[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenShift V3 identity and user changes



On 03/30/2015 04:09 PM, Jordan Liggitt wrote:
> When https://github.com/openshift/origin/pull/1450 merges, the
> interaction between identities (what you log in with) and users (who you
> are in OpenShift) will change.
> 
> 
> *TL;DR:*
> Usernames for users that log into OpenShift using an identity provider
> (like "htpasswd", "anypassword", etc) no longer contain the identity
> provider prefix.
> 
> Old and busted: 
>     openshift ex new-project myproject _--admin=__anypassword:__joe_
> |    openshift ex policy add-role-to-user admin anypassword:joe -n myproject
> 
> |New hotness:
> |    |openshift ex new-project myproject _--admin=joe_
> |    openshift ex policy add-role-to-user admin joe -n myproject
> |
> 
> *Nitty-gritty:*
> Identities (what you log in with) and Users (who you are in OpenShift)
> have been made separate objects.
> 
> The first time you log in with a new Identity, OpenShift provisions an
> Identity object and corresponding User object.
> 
> If a User with your preferred username already exists, OpenShift will
> find a unique username that is available, and map your identity to it.
> 
> The linked pull request updates documentation in the origin repo to
> remove "anypassword:" prefixes from permission-granting and
> project-creating commands, but if you have scripts or documentation
> outside the repo, you will need to update it.
> 
> 
> Example 1:
> 
>  1. Adam Brown logs in using the "anypassword" identity provider and the
>     login "adam"
>  2. His identity is "anypassword:adam"
>  3. His preferred user name is "adam"
>  4. Because that user name is available, OpenShift creates the user
>     named "adam" and maps the identity "anypassword:adam" to it
>  5. Adam Brown's OpenShift user name is "adam", and people would
>     reference him as "adam" when granting permissions to him in OpenShift
>  6. These objects can be inspected like this:
> 
>     $ osc get identities
>     NAME                IDP NAME            IDP USER NAME       USER
>     NAME           USER UID
>     anypassword:adam    anypassword         adam               
>     adam                1b712c2e-d715-11e4-8c13-3c970e4b7ffe
> 
>     $ osc get users
>     NAME                UID                                    FULL
>     NAME           IDENTITIES
>     adam               
>     1b712c2e-d715-11e4-8c13-3c970e4b7ffe                      
>     anypassword:adam
> 
>     $ osc get useridentitymapping anypassword:adam
>     NAME                IDENTITY            USER NAME           USER UID
>     anypassword:adam    anypassword:adam    adam               
>     1b712c2e-d715-11e4-8c13-3c970e4b7ffe
> 
> Example 2:
> 
>  1. Adam Clark later logs in using the "htpasswd" identity provider and
>     the login "adam"
>  2. His identity is "htpasswd:adam"
>  3. His preferred user name is also "adam"
>  4. Because that user name already exists, OpenShift creates the user
>     named "adam2" and maps the identity "htpasswd:adam" to it
>  5. Adam Clark's OpenShift user name is "adam2", and people would
>     reference him as "adam2" when granting permissions to him in OpenShift
>  6. Note that Adam Clark's login ("adam") is not the same as his
>     OpenShift user name ("adam2")

How does A Clark find this out?

Is the naming scheme configurable?


>  7. These objects can be inspected like this:
> 
>     $ osc get identities
>     NAME                IDP NAME            IDP USER NAME       USER
>     NAME           USER UID
>     anypassword:adam    anypassword         adam               
>     adam                1b712c2e-d715-11e4-8c13-3c970e4b7ffe
>     htpasswd:adam       htpasswd            adam                adam2
>                   1f4897a1-d715-11e4-8c13-3c970e4b7ffe
> 
>     $ osc get users
>     NAME                UID                                    FULL
>     NAME           IDENTITIES
>     adam               
>     1b712c2e-d715-11e4-8c13-3c970e4b7ffe                      
>     anypassword:adam
>     adam2              
>     1f4897a1-d715-11e4-8c13-3c970e4b7ffe                       htpasswd:adam
> 
>     $ osc get useridentitymapping htpasswd:adam
>     NAME                IDENTITY            USER NAME           USER UID
>     htpasswd:adam       htpasswd:adam       adam2              
>     1f4897a1-d715-11e4-8c13-3c970e4b7ffe
> 
> 
> 
> 
> _______________________________________________
> dev mailing list
> dev lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
> 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]