Bug 1268100 - [RFE] oc whoami -t equivalent for service accounts
[RFE] oc whoami -t equivalent for service accounts
Status: CLOSED CURRENTRELEASE
Product: OpenShift Container Platform
Classification: Red Hat
Component: Auth (Show other bugs)
3.0.0
Unspecified Unspecified
unspecified Severity low
: ---
: 3.2.1
Assigned To: Steve Kuznetsov
Chuan Yu
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-01 16:14 EDT by Erik M Jacobs
Modified: 2016-11-22 18:24 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-22 18:24:58 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Erik M Jacobs 2015-10-01 16:14:59 EDT
This is kinda complicated:

oc get sa/WHATEVER -n SOMETHINGELSE --template='{{range .secrets}}{{ .name }} {{end}}' | xargs -n 1 oc get secret --template='{{ if .data.token }}{{ .data.token }}{{end}}' | base64 -d


I'm also guessing most people wouldn't know how to do that without coaching. Getting a token for a service account seems like something pretty common to do for providing external API access into projects, etc.
Comment 2 Steve Kuznetsov 2016-02-16 10:31:50 EST
Work on creating new tokens for service accounts and retrieving current tokens from service accounts in progress here: https://github.com/openshift/origin/pull/6941
Comment 4 Steve Kuznetsov 2016-10-31 10:15:26 EDT
This work has been long finished, this feature is in Origin releases now.
Comment 5 Chuan Yu 2016-11-01 21:26:00 EDT
Verified with openshift v3.4.0.18+ada983f.
The `oc sa get-token SA-NAME` and `oc sa new-token SA-NAME` could get and create new token for the SA.

Note You need to log in before you can comment on or make changes to this bug.