Service Credentials

Objective

This guide provides instructions on how to generate service credentials related to Volterra services from the VoltConsole. Service credentials can be created by administrator users and these credentials have roles assigned to provide API access to Volterra services. While creating service credentials, roles can be specified and these roles are assigned to the created user called as ServiceUser.

Unlike My Credentials that inherit the roles of the users, you can assign specific roles to the service user.

Using the instructions provided in this guide, you can create service credentials of type service API token and user it in API requests.


Prerequisites

The following prerequisites apply:


Generate Service API Token

Step 1: Start credential creation in VoltConsole.

Log into the VoltConsole using your tenant credentials and click on the General option in the namespace selector. Select IAM -> Service Credentials in the configuration menu and click Create service credentials.

nav screds
Figure: Navigate to Service Credentials

Step 2:Configure name and select credential type.
  • Enter a name for your certificate and select API Token for the Credential type field.
  • Select an expiry date in the Expiry Date field.

create stoken
Figure: Service Credentials Basic Configuration

Step 3:Optionally, assign roles.
  • Click Assign roles and namespaces to open the namespace and role assignment screen.
  • Select a namespace in the Namespace field. Optionally, select Make Admin checkbox to grant the admin role.
  • Click on Select role field and select a role from the displayed choices. You can add more roles using the Add another role.

scred roles
Figure: Service Credentials Roles

  • Click Add roles.
Step 4: Generate the credentials and copy it.
  • Click Generate to generate the service API token.

stoken final
Figure: Create Service API Token

  • Generated service API token gets displayed. Click Copy to copy the token and click Done. Ensure that you save the copied token for later use.

stoken copy
Figure: Copy Service API Token

After generating, you can use it in API request. The following is a sample API request to list service credentials in the shared namespace.

curl -k --request GET https://customer1.demo1.volterra.us/api/web/namespaces/shared/service_credentials \
 --header 'Authorization: APIToken dZ1sTUtOA3bG2wfAXZy6/gR6ZW8='

Revoke API Tokens

You can force an API token to be expired before its configured expiry time. Perform the following to revoke API tokens:

Step 1: Navigate to your service credentials and VoltConsole.

Log into the VoltConsole using your tenant credentials and click on the General option in the namespace selector. Click IAM -> Service Credentials.

Step 2: Perform revoke operation for an existing service credential object.

Select the API token for which you want to force expiry and click ...-> Force Expiry.

stoken fexp
Figure: Service API Token Force Expiry Option

Step 3: Complete revoke operation.

Click Force Expire in the confirmation window to cause API token expiry.

stoken fexp confirm
Figure: Service API Token Force Expiry Confirmation

Note: You can renew or delete an expired credential. Click ...->Renew against expired credential from the list of credentials to renew it. Set an expiry date and click Renew Credential in the confirmation box. Click ... -> Delete against expired credential from the list of credentials to delete it. Click Delete in the confirmation box.


Concepts