Bartosz Bierkowski - Low dose cloud

OpenShift Morsels: login as a service account

On day #13 a little trick that allows you to login as a service account.

I already described how you can login as another user or become system:admin user in https://bierkowski.com/openshift-cli-morsels-sudo-and-user-impersonation/

In the post, I forgot to mention that you can also login as service account user. Being a service account user allows you to test an access to services etc.

You can easily learn about the available service accounts and the tokens that are attached to the service account.

When you describe one of the token secrets, you can see the service account token.

The token can be then used to login to OpenShift and act asĀ  the service account user.

In case of the deployer service account, we don’t have to much to do. This service account will not see any projects and you will not be able to switch to any of them, so you will have to explicitly specify the namespace when executing the command. In my case the project is called constellation.

The low privileged account still allows us to list pods in the project, as you can see in the example below.

This is how you can look around using the specific service account and see if the privilege you granted to it are good enough. Usually you would use this feature for new service accounts specific to your needs and not the default ones coming with OpenShift project.

You can login again using your personal username and password or token after finishing your tests.

Environment

The commands were executed using minishift and the following client/server versions of OpenShift.

Client:
oc v3.6.1+008f2d5
client kubernetes v1.6.1+5115d708d7
Server:
openshift v3.6.0+c4dd4cf
server kubernetes v1.6.1+5115d708d7

Newsletter

Thanks for reading the OpenShift morsels. To get updates about new articles, you can sign up to the newsletter below.

As a thank you message, you will also get access to OpenShift CLI CheatSheet listing most commonly used commands together with a short explanation.

Did you like the article?
Join the newsletter to receive notifications about new articles.
I respect your privacy.