Skip to content

Is it possible to use cluster-scoped Rancher API tokens with the Rancher CLI or Terraform provider?

Article Number: 000021440

Environment

  • A Rancher cluster, where you have created a cluster-scoped API token, as explained here.
  • Use of the cluster-scoped token to interact with Rancher using the Rancher CLI or Terraform provider.

Situation

If you try to use cluster-scoped Rancher API tokens in the Rancher CLI or Terraform provider, you may see the following error message with an authentication failure:
FATA[0000] Bad response statusCode [401]. Status [401 Unauthorized]. Body: [message=Unauthorized 401: must authenticate] from [https://<RANCHER-URL>/v3

Cause

These tokens are only intended for use with the Rancher /v3 API endpoint.

Resolution

By design, interaction with the Rancher CLI or Terraform provider does not work with cluster-scoped API tokens. Therefore, if you see the previous error message trying to use the Rancher CLI or the Terraform provided with a cluster-scoped API token, you should switch to an un-scoped API token.