How to use Red Hat Hybrid Cloud Console Service accounts with services ?

Resolution

• The service account created will be required to be added in the applicable User Access group. Note that, any user can create a service account but only the Organization Administrator or a User Access administrator can add service accounts to groups. Refer the documentation for detailed steps.

• Service accounts support token-based authentication. Generate the token with the help of CLIENT_ID and CLIENT_SECRET variables copied at the time of creating the service account.

• Get a token for the service account with the following command. Once the token is generated it can be used with application or services. You may also send a request to an application that supports service accounts:

  curl "${HOST}/auth/realms/redhat-external/protocol/openid-connect/token" \
      --data-urlencode "grant_type=client_credentials" \
      --data-urlencode "client_id=${CLIENT_ID}" \
      --data-urlencode "client_secret=${CLIENT_SECRET}" \
      --data-urlencode "scope=${SCOPES}"
  

• To send the curl request to the application with the newly generated token:

  curl -k --header "Authorization:Bearer ${ACCESS_TOKEN}" --location "https://console.redhat.com/api/rbac/v1/access/?application=inventory"
  

• Add service account to an RBAC group on the cloud console and add roles to that group. Once the roles are added regenerate the token and request the application again. The curl request should be successful with desired outcome.