Rancher CLI login, can't login w/ API key scoped to 1 cluster

spirilis · July 19, 2019, 8:27pm

So if I make an API key that has no scope, I can login, but making an API key scoped to a single cluster doesn’t work:

$ rancher login --token token-8cd4z:tr78ztgxb88jm8q2m7djf875dsdqqrv42qn8ptxh26qdf8fsvqqtwf https://ranchermgt-dev.blahblah.com/
FATA[0000] Bad response statusCode [401]. Status [401 Unauthorized]. Body: [message=clusterID does not match] from [https://ranchermgt-dev.blahblah.com/v3]

I’ve attempted providing --context during login as well, with the cluster:project style syntax:

$ rancher login --context c-hz88w:p-xmvb4 --token token-8cd4z:tr78ztgxb88jm8q2m7djf875dsdqqrv42qn8ptxh26qdf8fsvqqtwf https://ranchermgt-dev.blahblah.com/
FATA[0000] Bad response statusCode [401]. Status [401 Unauthorized]. Body: [message=clusterID does not match] from [https://ranchermgt-dev.blahblah.com/v3]

What gives? How can I provide API tokens that have narrow access to a specific cluster?

Topic		Replies	Views
connect api rancher by CLI Rancher 2.x	4	352	December 15, 2021
Rancher CLI with Keycloack AuthProvider	0	436	March 14, 2023
Rancher 2.1: accessing kubernates API with service accounts of kubernates Rancher 2.x	2	1491	November 6, 2018
Rancher-cli login 2 clusters automatic Rancher 2.x	2	998	February 4, 2019
Rancher 2.0 API Rancher 2.0 Tech Preview	0	2745	July 3, 2018

Rancher CLI login, can't login w/ API key scoped to 1 cluster

Related Topics