This page (revision-26) was last changed on 23-Apr-2022 17:06 by Harry Metske

This page was created on 23-Apr-2022 17:05 by Harry Metske

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note
26 23-Apr-2022 17:06 30 KB Harry Metske to previous
25 23-Apr-2022 17:05 30 KB Harry Metske to previous | to last
24 23-Apr-2022 17:05 30 KB Harry Metske to previous | to last
23 23-Apr-2022 17:05 29 KB Harry Metske to previous | to last
22 23-Apr-2022 17:05 29 KB Harry Metske to previous | to last
21 23-Apr-2022 17:05 28 KB Harry Metske to previous | to last

Page References

Incoming links Outgoing links
Credhub...nobody
Credhub

Version management

Difference between version and

At line 72 changed one line
Login to credhub should be done with a UAA user, so create that first (it took me quite some time to find out which user/password to use for uaa admin):
Login to credhub should be done with a UAA user, so login with that first (it took me quite some time to find out which user/password to use for uaa admin):
At line 101 removed 7 lines
error response:
{
"error": "insufficient_scope",
"error_description": "Insufficient scope for this resource",
"scope": "uaa.admin clients.read clients.admin zones.uaa.admin"
}
At line 110 changed 2 lines
You can then use this value for creating the uaa users:
You need the second context (uaa_admin), as you can see it has all the scopes you need (clients.read password.write clients.secret clients.write uaa.admin scim.write scim.read).\\
Now you can also list the current uaa users:
At line 113 changed 2 lines
export UAA_URL=$(curl -k --silent https://192.168.50.6:8844/info|jq '.["auth-server"].url' -r)
uaac target ${UAA_URL} --skip-ssl-validation
metskem@athena  ~/workspace/boshlite/deployments/vbox uaac clients
admin
scope: uaa.none
resource_ids: none
authorized_grant_types: client_credentials
autoapprove:
authorities: bosh.admin
lastmodified: 1535891189747
bosh_cli
scope: openid bosh.admin bosh.read bosh.*.admin bosh.*.read bosh.teams.*.admin bosh.teams.*.read
resource_ids: none
authorized_grant_types: password refresh_token
autoapprove:
access_token_validity: 120
refresh_token_validity: 86400
authorities: uaa.none
lastmodified: 1535891189819
credhub-admin
scope: uaa.none
resource_ids: none
authorized_grant_types: client_credentials
autoapprove:
access_token_validity: 3600
authorities: credhub.write credhub.read
lastmodified: 1535891189423
credhub_cli
scope: credhub.read credhub.write
resource_ids: none
authorized_grant_types: password refresh_token
autoapprove:
access_token_validity: 60
refresh_token_validity: 1800
authorities: uaa.none
lastmodified: 1535891189596
director_to_credhub
scope: uaa.none
resource_ids: none
authorized_grant_types: client_credentials
autoapprove:
access_token_validity: 3600
authorities: credhub.write credhub.read
lastmodified: 1535891189890
hm
scope: uaa.none
resource_ids: none
authorized_grant_types: client_credentials
autoapprove:
authorities: bosh.admin
lastmodified: 1535891189671
uaa_admin
scope: uaa.none
resource_ids: none
authorized_grant_types: client_credentials
autoapprove:
authorities: clients.read password.write clients.secret clients.write uaa.admin scim.write scim.read
lastmodified: 1535891189507
metskem@athena  ~/workspace/boshlite/deployments/vbox
At line 165 added one line
And there we see the user __credhub-admin__, that one is what we need for managing credhub. So let's credhub-login with that:
At line 167 added one line
{{{
At line 169 added one line
}}}
At line 173 added one line
This page (revision-26) was last changed on 23-Apr-2022 17:06 by Harry MetskeTop