[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: oc whoami bug?



`oc whoami -t` doesn't talk to the server at all... it just prints your current session's token


On Tue, Jun 20, 2017 at 2:31 PM, Louis Santillan <lsantill redhat com> wrote:
The `oc` command always looks for the current session in `~/.kube/config`.  It doesn't know if a session is expired or not since session timeouts are configurable and could have changed since the last API call was made to the master(s).  You can run your `oc` commands to with `--loglevel=8` to see this interaction play out.

You could also run your command like so (in bash):

$ ocx () { oc whoami && oc $@ || echo "ERROR: You may not be logged in!" ; }
$ ocx get pods -o wide

-----------------------------------------------------------------------

LOUIS P. SANTILLAN

SENIOR CONSULTANT, OPENSHIFT, MIDDLEWARE & DEVOPS

Red Hat Consulting, NA US WEST

lpsantil gmail com    M: 3236334854    


On Tue, Jun 20, 2017 at 6:51 AM, Philippe Lafoucrière <philippe lafoucriere tech-angels.com> wrote:

On Mon, Jun 19, 2017 at 4:56 PM, Louis Santillan <lsantill redhat com> wrote:
The default user for any request is `system:anonymous` a user is not logged in or a valid token is not found.  Depending on your cluster, this usually has almost no access (less than `system:authenticated`).  Maybe an RFE is order (oc could suggest logging in if request is unsuccessful and the found user happens to be `system:anonymous`).

That's what I suspect, but when I'm logged, I expect the token to be mine. 
In this particular case, the session had expired, and nothing warned that the issued token was for `system:anonymous` instead of me.

Thanks,
Philippe



_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]