Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1268100 - [RFE] oc whoami -t equivalent for service accounts
Summary: [RFE] oc whoami -t equivalent for service accounts
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: apiserver-auth
Version: 3.0.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 3.2.1
Assignee: Steve Kuznetsov
QA Contact: Chuan Yu
Depends On:
TreeView+ depends on / blocked
Reported: 2015-10-01 20:14 UTC by Erik M Jacobs
Modified: 2016-11-22 23:24 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2016-11-22 23:24:58 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Erik M Jacobs 2015-10-01 20:14:59 UTC
This is kinda complicated:

oc get sa/WHATEVER -n SOMETHINGELSE --template='{{range .secrets}}{{ .name }} {{end}}' | xargs -n 1 oc get secret --template='{{ if .data.token }}{{ .data.token }}{{end}}' | base64 -d

I'm also guessing most people wouldn't know how to do that without coaching. Getting a token for a service account seems like something pretty common to do for providing external API access into projects, etc.

Comment 2 Steve Kuznetsov 2016-02-16 15:31:50 UTC
Work on creating new tokens for service accounts and retrieving current tokens from service accounts in progress here: https://github.com/openshift/origin/pull/6941

Comment 4 Steve Kuznetsov 2016-10-31 14:15:26 UTC
This work has been long finished, this feature is in Origin releases now.

Comment 5 Chuan Yu 2016-11-02 01:26:00 UTC
Verified with openshift v3.4.0.18+ada983f.
The `oc sa get-token SA-NAME` and `oc sa new-token SA-NAME` could get and create new token for the SA.

Note You need to log in before you can comment on or make changes to this bug.