cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Looking to upgrade from Dynatrace Managed to SaaS? See how

"Environment token management tokens" vs "Cluster tokens"

waikeat_chan
DynaMight Pro
DynaMight Pro

Still don't understand much after reading documentation.

What is/are the difference between them?

 

Best Regards,

Wai Keat

6 REPLIES 6

Babar_Qayyum
DynaMight Guru
DynaMight Guru

Hello @waikeat_chan 

Environment API tokens are specific to a particular environment, whereas, the cluster API tokens manage the cluster even containing more than one environment especially in the case of Dynatrace Managed.

https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-managed/cluster-api/cluster...

BabarQayyum_0-1615182382643.png

 

Regards,

Babar

Radoslaw_Szulgo
Dynatrace Guru
Dynatrace Guru

Thank you very much for your post! Indeed we need to extend and update our documentation page:

https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-managed/cluster-api/basics/...

 

In particular:

  • Environment token management tokens - is the token to authenticate with Cluster API v2 /environments/{id}/tokenManagementToken endpoint. It allows you to create a token with TokenManagement scope for a specified environment. It can be helpful if you need to start automation of many environments and generate respective tokens. Token is valid 24h due to its power and security impact if it gets leaked.

  • Cluster token - is a token that you use to interact with Cluster API v1 or Cluster API v2 - so cluster context. 
Senior Product Manager,
Dynatrace Managed expert

tarjei
Organizer

Is there a way to get to the same functionality as the Environment token management token, but something that does not invalidate after 24hrs? 

We would like to have a job which runs every 24 hours and syncs all 350 environment tokens for other automation.

Yes, you can override that 24h expiration time by using AP. If you use "0" days it doesn't expire:

curl -X POST "https://cluster-host/api/cluster/v2/tokens" -H "accept: application/json; charset=utf-8" -H "Authorization: Api-Token dt0c01.token" -H "Content-Type: application/json; charset=utf-8" -d "{\"name\":\"my-token-name\",\"expiresIn\":{\"value\":0,\"unit\":\"DAYS\"},\"scopes\":[\"EnvironmentTokenManagement\"]}"
Senior Product Manager,
Dynatrace Managed expert

Hi!
Is this documented anywhere? Which access rights does the api user performing this require?

Yes - see available scopes:

https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-managed/cluster-api/cluster...

 

Senior Product Manager,
Dynatrace Managed expert

Featured Posts