Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Dynatrace Platform Tokens for Authentication #555

Open
Reinhard-Pilz-Dynatrace opened this issue Oct 8, 2024 · 5 comments
Open

Add support for Dynatrace Platform Tokens for Authentication #555

Reinhard-Pilz-Dynatrace opened this issue Oct 8, 2024 · 5 comments
Labels
enhancement New feature or request

Comments

@Reinhard-Pilz-Dynatrace
Copy link
Collaborator

Platform Tokens are likely a suitable alternative for fetching Bearer Tokens via OAuth Clients.

Potential solution for Terraform:

  • Introduce an environment variable DT_BEARER_TOKEN for authentication
  • If present, it should supersede the credentials DT_CLIENT_ID and DT_CLIENT_SECRET. The Bearer Token would already be known
@Reinhard-Pilz-Dynatrace Reinhard-Pilz-Dynatrace added the enhancement New feature or request label Oct 8, 2024
@kishikawa12 kishikawa12 removed their assignment Nov 8, 2024
@anton-freyberg
Copy link

@Reinhard-Pilz-Dynatrace I added the following: #590.

Idea: we can scope oauth tokens to a service user permissions, while Platform tokens are bound to a user. For config as code, we'd also like the service user as pipelines can break if some user leaves a company.

@ftmazzone
Copy link

@Reinhard-Pilz-Dynatrace I added the following: #590.

Idea: we can scope oauth tokens to a service user permissions, while Platform tokens are bound to a user. For config as code, we'd also like the service user as pipelines can break if some user leaves a company.

This would be a nice solution to have platform tokens for service user to avoid this risk.
The issue with oauth tokens is that the required permissions are very high. The service user would need to have the account-user-management permission to get an OAuth client.

@Reinhard-Pilz-Dynatrace
Copy link
Collaborator Author

Hi @anton-freyberg and @ftmazzone
Thanks a lot for your feedback - much appreciated. We will be looking into this issue and #590 in the beginning of next year.

@anton-freyberg
Copy link

@ftmazzone you need account management permission to create a service user, but the service user himself does not need these permissions.

@ftmazzone
Copy link

@ftmazzone you need account management permission to create a service user, but the service user himself does not need these permissions.

yes, this would be a good solution.

I've tried this morning to create an OAuth client for a service user but got the following error in Dynatrace console:
The user associated with this email address doesn't fulfill all requirements. - See details above.

The details are :

The user associated with the service user email must fulfill

    User has to be active
    User must hold the account-user-management permission

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kishikawa12 @ftmazzone @anton-freyberg @Reinhard-Pilz-Dynatrace