[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Unable to add user to group



oh, if the groups field on the user is deprecated how would I know what groups a specific user has?  

On Thu, Jun 16, 2016 at 3:57 PM, Jordan Liggitt <jliggitt redhat com> wrote:
Your command looks correct. Specifying groups directly on a user via the groups field is deprecated. `oc get group cluster-administrators -o yaml` would show that your command is effective.

When a user makes an API request, their effective groups are determined by combining the names of the Group objects containing their username, the contents of the deprecated groups field on their User object, and virtual groups like "system:authenticated".

On Thu, Jun 16, 2016 at 3:53 PM, Marc Boorshtein <mboorshtein gmail com> wrote:
I can't seem to add a user to a group.  I have a user:

$ curl -k -v -XGET  -H "User-Agent: oc/v1.1.2 (darwin/amd64) openshift/2711160" -H "Authorization: Bearer PDqIrEiOTqtwJvHDcTB-snC5FpcpnCz5fIrz7S6ORCI" https://openshift.rheldemo.lan:8443/oapi/v1/users/0b126172-33e9-11e6-9c91-525400d4fbc4
*   Trying 192.168.2.191...
* Connected to openshift.rheldemo.lan (192.168.2.191) port 8443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: 172.30.0.1
* Server certificate: openshift-signer 1465933076
> GET /oapi/v1/users/0b126172-33e9-11e6-9c91-525400d4fbc4 HTTP/1.1
> Host: openshift.rheldemo.lan:8443
> Accept: */*
> User-Agent: oc/v1.1.2 (darwin/amd64) openshift/2711160
> Authorization: Bearer PDqIrEiOTqtwJvHDcTB-snC5FpcpnCz5fIrz7S6ORCI
< HTTP/1.1 200 OK
< Cache-Control: no-store
< Content-Type: application/json
< Date: Thu, 16 Jun 2016 19:47:05 GMT
< Content-Length: 381
{"kind":"User","apiVersion":"v1","metadata":{"name":"0b126172-33e9-11e6-9c91-525400d4fbc4","selfLink":"/oapi/v1/users/0b126172-33e9-11e6-9c91-525400d4fbc4","uid":"4c403e86-33f4-11e6-b368-fa163ef48e94","resourceVersion":"17244","creationTimestamp":"2016-06-16T18:58:22Z"},"fullName":"OpenShift Admin","identities":["unison_ldap:0b126172-33e9-11e6-9c91-525400d4fbc4"],"groups":null}

then I run oadm to add the user to a group:

[root openshift ~]# oadm --loglevel 9 groups add-users cluster-administrators 0b126172-33e9-11e6-9c91-525400d4fbc4

================================================================================
ATTENTION: You are running oadm via a wrapper around 'docker run openshift/origin:v1.3.0-alpha.1'.
This wrapper is intended only to be used to bootstrap an environment. Please
install client tools on another host once you have granted cluster-admin
privileges to a user.
=================================================================================

Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.
I0616 19:50:26.085449       1 loader.go:242] Config loaded from file /root/.kube/config
I0616 19:50:26.087794       1 round_trippers.go:299] curl -k -v -XGET  -H "Accept: application/json, */*" -H "User-Agent: oadm/v1.3.0 (linux/amd64) kubernetes/6e83535" https://openshift.rheldemo.lan:8443/api
I0616 19:50:26.125647       1 round_trippers.go:318] GET https://openshift.rheldemo.lan:8443/api 200 OK in 37 milliseconds
I0616 19:50:26.125669       1 round_trippers.go:324] Response Headers:
I0616 19:50:26.125677       1 round_trippers.go:327]     Date: Thu, 16 Jun 2016 19:50:26 GMT
I0616 19:50:26.125685       1 round_trippers.go:327]     Content-Length: 135
I0616 19:50:26.125691       1 round_trippers.go:327]     Cache-Control: no-store
I0616 19:50:26.125696       1 round_trippers.go:327]     Content-Type: application/json
I0616 19:50:26.125765       1 request.go:870] Response Body: {"kind":"APIVersions","versions":["v1"],"serverAddressByClientCIDRs":[{"clientCIDR":"0.0.0.0/0","serverAddress":"192.168.100.6:443"}]}
I0616 19:50:26.126056       1 round_trippers.go:299] curl -k -v -XGET  -H "Accept: application/json, */*" -H "User-Agent: oadm/v1.3.0 (linux/amd64) kubernetes/6e83535" https://openshift.rheldemo.lan:8443/apis
I0616 19:50:26.126838       1 round_trippers.go:318] GET https://openshift.rheldemo.lan:8443/apis 200 OK in 0 milliseconds
I0616 19:50:26.126866       1 round_trippers.go:324] Response Headers:
I0616 19:50:26.126872       1 round_trippers.go:327]     Content-Type: application/json
I0616 19:50:26.126877       1 round_trippers.go:327]     Date: Thu, 16 Jun 2016 19:50:26 GMT
I0616 19:50:26.126883       1 round_trippers.go:327]     Content-Length: 775
I0616 19:50:26.126888       1 round_trippers.go:327]     Cache-Control: no-store
I0616 19:50:26.126922       1 request.go:870] Response Body: {"kind":"APIGroupList","groups":[{"name":"autoscaling","versions":[{"groupVersion":"autoscaling/v1","version":"v1"}],"preferredVersion":{"groupVersion":"autoscaling/v1","version":"v1"},"serverAddressByClientCIDRs":[{"clientCIDR":"0.0.0.0/0","serverAddress":"192.168.100.6:443"}]},{"name":"batch","versions":[{"groupVersion":"batch/v1","version":"v1"}],"preferredVersion":{"groupVersion":"batch/v1","version":"v1"},"serverAddressByClientCIDRs":[{"clientCIDR":"0.0.0.0/0","serverAddress":"192.168.100.6:443"}]},{"name":"extensions","versions":[{"groupVersion":"extensions/v1beta1","version":"v1beta1"}],"preferredVersion":{"groupVersion":"extensions/v1beta1","version":"v1beta1"},"serverAddressByClientCIDRs":[{"clientCIDR":"0.0.0.0/0","serverAddress":"192.168.100.6:443"}]}]}
I0616 19:50:26.132811       1 round_trippers.go:299] curl -k -v -XGET  -H "User-Agent: oadm/v1.3.0 (linux/amd64) openshift/6e83535" -H "Accept: application/json, */*" https://openshift.rheldemo.lan:8443/oapi
I0616 19:50:26.133409       1 round_trippers.go:318] GET https://openshift.rheldemo.lan:8443/oapi 200 OK in 0 milliseconds
I0616 19:50:26.133428       1 round_trippers.go:324] Response Headers:
I0616 19:50:26.133433       1 round_trippers.go:327]     Cache-Control: no-store
I0616 19:50:26.133439       1 round_trippers.go:327]     Content-Type: application/json
I0616 19:50:26.133450       1 round_trippers.go:327]     Date: Thu, 16 Jun 2016 19:50:26 GMT
I0616 19:50:26.133455       1 round_trippers.go:327]     Content-Length: 93
I0616 19:50:26.133489       1 request.go:870] Response Body: {"kind":"APIVersions","apiVersion":"v1","versions":["v1"],"serverAddressByClientCIDRs":null}
I0616 19:50:26.133763       1 round_trippers.go:299] curl -k -v -XGET  -H "Accept: application/json, */*" -H "User-Agent: oadm/v1.3.0 (linux/amd64) openshift/6e83535" https://openshift.rheldemo.lan:8443/oapi/v1/groups/cluster-administrators
I0616 19:50:26.135065       1 round_trippers.go:318] GET https://openshift.rheldemo.lan:8443/oapi/v1/groups/cluster-administrators 200 OK in 1 milliseconds
I0616 19:50:26.135084       1 round_trippers.go:324] Response Headers:
I0616 19:50:26.135090       1 round_trippers.go:327]     Cache-Control: no-store
I0616 19:50:26.135095       1 round_trippers.go:327]     Content-Type: application/json
I0616 19:50:26.135101       1 round_trippers.go:327]     Date: Thu, 16 Jun 2016 19:50:26 GMT
I0616 19:50:26.135106       1 round_trippers.go:327]     Content-Length: 295
I0616 19:50:26.135143       1 request.go:870] Response Body: {"kind":"Group","apiVersion":"v1","metadata":{"name":"cluster-administrators","selfLink":"/oapi/v1/groups/cluster-administrators","uid":"52a7c5fa-3339-11e6-93e7-fa163ef48e94","resourceVersion":"17554","creationTimestamp":"2016-06-15T20:39:57Z"},"users":["0b126172-33e9-11e6-9c91-525400d4fbc4"]}
I0616 19:50:26.135544       1 request.go:555] Request Body: {"kind":"Group","apiVersion":"v1","metadata":{"name":"cluster-administrators","selfLink":"/oapi/v1/groups/cluster-administrators","uid":"52a7c5fa-3339-11e6-93e7-fa163ef48e94","resourceVersion":"17554","creationTimestamp":"2016-06-15T20:39:57Z"},"users":["0b126172-33e9-11e6-9c91-525400d4fbc4"]}
I0616 19:50:26.135594       1 round_trippers.go:299] curl -k -v -XPUT  -H "Content-Type: application/json" -H "User-Agent: oadm/v1.3.0 (linux/amd64) openshift/6e83535" -H "Accept: application/json, */*" https://openshift.rheldemo.lan:8443/oapi/v1/groups/cluster-administrators
I0616 19:50:26.137081       1 round_trippers.go:318] PUT https://openshift.rheldemo.lan:8443/oapi/v1/groups/cluster-administrators 200 OK in 1 milliseconds
I0616 19:50:26.137102       1 round_trippers.go:324] Response Headers:
I0616 19:50:26.137109       1 round_trippers.go:327]     Date: Thu, 16 Jun 2016 19:50:26 GMT
I0616 19:50:26.137114       1 round_trippers.go:327]     Content-Length: 295
I0616 19:50:26.137120       1 round_trippers.go:327]     Cache-Control: no-store
I0616 19:50:26.137125       1 round_trippers.go:327]     Content-Type: application/json
I0616 19:50:26.137161       1 request.go:870] Response Body: {"kind":"Group","apiVersion":"v1","metadata":{"name":"cluster-administrators","selfLink":"/oapi/v1/groups/cluster-administrators","uid":"52a7c5fa-3339-11e6-93e7-fa163ef48e94","resourceVersion":"17554","creationTimestamp":"2016-06-15T20:39:57Z"},"users":["0b126172-33e9-11e6-9c91-525400d4fbc4"]}

