When you are working with the SAS® Viya® REST APIs you need to do a one-off registration process for your client using the Consul Token.
The SAS documentation for SAS REST APIs: Authentication & Authorization: Registering clients explains how to get access to the Consul client.token by looking in the file system at /opt/sas/viya/config/etc/SASSecurityCertificateFramework/tokens/consul/default/client.token
Now, SAS Viya 4 is based on Kubernetes and has lots of pods each with their own file system, so I was wondering where I’d locate this file. I started looking in the sas-login-app pod but didn’t find it there. Next stop was one of the sas-consul-server pods and that was where I found it (makes sense really, I should have started there!).
Now I know where to find it, in future I will use the following kubectl command to quickly print out the Consul client.token when I need it:
kubectl exec -q -n sasviyadev sas-consul-server-0 -c sas-consul-server -- cat /opt/sas/viya/config/etc/SASSecurityCertificateFramework/tokens/consul/default/client.token… replacing sasviyadev with the name of the namespace in which SAS Viya 4 has been deployed.
After discovering the consul token using the method above I subsequently found a documented method in the SAS Viya Administration: Authentication: Additional Authentication Topics: Register a New Client ID
kubectl -n sasviyadev get secret sas-consul-client -o go-template='{{(index .data "CONSUL_HTTP_TOKEN")}}'| base64 -d… so now I know two ways!
If you have any other helpful tips for locating the SAS Viya 4 Consul token please leave a comment below.
Thanks Paul, in a SAS world where we’re all rapidly trying to readjust from Viya 3.x to Viya 4, this blog is certainly very helpful! :)
(btw, I had to take the “-q” out of the exec statement to get it to work with my kubectl (v1.20), not sure if this is a version difference, or a typo, just thought I’d let you know.)
Thanks for the feedback Tom. The -q option is for quiet output from kubectl exec. I don’t know what version it was added but I imagine it would have been there for a while. Is there any chance you copied and pasted the -q and it was an em-dash or en-dash instead of a hyphen? I sometimes get that when I copy and paste from a web page. Deleting the dash and replacing it with a hyphen can fix it. I sometimes get that with quotes too (smart quotes etc).
Thanks Paul, needed it today. Added a small improvement
kubectl -n sasviyadev get secret sas-consul-client -o go-template='{{(index .data “CONSUL_HTTP_TOKEN”)}}{{“\n”}}’
Thanks Bruno. That’s for adding a newline right?