DC/OS DocumentationAdd a service account
Using the IAM API
Prerequisite:
- OpenSSL
- DC/OS Authentication token exported into the environment as
TOKEN.
A service account consists of a user ID and a RSA private key.
-
To add a service account using the DC/OS Identity and Access Management (IAM) API, generate a RSA private key first using OpenSSL.
openssl genpkey -algorithm RSA -out private-key.pem -pkeyopt rsa_keygen_bits:2048 -
Extract the corresponding public key from the private key.
openssl rsa -pubout -in private-key.pem -out public-key.pem -
Convert the public key file contents to a string with escaped newline characters.
export PUBLIC_KEY=$(sed ':a;N;$!ba;s/\n/\\n/g' public-key.pem) -
Replace
<uid>with the desired value in the following command and execute it:curl -i -X PUT http://<host-ip>/acs/api/v1/users/<uid> -d '{"public_key": "'"$PUBLIC_KEY"'"}' -H 'Content-Type: application/json' -H "Authorization: token=$TOKEN"
List service accounts
Using the IAM API
Prerequisite:
- DC/OS Authentication token exported into the environment as
TOKEN.
To list all configured service accounts using the DC/OS Identity and Access Management (IAM) API execute the following command:
curl -i -X GET "http://<host-ip>/acs/api/v1/users?type=service" -H 'Content-Type: application/json' -H "Authorization: token=$TOKEN"
Remove a service account
Using the IAM API
Prerequisite:
- DC/OS Authentication token exported into the environment as
TOKEN.
To remove a local user account using the DC/OS Identity and Access Management (IAM) API, replace <uid> with the corresponding value and execute the following command:
curl -i -X DELETE http://<host-ip>/acs/api/v1/users/<uid> -H 'Content-Type: application/json' -H "Authorization: token=$TOKEN"