Regenerating the S3 credentials for the OBC

Change and rotate your Multicloud Object Gateway (MCG) account credentials by regenerating the S3 credentials for the OBC.

Procedure

  1. Get the OBC name.
    • Run the noobaa obc list command
      noobaa obc list
      Example output:
      NAMESPACE   NAME       BUCKET-NAME                                     STORAGE-CLASS       BUCKET-CLASS                  PHASE
      default     obc-test   obc-test-35800e50-8978-461f-b7e0-7793080e26ba   default.noobaa.io   noobaa-default-bucket-class   Bound
    • Run the oc get obc command from the terminal.
      oc get obc
      Example output:
      NAME       STORAGE-CLASS       PHASE   AGE
      obc-test   default.noobaa.io   Bound   38s
  2. To regenerate the noobaa OBC S3 credentials, run the following command:
    noobaa obc regenerate <bucket_claim_name> [options]
    noobaa obc regenerate
    FATA[0000] ❌ Missing expected arguments: <bucket-claim-name>
    
    Usage:
       noobaa obc regenerate <bucket-claim-name> [flags] [options]
    
    Use "noobaa options" for a list of global command-line options (applies to all commands).
  3. Once you run the noobaa obc regenerate command it prompts the This will invalidate all connections between S3 clients and NooBaa which are connected using the current credentials. warning and asks for confirmation.

    Example:

    noobaa obc regenerate obc-test
    Example output:
    INFO[0000] You are about to regenerate an OBC's security credentials.
    INFO[0000] This will invalidate all connections between S3 clients and NooBaa which are connected using the current credentials.
    INFO[0000] are you sure? y/n
    After approving, the credentials are regenerated and eventually printed.
    INFO[0022] ✅ RPC: bucket.read_bucket() Response OK: took 95.4ms
    
    ObjectBucketClaim info:
      Phase                  : Bound
      ObjectBucketClaim      : kubectl get -n default objectbucketclaim obc-test
      ConfigMap              : kubectl get -n default configmap obc-test
      Secret                 : kubectl get -n default secret obc-test
      ObjectBucket           : kubectl get objectbucket obc-default-obc-test
      StorageClass           : kubectl get storageclass default.noobaa.io
      BucketClass            : kubectl get -n default bucketclass noobaa-default-bucket-class
    
    Connection info:
     BUCKET_HOST            : s3.default.svc
     BUCKET_NAME            : obc-test-35800e50-8978-461f-b7e0-7793080e26ba
        BUCKET_PORT            : 443
        AWS_ACCESS_KEY_ID      : ***
        AWS_SECRET_ACCESS_KEY  : ***
    
    Shell commands:
      AWS S3 Alias           : alias s3='AWS_ACCESS_KEY_ID=***
    AWS_SECRET_ACCESS_KEY=*** aws s3 --no-verify-ssl --endpoint-url ***'
    
    Bucket status:
      Name                   : obc-test-35800e50-8978-461f-b7e0-7793080e26ba
      Type                   : REGULAR
      Mode                   : OPTIMAL
      ResiliencyStatus       : OPTIMAL
      QuotaStatus            : QUOTA_NOT_SET
      Num Objects            : 0
      Data Size              : 0.000 B
      Data Size Reduced      : 0.000 B
      Data Space Avail       : 13.261 GB
      Num Objects Avail      : 9007199254740991