Closed jpechane closed 8 years ago
Yeah, this needs further discussion, as there is no openshift api for 'get me the roles for this user'. I'd be in favor of using KeyCloak for all our SSO. I will report back if I have any news to report on this.
On OpenShift you can't query what roles a user has but you can query "can
We can use that as a workaround if we have to.
We are now giving the apiman-admin role to users with cluster admin rights.
The code contains comment about linking roles to KeyCloak but it should also be based on OpenShift roles definition - for example link it to a project admin role.