I am in the process of automating the cluster creation process. This includes linking to active directory which is working great. When I log in from the UI with my AD user, the user / principal / groups all get pulled through. I can then (using the admin account) give my user Administrator permissions.
I was wondering if there is a way to perform those steps from the API? I can see how to do the globalRoleBinding part but need the user to already exist.
So in short if there a way to the internal user and link to my active directory user using the API?
The more common way would be to create an AD group, give that group admin once and then add people to it as needed without involving Rancher at all. But you can POST to /v3/users to make one and fill in the appropriate principalId (look at other existing users for example)…
Thank-you for the response.
I had tried issuing a POST to v3/users where I copy the JSON from from my user before deleting it. I have also reduced the JSON:
“principalIds”: [ “activedirectory_user://CN…” ]
But I always seem to get the same error 500: “password is not a string”
I’ll potentially have to go with using the AD group instead.