="https://yoursite.shotgunstudio.com",
    login="your.lagacy.sg.login.name",
    password='your legacy sg password',
    auth_token='PTA token by Autodesk'
)

Makes no sense, but it’s working…

P.S. I’ve stumbled upon some ADSK guidelines about using API-script authentication, as it also needs a IT/TD attention, but can’t find it. Last few days were horrible.

Found something.

Q. What happens to my scripts that use script_name/api_keys for authentication? Will they continue to work?
Yes. They will continue to work as they did previously, but the status of an “Active” state cannot be changed—only a scripts authenticated with username/password can do that.

But

Q. Are there changes to the API behavior for my scripts that use script_name/api_keys to authenticate?
Yes. Scripts that use script_name/api_keys to authenticate will not be able to Activate users anymore. If the API tries to create a new Active user, that user is created as Inactive.
To activate a user, you must be logged in with your Autodesk Identity and use one of the following methods: 1. Logged in through the ShotGrid user interface. 2. Logged in through scripts using username/password with a configured Personal Access Token.

Found here:
https://knowledge.autodesk.com/support/shotgrid/learn-explore/caas/CloudHelp/cloudhelp/ENU/SG-Migration/files/mi-migration/SG-Migration-mi-migration-mi-faq-html-html.html

And it’s actually what I see in my pipeline. The scripts are still working well. It’s something

Hello,

Following are the findings,

I have tried following things after creating PTA,

sg.Shotgun(“https://abc.shotgunstudio.com”, login=“xyz@abc.com”, password=“######”)

<shotgun_api3.shotgun.Shotgun object at 0x7f7ba361cd50>

This is not working in event daemon

sg.Shotgun(“https://abc.shotgunstudio.com”, script_name=“logArgs.py”, api_key=“######”)

<shotgun_api3.shotgun.Shotgun object at 0x7f7ba36219d0>

This is not working in event daemon

sg.Shotgun(“https://abc.shotgunstudio.com”, script_name=“logArgs.py”, api_key=“######”, auth_token=“######”)

ValueError: must provide a user login and password with an auth_token

This is not working in event daemon

sg.Shotgun(“https://abc.shotgunstudio.com”, login=“xyz@abc.com”, password=“######”, auth_token=“######”)

shotgun_api3.shotgun.AuthenticationFault: Can’t authenticate user ‘xyz@abc.com’

This is not working in event daemon

sg.Shotgun(“https://abc.shotgunstudio.com”, login=“xyz”, password=“######”, auth_token=“######”)

shotgun_api3.shotgun.AuthenticationFault: Can’t authenticate user ‘xyz’

This is not working in event daemon

But We still not able to run the event daemon script.

Regards,

Alam

Here it works fine with a script user.
Note that script_name is the script user name, not the name of a python script.

Sorry for hijacking this thread, I have the exact same error (since the migration to Shotgrid / Autodesk). I am using a script (not an user) with the python API. When trying to delete a disabled user I get:

Delete failed for [HumanUser with id=...]: Aborted request with Autodesk Identity: Current user must be an Admin logged in with Identity

@patrick-hubert-adsk

Hi @eeight

I will need to double-check this, but from my understanding of our intents, what you describe seems like a bug.

I believe that it should be possible to delete an entity (HumanUser in this instance) using a ScriptName and API Key.

I’ll get back to you (well, to this thread) as soon is I get a chance to try it.

-Patrick

Hi @eeight

I believe the issue you describe has been fixed by release v8.27.0.8278 (build 543a616). I cannot seem to find the release notes for that version, my apologies.

I’ve done 2 HumanUser delete tests, one on a fully migrated to Autodesk Identity site, and another one on a site in the middle of the transition (with the 2 modes enabled).

In both of my tests, I was able to delete a disabled HumanUser successfully.

So either the issue was indeed fixed with the build I indicated, or there is something missing in my test.

Please let us know if the issue is still there,

-Patrick

My site is migrated and after migration I am getting following error using script_name and api_key. This script was working properly over 3 months before migration.

shotgun_api3.shotgun.Fault: API batch() request with index 0 failed.  All requests rolled back.
API update() CRUD ERROR #701: Update failed for [HumanUser.sg_status_list]: Aborted request with Autodesk Identity: Current user must be an Admin logged in with Identity

Data :

[{'request_type': 'update', 'attribute_name': 'sg_status_list', 'entity_type': 'HumanUser', 'entity_id': 1046, 'field_data_type': 'status_list', 'data': {'sg_status_list': 'dis'}}]

Still there:
shotgun_api3.shotgun.Fault: API delete() CRUD ERROR #701: Delete failed for [HumanUser with id=...]: Aborted request with Autodesk Identity: Current user must be an Admin logged in with Identity

Like I said I am not using a login / password, but script_name with api key. The user I am deleting doesn’t have an autodesk identity (added by my script as disabled).

Hi @eeight

We are talking about a hosted version of ShotGrid, not a local install, correct ?

Are you using sudo_as ?

I am doing things the same way you describe, and I have no problems.
What permission group is your script ?

-Patrick

Hi @khonder

Are you updating the sg_status_list to act ?

-Patrick

Hosted version of Shotgrid. I am not using sudo_as, my script was working well before the migration without this sudo_as_login. Permission group is API Admin

When trying to delete an human with sudo_as_login admin:
shotgun_api3.shotgun.AuthenticationFault: Cannot 'sudo' - user account has 'can_impersonate_this_user' turned off: 'MyAdminUser' ← how to enable?

When trying to delete an human with a “normal” user:

shotgun_api3.shotgun.Fault: API delete() CRUD ERROR #701: Delete failed for [HumanUser with id=...]: Aborted request with Autodesk Identity: Current user must be an Admin logged in with Identity with a valid bound Personal Access Token

Like I said pre-migration it was working without the sudo_as_login.

Hi @patrick-hubert-adsk,

Yes actually, I want to disable user on certain condition.

-Rohit

Hi @eeight

At this point, I will need to look at the logs on you site to see if I can spot anything

Can you share your site name ? Either publicly or via a private message to me ?

-Patrick

@patrick-hubert-adsk How to enable “can_impersonate_this_user” on my admin user?

@eeight @khonder

So we are confirming that there is indeed a bug. We have created a ticket for it and will be handling it with priority.

As for the question : where is can_impersonate_this_user is defined ?
In the People page, there is a column name “Admins Can Perform Actions As”. This to prevent other people who can use the Use as Another User menu to assume the role of an Admin.

Screen Shot 2021-07-27 at 20.39.00830×256 7.64 KB

Question for you @eeight : if your script was working without using sudo_as_login, why have you changed your code to use it now ?

-Patrick

because it was not working as expected, so tried with sudo_as_login. will revert back and wait for the fix

Hi @eeight

The ticket is SG-23426, which will be mentioned in the release notes when fixed.

-Patrick

Any ETA?