Hello all, I am facing a problem of using api to create registrationtoken resource by command without nagivating web page:
I create a apikey resource by curl -X POST <host>/v1/apikeys
and get public/secret value , but when I use this public/secret pair to authenticate to create registrationtoken resource , it doesn’t work. This is my command , curl -u $public$secret :-X POST /v1/registrationtokens . I recieve error message like this:
{
“id”: “54e69d78-388c-4297-a436-4050334bf46f”,
“type”: “error”,
“links”: {},
“actions”: {},
“status”: 405,
“code”: “Method not allowed”,
“message”: “Method not allowed”,
“detail”: null
}
However, when I get username/password pair from web UI by clicking ‘Add API Key’ in /settings/api, and run curl -u $username:$password :-X POST <host>/v1/registrationtokens
, it works. A new registrationtoken resource is created.
Why this happen? public value is equal to username, is secret value equal to password? How can I create registrationtoken resource without navigating web page? Thanks for any help.
Registration tokens and almost all other resources belong to a single project (“Environment” in the UI)
API keys can be for a single project or for an account, with access to whatever projects the account is authorized to (or all of them if the account is an admin).
You apparently created an account API key, so you need to use /v1/projects/<project ID>/registrationTokens
to create the token for a particular project. When you create a key in the UI it’s for only that project, and so the /projects/<project ID>
part is optional.
Thanks for your reply. I wanna know the relationship between account, environment ,resource and project. Where can I get the corresponding documents and resource?
By “resources” I just meant a generic term for all the types of objects in the API. http://docs.rancher.com/rancher/api/
Accounts are the lowest level resource… there are various kinds of them, but the ones of note are admin
, user
, and project
. All the resources in the API are owned by an account (except accounts themselves). users
are typical users that can use only the projects/resources that they’ve been granted access to. admin
are users that can manage everything. projects
are sort of shared accounts:
Projects are basically a grouping of the physical resources so you can do multi-tenancy. These are (confusingly, we know, and will fix in the API in a /v2 someday) labeled “Environments” in the UI. Hosts, services, containers, and most of the other major resource types can only belong to a project. You can have multiple projects and they each have separate resources. e.g. ones for dev, test, and prod, or yourClientA and yourClientB. Users are then granted access to act as the projects you want to give them through the access control settings.
API Keys can have their owner accountId set to either a user/admin or a project. If the key is owned by a user/admin, it can be used to manage the resources of any project that user has been granted access to. Since it can access multiple projects, you need to specify which one the request is for with e.g. /v1/projects/<project_id>/registrationTokens
. If the key is owned by a project, that key can be used to manage only the resources owned by that one project. Since there can only ever be one project, you can use the shorter form not specifying the project id, e.g. /v1/registrationTokens
.
Registration tokens cannot be created belonging to a user account, so that is why you got 405
when attempting to create one. The main things that can be done when making a request as a user/admin are API keys for the user, and creating/managing projects.
What is called an environment
in the API is called a “Stack” in the UI. These are a grouping of services. projects
-> environments
-> services
-> containers
.
Wow. It solves my problem. Really appreciate your help!
Vincent, I’m so sorry, I still have a little problem about default environment project id. There is only default environment in my rancher server setting. I wanna to get default environment project id from command line , and I run ‘curl /v1/projects’, But I got nothing. When I add a new environment by web UI, I can get the information of new environment, and also its project id, but still miss default environment’s informations. Do I miss something? I test many times in different server , I can get some project id of default environment in web UI:1a5. Is this ‘1a5’ bind to default environment? Thanks.