Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 3. Using service accounts with services
The following information briefly describes how to use service accounts with services and the CLIENT_ID and CLIENT_SECRET variables. It is provided as a reference guideline only.
- Create a new Service account: Red Hat Hybrid Cloud Console Service accounts
Paste the following information on a terminal, replacing the CLIENT_ID and CLIENT_SECRET variables:
export HOST='https://sso.redhat.com' CLIENT_ID='<client_id>' CLIENT_SECRET='<client_secret>' SCOPES='openid api.iam.service_accounts'
Get a token for the service account with
curl "${HOST}/auth/realms/redhat-external/protocol/openid-connect/token" \ --data-urlencode "grant_type=client_credentials" \ --data-urlencode "client_id=${CLIENT_ID}" \ --data-urlencode "client_secret=${CLIENT_SECRET}" \ --data-urlencode "scope=${SCOPES}"
If you have jq installed (a command-line JSON processor), you can save the token to an env var:
export ACCESS_TOKEN=$( \ curl "${HOST}/auth/realms/redhat-external/protocol/openid-connect/token" \ --data-urlencode "grant_type=client_credentials" \ --data-urlencode "client_id=${CLIENT_ID}" \ --data-urlencode "client_secret=${CLIENT_SECRET}" \ --data-urlencode "scope=${SCOPES}" \ | jq -r '.access_token')
Send a request to an application that supports service accounts:
curl --header "Authorization:Bearer ${ACCESS_TOKEN}" --location "https://console.redhat.com/api/rbac/v1/access/?application=inventory"
- The response should be empty, or unprivileged depending on the app. Try adding the service account to an RBAC group, and adding roles to that group. User Access Groups
- After roles are added to the service account group, repeat step 3 to grab a fresh token and attempt the request again. You should now have more privileges and get proper responses from applications.