Service Accounts
Used for programmatic access to TruEra APIs, service accounts:
- automate recurring and/or scheduled tasks
- provide indefinite authentication for long-running processes.
Service accounts DO NOT:
- provide access to the UI
- replace user credentials in user workflows.
Note
Service accounts are supported in deployments with Keycloak enabled only, and only the Admin role is permitted to create/refresh/delete service accounts.
Creating a Service Account¶
Service accounts can be created via the UI at http://<your-truera-deployment-url>/service-accounts.
A service account can also be created by the API with a POST request to /api/rbac/user/service-account. For additional details, including service account naming, see API Admin Service.
Either method will result in new service account credentials, consisting of a client_id
and a client_secret
. Please keep these credentials safe, as the secret will not be available anytime else.
Using Service Account Credentials¶
Select the tab below appropriate for your environment.
EA/BETA users only: see Authentication.
TRUERA_URL = "<TRUERA_URL>"
SERVICE_ACCOUNT_CLIENT_ID = "<CLIENT_ID>"
SERVICE_ACCOUNT_CLIENT_SECRET = "<CLIENT_SECRET>"
from truera.client.truera_workspace import TrueraWorkspace
from truera.client.truera_authentication import ServiceAccountAuthentication
auth = ServiceAccountAuthentication
(
SERVICE_ACCOUNT_CLIENT_ID,
SERVICE_ACCOUNT_CLIENT_SECRET
)
tru = TrueraWorkspace(TRUERA_URL, auth)
Refresh Service Sccount Credentials¶
To receive new credentials for a service account:
- Refresh the service credentials via the UI, or
- Make a POST request to
/api/rbac/user/service-account/<client_id>/refresh
.
Caution
Once refreshed/replaced, previous credentials for the service account will no longer work.
Delete Service Account¶
Service accounts can be deleted via the Web App or by making a DELETE call to /api/rbac/user/service-account/<client_id>
.