Issue Token for Rok Registry User

This section will guide you through issuing a token for a Rok Registry user.

What You’ll Need

  • A configured management environment that has access to your Rok Registry cluster.
  • Credentials for your Rok Registry account.

Procedure

  1. Define the base URL of your Rok Registry installation:

    root@rok-tools:~# export ROK_REGISTRY_URL=<URL>

    Replace <URL> with the base URL of your installation. For example:

    root@rok-tools:~# export ROK_REGISTRY_URL=https://arrikto-cluster.apps.example.com/registry
  2. Visit Rok Registry at the specified URL and sign in with your credentials.

  3. Click on your name at the top right corner of the screen.

    ../../_images/registry_user_menu.png
  4. Navigate to the My buckets page.

    ../../_images/registry_user_menu_buckets.png
  5. Set your Rok Registry username:

    root@rok-tools:~# export ROK_REGISTRY_USERNAME=<USERNAME>

    Replace <USERNAME> with your username, for example:

    root@rok-tools:~# export ROK_REGISTRY_USERNAME=jdoe

    You can find your username in the center of the screen. It is preceeded by a @ symbol.

    ../../_images/registry_user_handle.png
  6. Find the UUID that corresponds to your Rok Registry account:

    root@rok-tools:~# export ROK_REGISTRY_UUID=$(kubectl exec \ > -it \ > -n rok-registry \ > svc/rok-registry \ > -- \ > rok-fort-manage account-list \ > | awk '{print $1" "$3}' \ > | grep ${ROK_REGISTRY_USERNAME?} \ > | awk '{print $1}')
  7. Set the expiration time of the token in seconds:

    root@rok-tools:~# export ROK_REGISTRY_TOKEN_DURATION=<DURATION>

    Replace <DURATION> with the desired duration of the token in seconds. For example, if you want the token to last 24 hours:

    root@rok-tools:~# export ROK_REGISTRY_TOKEN_DURATION=$(( 24 * 3600 ))
  8. Create a token for the Rok Registry user:

    root@rok-tools:~# export ROK_REGISTRY_TOKEN=$(kubectl exec \ > -it \ > -n rok-registry \ > svc/rok-registry \ > -- \ > rok-fort-manage token-create \ > --user ${ROK_REGISTRY_UUID} \ > --duration ${ROK_REGISTRY_TOKEN_DURATION?} \ > --no-borders \ > | grep Token \ > | awk '{print $2}')

Verify

  1. Verify that your token is valid, by making a request to the Rok Registry API:

    root@rok-tools:~# curl ${ROK_REGISTRY_URL?}/auth/v1/token \ > -w '\n' \ > -H "Authorization: Bearer $(printenv ROK_REGISTRY_TOKEN)" {"uuid": "4545458c-2050-415a-8af4-e8f6b041238c", "created_at": "2021-11-16T16:33:16.902141+00:00", "expires_at": "2021-11-17T16:33:16.893054+00:00", "user": ...}

    Troubleshooting

    Unauthorized

    If the above command returns an “unauthorized” response like the following:

    {"unauthorized": {"message": "Unauthorized", "code": 401, "details": "This server could not verify that you are authorized to access the document you requested"}}

    it means that your token is either malformed or has expired. To proceed, run the Procedure to issue a new token.

Summary

You have successfully issued a token for a Rok Registry user.

What’s Next

Check out the rest of the operations you can perform on your Rok Registry deployment.