How to retrieve logged username who creates new Custom Resource
49 views
Skip to first unread message
Olivier Chantrel
Oct 27, 2020, 6:56:12 AM10/27/20
to Operator Framework
Hello,
I'm developing a go operator with operator-sdk 1.0 and I'm wondering if it's possible to get the username or userid from the reconcile method to add username to the metadata on the new custom resource.
As it's possible to get the current namespace through request object, is there a way to get informations about the current user ?
Thanks,
Olivier
Shoubhik Bose
Oct 27, 2020, 8:14:51 AM10/27/20
to Olivier Chantrel, Operator Framework
Hi Olivier,
You would need to deploy a validating admission webhook for your CRD.
The user context would be available in the request handler. You may want to have the information set in your CR (as an annotation ?) so that it is available in the reconcile loop.
( I'll see if I can find an example handy )
-
Shoubhik Bose
--
You received this message because you are subscribed to the Google Groups "Operator Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to operator-framew...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/operator-framework/eebc6d84-eb8e-4bb5-9b66-92ed81b05233n%40googlegroups.com.
Olivier Chantrel
Oct 27, 2020, 9:06:41 AM10/27/20
to Operator Framework
Hi
Shoubhik,
I was afraid to have to implement a webhook to fulfill my needs but I understand that this is the only way to retrieve user context. Thanks for your reply and if you have a "simple" example to illustrate it I would really appreciate because I didn't find any helpfull sample about it.
Many thanks
Olivier
Shoubhik Bose
Oct 27, 2020, 10:10:05 AM10/27/20
to Olivier Chantrel, Operator Framework
On Tue, Oct 27, 2020 at 9:06 AM Olivier Chantrel <chantrel....@gmail.com> wrote:
Hi Shoubhik,I was afraid to have to implement a webhook to fulfill my needs but I understand that this is the only way to retrieve user context. Thanks for your reply and if you have a "simple" example to illustrate it I would really appreciate because I didn't find any helpfull sample about it.
I was playing with it, and wrote up a simple one ( it's WIP ).
Many thanksOlivier--Le mardi 27 octobre 2020 à 13:14:51 UTC+1, Shoubhik Bose a écrit :Hi Olivier,You would need to deploy a validating admission webhook for your CRD.The user context would be available in the request handler. You may want to have the information set in your CR (as an annotation ?) so that it is available in the reconcile loop.( I'll see if I can find an example handy )-Shoubhik BoseOn Tue, 27 Oct 2020, 06:56 Olivier Chantrel, <chantrel....@gmail.com> wrote:Hello,I'm developing a go operator with operator-sdk 1.0 and I'm wondering if it's possible to get the username or userid from the reconcile method to add username to the metadata on the new custom resource.As it's possible to get the current namespace through request object, is there a way to get informations about the current user ?Thanks,Olivier--
You received this message because you are subscribed to the Google Groups "Operator Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to operator-framew...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/operator-framework/eebc6d84-eb8e-4bb5-9b66-92ed81b05233n%40googlegroups.com.
You received this message because you are subscribed to the Google Groups "Operator Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to operator-framew...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/operator-framework/5f11fed3-f3ed-4ff7-aceb-216cf8e250d0n%40googlegroups.com.
Olivier Chantrel
Oct 27, 2020, 10:46:16 AM10/27/20
to Operator Framework
This is exactly what I was looking for, many thanks.
Olivier Chantrel
May 11, 2021, 9:52:31 AM5/11/21
to Operator Framework
Hi,
I noticed that mutating webhook is called twice. First time, req.UserInfo.Username is the one from openshift customer which creates the CR but the webhook is called a second time and then req.UserInfo.Username is relying to the service account with which we deployed the CR. Is there any reason for this second call which troubles the value we would like to retrieve from userinfo object ?
Thanks,
Olivier
Shoubhik Bose
May 11, 2021, 9:56:39 AM5/11/21
to Olivier Chantrel, Operator Framework
On Tue, May 11, 2021 at 9:52 AM Olivier Chantrel <olivier....@orange.com> wrote:
Hi,I noticed that mutating webhook is called twice. First time, req.UserInfo.Username is the one from openshift customer which creates the CR but the webhook is called a second time and then req.UserInfo.Username is relying to the service account with which we deployed the CR.
Is the CR being created as a service account ?
To view this discussion on the web visit https://groups.google.com/d/msgid/operator-framework/96dd36fa-1bce-4058-963f-a0f09052d8d7n%40googlegroups.com.
Olivier Chantrel
May 11, 2021, 4:02:08 PM5/11/21
to Operator Framework
I think I have found the reason why webhook intercepts CR request with req.UserInfo from the operator service account. Indeed my CR creates subresource (configmap) so as it is created by operator and modifies the CR the reconcile method launches update of the CR and the updater is the reconciler meaning operator service account.
Thanks
Reply all
Reply to author
Forward
0 new messages