Issue Token for Rok Registry User¶
This section will guide you through issuing a token for a Rok Registry user.
What You’ll Need¶
- A configured management environment that has access to your Rok Registry cluster.
- Credentials for your Rok Registry account.
Procedure¶
Define the base URL of your Rok Registry installation:
root@rok-tools:~# export ROK_REGISTRY_URL=<URL>Replace
<URL>
with the base URL of your installation. For example:root@rok-tools:~# export ROK_REGISTRY_URL=https://arrikto-cluster.apps.example.com/registryVisit Rok Registry at the specified URL and sign in with your credentials.
Click on your name at the top right corner of the screen.
Navigate to the My buckets page.
Set your Rok Registry username:
root@rok-tools:~# export ROK_REGISTRY_USERNAME=<USERNAME>Replace
<USERNAME>
with your username, for example:root@rok-tools:~# export ROK_REGISTRY_USERNAME=jdoeYou can find your username in the center of the screen. It is preceeded by a
@
symbol.Find the UUID that corresponds to your Rok Registry account:
root@rok-tools:~# export ROK_REGISTRY_UUID=$(kubectl exec \ > -it \ > -n rok-registry \ > svc/rok-registry \ > -- \ > rok-fort-manage account-list \ > | awk '{print $1" "$3}' \ > | grep ${ROK_REGISTRY_USERNAME?} \ > | awk '{print $1}')Set the expiration time of the token in seconds:
root@rok-tools:~# export ROK_REGISTRY_TOKEN_DURATION=<DURATION>Replace
<DURATION>
with the desired duration of the token in seconds. For example, if you want the token to last 24 hours:root@rok-tools:~# export ROK_REGISTRY_TOKEN_DURATION=$(( 24 * 3600 ))Create a token for the Rok Registry user:
root@rok-tools:~# export ROK_REGISTRY_TOKEN=$(kubectl exec \ > -it \ > -n rok-registry \ > svc/rok-registry \ > -- \ > rok-fort-manage token-create \ > --user ${ROK_REGISTRY_UUID} \ > --duration ${ROK_REGISTRY_TOKEN_DURATION?} \ > --no-borders \ > | grep Token \ > | awk '{print $2}')
Verify¶
Verify that your token is valid, by making a request to the Rok Registry API:
root@rok-tools:~# curl ${ROK_REGISTRY_URL?}/auth/v1/token \ > -w '\n' \ > -H "Authorization: Bearer $(printenv ROK_REGISTRY_TOKEN)" {"uuid": "4545458c-2050-415a-8af4-e8f6b041238c", "created_at": "2021-11-16T16:33:16.902141+00:00", "expires_at": "2021-11-17T16:33:16.893054+00:00", "user": ...}Troubleshooting
Unauthorized
If the above command returns an “unauthorized” response like the following:
{"unauthorized": {"message": "Unauthorized", "code": 401, "details": "This server could not verify that you are authorized to access the document you requested"}}it means that your token is either malformed or has expired. To proceed, run the Procedure to issue a new token.
Summary¶
You have successfully issued a token for a Rok Registry user.
What’s Next¶
Check out the rest of the operations you can perform on your Rok Registry deployment.