DO240 - ch02s10

Bookmark this page

Guided Exercise: Creating Multiple Tenants in Red Hat 3Scale API Management

In this exercise, you will use the Master Portal to create a new tenant. Then, you will use the tenant's Admin Portal to create a new user and modify the user's permissions.

Outcomes

You should be able to create a new 3scale tenant, create a new user for the tenant, and modify the user's permissions.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command ensures that the workstation machine is ready and the OpenShift cluster is available. At the same time, it deploys an email interceptor that you will use in the exercise.

[student@workstation ~]$ lab start applications-tenants

Procedure 2.5. Instructions

Log in to the 3scale Master Portal by using the default installation password.
Important
Because the start function restarts some OpenShift pods to deploy the email server, the Master Portal might be temporary unavailable. If the Master Portal is not available, then try again in a few minutes.
1. Log in to OpenShift as the admin user.
```
[student@workstation ~]$ oc login -u=admin -p=redhat \
  --server=https://api.ocp4.example.com:6443
Login successful.
```
2. In a command-line terminal, retrieve the master password from the system-seed OpenShift secret.
```
[student@workstation ~]$ oc get secret system-seed -n 3scale \
--template={{.data.MASTER_PASSWORD}} | base64 -d
...output omitted...
```
  Copy the password.
3. In a web browser, navigate to https://master.apps.ocp4.example.com/. Log in with the following credentials:
  - Username: master
  - Password: Password retrieved in the previous step
Create a new tenant called do240 by using the Master Portal. Remember that in 3scale a tenant is a master account.
1. Click Dashboard to display the drop-down menu. Then, click Audience.
2. The Accounts page is displayed by default. This page lists all the available master accounts.
3. Click Create to create a new account.
4. Complete the form according to the following information:
  - Username: do240-user
  - Email: do240@redhat.com
  - Password: do240
  - Password confirmation: do240
  - Organization/Group name: do240
  Then, click Create. Remember that the organization name provided is used to create the Admin Portal subdomain.
5. The do240 account page gives some information, such as the public domain of the tenant or the Admin Portal URL. By default, 3scale creates two users: do240-user, with the credentials that you provided previously, and another one called 3scale Admin, which is used by the system. Both users have admin privileges.
Activate the do240-user so that you can use it to access the do240 tenant Admin Portal.
1. Click 2 Users in the top pane. The page displays the two created users for the tenant.
  Figure 2.30: Account users in the Master Portal
2. Click Activate in the do240-user row to activate the user. Now you can use this user to access the do240 tenant Admin Portal.
Verify that you can log in to the do240 tenant Admin Portal.
1. In a new tab, navigate to https://do240-admin.apps.ocp4.example.com, the do240 tenant Admin Portal. Log in with the credentials that you provided in the previous steps.
  - Username: do240-user
  - Password: do240
2. If the How does 3scale work page displays, click X to close it. The dashboard shows the default API product.
Invite a new user to the do240 tenant by using the Admin Portal. Then, use the link provided in the email to join the do240 tenant.
1. In the do240 tenant Admin Portal, click Dashboard to display the dropdown menu. Then, click Account Settings.
2. Click Users, and then click Listing. This section shows all the users that can log in to the Admin Portal. It is synchronized with the Users section of the do240 tenant in the Master Portal.
3. In the left pane, click Invitations, and then click Invite a New Team Member.
4. In a real-world scenario, you should complete the form with the email of the person that you want to have access to the tenant. For the purpose of this exercise, use the gls@redhat.com email address. Then, click Send.
  Important
  In this exercise, the email is not sent. The lab start function that you executed at the beginning of the exercise deploys an email interceptor. You can fetch the email that would be sent in a production environment by using the email interceptor.
5. Log out of the do240 tenant Admin Portal. Click on the Session icon in the top pane, and then click Sign Out.
6. In a command-line terminal, run the /scripts/get-emails.sh script in the DO240-apps repository to get the emails sent by 3scale.
```
[student@workstation ~]$ ~/DO240-apps/scripts/get-emails.sh
---------- MESSAGE FOLLOWS ----------
...output omitted...
You have been invited to join Provider Name on 3scale platform.

Please sign up by following this link: https://do240-admin.apps.ocp4.example.com/p/signup/c9d30638114c6c9433867c5775689278

If you have any problems signing up or believe you received this email erroneously, please open a Support Case at https://access.redhat.com/support.

Thank you,

The 3scale API Team.
------------ END MESSAGE ------------
```
  The email contains a link to join the tenant. Copy the link.
7. In a web browser, open the link from the previous step. Complete the sign-up form according to the following data:
  Important
  If you are still logged-in with the do240-user, then you cannot see the sign-up form. Log out first and try again.
  - Username: gls-user
  - First name: GLS
  - Last name: Red Hat
  - Password: gls-password
  - Password confirmation: gls-password
  Then, click Sign up. You are redirected to the log-in page.
8. Log in to the do240 tenant Admin Portal with the credentials from the previous step.
  - Username: gls-user
  - Password: gls-password
  By default, invited users get the member role assigned. Therefore, you do not have permissions to see any products.
  Figure 2.31: The gls-user does not have permissions to see any products.
9. Log out of the do240 tenant Admin Portal. Click on the Session icon in the top pane, and then click Sign Out.
Change the gls-user user permissions, so that the user can view the API product.
1. Log in with the administrator credentials again.
  - Username: do240-user
  - Password: do240
2. Click Dashboard to display the dropdown menu. Then, click Account Settings.
3. Click Users, and then click Listing. The GLS Red Hat user (gls-user) is now displayed in this page. Click over its name to edit it.
4. The Administrative section allows you to change the role of user. The Admin role provides full access to the tenant. The Member role allows you to choose the sections that the user can access.
5. Click the Create, read, update and delete developer accounts and applications of selected API products checkbox.
  Figure 2.32: Enable the user to create accounts and applications
6. When you click this checkbox, the All current and future API products check is displayed. With this option, you grant access to all the products.
  Figure 2.33: Enable the user to view all the products
7. Then, click Update User.
8. Log out of the do240 tenant Admin Portal. Click on the Session icon in the top pane, and then click Sign Out.
Verify that the gls-user user can view the API Product.
1. Log in with the gls-user credentials:
  - Username: gls-user
  - Password: gls-password
  The Dashboard section displays the API Product.

Finish

On the workstation machine, use the lab command to complete this exercise. This is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish applications-tenants

This concludes the guided exercise.

Discuss Cloud-native API Administration with Red Hat 3scale API Management

Go to community

Welcome to the Cloud-native API Administration (DO240) group in the Red Hat Learning Community!

Deanna

11 sie 2023

We are excited to launch a space dedicated to the Red Hat Training course Cloud-native API Administration with Red Hat 3scale API Management! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to DO240.Read more about Cloud-native API Administration with Red Hat 3scale API Management here.

Revision: do240-2.11-40390f6

Cloud-native API Administration with Red Hat 3scale API Management

Guided Exercise: Creating Multiple Tenants in Red Hat 3Scale API Management

Important

Important

Important