Then I check the user again:

$ curl -k -v -XGET  -H "User-Agent: oc/v1.1.2 (darwin/amd64) openshift/2711160" -H "Authorization: Bearer PDqIrEiOTqtwJvHDcTB-snC5FpcpnCz5fIrz7S6ORCI" https://openshift.rheldemo.lan:8443/oapi/v1/users/0b126172-33e9-11e6-9c91-525400d4fbc4
*   Trying 192.168.2.191...
* Connected to openshift.rheldemo.lan (192.168.2.191) port 8443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: 172.30.0.1
* Server certificate: openshift-signer 1465933076
> GET /oapi/v1/users/0b126172-33e9-11e6-9c91-525400d4fbc4 HTTP/1.1
> Host: openshift.rheldemo.lan:8443
> Accept: */*
> User-Agent: oc/v1.1.2 (darwin/amd64) openshift/2711160
> Authorization: Bearer PDqIrEiOTqtwJvHDcTB-snC5FpcpnCz5fIrz7S6ORCI
< HTTP/1.1 200 OK
< Cache-Control: no-store
< Content-Type: application/json
< Date: Thu, 16 Jun 2016 19:52:56 GMT
< Content-Length: 381
{"kind":"User","apiVersion":"v1","metadata":{"name":"0b126172-33e9-11e6-9c91-525400d4fbc4","selfLink":"/oapi/v1/users/0b126172-33e9-11e6-9c91-525400d4fbc4","uid":"4c403e86-33f4-11e6-b368-fa163ef48e94","resourceVersion":"17244","creationTimestamp":"2016-06-16T18:58:22Z"},"fullName":"OpenShift Admin","identities":["unison_ldap:0b126172-33e9-11e6-9c91-525400d4fbc4"],"groups":null}

Notice that the user's groups are still null....am I missing something?

Thanks
Marc

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]