When using impersonation, the rep-impersonation client in Keycloak is used to generate tokens for the user who created or last modified the task definition. These tokens are passed to the ephemeral evaluators associated with running those tasks when the command line is being built to start the scheduling service. Those evaluators then have only the access of that user. If using the Process Launcher module or service plugin, requests to the scheduling system will also be made as that user.
To run the Autoscaling Service with impersonation, you must enable impersonation and set two properties in the Autoscaling Service configuration file (scaling_config.json) when configuring the Autoscaling Service.
To enable impersonation:
Set “enable_impersonation” to true. (It is set to true by default.)
Set “client_id” to “rep-impersonation”.
Set “client_secret” to the string generated on initial startup using the Keycloak Admin Console.