Thanks Stuart, that's almost awesome! 😂  I just couldn't find the syntax anywhere for generating reg keys so thanks for your reply.

The first command to generate a new registration key works fine.

The second command gives me an error...

If I run:

> show user name mattdunn show-certificates true

...then it returns all of my user info, including a line showing the cert registration key, so it seems there's something funky not quite right with the --format switch?  Do you have any ideas?

Cheers,

Matt

Hmm, that's odd. Works ok for me on R81.10 management:

The > at the start of your second line makes it look like there are some unbalanced quotes in there. The only quotes should be those around the value after jq. Single quotes around the whole string and double quotes around registration-key. 

Try it without the | jq bit and you should just get the JSON format output from the mgmt_cli command. 

I'm on R81.10 too, using the Command Line accessible from SmartConsole in this instance.

I'm running:

show user name mattdunn show-certificates true --format json | jq '.certificates[0]."registration-key"'

I copy/pasted from your original post so I know I have the correct quote symbols...  With or without the | jq part I still get the error about missing parameters.  Odd.  I'll keep having a play and see what I come up with... 😀

Ah!!  Just for a laugh I tried exactly the same command from a normal SSH session instead and it works!  I'm not sure what the difference is, but happy days 😀

Thanks for your help!

awesome news 🙂

The CLI in Smart Console is fine for pure API commands, but because the JQ tool is an external tool (eg, not part of mgmt_cli) you'll need to call that from an expert mode session. I'd guess that the Smart Console terminal tried to interpret the pipe and everything after it as API arguments.

I've since hit another snag which I'm trying to work around...  I've found if the user has already got a cert issued, or has had one in the past, a record of those active/revoked certs is still in the user details (if you run the show command without the json filter on the end), so in that case, even though somewhere in the user info output there is a new Registration Key code, your command just returns "null".

So it seems to only work for the very first time you issue a cert.  If you want to revoke and issue another code the "show" command doesn't work.  I presume there's a way to essentially do the equivalent of a | grep registration-key to show the code?

I'm useless at API/json commands but I'll have a Google and see what I can find... 

Cheers,

Matt

ahh yes you'll need to apply some filtering either in your script or with JQ. JQ can be a really useful tool, but sometimes it's not very friendly. If as part of your script for creating the registration key you create a random string for the comment (or at least something unique that can identity the new reg key) you can do something like this...

create the key with the unique comment / token:

mgmt_cli -r true set user name tempuser certificates.add.1.registration-key.comment "tempuserNEWKEY22"

Then to get the registration key which matches the unique comment:

mgmt_cli -r true show user name tempuser show-certificates true --format json | jq '.certificates[] | select(.comments == "tempuserNEWKEY22") | ."registration-key"'

That will return the reg key that matches the comment you provide. 

Awesome, thanks Stuart!  I'll do some more testing but that appears to work 😁