Log in and obtain the Access Token for the ObjectScale-level APIs Use CURL for Windows or Linux to log in to ObjectScale and use ObjectScale-level APIs.
About this task ObjectScale uses a token-based authentication system for REST API calls.
This section provides examples of authenticating with the ObjectScale Management APIs. When you are authenticated by ObjectScale, the login API returns an authentication token. You can use this token for authentication in subsequent calls.
Steps Assign the namespace where ObjectScale is installed to objectscaleNamespace objectscaleNamespace=<OBJECTSCALE_NAMESPACE> Assign the ObjectScale Gateway endpoint IP to OBJECTSCALE_GATEWAY_ENDPOINT . All ObjectScale-level login and API request need to be made to the ObjectScale gateway loadbalancer endpoint.
OBJECTSCALE_GATEWAY_ENDPOINT=$(kubectl get svc -n $objectscaleNamespace| awk '/objectscale-gateway[^-]/{print $4}') If you are login into ObjectScale installed on the ObjectScale Software Bundle for the first time, you must change the root user's default password. Login to ObjectScale using the with root user default password. curl -vk -X POST -d '{"username":"root", "password":"ChangeMe"}' -H 'Content-Type: application/json' https://<OBJECTSCALE_GATEWAY_ENDPOINT>:443/mgmt/auth/login ObjectScale will return the token you can use to update the password.
< HTTP/1.1 205 Reset Content
< Date: Wed, 01 Mar 2023 15:48:09 GMT
< Content-Type: application/xml
< Content-Length: 0
< Connection: keep-alive
< Location: https://172.17.0.241:4443/mgmt/local-accounts/local-account/password
< Method: PUT
< Password-Change-Token: OSTOKEN-eyJraWQiOiJzeW1mNjhiMDhjZmRmNWY4ZmM3IiwiYWxnIjoiSFMyNTYifQ.eyJzdWIiOiJyb290Iiwib3Nfcm9sIjpbXSwiaXNzIjoidXJuOm9zYzpvc2Np YmQ3ZTM1ZmZkZjVmNzQ2OTo6c2VydmljZS9vYmplY3RzY2FsZS1mZWRlcmF0aW9uLTc4NmM3ZjU1YzQtbXQ1cjciLCJvc19wYXNzY2huZ29ubHkiOmZhbHNlLCJhdWQiOiJvc2NpYmQ3ZTM1ZmZkZjVm NzQ2OSIsInR5cCI6IkJlYXJlciIsInNpZCI6IjBiMjhjY2RiLWNiYmUtNDgxNC1hM2JhLTM5Nzc4ZDYzZjhmMyIsImlhdCI6MTY3NzY4NTY4OSwiZXhwIjoxNjc3Njg1OTg5LCJqdGkiOiJvc2F0YjJm N2QyN2ZlMThhZjJkOCJ9.DvbPEkulFpQ-1e3ob2LRfVRtBPuib6AGvNax03Qp0rA
< Token-Type: Bearer
< Token-Expiry: 300 Update the password for the root account using the returned Password-Change-Token as the required auth token. curl -vk -X PUT -d '{"old_password":"ChangeMe", "password":"<NEW_PASSWORD> "}' -H 'Content-Type: application/json' -H "Authorization:<Password-Change-Token> " https://<OBJECTSCALE_GATEWAY_ENDPOINT>:443/mgmt/local-accounts/local-account/password Once the password update is successfully, you have updated the root user account with a new password and can now log in to ObjectScale.
Log in with the username and password of an ObjectScale Management User. curl -vk -X POST -d '{"username":"root", "password":"<ROOT_ACCOUNT_PASSWORD> "}' -H 'Content-Type: application/json' https://<OBJECTSCALE_GATEWAY_ENDPOINT>:443/mgmt/auth/login The response will contain the access_token for authentication, refresh_token can be used to get a new access_token after the current token expires.
< HTTP/1.1 200 OK
< Date: Wed, 01 Mar 2023 16:59:25 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
<
{ [1114 bytes data]
100 1199 0 1107 100 92 406 33 0:00:02 0:00:02 --:--:-- 440
* Connection #0 to host 172.17.100.1 left intact
{
"access_token" : "OSTOKEN-eyJraWQiOiJzeW01Y2E1MDA4ZjRhMjMzYTJhIiwiYWxnIjoiSFMyNTYifQ.eyJzdWIiOiJvc2xkYXA3NTkwNDliZTg5MmIyMWJhL21nbXRfaXNndXNlcjEiLCJvc19yb2wiOlsicmVhZG9ubHkiXSwiaXNzIjoidXJuOm9zYzpvc2NpNGNmYmEwZmYyNGViNGQ2Mjo6c2VydmljZS9vYmplY3RzY2FsZS1mZWRlcmF0aW9uLWNmNjQ0NGQtdHBuYzQiLCJvc19wYXNzY2huZ29ubHkiOmZhbHNlLCJhdWQiOiJvc2NpNGNmYmEwZmYyNGViNGQ2MiIsInR5cCI6IkJlYXJlciIsInNpZCI6ImI0ZTVmYTFjLWYxYjktNDE5NC1iM2I1LTIzZTY3MjE4Y2E4MCIsImlhdCI6MTY3NTIyNzU2NCwiZXhwIjoxNjc1MjI4NDY0LCJqdGkiOiJvc2F0MWQzYWE1NWY0ZjA2ZjIwYSJ9.N8O7Z4fcjNRTbh6dmMw5UCSEpmYYt4jRQ3uVfiyMrJ8",
"expires_in" : 900,
"refresh_token" : "eyJraWQiOiJzeW01Y2E1MDA4ZjRhMjMzYTJhIiwiYWxnIjoiSFMyNTYifQ.eyJzdWIiOiJvc2xkYXA3NTkwNDliZTg5MmIyMWJhL21nbXRfaXNndXNlcjEiLCJpc3MiOiJ1cm46b3NjOm9zY2k0Y2ZiYTBmZjI0ZWI0ZDYyOjpzZXJ2aWNlL29iamVjdHNjYWxlLWZlZGVyYXRpb24tY2Y2NDQ0ZC10cG5jNCIsImF1ZCI6Im9zY2k0Y2ZiYTBmZjI0ZWI0ZDYyIiwidHlwIjoiUmVmcmVzaCIsInNpZCI6ImI0ZTVmYTFjLWYxYjktNDE5NC1iM2I1LTIzZTY3MjE4Y2E4MCIsImlhdCI6MTY3NTIyNzU2NCwiZXhwIjoxNjc1MjI5MzY0LCJqdGkiOiJvc3J0NTRiYjYwMWY0ZjA2ZjIwYSJ9.NyfzEP7VJK08wutsD7nvQxQSiYkvCp4dOy4ZFpygfOg",
"refresh_expires_in" : 1800
} Copy the generated token so you can add it to each command using the -H "Authorization:$access_token" syntax. You can use the following command to set the Access Token as the "$token" environment variable.
access_token=$(curl -k -X POST -d '{"username":"root","password":"<ROOT_ACCOUNT_PASSWORD> "}' https://$OBJECTSCALE_GATEWAY_ENDPOINT:443/mgmt/auth/login -H 'Content-Type: application/json' -H 'Accept: application/json' | grep access_token | cut -f4 -d'"')