Skip to content

Instantly share code, notes, and snippets.

@NorbertKrupa

NorbertKrupa/talend-service-account-creation.md

Created May 31, 2022 17:52
Show Gist options
  • Save NorbertKrupa/a6da7557b50759858f1dca2688c4d401 to your computer and use it in GitHub Desktop.
Save NorbertKrupa/a6da7557b50759858f1dca2688c4d401 to your computer and use it in GitHub Desktop.
Download ZIP
Talend Service Account Creation
Raw
talend-service-account-creation.md

Talend Service Account Creation

This guide will walk through how to set up a Talend Cloud account for use by a service account.

Create a Service Account Role

As an administrator, navigate to Add role and create a Service Account Role:

Talend Management Console - Service Account Role

If the Service Account permission is not available, ensure that the Service Account feature is enabled.

Service Account Feature

The Service Account feature must be enabled on the Talend Cloud account.

Create a Service Account User

Navigate to Add User and create a user with the newly created Service Account role. The Group should be left blank. After creating a user, an invitation will be sent to the e-mail for the service account.

Accept Invitation & Create Personal Access Token

In the e-mail invitation, click Accept Invitation. After setting the password and logging in, navigate to Personal Access Tokens in Profile Preferences.

Click on Add token and give the token a name. Securely store the generated access token.

Creating a Service Account

This step will call the account/service-account endpoint to create the necessary permissions for the service account. Follow the instructions in the documentation.

The response from the POST should look like:

{
    "name": "myServiceAccount",
    "permissions": [
        "TMC_ENGINE_USE",
        "TMC_ROLE_MANAGEMENT",
        "AUDIT_LOGS_VIEW",
        "TMC_USER_MANAGEMENT"
    ],
    "createdDate": "2022-04-14T15:50:46.137Z",
    "lastModifiedDate": "2022-04-14T15:50:46.137Z",
    "id": "abcdefg",
    "secret": "hijklmno"
}

Note down the ID value and the secret in this response, as you need them to generate a token for this new service account.

  • This is the only time you can see the secret.
  • The secret must be safely stored, or even encrypted, so as to be protected against inappropriate use.

This ID and this secret cannot be changed and will not expire. If you need to change them, you have to remove this service account and create a new one.

Encode the ID & Secret

Combine the ID and the secret of the service account in the following format: ID:secret and paste this combination to a Base64 encode application of your choice to encode this pair.

Take the id and secret from the response above and combine it into id:secret. Use this utility to convert it into Base64:

abcdefg:hijklmno will become YWJjZGVmZzpoaWprbG1ubw==

Generate a Service Account Token

A service account requires a token to access Talend Cloud. The service account token is not the same as a personal access token. Follow the instructions in the documentation.

The response from the POST should look like:

{
    "access_token": "abc123",
    "expires_in": 1800,
    "token_type": "Bearer"
}

Note that this token expires after 30 minutes.

The service account is now ready to be used to call Talend services.

Next Step

Once the service account account has been created, the programmatic steps to add users, groups, etc. can be done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment