[kontinuity-dev-public] Creating a Project on Behalf of Users

Fri Apr 29 11:38:17 UTC 2016

if you can create a project, can you always annotate it? I remember someone saying only cluster-admin could annotate a project?

(Admittedly you can annotate it as you create it - just wanted to check ;)

> On 29 Apr 2016, at 12:35, David Eads <deads at redhat.com> wrote:
> 
> If your user has sufficient power, you can create the namespace object directly, set the annotations, and add a rolebinding for the user.  Take a look at `oadm new-project --loglevel=8` (note that its oadm, not oc).
> 
> On Fri, Apr 29, 2016 at 4:00 AM, Andrew Lee Rubinger <alr at redhat.com <mailto:alr at redhat.com>> wrote:
> Mind if I resurrect this one?
> 
> Ideally I'd like to create projects *for* users from some account with the proper permissions.  Failing that I'd need to know how to log in *as a user*, which I'm assuming has all sorts of security violations :)
> 
> And obviously other approaches welcomed!
> 
> S,
> ALR
> 
> On Fri, Apr 15, 2016 at 3:27 PM, Ben Parees <bparees at redhat.com <mailto:bparees at redhat.com>> wrote:
> adding david back to the thread.
> 
> 
> On Fri, Apr 15, 2016 at 3:19 PM, Andrew Lee Rubinger <alr at redhat.com <mailto:alr at redhat.com>> wrote:
> 
> 
> On Fri, Apr 15, 2016 at 3:11 PM, Ben Parees <bparees at redhat.com <mailto:bparees at redhat.com>> wrote:
> 
> 
> On Thu, Apr 14, 2016 at 8:11 PM, Andrew Lee Rubinger <alr at redhat.com <mailto:alr at redhat.com>> wrote:
> So the Catapult project will be creating OpenShift projects for its users.
> 
> At the moment we're doing this by logging in *as* the user, but really what we want to do is create projects *on behalf of* users.
> 
> can we take a step back and ask why logging in as the user and doing stuff for them is not a valid approach for you?
> 
> Sure.
> 
> 1) It's icky and has a weird audit trail, but more practically:
> 2) How do I get the user's login information (username and password)?
> 
> S,
> ALR
>  
> 
> 
>  
> 
> Clayton advises that we're unlikely to be granted cluster-admin rights to OpenShift Online (or even in some dedicated instance we run), so perhaps we need some other role that has permissions to create projects and a rolebinding to the user in question.
> 
> Associated Catapult issue is:
> 
>   https://github.com/redhat-kontinuity/catapult/issues/18 <https://github.com/redhat-kontinuity/catapult/issues/18>
> 
> Thoughts from the OpenShift team?
> 
> S,
> ALR
> 
> _______________________________________________
> kontinuity-dev-public mailing list
> kontinuity-dev-public at redhat.com <mailto:kontinuity-dev-public at redhat.com>
> https://www.redhat.com/mailman/listinfo/kontinuity-dev-public <https://www.redhat.com/mailman/listinfo/kontinuity-dev-public>
> 
> 
> 
> 
> -- 
> Ben Parees | OpenShift
> 
> 
> 
> 
> 
> -- 
> Ben Parees | OpenShift
> 
> 
> 
> _______________________________________________
> kontinuity-dev-public mailing list
> kontinuity-dev-public at redhat.com
> https://www.redhat.com/mailman/listinfo/kontinuity-dev-public

James
-------
Red Hat

Twitter: @jstrachan
Email: jstracha at redhat.com
Blog: https://medium.com/@jstrachan/

fabric8: http://fabric8.io/
open source microservices platform

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/kontinuity-dev-public/attachments/20160429/003d49b9/attachment.htm>