[kontinuity-dev-public] Creating a Project on Behalf of Users
James Strachan
jstracha at redhat.com
Fri Apr 29 11:38:17 UTC 2016
if you can create a project, can you always annotate it? I remember someone saying only cluster-admin could annotate a project?
(Admittedly you can annotate it as you create it - just wanted to check ;)
> On 29 Apr 2016, at 12:35, David Eads <deads at redhat.com> wrote:
>
> If your user has sufficient power, you can create the namespace object directly, set the annotations, and add a rolebinding for the user. Take a look at `oadm new-project --loglevel=8` (note that its oadm, not oc).
>
> On Fri, Apr 29, 2016 at 4:00 AM, Andrew Lee Rubinger <alr at redhat.com <mailto:alr at redhat.com>> wrote:
> Mind if I resurrect this one?
>
> Ideally I'd like to create projects *for* users from some account with the proper permissions. Failing that I'd need to know how to log in *as a user*, which I'm assuming has all sorts of security violations :)
>
> And obviously other approaches welcomed!
>
> S,
> ALR
>
> On Fri, Apr 15, 2016 at 3:27 PM, Ben Parees <bparees at redhat.com <mailto:bparees at redhat.com>> wrote:
> adding david back to the thread.
>
>
> On Fri, Apr 15, 2016 at 3:19 PM, Andrew Lee Rubinger <alr at redhat.com <mailto:alr at redhat.com>> wrote:
>
>
> On Fri, Apr 15, 2016 at 3:11 PM, Ben Parees <bparees at redhat.com <mailto:bparees at redhat.com>> wrote:
>
>
> On Thu, Apr 14, 2016 at 8:11 PM, Andrew Lee Rubinger <alr at redhat.com <mailto:alr at redhat.com>> wrote:
> So the Catapult project will be creating OpenShift projects for its users.
>
> At the moment we're doing this by logging in *as* the user, but really what we want to do is create projects *on behalf of* users.
>
> can we take a step back and ask why logging in as the user and doing stuff for them is not a valid approach for you?
>
> Sure.
>
> 1) It's icky and has a weird audit trail, but more practically:
> 2) How do I get the user's login information (username and password)?
>
> S,
> ALR
>
>
>
>
>
> Clayton advises that we're unlikely to be granted cluster-admin rights to OpenShift Online (or even in some dedicated instance we run), so perhaps we need some other role that has permissions to create projects and a rolebinding to the user in question.
>
> Associated Catapult issue is:
>
> https://github.com/redhat-kontinuity/catapult/issues/18 <https://github.com/redhat-kontinuity/catapult/issues/18>
>
> Thoughts from the OpenShift team?
>
> S,
> ALR
>
> _______________________________________________
> kontinuity-dev-public mailing list
> kontinuity-dev-public at redhat.com <mailto:kontinuity-dev-public at redhat.com>
> https://www.redhat.com/mailman/listinfo/kontinuity-dev-public <https://www.redhat.com/mailman/listinfo/kontinuity-dev-public>
>
>
>
>
> --
> Ben Parees | OpenShift
>
>
>
>
>
> --
> Ben Parees | OpenShift
>
>
>
> _______________________________________________
> kontinuity-dev-public mailing list
> kontinuity-dev-public at redhat.com
> https://www.redhat.com/mailman/listinfo/kontinuity-dev-public
James
-------
Red Hat
Twitter: @jstrachan
Email: jstracha at redhat.com
Blog: https://medium.com/@jstrachan/
fabric8: http://fabric8.io/
open source microservices platform
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/kontinuity-dev-public/attachments/20160429/003d49b9/attachment.htm>
More information about the kontinuity-dev-public
mailing list