Bartosz Bierkowski - Low dose cloud

OpenShift CLI morsels: sudo and user impersonation

On linux machine you can use sudo to execute commands and so far I thought there is no equivalent approach in OpenShift. How mistaken I was! It looks like since OpenShift 3.1 the APIs allow to pass additional argument with the name of the user to impersonate.

Give the developer a sudoers role

On my minishift instance I add sudoer role to the default developer user.

Using the new role

Starting from now, the developer user can execute commands as a system:admin. For example listing all nodes is possible, which does not work without the impersonation.

Environment

I executed the commands using minishift and the following client/server versions of OpenShift.

Client:
oc v1.5.0-alpha.2+e4b43ee
client kubernetes v1.5.2+43a9be4
Server:
openshift v1.3.1
server kubernetes v1.3.0+52492b4

Official documentation

OpenShift origin impersonation docs: https://docs.openshift.org/latest/architecture/additional_concepts/authentication.html#authentication-impersonation

Newsletter

Thanks for reading the OpenShift morsels. To get updates about new articles, you can sign up to the newsletter below.

As a thank you message, you will also get access to OpenShift CLI CheatSheet listing most commonly used commands together with a short explanation.

Did you like the article?
Join the newsletter to receive notifications about new articles.
I respect your privacy.