Description of problem: Admins of the OpenShift system should be able to manage domain membership with out the need to use RHC.
Currently https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Administration_Guide/index.html#sect-Creating_Global_Teams_and_Synchronizing_with_LDAP_Groups does not fit this need as on offs to a group have to be implemented in LDAP or new groups need to be formed in LDAP.
Would it be satisfactory to use a global team to control the membership administratively, and add that team to the domain?
Team's and Service Accounts could be one work around to this. In short a Service Account could be used to define a domain for a team, and the Key Value Pairs of Example 4.3. Synchronizing Global Team Membership with a Sync File https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Administration_Guide/index.html#chap-Team_and_Global_Team_Management Could be used to then sync the team to the domain. Example: ~~~ USER|ADD|user1 ... USER|ADD|user100 ### MEMBER|ADD|myteam|user1,...,user100 Alternatively, create this file from any source and sync team members from the specified file with the following command: # oo-admin-ctl-team -c sync-from-file --in-file teams.sync ~~~
Tested on fork_ami_tiwiilliaprs_1280, works well, could manage member/roles successfully with oo-admin-ctl-domain
Commit pushed to master at https://github.com/openshift/origin-server https://github.com/openshift/origin-server/commit/d1894c38dd138f72382094cda1c6a1c7e1b74097 Add membership manipulation to oo-admin-ctl-domain Bug 1145344 Bugzilla link https://bugzilla.redhat.com/show_bug.cgi?id=1145344 Adds the ability to manipulate and list membership of a domain through the oo-admin-ctl-domain tool.
Check on puddle [2.2.z/2015-05-18.1] The command should give out brief output instead of domain info when control member. # oo-admin-ctl-domain -n xiaom -l xiaom -c add_member -m xiaom2 # rhc member list -n xiaom Login Role Type ----- ------------- ---- xiaom admin (owner) user The add_member action doesn't work # rhc member add -n xiaom -r edit xiaom1 # oo-admin-ctl-domain -n xiaom -l xiaom -c update_member -m xiaom1 -r admin # rhc member list -n xiaom Login Role Type ------ ------------- ---- xiaom admin (owner) user xiaom1 edit user The update_member action doesn't work # oo-admin-ctl-domain -n xiaom -l xiaom -c remove_member -m xiaom1 # rhc member list -n xiaom Login Role Type ------ ------------- ---- xiaom admin (owner) user xiaom1 edit user The remove_member action doesn't work # oo-admin-ctl-domain -n xiaom -l xiaom -c list_members <--snip--> group_overrides: !ruby/array:%23%3CClass:0x0000000574ed20%3E [] ha: false init_git_url: members: - _id: !ruby/object:Moped::BSON::ObjectId raw_data: !binary |- VVrHMIJhHdd8AAAB _type: Member e: f: - - domain - :admin n: xiaom r: :admin t: - _id: !ruby/object:Moped::BSON::ObjectId raw_data: !binary |- VVrICYJhHdd8AAAp _type: Member e: f: - - domain - :edit n: xiaom1 r: :edit t: meta: name: xiaom1 owner_id: !ruby/object:Moped::BSON::ObjectId Two issue: 1. All the action on controlling domain member should give out brief message instead of domain info 2. The actions of 'add_member', 'update_member', 'remove_member' don't take effect.
https://github.com/openshift/origin-server/pull/6147
Commit pushed to master at https://github.com/openshift/origin-server https://github.com/openshift/origin-server/commit/53fb7839f80012287f0a987cc94ee7ee30237968 oo-admin-ctl-domain uses underscores in command options Bug 1145344 Bugzilla link https://bugzilla.redhat.com/show_bug.cgi?id=1145344 oo-admin-ctl-domain uses underscores in domain options. Fix command parsing and tests to reflect this.
Thanks for the tests. Issues should be resolved the with this pr: https://github.com/openshift/origin-server/pull/6147
Check on puddle [2.2.6/2015-05-21.1] 1, list members # oo-admin-ctl-domain -l xiaom -n xiaom -c list_members Members of the "xiaom" domain: xiaom(admin) 2. add member to the domain oo-admin-ctl-domain -l xiaom -n xiaom -c add_member -m xiaom3 -r view oo-admin-ctl-domain -l xiaom -n xiaom -c add_member -m xiaom2 oo-admin-ctl-domain -l xiaom -n xiaom -c add_member -m xiaom1 -r edit 3. list members # oo-admin-ctl-domain -l xiaom -n xiaom -c list_members Members of the "xiaom" domain: xiaom(admin), xiaom1(edit), xiaom2(admin), xiaom3(view) # rhc member list xiaom Login Role Type ------ ------------- ---- xiaom admin (owner) user xiaom2 admin user xiaom1 edit user xiaom3 view user 4. update member # oo-admin-ctl-domain -l xiaom -n xiaom -c update_member -m xiaom1 -r view # oo-admin-ctl-domain -l xiaom -n xiaom -c update_member -m xiaom2 -r edit # oo-admin-ctl-domain -l xiaom -n xiaom -c update_member -m xiaom3 -r admin 5. list all members # rhc member list xiaom Login Role Type ------ ------------- ---- xiaom admin (owner) user xiaom3 admin user xiaom2 edit user xiaom1 view user 6. remove the member # oo-admin-ctl-domain -l xiaom -n xiaom -c remove_member -m xiaom1 # oo-admin-ctl-domain -l xiaom -n xiaom -c remove_member -m xiaom2 7. List the members # rhc member list xiaom Login Role Type ------ ------------- ---- xiaom admin (owner) user xiaom3 admin user # oo-admin-ctl-domain -l xiaom -n xiaom -c list_members Members of the "xiaom" domain: xiaom(admin), xiaom3(admin)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1463.html