Retrieve Access Tokens

Prerequisites

-kubectl, jq, and curl installed

Procedure

Note

In the following commands, replace <username> and <password> with the user credentials provisioned for the OIDC service, and <zenko-name> with the name of the deployed Zenko instance.

Note

In the following example, Keycloak is used as the OIDC provider, and https://ui.zenko.workloadplane.scality.local is the url for making the request to the Keycloak service. In addition, artesca and zenko-ui are the example Keycloak realm and client-id values, respectively.

1. Declare variables

   OIDC_REALM='artesca'
   OIDC_CLIENT_ID='zenko-ui'
   OIDC_USER='<username>'
   OIDC_USER_PASSWORD='<password>'
   

2. Retrieve TOKEN:

   TOKEN=$(
       curl -s -k "https://ui.zenko.workloadplane.scality.local/auth/realms/${OIDC_REALM}/protocol/openid-connect/token" \
           -d 'scope=openid' \
           -d "client_id=${OIDC_CLIENT_ID}" \
           -d "username=${OIDC_USER}" \
           -d "password=${OIDC_USER_PASSWORD}" \
           -d "grant_type=password" | \
           jq -cr '.id_token'
   )
   

3. Retrieve INSTANCE_ID:

   INSTANCE_ID=$(kubectl get -n zenko zenko artesca-data -o jsonpath='{.status.instanceID}')